on Jun 16, 2016Article Content
| Article Number | 000018142 |
| Applies To | SPAP Authentication Shiva LanRover Shiva security pack is installed on the dial-up machine |
| Issue | Not being prompted for New Pin or Next Tokencode by Shiva NAS at a client computer with the Shiva Security Pack installed |
| Cause | The NAS is not configured to use SPAP as the default authentication protocol. |
| Resolution | The NAS must be configured to use SPAP as the default authentication protocol. The default order of precedence is SPAP, CHAP, PAP. When the NAS starts negotiation with SPAP, and the client can acknowledge SPAP (i.e. it has the Shiva Security Pack installed), then SPAP will be used and New Pin and Next Tokencode modes will work correctly through the Shiva Security Pack interface. If the protocol used is PAP, then New Pin and Next Tokencode modes will not work since the PAP protocol has no provision for requesting additional information from the user. To verify the default Authentication Protocol on the Shiva NAS: 1. Start Shiva NetManager 2. Select the NAS that is being connected to from the Macintosh client 3. Select Additional Configuration from the drop-down list 4. Look for a heading and entry with the format [PPP] DefaultAuthProto= for the LanRover(tm) 4.02 and the LanRover Access Switch 4.3.2, or [PhoneGroup*] PPPDefaultAuthProto= for the LanRover Access Switch 4.5 and above. The value that is set will be a hexadecimal value which corresponds to the following protocols: Old SPAP (used with early NetModem) = 0xC123 SPAP version 3 = 0xC027 CHAP = 0xC223 PAP = 0xC023 If the value is not set, it will default to SPAP version 3. |
| Legacy Article ID | 6.0.1445042.2755551 |