rfield

I'm having trouble getting a Pocket PC to connect to a NAS.

The Pocket PC is an HP iPaq 4350, running Pocket PC 2003. I am trying
to use the PPTP client that comes with the PPC to connect to a Cisco
3640 router. The router/NAS talks to a Windows 2003 server running
IAS.

I CAN connect to this NAS with a laptop running Windows XP Pro and
using the PPTP client that comes with it. Everything works fine on
the laptop, while the pocket PC cannot connect.

I'm pretty stumped here, I'm not really up on RADIUS, though I have
learned more than I ever wished to know. Other then configuring the
client, the only entry in IAS is the default "Use Windows
Authentication" entry. Like I said, this is working for the laptop
but not for the pocket PC.

I have included my router config and some debug output. If anyone
could be of assistance, I would be most grateful.

Richard Field
rfield@hepn.com
rrfield@alumni.indiana.edu

----------------------------------------------------------------

pptp#sh run
Building configuration...

Current configuration : 2293 bytes
!
version 12.2
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname pptp
!
aaa new-model
aaa authentication ppp default group radius local
aaa authorization network default group radius if-authenticated
aaa accounting network default start-stop group radius
enable secret 5 *****
!
username john privilege 15 password 0 doe
memory-size iomem 25
ip subnet-zero
ip cef
!
!
ip name-server 10.9.200.14
ip name-server 10.9.200.5
ip dhcp excluded-address 10.180.8.1 10.180.8.99
!
ip audit notify log
ip audit po max-events 100
vpdn enable
!
vpdn-group 1
! Default PPTP VPDN group
accept-dialin
protocol pptp
virtual-template 1
!
!
call rsvp-sync
!
!
!
!
!
!
!
!
interface Ethernet0/0
ip address 10.9.150.1 255.255.0.0
full-duplex
no cdp enable
!
interface Serial0/0
no ip address
shutdown
no fair-queue
!
interface Serial0/1
no ip address
shutdown
!
interface Ethernet1/0
ip address 10.180.8.5 255.255.255.0
full-duplex
no cdp enable
!
interface Virtual-Template1
bandwidth 10000
ip unnumbered Ethernet1/0
peer default ip address pool testpool
compress mppc
ppp encrypt mppe 40
ppp authentication ms-chap
ppp timeout idle 1000
!
ip local pool testpool 10.9.150.100 10.9.150.150
ip default-gateway 10.9.201.79
ip classless
ip route 0.0.0.0 0.0.0.0 10.9.201.79
no ip http server
!
no cdp run
snmp-server community ***** RO
snmp-server enable traps tty
radius-server host 10.9.201.40 auth-port 1645 acct-port 1646
radius-server key *****
radius-server authorization permit missing Service-Type
!
dial-peer cor custom
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
login
password *****
!
end

pptp#
----------------------------------------
pptp#sh debug
General OS:
AAA Authentication debugging is on
AAA Authorization debugging is on
AAA Per-user attributes debugging is on
Radius protocol debugging is on
------Good Authentication output (Laptop)-------

