MPPE keys, Microsoft PPTP client

admin_2 · ‎03-29-2004

I'm trying to use ACS 2.6 and ACS 3.2 as a radius server to for my Msft win-xp client to do authentication before it brings up its pptp client.

To that end, on ACS, I enable the attributes:

MS-CHAP-MPPE-Keys (N/A)

MS-CHAP-MPPE-Types (128 bit)

MS-MPPE-Recv-Key (N/A)

MS-MPPE-Send-Key (N/A)

Service-Type (outbound)

However, ACS 2.6 and 3.2 require me to enter in a value for MS-MPPE-Recv-Key and MS-MPPE-Send-Key !

I was using an even later implementation of ACS (I think it was 3.32) and that does not require me entering in a value for these two keys .... and ACS 3.32 works just fine. However, I just can't get 2.6 working... as it wants me to enter in values but I have no idea what to enter.

Can somebody who's gotten ACS working in this fashion help?

Thanks

gfullage · ‎03-29-2004

You shouldn't need to add anything in for these attributes, so just don't enable them. MPPE will work without them (it *should* just work with only the "MS-CHAP-MPPE-Keys" attribute returned to the NAS).

I would suggest going under Interface Config - Radius (Microsoft) and disable the check boxes for these two attributes, then you won't even see them under the User/Group configuration. They won't be returned to the NAS and the connection should work fine.

If this still doesn't work, then we'd need to see debug output from the router during a connection attempt, so it may be easier to open a TAC case. What we'd need to see is the following:

debug aaa authen

debug aaa author

debug ppp neg

debug ppp auth

debug radius