[pptp-server] Appending DNS suffix on pptp connection

Cowles, Steve Steve.Cowles at infohiiway.com
Sun Oct 15 23:03:35 CDT 2000


> -----Original Message-----
> From: Tife Chan [mailto:tife.chan at adsociety.com]
> Sent: Sunday, October 15, 2000 8:31 PM
> To: pptp-server at lists.schulte.org
> Subject: [pptp-server] Appending DNS suffix on pptp connection
> 
> Hi all,
> 
> Is it possible to append dns suffix (domain) once upon pptp 
> connection established? I tried to put an option "domain
> mydomain.com" in the /etc/ppp/options but it doesn't work.
> 
> Thanks,
> Tife

Exactly what are you trying to accomplish by including the domain name? If
your trying to modify the "domain suffix search order" of the client (after
it establishes a PPTP connection), then that is not what the "domain" option
was intended for.

From: man pppd 

 domain d
    Append the domain name d to the local host name for
    authentication purposes.  For example, if  gethost­
    name()  returns  the  name  porsche,  but the fully
    qualified domain name is  porsche.Quotron.COM,  you
    could  specify domain Quotron.COM.  Pppd would then
    use the name  porsche.Quotron.COM  for  looking  up
    secrets  in  the  secrets  file, and as the default
    name to send to the peer when authenticating itself
    to the peer.  This option is privileged.

If I am understanding the above correctly, the "domain" option is used for
authenticating against the entries found in the chap-secrets file.

Example:
Original entry in chap-secrets for user scowles (wildcard for local hostname
of server)

scowles * password *

Modified entry in chap-secrets for user scowles with "domain mydomain.com"
option entered in /etc/ppp/options (no wildcard for local hostname of
server)

scowles pptp.mydomain.com password *


10 minute pause....

OK, I actually tried the above. If I changed the pptp.mydomain.com to
pptp.yourdomain.com in my chap-secrets or... changed the "domain" option
from mydomain.com to yourdomain.com in /etc/ppp/options, I got an error 691
on my W2K system when I tried to establish a PPTP tunnel stating that the
user/password did not match for the domain name listed. When I corrected the
entries, I was able to connect without a problem. 

So I guess the "domain" option works as specified in the man pages.
Authentication.

Steve Cowles



More information about the pptp-server mailing list