[pptp-server] File sharing and browsing

Jose M. Sanchez opjose at ex-pressnet.com
Tue Jul 4 16:09:03 CDT 2000


|-----Original Message-----
|From: pptp-server-admin at lists.schulte.org
|[mailto:pptp-server-admin at lists.schulte.org]On Behalf Of Barsalou
|Sent: Tuesday, July 04, 2000 4:53 PM
|To: pptp-server at lists.schulte.org
|Subject: [pptp-server] File sharing and browsing
|
|
|This is really good information.  Additionally, there is a tool called the
|connection manager that allows you to enter a domain name in the initial
|login screen.  I haven't played with it thoroughly, but I think it
|will resolve those problems that you are experiencing.

No I wish it would.

I've played with forcing Domain Name changes on the systems... I've even
gone as far as directly modifying the DUN entries created for VPN.

I've noted that the original Domain name is entered into the registry and
passed to the remote Domain via the VPN.

Even if I manually change this, the client cannot browse the remote domain.

While I haven't gone as far as actually tracing the Netbios messages, I am
assuming that the original name is still being passed.

Even if Windows Networking is set to permit you to change the domain
(something you can enable, which the CMK does) the client still cannot
browse the remote.

Yet each time I have this appear, removing all networking components
resolves this.

Obviously there is a bit more in the registry that is being passed... I have
not tried comparing the registry before and after the change... it would be
an interesting exercise.

What concerns me is that NT is somehow able to deal with this directly. VPN
(even thru a Linux firewall) clients connecting to NT do not exhibit this
behaviour. Why?

Even if I leave the client's domain membership as different than the remote
domain, the browser displays BOTH domains when connected to an NT VPN
server. Not so with PoPToP/PPP.

Something is being exchanged at login/connection time with NT VPN that is
not happening with PoPToP/PPP...

Thanks.
-JMS

| I believe it is refered
|as the CMK
|(connection manager kit) on the microsoft site.
|
|	I'm not at work now but I will try and lookup where you
|might be able to
|find it tomorrow.
|
|
|From what I can tell, no one at microsoft thought anyone would want to try
|and connect to multiple domains.:)
|
|Mike
|
|
|>
|> Well I hope someone corrects me if I'm wrong on this, but here goes.
|>
|> As I understand it domain logins do work. At least they seem to
|work for me.
|>
|> I have chap-secrets set up like this (and nothing else, contrary to the
|> docs...)
|>
|> remote          *               pass          *
|>
|> and options like this
|>
|> debug
|> auth
|> remotename remote
|> require-chap
|> proxyarp
|> +chapms-v2
|> +chapms
|> mppe-40
|> mppe-128
|> mppe-stateless
|> ms-wins 192.168.0.6
|> ms-dns 192.168.0.6
|> lock
|>
|> The debug messages (I turned on verbose) indicate that the login name
|> entered into Windows DUN VPN dialup entry is being passed to the PPTP
|> client.
|>
|> Thus if the Windows DUN entry has; username: admin password: pass
|>
|> "admin" is suffixed onto the name of the DOMAIN the remote
|client belongs to
|> (when you created the DUN entry) and then passed to the PPTP
|client... supposing
|> that in this case the domain is called "Mydomain"...
|>
|> The debug logs show that pptp receives Mydomain\\admin which is used to
|> authenticate the client. This also supposedly gets passed onto the domain
|> controller when ppp is brought up.
|>
|> Thus because the name of the remote client is "forced" in the
|option file,
|> it does not matter what it's called.
|>
|> However the password (in this case "pass") is getting picked up from the
|> chap-secrets file, and NOT by what the user types in... (I've
|tried "*" in
|> the password field, which does not work from me...).
|>
|> By making the two the same as what the domain is expecting for
|the user, you get
|> a domain logon.
|>
|> I've also enabled "network logon" in the DUN entry.
|>
|> It -SEEMS- to work, as I can attach to any shares, and I seem to have the
|> correct permissions.
|>
|> I can also browse the remote network... BUT here is the caveat with this.
|>
|> The Windows CLIENT machine -MUST- have originally been set up to
|belong to
|> the SAME domain as the one you are trying to connect to... at the time
|> Networking was first installed.
|>
|> If you enter another domain, switch it to the correct one, then set up
|> DUN... you'll never see the remote shares!
|>
|> To fix this you must remove ALL networking components in Windows
|(including
|> protocol.* files in the C:\Windows directory) then re-install everything,
|> specifying the appropriate domain name.
|>
|> If you do this browsing works!
|>
|> I've gone as far as checking to see what is happening in the registry...
|> among other things windows INCLUDES the original domain name in
|the registry
|> entry created for the DUN... even if you have changed it!
|>
|> This in turn gets passed to the remote PDC. Since it sees that
|your machine is
|> not a member of your domain, you do not see the shares.
|>
|> Fixing the DUN entry in the registry (which I've done) is not enough of
|> itself to browse the remote LAN...
|>
|> You must do what I mentioned before, deleting all Networking setups, and
|> then re-install (after a reboot, this is windows folks...) using
|the correct
|> domain name.
|>
|> Finally set up your dun entries. Doing things this way, always
|gets me the
|> browse lists off the remote LAN.
|>
|> If you then change the client's domain membership, you start all over
|> again... and you have to fix it again... though you DO seem able
|to merely
|> switch the domain name to get VPN working properly...
|>
|>
|>
|>
|>
|>
|> --__--__--
|>
|> _______________________________________________
|> pptp-server maillist  -  pptp-server at lists.schulte.org
|> http://lists.schulte.org/mailman/listinfo/pptp-server
|> List services provided by www.schulteconsulting.com!
|>
|> End of pptp-server Digest_______________________________________________
|> pptp-server maillist  -  pptp-server at lists.schulte.org
|> http://lists.schulte.org/mailman/listinfo/pptp-server
|> List services provided by www.schulteconsulting.com!
|>
|
|
|_______________________________________________
|pptp-server maillist  -  pptp-server at lists.schulte.org
|http://lists.schulte.org/mailman/listinfo/pptp-server
|List services provided by www.schulteconsulting.com!




More information about the pptp-server mailing list