05:50:57: %LINK-3-UPDOWN: Interface Virtual-Access2, changed state to
up
05:50:57: Vi2 AAA/AUTHOR/FSM: (0): LCP succeeds trivially
05:50:59: AAA: parse name=Virtual-Access2 idb type=21 tty=-1
05:50:59: AAA: name=Virtual-Access2 flags=0x11 type=5 shelf=0 slot=0
adapter=0 p
ort=2 channel=0
05:50:59: AAA: parse name=<no string> idb type=-1 tty=-1
05:50:59: AAA/MEMORY: create_user (0x622CD2D8) user='rrf' ruser='NULL'
ds0=0 por
t='Virtual-Access2' rem_addr='' authen_type=MSCHAP service=PPP priv=1
initial_ta
sk_id='0'
05:50:59: AAA/AUTHEN/START (3788462656): port='Virtual-Access2'
list='' action=L
OGIN service=PPP
05:50:59: AAA/AUTHEN/START (3788462656): using "default" list
05:50:59: AAA/AUTHEN/START (3788462656): Method=radius (radius)
05:50:59: RADIUS: ustruct sharecount=1
05:50:59: Radius: radius_port_info() success=1 radius_nas_port=1
05:50:59: RADIUS: Initial Transmit Virtual-Access2 id 45
10.9.201.40:1645, Acce
ss-Request, len 129
05:50:59: Attribute 4 6 BE099601
05:50:59: Attribute 5 6 00000002
05:50:59: Attribute 61 6 00000005
05:50:59: Attribute 1 5 7272661A
05:50:59: Attribute 26 16 000001370B0AFAD8
05:50:59: Attribute 26 58 0000013701341001
05:50:59: Attribute 6 6 00000002
05:50:59: Attribute 7 6 00000001
05:50:59: RADIUS: Received from id 45 10.9.201.40:1645, Access-Accept,
len 120
05:50:59: Attribute 7 6 00000001
05:50:59: Attribute 6 6 00000002
05:50:59: Attribute 25 32 54DA0610
05:50:59: Attribute 26 40 000001370C22EED2
05:50:59: Attribute 26 16 000001370A0A1048
05:50:59: AAA/AUTHEN (3788462656): status = PASS
05:50:59: Vi2 AAA/AUTHOR/LCP: Authorize LCP
05:50:59: Vi2 AAA/AUTHOR/LCP (2272260671): Port='Virtual-Access2'
list='' servic
e=NET
05:50:59: AAA/AUTHOR/LCP: Vi2 (2272260671) user='rrf'
05:50:59: Vi2 AAA/AUTHOR/LCP (2272260671): send AV service=ppp
05:50:59: Vi2 AAA/AUTHOR/LCP (2272260671): send AV protocol=lcp
05:50:59: Vi2 AAA/AUTHOR/LCP (2272260671): found list "default"
05:50:59: Vi2 AAA/AUTHOR/LCP (2272260671): Method=radius (radius)
05:50:59: RADIUS: unrecognized Microsoft VSA type 10
05:50:59: Vi2 AAA/AUTHOR (2272260671): Post authorization status =
PASS_REPL
05:50:59: Vi2 AAA/AUTHOR/LCP: Processing AV service=ppp
05:50:59: Vi2 AAA/AUTHOR/LCP: Processing AV
mschap_mppe_keys*1y1s1h1j1b1 1:111P1
1-1Z1L1^1T1N111|1b1B1E1▬1^
05:50:59: Vi2 AAA/AUTHOR/FSM: (0): Can we start IPCP?
05:50:59: Vi2 AAA/AUTHOR/FSM (701152068): Port='Virtual-Access2'
list='' service
=NET
05:50:59: AAA/AUTHOR/FSM: Vi2 (701152068) user='rrf'
05:50:59: Vi2 AAA/AUTHOR/FSM (701152068): send AV service=ppp
05:50:59: Vi2 AAA/AUTHOR/FSM (701152068): send AV protocol=ip
05:50:59: Vi2 AAA/AUTHOR/FSM (701152068): found list "default"
05:50:59: Vi2 AAA/AUTHOR/FSM (701152068): Method=radius (radius)
05:50:59: RADIUS: unrecognized Microsoft VSA type 10
05:50:59: Vi2 AAA/AUTHOR (701152068): Post authorization status =
PASS_REPL
05:50:59: Vi2 AAA/AUTHOR/FSM: We can start IPCP
05:50:59: Vi2 AAA/AUTHOR/FSM: (0): Can we start CCP?
05:50:59: Vi2 AAA/AUTHOR/FSM (190549852): Port='Virtual-Access2'
list='' service
=NET
05:50:59: AAA/AUTHOR/FSM: Vi2 (190549852) user='rrf'
05:50:59: Vi2 AAA/AUTHOR/FSM (190549852): send AV service=ppp
05:50:59: Vi2 AAA/AUTHOR/FSM (190549852): send AV protocol=ccp
05:50:59: Vi2 AAA/AUTHOR/FSM (190549852): found list "default"
05:51:00: Vi2 AAA/AUTHOR/FSM (190549852): Method=radius (radius)
05:51:00: RADIUS: unrecognized Microsoft VSA type 10
05:51:00: Vi2 AAA/AUTHOR (190549852): Post authorization status =
PASS_REPL
05:51:00: Vi2 AAA/AUTHOR/FSM: We can start CCP
05:51:00: RADIUS: ustruct sharecount=3
05:51:00: Radius: radius_port_info() success=1 radius_nas_port=1
05:51:00: RADIUS: Sent class "TZ♠►
" at 622DB56C from u
ser 622CD2D8
05:51:00: RADIUS: Initial Transmit Virtual-Access2 id 46
10.9.201.40:1646, Acco
unting-Request, len 130
05:51:00: Attribute 4 6 BE099601
05:51:00: Attribute 5 6 00000002
05:51:00: Attribute 61 6 00000005
05:51:00: Attribute 1 5 72726628
05:51:00: Attribute 40 6 00000001
05:51:00: Attribute 25 32 54DA0610
