Solved

Remote Access from Mac to NT

Posted on 1998-07-27
10
431 Views
Last Modified: 2013-12-27
I am trying to setup PPP on a MAC powerbook to remote access into a NT server, but I can't get the authentication to work.  Any suggestions?
0
Comment
Question by:eagers
  • 3
  • 2
  • 2
  • +3
10 Comments
 

Expert Comment

by:soundtra
ID: 1541650
Let me know your config (server)
Go to control panels, network, services, RAS-Service, properties,network:
set scrambling (don´t know exactly, using german version, its the three radio buttons at the bottom (above multilink))
to authentication as unscrambeld text
0
 

Author Comment

by:eagers
ID: 1541651
The authentication is set to "allow any even clear text authentication".  The network protocol is tcp/ip.
0
 
LVL 6

Expert Comment

by:TheHub
ID: 1541652
Is there a firewall in the way?
0
 

Author Comment

by:eagers
ID: 1541653
no
0
 
LVL 5

Expert Comment

by:paulvaneykelen
ID: 1541654
Do you have a domain that you need to log in to. This needs to be part of your log in name
0
Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

 
LVL 6

Expert Comment

by:TheHub
ID: 1541655
You must find an open port and put it in your IP addr and you need a remote control utility.

example -> 123.321.222.333:39 <- port 39)

A good port scan utility can be found at:
http://www.aggroup.com/

Timbuk2 is a pretty good for that sort of thing and is cross-platform.
http://www.farallon.com/
-good luck
0
 
LVL 1

Expert Comment

by:birchallr
ID: 1541656
Enter
    domain\username

instead of just
    username

in the PPP control panel.

See http://valleynet.on.ca/~aa158/mac-ras.html
for more information.


Richard



0
 

Expert Comment

by:macmann
ID: 1541657
The reason the authintaction fails is that you are not registyered on the other computer...
0
 
LVL 1

Expert Comment

by:birchallr
ID: 1541658
------------------------------------------------------------------------
------------------------------------------------------------------------
Frequently Asked Question:
How to make a Macintosh PPP connection to Windows NT RAS

1. Background
2. PAP Authentication ("clear text")
3. Macintosh Setup
4. Other Authentication Protocols (MS-CHAP, CHAP)
5. Accessing the Windows Network
6. Limitations (Accessing Macintosh volumes)
7. Callback to a NT RAS Server

------------------------------------------------------------------------
1. Background

Many companies (and some ISP's) are using the Windows NT RAS server to
provide remote access to their networks and to the Internet.

A common problem occurs when the NT RAS (Remote Access Service) is set
to a non-standard type of PPP authentication, called MS-CHAP.

The RAS server can negotiate standard CHAP authentication with some
changes to the Windows NT registry, see below.

------------------------------------------------------------------------
2. PAP Authentication ("clear text")

The easiest solution is to set the NT RAS server to use PAP
authentication, which is supported by most PPP software.

Directions to make this change in the NT RAS server:

1. Go to Control Panel.
2. Double-click the Network icon.
3. Scroll in box under Installed Network Software and select Remote
   Access Service, then click on the Configure button.
4. In the Remote Access Setup window, click the Network... button.
5. You are now at the Network Configuration window where the change is
   made.
6. Under Encryption Settings: select "Allow any authentication including
   clear text".

------------------------------------------------------------------------
3. Macintosh Setup

Note: This assumes "clear text" has been enabled on the RAS server

The two most common PPP programs are Open Transport/PPP (OT/PPP) and
FreePPP. There are also others available.

OT/PPP Setup:

1.In the TCP/IP control panel, select both "Connect via PPP" and
"Configure Using PPP server". Enter one or more DNS server IP addresses.

***Note: Do not select "Configure Using DHCP server"

2.In the PPP control panel, enter your NT domain username and password.

***Note: You may have to enter "domain\username" instead of "username"

|"If your RAS server is a member or a secondary domain controller of a  |
| domain then you need to prefix the user name with the domain name. The|
| reason that you must specify the domain name is that the RAS server   |
| must ask some other server to validate your account, it needs to know |
| the domain name which corresponds to your account."                   |
|                       -- From the "Linux PPP FAQ" by Al Longyear      |
 

Select the "Options..." button, then the "Protocol" tab:
 
  "Allow error correction and compression in modem" --> Yes
  "Use TCP header compression" --> Yes
  "Connect to a command-line host" --> No

FreePPP Setup:

Enter the NT domain username and password in the Authentication dialog.
See note above.

------------------------------------------------------------------------
4. Other Authentication Protocols (MS-CHAP, CHAP)

If you are unable to have the NT RAS server set to "clear text", then
there are other options:

------------------------------------------------------------------------
ARA 3.1 client, included with the upcoming Mac OS 8.5 update (shipping
September '98), will support MS-CHAP and "PPP IPCP Extensions for Name
Server Addresses" (RFC 1877). This will solve most compatibility problems
with Windows NT RAS.

------------------------------------------------------------------------
There is a PPTP client for Macintosh called "TunnelBuilder for Mac Remote",
sold by NTS, which is capable of MS-CHAP authentication ("Require
Microsoft encrypted authentication"). It works very well as a PPP client.
There is a time-limited evaluation version available.
<http://207.87.72.7/downloads/evalsoftware/tbuildmac/tbuildremote.hqx>

TunnelBuilder is not capable of callback, if that has been enabled on the
RAS server.

