[pptp-server] Authentication ppp Help!!

Toktar, Emir EMIR.TOKTAR at bra.xerox.com
Wed Nov 10 17:18:51 CST 1999 

Hello everybody,


I´m using PoPToP and it is working fine and I´m doing performance tests via
LAN to LAN with VPN over LAN. 

I have installed the following softwares:
pptp-1.0.0
ppp-2.3.8
SSLeay-0.6.6b
Red Hat 6.0 kernel 2.2.5-15


1)***************THIS WORK***********************************

LAN configuration tested :

| 
|   LAN 200.170.98.* 
|   Domain (DNS): puc.anydomain.edu
|   Server NIS : 200.170.98.147
|   [NIS server on this LAN]
|
|	Linux VPN
|     Host Name: "vpnlinux"
|     Samba server ok
|     |--------------------------|
|-----|IP (eth1): 200.170.98.50  |
|-----|IP (eth0): 172.16.0.2     |
| TTTT|--------------------------|
| T	
| T	
| T
| T
| T "VPN Tunnel"
| T
| T
| T
| T	NT Server
| T	Host Name: "ntsrv"
| T	Network Domain (NT): DAEMON
| T   DNS Domain:  crypto.net
| TTTT|--------------------------|
|-----|IP: 172.16.0.1            |
|     |--------------------------|
|      
      


/etc/pptpd.conf 
   speed 115200
   localip 192.168.0.234-238
   remoteip 192.168.1.234-238

/etc/ppp/options
   debug
   name vpnlinux.crypto.net
   auth
   require-chap
   proxyarp ....

/etc/ppp/chap-secrets 
   billy   vpnlinux.crypto.net    bob    *



1)This configuration, the NT Server "ntsrv" (172.16.0.1) can´t ping or make
telnet (of course!) to any adress 200.170.98.*, but browsing NT (by Network
Neighborhood) list servers, domains and workgroups. [Linux,Solaris, NT and
others]. 

e.g. Connectivity means that you have a physical network path between your
local computer and a remote computer. BROWSING is the ability to search a
local or remote network for resources.



When I make a conection Dialup from VPN Server, the computer "ntsrv"
receives a remoteip and I can see in Windows Explorer NT (via Samba):
______________________________________________________
+My Computer
+Network Neighborhood
   DAEMON
     |- ntsrv\\shared (172.16.0.1)
     |- linuxvpn\\shared (172.16.0.2) 
     |- linuxvpn\\shared (192.168.1.234) VPN conection
   OTHERS
   WORKGROUPS
   ....
___________________________________________________

I can ping, open Telnet sessions in LAN 172.*** or 192.****, access files
etc.
I tested the performance by sending files in connections CHAP, MS-CHAP,
encryption and more.... 




2)*************PROBLEM********************************************

I changed LAN configuration to interconnect two LANs with VPN Linux
dual-homed and now I have some problems:

I split up the LAN phisically, as showed below and I did the setup from
Linux VPN "vpn" host to NIS Server (secundary domain options in linuxconfig)

| 
|   LAN 200.170.98.* 
|   Domain (DNS): puc.anydomain.edu
|   Server NIS : 200.170.98.147
|   Host Name NIS: nis.puc.anydomani.edu
|   [NIS server on this LAN]
|
|
|   Linux VPN
|   Host Name: vpnlinux
|   eth1: obelix.puc.anydomain.edu
|   eth0: vpnlinux.crypto.net
|   primary server: 172.16.0.1 ## NT Server
|   secundary server: 200.170.98.147 ## Linux NIS 
|   Samba server ok
|----|--------------------------LAN 200.***
     |IP (eth1): 200.170.98.50 |
     |                         | 
     |                         | 
|----|IP (eth0): 172.16.0.2    |  
| TTT|                         |LAN 172.***
| T  |-------------------------|   
| T	
| T
| T
| T "VPN Tunnel"
| T
| T
| T
| TTT	NT Server
|-----IP: 172.16.0.1
|     Host Name: ntsrv
|     Network Domain (NT): DAEMON
      DNS Domain:  crypto.net


/etc/pptpd.conf 
   speed 115200
   localip 200.170.98.40       #free address
   remoteip 200.170.98.41-44   #range free address

/etc/ppp/options
   debug
   name  nis.puc.anydomani.edu   #NIS Server from 200.***
   auth
   require-chap
   proxyarp ....

/etc/ppp/chap-secrets
   billy   nis.puc.anydomani.edu    bob    *


When I make a connection DUN to VPN Server (172.16.0.2), I receive a
remoteip IP 200.170.98.41 and I can ping others computers in this network
address, on the computer "ntsrv", I CAN´T SEE ANY LIST in Windows Explorer
NT (via Samba - same situation):
______________________________________________________
+My Computer
+Network Neighborhood
   DAEMON
     |- ntsrv\\shared (172.16.0.1)
     |- linuxvpn\\shared (172.16.0.2) 
     |
     |-> "NO MORE BROWSE ANY DEVICE FROM NETWORK" ?????
______________________________________________________


A) What's wrong in this configuration that I can't see the browsing but
what's says the box above?
>e.g. I think about samba config.


B) How Can I authenticate the user by using NIS Server to avoid having the
name and password  of the user recorded in /etc/ppp/chap-secrets? 

# I wouldn´t like of to use 
# names in clear-text mode ==> chap-secrets 
#
#/etc/ppp/chap-secrets
#   billy   nis.puc.anydomani.edu    bob    *


Is there any script to send me like example? I´m reading some PPP HowTo but
I´m not certainly the solution...
If the NIS Server makes users authentication, it can manager the passwords
changes, or maybe, using the /etc/passwd file with users registered and not
etc/ppp/chap-secrets file.



Regards

Emir Toktar

+55 (**41) 340-7157
emir.toktar at bra.xerox.com 
toktar at per.com.br
toktar at ppgia.pucpr.br

Emir Toktar

+55 (**41) 340-7157
emir.toktar at bra.xerox.com 
toktar at per.com.br
toktar at ppgia.pucpr.br

More information about the pptp-server mailing list