[pptp-server] LINUX

David Kempe david at solutionsfirst.net
Wed Mar 8 03:23:29 CST 2000 

The way we have solved this problem is to develop an intranet web page and
you can add people to the bottom of the chap secrets file using some special
scripting and apache..
You can develop of whole user interface.
The other option is to work with webmi or something like that..Im going to
start working on a plugin for webmin that allows pptp user management.
(www.webmin.com)

dave

-----Original Message-----
From: pptp-server-admin at lists.schulte.org
[mailto:pptp-server-admin at lists.schulte.org]On Behalf Of Nathan Meyers
Sent: Wednesday, 8 March 2000 11:17 AM
To: Scott M. Stone; Ryan Matijcio
Cc: Alan Ross; pptp-server at lists.schulte.org
Subject: Re: [pptp-server] LINUX


On Tue, Mar 07, 2000 at 03:46:23PM -0800, Scott M. Stone wrote:
> On Tue, 7 Mar 2000, Ryan Matijcio wrote:
>
> >
> > Hi Alan,
> >
> > One problem I can see with a Linux pptp server in a large NT enviroment
is
> > account management.  I can see it being a real nightmare maintaining the
> > chap-secrets file (the one that maintains the username and password for
the
> > vpn accounts.)  As far as I've read there is nothing to handle this.  In
NT
> > you can easily just turn PPTP on or off for an account in user manager.
>
> that's a good point, though -- I wonder how hard it would be to patch pppd
> to use the system's getpasswd() functions instead of reading chap-secrets?
> ie, compare the inputted password from the client with the system password
> table instead of having it separate..?

Not hard at all, but it won't work the way you hope.

It's the nature of the CHAP protocol to use the same secret on both
ends of the connection, without ever sending the secret in any form
(encrypted or otherwise). So both ends must know the same string. If
all it knows on the server end is the encrypted text it retrieves from
getpasswd() call, that's the "password" you must use from the client
side - not the user's real password.

Nathan

>
> Probably not THAT difficult, I'd think, but who knows.  Maybe I'll try it
> sometime..
>
> --------------------------
> Scott M. Stone, CCNA <sstone at taos.com>
> UNIX Systems and Network Engineer
> Taos - The SysAdmin Company
>
>
> _______________________________________________
> pptp-server maillist  -  pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> List services provided by www.schulte.org!

_______________________________________________
pptp-server maillist  -  pptp-server at lists.schulte.org
http://lists.schulte.org/mailman/listinfo/pptp-server
List services provided by www.schulte.org!

More information about the pptp-server mailing list