[pptp-server] NT domain logon via PoPToP

Cowles, Steve Steve.Cowles at gte.net
Tue Aug 22 15:20:12 CDT 2000


In order to authenticate to a NT PDC across a VPN, you will need to enable a
WINS server on your LAN. I' not aware of any way around this requirement
(unless you want to create a LMHOSTS file on the remote) since MS Networking
uses broadcast packets to build the browser list. Broadcast packets are not
routed across your VPN tunnel. So when your client system sends out its
broadcast packet to "ask" where the PDC is to authenticate, it will never
get a response. FWIW: This is exactly why MS developed WINS servers.

Based on your post, you have a few of choices
1) Enable a WINS server on your NT PDC.
2) Enable the WINS server component of Samba.
3) Create an LMHOSTS file on the remote and enter the proper PDC record
(1Ch)

If you do decide to implement a WINS server, then in your /etc/ppp/options
file, specify the ms-wins option and set it to the IP address of the WINS
server you installed from above.

Steve Cowles


-----Original Message-----
From: Thomas Klettke [mailto:thomask at aesbus.com]
Sent: Tuesday, August 22, 2000 10:12 AM
To: pptp-server at lists.schulte.org
Subject: [pptp-server] NT domain logon via PoPToP


I've setup a VPN with PoPToP (Win98 client via DSL to Linux Mandrake 7.1
server, chap). Connecting works fine, get an IP address, use win-dns in
/etc/ppp/options to submit DNS. No problems with pinging machines from the
client to the remote subnet. 

My problem is the authentication by the NT domain server on the remote
network. (PDC only, no BDC present). After seatblishing the tunnel I am
prompted to enter username, password and domain for the NT server, yet I get
the answer back that the domain controller can't be contacted. On the PDC's
logfile however I see an entry in the logfile accknowledging successful
logon from the win98 client with the correct username. 

I have no problem mapping drives on NT servers, I have the correct
permission when accessing those shares, just as I would locally. However,
browsing the Network Neighborhood doesn't show anything but the local win98
client. (And yes, the settings for workgroup and domain as well as for dns
are correct - checked that already.) 
Could it been resolved by activating Samba on the VPN server, using it's
WINS proxy? But then - I don't even have WINS installed anywhere on the NT
domain.
Or could one of the "browse list" options in Samba help with it ? 

Thanks for any help.
Thomas



More information about the pptp-server mailing list