05:51:00: Attribute 45 6 00000001
05:51:00: Attribute 6 6 00000002
05:51:00: Attribute 44 10 00000009
05:51:00: Attribute 7 6 00000001
05:51:00: Attribute 66 15 31302E31
05:51:00: Attribute 41 6 00000000
05:51:00: RADIUS: Received from id 46 10.9.201.40:1646,
Accounting-response, le
n 20
05:51:00: Vi2 AAA/AUTHOR/FSM: Check for unauthorized mandatory AV's
05:51:00: Vi2 AAA/AUTHOR/FSM: Processing AV service=ppp
05:51:00: Vi2 AAA/AUTHOR/FSM: Processing AV
mschap_mppe_keys*1y1s1h1j1b1 1:111P1
1-1Z1L1^1T1N111|1b1B1E1▬1^
05:51:00: Vi2 AAA/AUTHOR/FSM: Succeeded
05:51:00: Vi2 AAA/AUTHOR/IPCP: Start. Her address 0.0.0.0, we want
0.0.0.0
05:51:00: Vi2 AAA/AUTHOR/IPCP (121557109): Port='Virtual-Access2'
list='' servic
e=NET
05:51:00: AAA/AUTHOR/IPCP: Vi2 (121557109) user='rrf'
05:51:00: Vi2 AAA/AUTHOR/IPCP (121557109): send AV service=ppp
05:51:00: Vi2 AAA/AUTHOR/IPCP (121557109): send AV protocol=ip
05:51:00: Vi2 AAA/AUTHOR/IPCP (121557109): found list "default"
05:51:00: Vi2 AAA/AUTHOR/IPCP (121557109): Method=radius (radius)
05:51:00: RADIUS: unrecognized Microsoft VSA type 10
05:51:00: Vi2 AAA/AUTHOR (121557109): Post authorization status =
PASS_REPL
05:51:00: Vi2 AAA/AUTHOR/IPCP: Processing AV service=ppp
05:51:00: Vi2 AAA/AUTHOR/IPCP: Processing AV
mschap_mppe_keys*1y1s1h1j1b1 1:111P
1
1-1Z1L1^1T1N111|1b1B1E1▬1^
05:51:00: Vi2 AAA/AUTHOR/IPCP: Authorization succeeded
05:51:00: Vi2 AAA/AUTHOR/IPCP: Done. Her address 0.0.0.0, we want
0.0.0.0
05:51:00: Vi2 AAA/AUTHOR/FSM: Check for unauthorized mandatory AV's
05:51:00: Vi2 AAA/AUTHOR/FSM: Processing AV service=ppp
05:51:00: Vi2 AAA/AUTHOR/FSM: Processing AV
mschap_mppe_keys*1y1s1h1j1b1 1:111P1
1-1Z1L1^1T1N111|1b1B1E1▬1^
05:51:00: Vi2 AAA/AUTHOR/FSM: Succeeded
05:51:00: Vi2 AAA/AUTHOR/IPCP: Start. Her address 0.0.0.0, we want
10.9.150.10
1
05:51:00: Vi2 AAA/AUTHOR/IPCP (2903722541): Port='Virtual-Access2'
list='' servi
ce=NET
05:51:00: AAA/AUTHOR/IPCP: Vi2 (2903722541) user='rrf'
05:51:00: Vi2 AAA/AUTHOR/IPCP (2903722541): send AV service=ppp
05:51:00: Vi2 AAA/AUTHOR/IPCP (2903722541): send AV protocol=ip
05:51:00: Vi2 AAA/AUTHOR/IPCP (2903722541): found list "default"
05:51:00: Vi2 AAA/AUTHOR/IPCP (2903722541): Method=radius (radius)
05:51:00: RADIUS: unrecognized Microsoft VSA type 10
05:51:00: Vi2 AAA/AUTHOR (2903722541): Post authorization status =
PASS_REPL
05:51:00: Vi2 AAA/AUTHOR/IPCP: Processing AV service=ppp
05:51:00: Vi2 AAA/AUTHOR/IPCP: Processing AV
mschap_mppe_keys*1y1s1h1j1b1 1:111P
1
1-1Z1L1^1T1N111|1b1B1E1▬1^
05:51:00: Vi2 AAA/AUTHOR/IPCP: Authorization succeeded
05:51:00: Vi2 AAA/AUTHOR/IPCP: Done. Her address 0.0.0.0, we want
10.9.150.101
05:51:00: Vi2 AAA/AUTHOR/IPCP: Start. Her address 10.9.150.101, we
want 10.9.
150.101
05:51:00: Vi2 AAA/AUTHOR/IPCP (2474677066): Port='Virtual-Access2'
list='' servi
ce=NET
05:51:00: AAA/AUTHOR/IPCP: Vi2 (2474677066) user='rrf'
05:51:00: Vi2 AAA/AUTHOR/IPCP (2474677066): send AV service=ppp
05:51:00: Vi2 AAA/AUTHOR/IPCP (2474677066): send AV protocol=ip
05:51:00: Vi2 AAA/AUTHOR/IPCP (2474677066): send AV addr*10.9.150.101
05:51:00: Vi2 AAA/AUTHOR/IPCP (2474677066): found list "default"
05:51:00: Vi2 AAA/AUTHOR/IPCP (2474677066): Method=radius (radius)
05:51:00: RADIUS: unrecognized Microsoft VSA type 10
05:51:00: Vi2 AAA/AUTHOR (2474677066): Post authorization status =
PASS_REPL
05:51:00: Vi2 AAA/AUTHOR/IPCP: Reject 10.9.150.101, using 10.9.150.101
05:51:00: Vi2 AAA/AUTHOR/IPCP: Processing AV service=ppp
05:51:00: Vi2 AAA/AUTHOR/IPCP: Processing AV
mschap_mppe_keys*1y1s1h1j1b1 1:111P
1
1-1Z1L1^1T1N111|1b1B1E1▬1^
05:51:00: Vi2 AAA/AUTHOR/IPCP: Processing AV addr*10.9.150.101
05:51:00: Vi2 AAA/AUTHOR/IPCP: Authorization succeeded
05:51:00: Vi2 AAA/AUTHOR/IPCP: Done. Her address 10.9.150.101, we
want 10.9.1
50.101
05:51:00: Vi2 AAA/AUTHOR/PER-USER: Event IP_UP
05:51:00: Vi2 AAA/AUTHOR: IP_UP
05:51:00: Vi2 AAA/PER-USER: processing author params.
05:51:00: %LINEPROTO-5-UPDOWN: Line protocol on Interface
Virtual-Access2, chang
ed state to up


