error 691 is generally an auth error.
"Error 691: Access was denied because the username and/or password was
invalid on the domain"
It shows up a lot when MS-CHAP tries to not only senf the username
"claudemir" but will append the domain so the user really looks like
"domain\claudemir" when it hits the radius server.
Error 691 is an authentication problem probably due to the fact that MS chap
uses the domain name and username combo to authenticate. If you look at the
logs you will probably see a message saying that MS chap is trying to
authenticate user "domain\\username". I got it to work by putting the full
domain and user string in the client portion of the chap-secrets file.
# Secrets for authentication using CHAP
# client server secret IP addresses
workgroup\\user server password *
There is also a patch called chapms-strip-domain out there which strips of
--------- Mensagem Original --------
From: Sysdata <claudemir at sysdata dot ind dot br>
To: m0n0wall at lists dot m0n0 dot ch <m0n0wall at lists dot m0n0 dot ch>
Subject: [m0n0wall] PPTP autentication against Radius Server
Date: 22/04/04 11:19
> Dear Friend
When I use VPN with PPTP authentication, it works perfectly, but when I try
to authenticate by using PPTP against a radius server, I got some errors !
mpd: Name: "claudemir"
Apr 15 09:25:17 mpd: [pptpc0] RADIUS: RadiusAddServer Adding 192.168.1.3
Apr 15 09:25:17 mpd: [pptpc0] RADIUS: RadiusPutAuth: RADIUS_CHAP (MSOFTv2)
peer name: claudemir
Apr 15 09:25:19 mpd: [pptpc0] RADIUS: RadiusSendRequest: RAD_ACCESS_REJECT
for user claudemir
Apr 15 09:25:19 mpd: [pptpc0] RADIUS: RadiusGetParams: MS-CHAP-Error:
Apr 15 09:25:19 mpd: [pptpc0] CHAP: sending FAILURE
Apr 15 09:25:19 mpd: [pptpc0] error writing len 18 frame to bypass: Network
Apr 15 09:25:19 mpd: [pptpc0] LCP: authorization failed
Apr 15 09:25:19 mpd: [pptpc0] bundle: CLOSE event in state OPENED
Apr 15 09:25:19 mpd: [pptpc0] closing link "pptpc0"...
Apr 15 09:25:19 mpd: [pptpc0] device: DOWN event in state CLOSING
Apr 15 09:25:19 mpd: [pptpc0] device is now in state DOWN
Apr 15 09:25:19 mpd: pptp0: CID 0xeb83 in SetLinkInfo not found
Apr 15 09:25:19 mpd: [pptpc0] CHAP: rec'd RESPONSE #1
Apr 15 09:25:19 mpd: Not expected, but that's OK
The Radius Server is running FreeBSD + FreeRadius + MySQL to authentication
and accounting, is possible to authenticate by using PPPOE clients without
problems, however the PPTP clients cannot.
I believe the problem is something related to MS-CHAP, The FreeRadius
configuration already have a session for MS-CHAP authentication, but still
Any suggestion, please ?
Claudemir F. Martins