Undefined symbol

during building of the pptpd there are an error messages:

Verifying ELF objects in /home/stalker/tmp/pptpd-buildroot
(arch=normal,fhs=normal,rpath=normal,stack=normal,textrel=normal,unresolved=normal)
verify-elf: ERROR: ./usr/lib64/pptpd-logwtmp.so: undefined symbol: debug
verify-elf: ERROR: ./usr/lib64/pptpd-logwtmp.so: undefined symbol: ifname
verify-elf: ERROR: ./usr/lib64/pptpd-logwtmp.so: undefined symbol:
ip_down_notifier
verify-elf: ERROR: ./usr/lib64/pptpd-logwtmp.so: undefined symbol:
ip_up_notifier
verify-elf: ERROR: ./usr/lib64/pptpd-logwtmp.so: undefined symbol:
peer_authname
verify-elf: ERROR: ./usr/lib64/pptpd-logwtmp.so: undefined symbol: logwtmp
verify-elf: ERROR: ./usr/lib64/pptpd-logwtmp.so: undefined symbol: notice
verify-elf: ERROR: ./usr/lib64/pptpd-logwtmp.so: undefined symbol:
add_options
verify-elf: ERROR: ./usr/lib64/pptpd-logwtmp.so: undefined symbol:
add_notifier

[stalker <at> gws pptpd]$ ldd pptpd-logwtmp.so
         libc.so.6 => /lib64/libc.so.6 (0x00002ab62b43a000)
         /lib64/ld-linux-x86-64.so.2 (0x0000555555554000)

pptpd	1.3.0

-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys -- and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV

Re: Undefined symbol

On Tue, Aug 01, 2006 at 01:45:02PM +0400, Anton Gorlov wrote:
> during building of the pptpd there are an error messages:

The symbols referenced are pppd plugin callback functions, except for
logwtmp which is a libc function.  Check your build of pppd.  Consider
not building the pptpd-logwtmp plugin if you do not require it.

Please also try with pptpd 1.3.2, as 1.3.0 is uninteresting.

--

-- 
James Cameron                         http://quozl.netrek.org/
HP Open Source, Volunteer             http://opensource.hp.com/
PPTP Client Project, Release Engineer http://pptpclient.sourceforge.net/

-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys -- and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV

poptop and radius

Here is what I am seeing:
- Poptop is trying to authenticate using radius.
- It is actually talking to my radius server.
- It is sending the user name to the radius server.
- It is not sending the password to the radius server.

Can anyone tell me what configuration options I need
to convince radius authentication to work?

Is there anything else I may have overlooked?

hal

-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys -- and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV

Re: poptop and radius

hal wrote:
> Here is what I am seeing:
> - Poptop is trying to authenticate using radius.
> - It is actually talking to my radius server.
> - It is sending the user name to the radius server.
> - It is not sending the password to the radius server.

> 
> 
> Can anyone tell me what configuration options I need
> to convince radius authentication to work?
> 
> Is there anything else I may have overlooked?

In the common case ("use encrypted passwords" on the windows client), 
username/password auth (PAP, in radius terms) is not used. MS-CHAP is 
used, which sends a username and challenge+response pair.

Is that what's happening?

-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys -- and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV

Re: poptop and radius

On Aug 2, 2006, at 8:48 AM, Phil Mayers wrote:

>
> In the common case ("use encrypted passwords" on the windows client),
> username/password auth (PAP, in radius terms) is not used. MS-CHAP is
> used, which sends a username and challenge+response pair.
>
> Is that what's happening?

I am using MS-CHAP.  In my options.pptpd file I have

	require-mschap-v2

The problem is that my radius server requires a username
and password to authenticate which is the usual case, but
poptop is only sending a username.

According to /var/log/debug poptop, pppd actually, is sending
a challenge to the client and is receiving a response back.

If the client is actually sending a password in the response
it is not being passed on the the radius server.

