Fixed ducumentation and installation notes

INSTALL

@@ -5,24 +5,20 @@
 
  There is a great difference between corporate needs and ISP needs. One of them and the main goal of ISP is a necessity of accounting (ISP's always count what they are paid for). In corporate networks accounting is used rarely (except when organization is an ISP for their employees). The main goal of the corporate needs when deploying new services (such as remote access for home-working employees, affiliates, clients and so on) is to REDUCE overhead in managing additional accounts in separate databases/files, etc. LDAP server and pppd_ldap plugin helps keeping everything at the right and the same place. If you are an ISP who needs accounting - USE radius! I want to predict appearance of the questions kind of "Why do we need pppd_ldap if I can use RADIUS?". If you can - use it. pppd_ldap plugin was written to be usefull in corporate environment and it's needs in mind.
 
- Installation process is very simple. You'll need OpenLDAP 2.x development library and pppd >= 2.4.2. Plugin was tested only on Linux i386 machine and is not guaranteed to work on any other platforms. We need some work towards this direction. I am sure it can work fine on Sparc/Solaris but there are no any suitable testing environment in the woods. You can get the latest pppd(8) version from ftp://ftp.samba.org/pub/ppp/. Version higher or equal to 2.4.2 is important because necessary plugin "hooks" performed starting from this version. Anyway I've some thoughts about < 2.4.2 porting. It is still in wide use.
+ Installation process is very simple. You'll need OpenLDAP 2.x development library and pppd >= 2.4.2. You can get the latest pppd(8) version from ftp://ftp.samba.org/pub/ppp/. Version higher or equal to 2.4.2 is important because necessary plugin "hooks" performed starting from this version. Anyway I've some thoughts about < 2.4.2 porting. It is still in wide use.
 
  Compile and install pppd as usual. After that copy tarball to pppd/plugins and extract archive:
 
  $ tar -zxvf pppd_ldap.tgz
 
- After that:
+ After that edit the Makefile if you want to disable MS-CHAP or MPPE support. To do so just comment
+ CHAPMS=y and MPPE=y respectively.
+
+ Then:
 
  $ cd pppd_ldap
  $ make
-
- pppd(8) usually stores it's plugins in /lib/ppp/<VERSION> directory. To get your pppd version run "pppd --version".
-
- $ cp pppd_ldap.so /usr/lib/ppp/{YOUR_PPPD_VERSION}
-
- To compile in debugging messages uncomment "DEBUG=y" line in Makefile.
-
- To enable SSL/TLS code uncomment "TLS=y" line in Makefile.
+ $ make install
 
  You'll need to add RADIUS-LDAPv3.schema to your slapd.conf file. After that create test PPP acount. Please refere to radius.ldif file and don't forget to set user's password with ldappasswd(1) tool (or any other suitable). After that you can run pppd(8) with options. Please note, that plugin options become available only after "plugin pppd_ldap.so".
 

README

@@ -8,6 +8,17 @@ http://sourceforge.net/projects/pppd-ldap
 pppd-chldap is a fork of pppd-ldap which supports CHAP/MSCHAP/MSCHAP-v2
 authentication via LDAP server. MSCHAP and MSCHAP-v2 includes MPPE support.
 
+=== CHAP/MSCHAP/MSCHAP-V2 authentification issues ===
+
+CHAP/MSCHAP/MSCHAP-V2 authentification will work only if the following
+conditions are met:
+1) CHAP will work only if userPassword attribute value is in plain-text format
+2) MSCHAP will work if either userPassword is plain-text or if authentication
+   password is held in SambaNTPassword attribute as NT-Hash.
+   (if MSLANMAN support is enabled password should be held in SambaLMPassword attribute as well)
+3) MSCHAP-V2 will work if either userPassword is plain-text or if password is held in
+   SambaNTPassword attribute.
+
 === Description and configuration ===
 
 This docs can be outdated. For the latest versions please refere to project page:
@@ -124,3 +135,7 @@ http://sourceforge.net/projects/pppd-ldap
  Enables TLS/SSL connection with LDAP server. Make sure you have specified
  correct ldaphost! If ldaphost name doesn't match server's certificate canonical
  name, connection terminates immediately.
+
+  ldapdbg
+
+ Enables additional debug information and verbose output to syslog.

chap_verifiers.c

@@ -312,7 +312,6 @@ try_auth_chapms(LDAP *ldap, LDAPMessage *entry,
 #ifdef MSLANMAN
 	/* Determine which part of response to verify against */
 	if (!response[MS_CHAP_USENT]) {
-		PDLD_DBG("LANMAN REQ\n");
 		diff = memcmp(&response[MS_CHAP_LANMANRESP],
 					  &md[MS_CHAP_LANMANRESP], MS_CHAP_LANMANRESP_LEN);
 	}