Learn how to a build a cloud-first strategyRegister Now


Remote Access from Mac to NT

Posted on 1998-07-27
Medium Priority
Last Modified: 2013-12-27
I am trying to setup PPP on a MAC powerbook to remote access into a NT server, but I can't get the authentication to work.  Any suggestions?
Question by:eagers
  • 3
  • 2
  • 2
  • +3

Expert Comment

ID: 1541650
Let me know your config (server)
Go to control panels, network, services, RAS-Service, properties,network:
set scrambling (don´t know exactly, using german version, its the three radio buttons at the bottom (above multilink))
to authentication as unscrambeld text

Author Comment

ID: 1541651
The authentication is set to "allow any even clear text authentication".  The network protocol is tcp/ip.

Expert Comment

ID: 1541652
Is there a firewall in the way?
Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.


Author Comment

ID: 1541653

Expert Comment

ID: 1541654
Do you have a domain that you need to log in to. This needs to be part of your log in name

Expert Comment

ID: 1541655
You must find an open port and put it in your IP addr and you need a remote control utility.

example -> 123.321.222.333:39 <- port 39)

A good port scan utility can be found at:

Timbuk2 is a pretty good for that sort of thing and is cross-platform.
-good luck

Expert Comment

ID: 1541656

instead of just

in the PPP control panel.

See http://valleynet.on.ca/~aa158/mac-ras.html
for more information.



Expert Comment

ID: 1541657
The reason the authintaction fails is that you are not registyered on the other computer...

Expert Comment

ID: 1541658
Frequently Asked Question:
How to make a Macintosh PPP connection to Windows NT RAS

1. Background
2. PAP Authentication ("clear text")
3. Macintosh Setup
4. Other Authentication Protocols (MS-CHAP, CHAP)
5. Accessing the Windows Network
6. Limitations (Accessing Macintosh volumes)
7. Callback to a NT RAS Server

1. Background

Many companies (and some ISP's) are using the Windows NT RAS server to
provide remote access to their networks and to the Internet.

A common problem occurs when the NT RAS (Remote Access Service) is set
to a non-standard type of PPP authentication, called MS-CHAP.

The RAS server can negotiate standard CHAP authentication with some
changes to the Windows NT registry, see below.

2. PAP Authentication ("clear text")

The easiest solution is to set the NT RAS server to use PAP
authentication, which is supported by most PPP software.

Directions to make this change in the NT RAS server:

1. Go to Control Panel.
2. Double-click the Network icon.
3. Scroll in box under Installed Network Software and select Remote
   Access Service, then click on the Configure button.
4. In the Remote Access Setup window, click the Network... button.
5. You are now at the Network Configuration window where the change is
6. Under Encryption Settings: select "Allow any authentication including
   clear text".

3. Macintosh Setup

Note: This assumes "clear text" has been enabled on the RAS server

The two most common PPP programs are Open Transport/PPP (OT/PPP) and
FreePPP. There are also others available.

OT/PPP Setup:

1.In the TCP/IP control panel, select both "Connect via PPP" and
"Configure Using PPP server". Enter one or more DNS server IP addresses.

***Note: Do not select "Configure Using DHCP server"

2.In the PPP control panel, enter your NT domain username and password.

***Note: You may have to enter "domain\username" instead of "username"

|"If your RAS server is a member or a secondary domain controller of a  |
| domain then you need to prefix the user name with the domain name. The|
| reason that you must specify the domain name is that the RAS server   |
| must ask some other server to validate your account, it needs to know |
| the domain name which corresponds to your account."                   |
|                       -- From the "Linux PPP FAQ" by Al Longyear      |

Select the "Options..." button, then the "Protocol" tab:
  "Allow error correction and compression in modem" --> Yes
  "Use TCP header compression" --> Yes
  "Connect to a command-line host" --> No

FreePPP Setup:

Enter the NT domain username and password in the Authentication dialog.
See note above.

4. Other Authentication Protocols (MS-CHAP, CHAP)

If you are unable to have the NT RAS server set to "clear text", then
there are other options:

ARA 3.1 client, included with the upcoming Mac OS 8.5 update (shipping
September '98), will support MS-CHAP and "PPP IPCP Extensions for Name
Server Addresses" (RFC 1877). This will solve most compatibility problems
with Windows NT RAS.

There is a PPTP client for Macintosh called "TunnelBuilder for Mac Remote",
sold by NTS, which is capable of MS-CHAP authentication ("Require
Microsoft encrypted authentication"). It works very well as a PPP client.
There is a time-limited evaluation version available.