------------------------------------------------------------------------
The IntragyAccess package, sold by Ascend, includes the Ascend PPP dialer
which, according to the data sheet, supports PAP, CHAP and MS-CHAP
authentication.

------------------------------------------------------------------------
Alternatively, as of NT 4.0, Service Pack 2, the RAS is capable of using
standard CHAP authentication (supported by most PPP software).

Here are the instructions from the most recent NT 4.0 service pack:
------------------------------------------------------------
3.4 Remote Access Service PPP CHAP MD5 Authenticator Support
------------------------------------------------------------
Service Pack 3 provides limited PPP MD5-CHAP authenticator support to
the Remote Access Server, which may be useful for small user-count
environments using non-Microsoft PPP dial-in clients. The support is
local to a given RAS server. The MD5 account information is stored in
the RAS server registry and is not integrated or synchronized with
the User Manager account database. Integrated support will appear in
a later release, at which time this limited support may be removed.

The local MD5-CHAP authenticator is enabled by creating the MD5 key
below and adding "account" subkeys of the form [<domain>:]<user>,
with subvalue "Pw" containing the account password. The ":" notation
is used instead of "\" due to the syntax rules of registry keys. The
'domain:' is optional and typically omitted. MD5-CHAP will not be
negotiated (old behavior) when the MD5 key does not exist (default).

HKLM\SYSTEM\CurrentControlSet\Services\RasMan\PPP\CHAP\MD5  
        [<domain>:]<user>
                (REG_SZ)Pw

------------------------------------------------------------
(Note: These user accounts cannot be managed with the standard Windows NT
utilities.)

------------------------------------------------------------------------
5. Accessing the Windows Network

------------------------------------------------------------------------
One can access Windows NT/95 shared volumes over the RAS link using DAVE,
sold by Thursby.

DAVE Tips:

To enable browsing of the "Network Neighborhood" (using the Chooser) one
has to enter the IP address for the primary WINS server (and secondary if
available) in the NetBIOS control panel.

In the Administrator Options, change the mode to P. Also select the DNS
check box if this information is available, and deselect the LMHOSTS check
box if you're not using such a file.

------------------------------------------------------------------------
If your company is using Microsoft Exchange Server for email, then the
full Macintosh Outlook (not Outlook Express) client is available for
download and it will work over the RAS connection.
<ftp://ftp.microsoft.com
/bussys/exchange/exchange-public/fixes/Eng/Exchg5.5/Sp1/Mac/>

Note that SP1_55MA.EXE (a self-extracting ZIP file) is 7MB smaller than
SP1_55MA.hqx, and can be unzipped on the Macintosh using ZipIt.
<http://www.awa.com/softlock/zipit/zipit.html>

***Note: DAVE is not required for use of the Exchange client.

Exchange Server Tips:

One common problem is solved by entering the name of the Exchange Server
in lowercase in the Outlook client setup.

If the Outlook setup isn't working, ensure that you are able to ping
the Exchange Server, by host name. A good ping utility is Mac TCP Watcher.
<ftp://ftp.share.com/pub/peterlewis/mactcpwatcher-20.sit.bin>

------------------------------------------------------------------------
If your company is using MS Proxy Server then there are some special
considerations to be aware of.  See:
<http://www.macwindows.com/servtips.html#MSProxy>

------------------------------------------------------------------------
6. Limitations

Currently, NT RAS does not support the AppleTalk protocol.

This means that one cannot access Macintosh volumes shared by the
Windows NT "Services for Macintosh" (except by setting up a separate
ARA server, or a PPP server capable of ATCP).

The Windows NT "Services for Macintosh" do not support AFP over TCP/IP
(e.g. AppleShare IP).

------------------------------------------------------------------------
7. Callback to a NT RAS Server

The callback feature of the NT RAS uses a LCP extension called CBCP
(CallBack Control Protocol), which is not supported by most Macintosh PPP
software.  This lack of CBCP cannot be made up at the scripting level;
the capability has to be added to the PPP client.

AccessPPP is a freeware Macintosh PPP client which has callback support
for Windows NT RAS server. It can only use PAP authentication (clear text).
<http://www.bekkoame.or.jp/~kkudo/>

------------------------------------------------------------------------
------------------------------------------------------------------------
Author: Richard Birchall
Updated: August 14, 1998
Please send comments and corrections to aa158@valleynet.on.ca
<http://valleynet.on.ca/~aa158/mac-ras.html>
------------------------------------------------------------------------
------------------------------------------------------------------------


0
 
LVL 1

Accepted Solution

by:
birchallr earned 200 total points
ID: 1541659
This is a frequently asked question, for which I have prepared a web page.

See
  http://valleynet.on.ca/~aa158/mac-ras.html


Regards,

Richard Birchall
aa158@valleynet.on.ca


0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Although the iPhone has become an incredibly popular device in the cellular industry, the complex technology and software coordination required between Apple and the wireless carriers have seemed to leave many iPhone owners with technical issues. …
How to recover a playlist after moving the music from one location, folder or hard disk, to a new one, folder or disk. Disclaimer I have performed this procedure after moving my music from one hard disk to a second hard disk using Windows XP sp3…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
When you create an app prototype with Adobe XD, you can insert system screens -- sharing or Control Center, for example -- with just a few clicks. This video shows you how. You can take the full course on Experts Exchange at http://bit.ly/XDcourse.

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now