Support Support Downloads Knowledge Base Juniper Support Portal Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

Workaround to add MS-MPPE-Send-Key and MS-MPPE-Recv-Key attributes to a Steel-Belted Radius return list

0

0

Article ID: KB11032 KB Last Updated: 03 Mar 2017Version: 4.0
Summary:
To support the Microsoft Point-to-Point Encryption Protocol (MPPE), it may be necessary to return the MS-MPPE-Send-Key and MS-MPPE-Recv-Key attributes in an authentication response.  SBR will automatically generate these keys when configured to return them.  In some versions, the administrator does not clearly allow you to configure these attributes.  A workaround is documented here.
Symptoms:

Solution:
For EAP authentication (TTLS, PEAP), configuration works as expected.  SBR has a flag in the specific EAP configuration to return these keys.  For example, the "Return MPPE Keys" checkbox under "Authentication Policies > EAP Methods > EAP-TTLS > Edit > Advanced Server Settings" in SBR Administrator (for older versions of SBR, configure "Return_MPPE_Keys = 1" in ttlsauth.aut).  No workaround is necessary for EAP authentication.

For simple MS-CHAPv2 authentication, the attributes should be configured in a user or profile return list in SBR administrator.

The following procedure can be used to add the attributes.
  1. In the return list entry, choose "Add"

  2. Select MS-MPPE-Send-Key, check the "Echo" check-box, and press "Add".

  3. Do the same for MS-MPPE-Recv-Key

  4. Press "Close"

  5. In the return list, select MS-MPPE-Send-Key, and select "edit"

  6. Un-check the "Echo" box

  7. Save

  8. Repeat for the MS-MPEE-Recv-Key
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search