TunnelBuilder is not capable of callback, if that has been enabled on the
RAS server.

The IntragyAccess package, sold by Ascend, includes the Ascend PPP dialer
which, according to the data sheet, supports PAP, CHAP and MS-CHAP

Alternatively, as of NT 4.0, Service Pack 2, the RAS is capable of using
standard CHAP authentication (supported by most PPP software).

Here are the instructions from the most recent NT 4.0 service pack:
3.4 Remote Access Service PPP CHAP MD5 Authenticator Support
Service Pack 3 provides limited PPP MD5-CHAP authenticator support to
the Remote Access Server, which may be useful for small user-count
environments using non-Microsoft PPP dial-in clients. The support is
local to a given RAS server. The MD5 account information is stored in
the RAS server registry and is not integrated or synchronized with
the User Manager account database. Integrated support will appear in
a later release, at which time this limited support may be removed.

The local MD5-CHAP authenticator is enabled by creating the MD5 key
below and adding "account" subkeys of the form [<domain>:]<user>,
with subvalue "Pw" containing the account password. The ":" notation
is used instead of "\" due to the syntax rules of registry keys. The
'domain:' is optional and typically omitted. MD5-CHAP will not be
negotiated (old behavior) when the MD5 key does not exist (default).


(Note: These user accounts cannot be managed with the standard Windows NT

5. Accessing the Windows Network

One can access Windows NT/95 shared volumes over the RAS link using DAVE,
sold by Thursby.

DAVE Tips:

To enable browsing of the "Network Neighborhood" (using the Chooser) one
has to enter the IP address for the primary WINS server (and secondary if
available) in the NetBIOS control panel.

In the Administrator Options, change the mode to P. Also select the DNS
check box if this information is available, and deselect the LMHOSTS check
box if you're not using such a file.

If your company is using Microsoft Exchange Server for email, then the
full Macintosh Outlook (not Outlook Express) client is available for
download and it will work over the RAS connection.

Note that SP1_55MA.EXE (a self-extracting ZIP file) is 7MB smaller than
SP1_55MA.hqx, and can be unzipped on the Macintosh using ZipIt.

***Note: DAVE is not required for use of the Exchange client.

Exchange Server Tips:

One common problem is solved by entering the name of the Exchange Server
in lowercase in the Outlook client setup.

If the Outlook setup isn't working, ensure that you are able to ping
the Exchange Server, by host name. A good ping utility is Mac TCP Watcher.

If your company is using MS Proxy Server then there are some special
considerations to be aware of.  See:

6. Limitations

Currently, NT RAS does not support the AppleTalk protocol.

This means that one cannot access Macintosh volumes shared by the
Windows NT "Services for Macintosh" (except by setting up a separate
ARA server, or a PPP server capable of ATCP).

The Windows NT "Services for Macintosh" do not support AFP over TCP/IP
(e.g. AppleShare IP).

7. Callback to a NT RAS Server

The callback feature of the NT RAS uses a LCP extension called CBCP
(CallBack Control Protocol), which is not supported by most Macintosh PPP
software.  This lack of CBCP cannot be made up at the scripting level;
the capability has to be added to the PPP client.

AccessPPP is a freeware Macintosh PPP client which has callback support
for Windows NT RAS server. It can only use PAP authentication (clear text).

Author: Richard Birchall
Updated: August 14, 1998
Please send comments and corrections to aa158@valleynet.on.ca


Accepted Solution

birchallr earned 800 total points
ID: 1541659
This is a frequently asked question, for which I have prepared a web page.



Richard Birchall


Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to recover a playlist after moving the music from one location, folder or hard disk, to a new one, folder or disk. Disclaimer I have performed this procedure after moving my music from one hard disk to a second hard disk using Windows XP sp3…
A lot of new and distinct gadgets are making their appearance every other day. The latest gadget that has wooed the attention of all gadget lovers and non gadget lovers alike is the Smartwatch. This tiny gadget is capable of offering live access to …
this video summaries big data hadoop online training demo (http://onlineitguru.com/big-data-hadoop-online-training-placement.html) , and covers basics in big data hadoop .
Whether it be Exchange Server Crash Issues, Dirty Shutdown Errors or Failed to mount error, Stellar Phoenix Mailbox Exchange Recovery has always got your back. With the help of its easy to understand user interface and 3 simple steps recovery proced…

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question