Trumpet
(for MSDOS
) and the connection simply terminates. Why is this happening?Trumpet
does not like any VJ header
compression. Use the pppd option "-vj
" to turn it off.
dp-3.1.2
(with SunOS
) and the system will not allow me to use anything but ping
, or nslookup
. Why is this happening?There is a bug in the 3.1.2 version of dp. Please
get the 3.1.2a or later file from the dp ftp home site
harbor.ecn.purdue.ecu
. Until you can put the patch into dp,
disable the vj header compression.
Microsoft has chosen to support a non-standard
authentication protocol with Windows NT. That is their right to do so
provided that they have registered the protocol number with the
IANA
. (They have.) If the `accept only Microsoft encrypted
authentication' check box is set in the phone book entry, the
connection will not complete. This setting mandates that the Windows NT
system only exchange PPP authentication with another Microsoft PPP
implementation.
Linux does not support this authentication protocol.
If you have the option of changing the settings on the Windows NT system then go to the Windows NT Phone Book settings, advanced, security settings and ensure that the `Accept any authentication including clear text' box is checked and the `accept only Microsoft encrypted authentication' is not checked. The other checkboxes may be checked or not as you see fit.
Then use PAP on the Linux side. Put your Windows NT account name and password into the /etc/ppp/pap-secrets file.
The Microsoft authentication sequence is a PAP style authentication with their DES encryption algorithm for the passwords. Normal PAP sends the passwords in clear text. This would violate their C2 security goals.
Versions of the Linux PPP code earlier than 2.1.2c have a flaw in their decoding of the authentication request. They will not work with a Windows NT system as they will not negotiate the proper authentication. Please used 2.1.2c or later if you wish to connect to Windows NT. The current version, 2.2 or 2.1.2d if you need 1.1 kernel support, should be used if possible.
Scott Hutton <shutton@habanero.ucs.indiana.edu> sent me the following:
Basically, NT RAS (Remote Access Services) will drop your connection
if you REJ anything critical (i.e., authentication protocol). So,
the trick was to create a
"" * ""
in it. This causes pppd to send a NAK rather than a REJ. With the
SPAP registry key removed, the next protocol attempted is PAP (which
is what I'm using).
Other points are to make sure that *only* TCP/IP services are enabled
in RAS (not NetBEUI nor IPX [Ed: IPX is being addressed. Until it is
installed properly, this is probably a good thing to disable as
well.]
). I also had to fiddle with a couple of
other registry keys to kill timeouts (which are problematic when
you're only doing TCP/IP):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess\Parameters
Autodisconnect: REG_DWORD: 0
and to get my routing to work correctly:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasArp\Parameters
DisableOtherSrcPackets: REG_DWORD: 0
For completeness, the key that needs to be disabled to eliminate SPAP:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasMan\PPP\SPAP
Next Chapter, Previous Chapter
Table of contents of this chapter, General table of contents
Top of the document, Beginning of this Chapter