If the client is not sending a password in its response how do
I make it do that?

hal

-------------------------------------------------------------------------

Re: poptop and radius

hal wrote:
> On Aug 2, 2006, at 8:48 AM, Phil Mayers wrote:
> 
>> In the common case ("use encrypted passwords" on the windows client),
>> username/password auth (PAP, in radius terms) is not used. MS-CHAP is
>> used, which sends a username and challenge+response pair.
>>
>> Is that what's happening?
> 
> I am using MS-CHAP.  In my options.pptpd file I have
> 
> 	require-mschap-v2
> 
> The problem is that my radius server requires a username
> and password to authenticate which is the usual case, but
> poptop is only sending a username.
> 
> According to /var/log/debug poptop, pppd actually, is sending
> a challenge to the client and is receiving a response back.
> 
> If the client is actually sending a password in the response
> it is not being passed on the the radius server.
> 
> If the client is not sending a password in its response how do
> I make it do that?

To repeat: MS-CHAP does not send a password. A correctly-formatted 
MS-CHAP RADIUS request looks like this:

User-Name = "foo"

Re: poptop and radius

On Wed, Aug 02, 2006 at 09:15:18AM -0600, hal wrote:
> 
> On Aug 2, 2006, at 8:48 AM, Phil Mayers wrote:
> 
> >
> > In the common case ("use encrypted passwords" on the windows client),
> > username/password auth (PAP, in radius terms) is not used. MS-CHAP is
> > used, which sends a username and challenge+response pair.
> >
> > Is that what's happening?
> 
> I am using MS-CHAP.  In my options.pptpd file I have
> 
> 	require-mschap-v2
> 
> The problem is that my radius server requires a username
> and password to authenticate which is the usual case, but
> poptop is only sending a username.
> 
> According to /var/log/debug poptop, pppd actually, is sending
> a challenge to the client and is receiving a response back.
> 
> If the client is actually sending a password in the response
> it is not being passed on the the radius server.
> 
> If the client is not sending a password in its response how do
> I make it do that?
> 
> hal

[PATCH] --without confusion in Makefile

Running configure '--without-X' ends up enabling the option anyway.
There is likely a better way to fix this, but the below patch
works for me.  

Phil

--- pptpd-1.3.2/configure.po	2006-07-31 19:13:31.000000000 -0400
+++ pptpd-1.3.2/configure	2006-07-31 19:17:52.000000000 -0400
 <at>  <at>  -5861,23 +5861,13  <at>  <at> 

 # Check whether --with-bsdppp or --without-bsdppp was given.
 if test "${with_bsdppp+set}" = set; then
-  withval="$with_bsdppp"
-   cat >>confdefs.h <<\_ACEOF
-#define BSDUSER_PPP 1
-_ACEOF
-
-	  BSDUSER_PPP=$with_bsdppp
+	BSDUSER_PPP=$with_bsdppp
 fi;

 
 # Check whether --with-slirp or --without-slirp was given.
 if test "${with_slirp+set}" = set; then
-  withval="$with_slirp"
-   cat >>confdefs.h <<\_ACEOF
-#define SLIRP 1
-_ACEOF

Re: poptop and radius

On Aug 2, 2006, at 9:21 AM, Ray Van Dolson wrote:

>
>
> With MSCHAPv2, no password is ever transmitted over the wire.  It  
> should be
> a key/hash exchange type deal.  The password must be stored in  
> plaintext on
> your Radius server.

>
> In short, there should be no password transmitted :)

If you mean that the client does not send a password encrypted or
not to the server so it can send the username/password pair to
my radius server for verification thenI can't use MS-CHAP.

I now see that you and Phil are correct.  So..

What can I use?

hal

-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys -- and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV

Re: poptop and radius

hal wrote:
> On Aug 2, 2006, at 9:21 AM, Ray Van Dolson wrote:
> 
>>
>> With MSCHAPv2, no password is ever transmitted over the wire.  It  
>> should be
>> a key/hash exchange type deal.  The password must be stored in  
>> plaintext on
>> your Radius server.
> 
>> In short, there should be no password transmitted :)
> 
> If you mean that the client does not send a password encrypted or
> not to the server so it can send the username/password pair to
> my radius server for verification thenI can't use MS-CHAP.
> 
> I now see that you and Phil are correct.  So..
> 
> What can I use?

Unchecking the "use encrypted passwords" box on windows clients and 
setting the appropriate options in "options.pptpd" will use PAP.

However, only MS-CHAP can give you encryption keys, therefore not using 
MS-CHAP will mean your PPTP tunnel has no encryption. There is no way 
around this.

-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your