[pptp-server] Appending DNS suffix on pptp connection
Cowles, Steve
Steve.Cowles at infohiiway.com
Sun Oct 15 23:03:35 CDT 2000
> -----Original Message-----
> From: Tife Chan [mailto:tife.chan at adsociety.com]
> Sent: Sunday, October 15, 2000 8:31 PM
> To: pptp-server at lists.schulte.org
> Subject: [pptp-server] Appending DNS suffix on pptp connection
>
> Hi all,
>
> Is it possible to append dns suffix (domain) once upon pptp
> connection established? I tried to put an option "domain
> mydomain.com" in the /etc/ppp/options but it doesn't work.
>
> Thanks,
> Tife
Exactly what are you trying to accomplish by including the domain name? If
your trying to modify the "domain suffix search order" of the client (after
it establishes a PPTP connection), then that is not what the "domain" option
was intended for.
From: man pppd
domain d
Append the domain name d to the local host name for
authentication purposes. For example, if gethost
name() returns the name porsche, but the fully
qualified domain name is porsche.Quotron.COM, you
could specify domain Quotron.COM. Pppd would then
use the name porsche.Quotron.COM for looking up
secrets in the secrets file, and as the default
name to send to the peer when authenticating itself
to the peer. This option is privileged.
If I am understanding the above correctly, the "domain" option is used for
authenticating against the entries found in the chap-secrets file.
Example:
Original entry in chap-secrets for user scowles (wildcard for local hostname
of server)
scowles * password *
Modified entry in chap-secrets for user scowles with "domain mydomain.com"
option entered in /etc/ppp/options (no wildcard for local hostname of
server)
scowles pptp.mydomain.com password *
10 minute pause....
OK, I actually tried the above. If I changed the pptp.mydomain.com to
pptp.yourdomain.com in my chap-secrets or... changed the "domain" option
from mydomain.com to yourdomain.com in /etc/ppp/options, I got an error 691
on my W2K system when I tried to establish a PPTP tunnel stating that the
user/password did not match for the domain name listed. When I corrected the
entries, I was able to connect without a problem.
So I guess the "domain" option works as specified in the man pages.
Authentication.
Steve Cowles
More information about the pptp-server
mailing list