[ale] Win95 no-connect to Linux

Derek S. Ray lorimer at alliance.net
Tue Aug 13 11:32:22 EDT 1996 

OK... after experimenting on my end with PAP for about fifteen minutes
(wow, it's actually pretty simple and straightforward), I was able to
connect to my ISP with an EXTREMELY reduced chat script and a small file
named /etc/ppp/pap-secrets.  This would pretty much confirm to me that
Win95 is using PAP or CHAP to authenticate itself as opposed to requiring a
user to configure complicated scripts and know his prompts.  Alfred, the
trick you'll need then is to set up a secrets file containing the
following:

#  client		server		secret		IP-address
   roscoe		nineball	duke

This is assuming that the server running pppd is named "nineball", the user
trying to log in from Win95 has specified his name as being "roscoe", and
his password as being "duke".  At least, this is how I read the PPPD man
page to require it... I don't have a convenient way to check this from BOTH
ends at the same time :(

The next thing to do is, on the line calling pppd, add the +pap option to
require the peer to authenticate itself using PAP.  This will enable the
protocol and, when your Win95 client connects, it will send "roscoe" and
"duke", which pppd will then fish through the pap-secrets file and find.

This will also break your Linux client, unless you switch it over to using
PAP as well (I recommend this just for saving on the overhead in chat
scripts and making it easier to alter passwords, configurations, etc.),
which can be done by the following:

In the /etc/ppp/pap-secrets file on the CLIENT Linux machine, it should
appear this way:

#  client		server		secret		IP-address
   *		    *			duke

Then, on the CLIENT pppd command line, add "user roscoe" to the end.  You
need this option because you'll almost certainly be calling pppd from an
account named "root", and if you do, it'll try to authenticate itself using
"root, duke".  You can do it this way if you want, but don't forget to put
a line in the SERVER's /etc/ppp/pap-secrets for root and duke :)

Also, you'll probably need to scrap everything after the CONNECT part of
your chat script... since you'll want pppd to be available as soon as
possible after connection for authentication purposes.

There was some junk in the man pages about allowing a client access even if
it refuses to authenticate using PAP by putting an empty string in the
/etc/ppp/pap-secrets for both client and secret.  I don't like this idea,
since it lets creative hackers beat on your login: prompt if that's how you
have it set up.  Since you're able to "reach out and touch" all the
machines who'll be logging in, I would leave PAP as the only method for
login permissible... that'll make it easier to find what breaks then.  :)

STANDARD DISCLAIMER:  Your mileage may vary :)  This is based on about
thirty minutes' worth of experimentation and general poking-about,
reading-the-man-page, and correlating information.  It SHOULD all work for
you, but if it don't, please don't shoot me ;)

-- 
   finger for PGP key -*- lorimer at alliance.net -*- Vote Brain/Pinky in '96! 
     Key fingerprint =  D1 6E A2 69 CF 60 C6 90  3D 34 BE 05 87 B8 12 C8
          "I toasted the enemy, cursed the flag, saluted the glass
           and dashed the King in the fireplace."  - Sir Rodney

More information about the Ale mailing list