------Bad Authentication output (pocket pc)------
05:52:59: %LINK-3-UPDOWN: Interface Virtual-Access1, changed state to
up
05:52:59: Vi1 AAA/AUTHOR/FSM: (0): LCP succeeds trivially
05:53:02: AAA: parse name=Virtual-Access1 idb type=21 tty=-1
05:53:02: AAA: name=Virtual-Access1 flags=0x11 type=5 shelf=0 slot=0
adapter=0 p
ort=1 channel=0
05:53:02: AAA: parse name=<no string> idb type=-1 tty=-1
05:53:02: AAA/MEMORY: create_user (0x6252FD98) user='rrf' ruser='NULL'
ds0=0 por
t='Virtual-Access1' rem_addr='' authen_type=MSCHAP service=PPP priv=1
initial_ta
sk_id='0'
05:53:02: AAA/AUTHEN/START (2302672513): port='Virtual-Access1'
list='' action=L
OGIN service=PPP
05:53:02: AAA/AUTHEN/START (2302672513): using "default" list
05:53:02: AAA/AUTHEN/START (2302672513): Method=radius (radius)
05:53:02: RADIUS: ustruct sharecount=1
05:53:02: Radius: radius_port_info() success=1 radius_nas_port=1
05:53:02: RADIUS: Initial Transmit Virtual-Access1 id 48
10.9.201.40:1645, Acce
ss-Request, len 129
05:53:02: Attribute 4 6 BE099601
05:53:02: Attribute 5 6 00000001
05:53:02: Attribute 61 6 00000005
05:53:02: Attribute 1 5 7272661A
05:53:02: Attribute 26 16 000001370B0AD1ED
05:53:02: Attribute 26 58 0000013701341001
05:53:02: Attribute 6 6 00000002
05:53:02: Attribute 7 6 00000001
05:53:02: RADIUS: Received from id 48 10.9.201.40:1645, Access-Reject,
len 42
05:53:02: Attribute 26 22 0000013702101045
05:53:02: AAA/AUTHEN (2302672513): status = FAIL
05:53:02: AAA/MEMORY: free_user (0x6252FD98) user='rrf' ruser='NULL'
port='Virtu
al-Access1' rem_addr='' authen_type=MSCHAP service=PPP priv=1
05:53:02: Vi1 AAA/AUTHOR/PER-USER: Event LCP_DOWN
05:53:02: Vi1 AAA/AUTHOR: LCP_DOWN
05:53:02: Vi1 AAA/AUTHOR/FSM: (0): LCP succeeds trivially
05:53:02: Vi1 AAA/AUTHOR/PER-USER: Event LCP_DOWN
05:53:02: Vi1 AAA/AUTHOR: LCP_DOWN
05:53:02: %LINK-3-UPDOWN: Interface Virtual-Access1, changed state to
down
05:53:02: Vi1 AAA/AUTHOR/PER-USER: Event LCP_DOWN
05:53:02: Vi1 AAA/AUTHOR: LCP_DOWN

