0 Replies Latest reply on Nov 27, 2009 10:07 AM by hibee

    SNAPGEAR SG720 & W2K8 RADIUS Authentication



      I hope someone out there can help...


      I'm trying to get a SNAPGEAR SG720 to use RADIUS (PPTP) using a W2K8 DC, however, I simply cannot get the remote uer to authenticate, a resultant 691 error occurs.  In the logs, I'm getting the following:


      Nov 27 10:36:19 pppd[2199]: MSCHAP-v2 peer authentication failed for remote host <username>
      Nov 27 10:36:19 pppd[2199]: Connection terminated.
      Nov 27 10:36:19 pppd[2199]: Exit.
      Nov 27 10:36:20 pptpd[2198]: GRE: read(fd=6,buffer=145e4,len=4096) from PTY failed: status = -1 error = Error 5
      Nov 27 10:36:20 pptpd[2198]: CTRL: PTY read or GRE write failed (pty,gre)=(6,7)
      Nov 27 10:36:20 pptpd[2198]: CTRL: Client <IP Address> control connection finished
      Nov 27 10:36:20 pptpd[2198]: CTRL: Couldn't write packet to client.


      The 'chain' is linked throughout where the SNAPGEAR and W2K8 RADIUS policies (connection & network) are setup to use 128-bit encryption and MS-CHAP v2.  I've double-checked this a number of times and it works without any authentication/encryption, however, as soon I opt for PAP for e.g, I get a failure and everything thereafter.  When I test the RADIUS connection using the SNAPGEAR I receive a access denied so it is able to reach the W2K8 RADIUS server on the basis of information in the administration manual, however, it cannot authenticate the user which is where I'm banging my head against a brick wall here.  It really shouldn't be this difficult and I'm wondering if there's a compatibility issue with W2K8 authentication?!?!

      To be honest, I would ideally like IPSec for remote client connectivity but not 100% sure how this fits!  Any explicits would be much appreciated...


      So if anybody out there can help then I would be SO appreciative.  I'm running around in cricles now and I just want this resolved.


      Thanks in advance to anyone good samaritan willing to help.