[pptp-server] Auth mechanism...

[Kenny Austin]

Post the patch, that way in a few months when I decided I want it, I can
spend
a few hours on google searching the mailing list archives, and maybe find it
again.
I hope this stuff gets added to the d/l section of the new website.
..about authenticating, you could use a proxy server that requires you to
logon to
it or have your dhcp server not give out a default router/a fake one and
have your
users logon to a samba/NT domain that has a route statement in their startup
scripts
that adds the correct router to the machine?  only problems i can think of
with that
is that the PDC would have to be on the same subnet but it probably already
is, and
that if a user logged off the machine without restarting it, someone else
could come
along and bypass the logon screen and still have access to the internet
unless you
set windows to require users to logon.... just some ideas..
Kenny Austin
kennya at carlislefsp.com

----Original Message-----
From: pptp-server-admin at lists.schulte.org
[mailto:pptp-server-admin at lists.schulte.org]On Behalf Of Faisal P
Sent: Thursday, September 28, 2000 10:03 AM
To: Pptp
Subject: [pptp-server] Auth mechanism...


Hi ppl,

I have a somewhat unique problem here....
We have a network that consists of a bunch of clients that need to access
the
Internet. They are on ethernet. We need them to authenticate before they can
reach the Internet. The problem is we actually needed to implement
authenticated
dhcp, but there no implementations that I know that exist at this point.
So finally we decided to go in for a VPN between the client and the server
running pptp. This allows to authenticate using regular CHAP and windoze ppl
can use it pretty easily. It also allows us to control who goes thru us etc.
Now we also needed ldap support with pptp, so I patched pppd to support a
generalized authentication mechanism (like the @file in the chap-secrets
file,
if you put |program, pppd will now ask program to actually fetch the
password.
So even chap works, provided the LDAP server can provide clear-text
passwords.)
No, it isn't as insecure as it looks. I have taken care of that. But the
problem is that, before I had left for a holiday, I had this mechanism
working
perfectly. We then had to reinstall the server. Now I can't even get the
pptp
to work if I just patch pppd to use mppe. With noauth in the
/etc/ppp/options
file, everything is fine (yeah right) but without it, I get the 'GRE: could
not
read from PTY' error. I could not find a solution for it on the mailing list
that was really helpful. Now I suspect that pppd is dying when it's asked to
authenticate, but I can't figure how. It used to work perfectly earlier.
(reminds me of my Windoze days)

Anyways, if anyone has any ideas, please let me know. I'll post the full
error
logs later tomorrow..

BTW, if anyone wants the pppd patch that adds support for generalized
password
retrieval, plese let me know. I'll post it.

Another more important question is: Am I doing this right ? I mean, all I
really need is authentication on an ethernet network. I'm sure this pptp
thing
is overkill in some aspects. If anyone has any better ideas on how I could
achieve this, it would be greatly appreciated.

thanx again.
Faisal.


_______________________________________________
pptp-server maillist  -  pptp-server at lists.schulte.org
http://lists.schulte.org/mailman/listinfo/pptp-server
List services provided by www.schulteconsulting.com!