hossam_008

NAS.


2003. I am trying

connect to a Cisco

server running

XP Pro and

works fine on

though I have

configuring the


the laptop

If anyone

-------


authenticated

1646


changed state to

tty=-1

shelf=0 slot=0


user='rrf' ruser='NULL'


service=PPP priv=1

Access2'

list

(radius)


radius_nas_port=1


Access-Accept,

Access2'


service=ppp

protocol=lcp

list "default"

(radius)


authorization status =

Access2'


service=ppp

protocol=ip

list "default"

(radius)


status =


Access2'


service=ppp

protocol=ccp

list "default"

(radius)


status =


radius_nas_port=1

class "TZ♠►

mandatory AV's


0.0.0.0, we want


Access2'


service=ppp

protocol=ip

list "default"

(radius)


status =


0.0.0.0, we want


mandatory AV's


0.0.0.0, we want

Port='Virtual-Access2'


service=ppp

protocol=ip

list "default"

Method=radius (radius)


authorization status =


0.0.0.0, we want


10.9.150.101, we

Port='Virtual-Access2'


service=ppp

protocol=ip

addr*10.9.150.101

list "default"

Method=radius (radius)


authorization status =


using 10.9.150.101


addr*10.9.150.101


10.9.150.101, we


changed state to

tty=-1

shelf=0 slot=0


user='rrf' ruser='NULL'


service=PPP priv=1

Access1'

list

(radius)


radius_nas_port=1


Access-Reject,


ruser='NULL'


priv=1


changed state to

hossam_008

NAS.


2003. I am trying

connect to a Cisco

server running

XP Pro and

works fine on

though I have

configuring the


the laptop

If anyone

-------


authenticated

1646


changed state to

tty=-1

shelf=0 slot=0


user='rrf' ruser='NULL'


service=PPP priv=1

Access2'

list

(radius)


radius_nas_port=1


Access-Accept,

Access2'


service=ppp

protocol=lcp

list "default"

(radius)


authorization status =

Access2'


service=ppp

protocol=ip

list "default"

(radius)


status =


Access2'


service=ppp

protocol=ccp

list "default"

(radius)


status =


radius_nas_port=1

class "TZ♠►

mandatory AV's


0.0.0.0, we want


Access2'


service=ppp

protocol=ip

list "default"

(radius)


status =


0.0.0.0, we want


mandatory AV's


0.0.0.0, we want

Port='Virtual-Access2'


service=ppp

protocol=ip

list "default"

Method=radius (radius)


authorization status =


0.0.0.0, we want


10.9.150.101, we

Port='Virtual-Access2'


service=ppp

protocol=ip

addr*10.9.150.101

list "default"

Method=radius (radius)


authorization status =


using 10.9.150.101


addr*10.9.150.101


10.9.150.101, we


changed state to

tty=-1

shelf=0 slot=0


user='rrf' ruser='NULL'


service=PPP priv=1

Access1'

list

(radius)


radius_nas_port=1


Access-Reject,


ruser='NULL'


priv=1


changed state to

rfield

I fixed my own problem. turns out the Pocket PC uses an older version
of the pptp client. I had to change a registry value on the IAS
server to accept LAN Manager connections.

sam salhi [msft]

The registry key to enable lan man authentication is:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\RemoteAccess\Policy\All
ow LM Authentication DWORD 1


--
================================================== =========
This posting is provided "AS IS" with no warranties and confers no rights
================================================== =========