[pptp-server] Authentication ppp Help!!
Toktar, Emir
EMIR.TOKTAR at bra.xerox.com
Wed Nov 10 17:18:51 CST 1999
Hello everybody,
I´m using PoPToP and it is working fine and I´m doing performance tests via
LAN to LAN with VPN over LAN.
I have installed the following softwares:
pptp-1.0.0
ppp-2.3.8
SSLeay-0.6.6b
Red Hat 6.0 kernel 2.2.5-15
1)***************THIS WORK***********************************
LAN configuration tested :
|
| LAN 200.170.98.*
| Domain (DNS): puc.anydomain.edu
| Server NIS : 200.170.98.147
| [NIS server on this LAN]
|
| Linux VPN
| Host Name: "vpnlinux"
| Samba server ok
| |--------------------------|
|-----|IP (eth1): 200.170.98.50 |
|-----|IP (eth0): 172.16.0.2 |
| TTTT|--------------------------|
| T
| T
| T
| T
| T "VPN Tunnel"
| T
| T
| T
| T NT Server
| T Host Name: "ntsrv"
| T Network Domain (NT): DAEMON
| T DNS Domain: crypto.net
| TTTT|--------------------------|
|-----|IP: 172.16.0.1 |
| |--------------------------|
|
/etc/pptpd.conf
speed 115200
localip 192.168.0.234-238
remoteip 192.168.1.234-238
/etc/ppp/options
debug
name vpnlinux.crypto.net
auth
require-chap
proxyarp ....
/etc/ppp/chap-secrets
billy vpnlinux.crypto.net bob *
1)This configuration, the NT Server "ntsrv" (172.16.0.1) can´t ping or make
telnet (of course!) to any adress 200.170.98.*, but browsing NT (by Network
Neighborhood) list servers, domains and workgroups. [Linux,Solaris, NT and
others].
e.g. Connectivity means that you have a physical network path between your
local computer and a remote computer. BROWSING is the ability to search a
local or remote network for resources.
When I make a conection Dialup from VPN Server, the computer "ntsrv"
receives a remoteip and I can see in Windows Explorer NT (via Samba):
______________________________________________________
+My Computer
+Network Neighborhood
DAEMON
|- ntsrv\\shared (172.16.0.1)
|- linuxvpn\\shared (172.16.0.2)
|- linuxvpn\\shared (192.168.1.234) VPN conection
OTHERS
WORKGROUPS
....
___________________________________________________
I can ping, open Telnet sessions in LAN 172.*** or 192.****, access files
etc.
I tested the performance by sending files in connections CHAP, MS-CHAP,
encryption and more....
2)*************PROBLEM********************************************
I changed LAN configuration to interconnect two LANs with VPN Linux
dual-homed and now I have some problems:
I split up the LAN phisically, as showed below and I did the setup from
Linux VPN "vpn" host to NIS Server (secundary domain options in linuxconfig)
|
| LAN 200.170.98.*
| Domain (DNS): puc.anydomain.edu
| Server NIS : 200.170.98.147
| Host Name NIS: nis.puc.anydomani.edu
| [NIS server on this LAN]
|
|
| Linux VPN
| Host Name: vpnlinux
| eth1: obelix.puc.anydomain.edu
| eth0: vpnlinux.crypto.net
| primary server: 172.16.0.1 ## NT Server
| secundary server: 200.170.98.147 ## Linux NIS
| Samba server ok
|----|--------------------------LAN 200.***
|IP (eth1): 200.170.98.50 |
| |
| |
|----|IP (eth0): 172.16.0.2 |
| TTT| |LAN 172.***
| T |-------------------------|
| T
| T
| T
| T "VPN Tunnel"
| T
| T
| T
| TTT NT Server
|-----IP: 172.16.0.1
| Host Name: ntsrv
| Network Domain (NT): DAEMON
DNS Domain: crypto.net
/etc/pptpd.conf
speed 115200
localip 200.170.98.40 #free address
remoteip 200.170.98.41-44 #range free address
/etc/ppp/options
debug
name nis.puc.anydomani.edu #NIS Server from 200.***
auth
require-chap
proxyarp ....
/etc/ppp/chap-secrets
billy nis.puc.anydomani.edu bob *
When I make a connection DUN to VPN Server (172.16.0.2), I receive a
remoteip IP 200.170.98.41 and I can ping others computers in this network
address, on the computer "ntsrv", I CAN´T SEE ANY LIST in Windows Explorer
NT (via Samba - same situation):
______________________________________________________
+My Computer
+Network Neighborhood
DAEMON
|- ntsrv\\shared (172.16.0.1)
|- linuxvpn\\shared (172.16.0.2)
|
|-> "NO MORE BROWSE ANY DEVICE FROM NETWORK" ?????
______________________________________________________
A) What's wrong in this configuration that I can't see the browsing but
what's says the box above?
>e.g. I think about samba config.
B) How Can I authenticate the user by using NIS Server to avoid having the
name and password of the user recorded in /etc/ppp/chap-secrets?
# I wouldn´t like of to use
# names in clear-text mode ==> chap-secrets
#
#/etc/ppp/chap-secrets
# billy nis.puc.anydomani.edu bob *
Is there any script to send me like example? I´m reading some PPP HowTo but
I´m not certainly the solution...
If the NIS Server makes users authentication, it can manager the passwords
changes, or maybe, using the /etc/passwd file with users registered and not
etc/ppp/chap-secrets file.
Regards
Emir Toktar
+55 (**41) 340-7157
emir.toktar at bra.xerox.com
toktar at per.com.br
toktar at ppgia.pucpr.br
Emir Toktar
+55 (**41) 340-7157
emir.toktar at bra.xerox.com
toktar at per.com.br
toktar at ppgia.pucpr.br
More information about the pptp-server
mailing list