[pptp-server] Almost there! =) A few more helpful hints wil l get me on my way...

Dread Boy dreadboy at hotmail.com
Fri Feb 9 01:02:54 CST 2001


Thx, Steve.


>From: "Cowles, Steve" <Steve at SteveCowles.com>
>To: "'Dread Boy'" <dreadboy at hotmail.com>, pptp-server at lists.schulte.org
>Subject: RE: [pptp-server] Almost there!  =)  A few more helpful hints wil 
>l get me on my way...
>Date: Thu, 8 Feb 2001 23:59:34 -0600
>
> > -----Original Message-----
> > From: Dread Boy [mailto:dreadboy at hotmail.com]
> > Sent: Thursday, February 08, 2001 6:56 PM
> > To: pptp-server at lists.schulte.org
> > Subject: [pptp-server] Almost there! =) A few more helpful hints will
> > get me on my way...
> >
> > > > I've made SaMBa the main WINS server assigned by DHCPD
> > > > on the Linux box, etc. - the way it's always been, anyway.
> > >
> > > WINS server assignment through DHCP is valid, but only for
> > > clients configured to use DHCP to configure the TCP/IP stack.
> > > Keep in mind, when using a PopTop PPTP server - PPTP clients
> > > are configured through pppd options, not DHCP. Although - On
> > > the other side of the coin, Microsoft's PPTP server can be
> > > configured to use DHCP to configure remote PPTP clients.
> >
> > Right.  I only use DHCP for local connections, I don't expect
> > it to work for  PPTP.
> >
> > > >
> > > > I edited /etc/pptpd.conf with the line:
> > > >
> > > >    ms-wins 192.168.0.2
> > >
> > > BZZT! I hope the above is a type-o, but ms-wins is a pppd
> > > option, not a PPTP option. FYI: from man pppd
> >
> > OK.  I didn't realize this.  Should I then put the ms-wins
> > statement in /etc/ppp/options vs /etc/ppp/options/pptp ?
>
>Based on the "option" parameter in your /etc/pptpd.conf file... the ms-wins
>option would be placed in the /etc/ppp/options.pptp file.

OK.  Some HOWTO's state to use options vs options.pptp, just whatever the 
last one I used, I guess.

> > > >
> > > > I've changed the samba resolve order to wins, lmhosts,
> > > > blah, blah, blah... I've even added corresponding
> > > > entries to /etc/lmhosts for a few machines on my network.
> > >
> > > The default search order should be fine. Also, its rather
> > > hard to debug WINS related problems when you add entries
> > > to the lmhosts file.
> >
> > OK, I'll toast the lmhosts file then.  Should I also toast
> > the hosts file?
>
>On all of my pptp clients and even the hosts on the LAN, the lmhosts and
>hosts file are blank. Well... with the exception of the loopback interface
>in the hosts file. That entry should already be there.

Yes, I've done this now.

> >
> > > Based on your post, it sounds like you do not have
> > > WINS/Samba setup properly. Without seeing your smb.conf
> > > file, I would only be guessing at what the problem.
> >
> > OK, I'll post all of the related files at the bottom of this
> > message.  Thanks to everyone who's muddled me through this
> > stuff.  =)
> >
> > P.S.  Is there anyway to "follow up" a message directly on
> > the message board?  I seem to have to mail my message each
> > time.
>
>I have always used e-mail to reply to this list.

OK.  I was just wondering how some people manage to follow up directly to a 
given question, rather than posting a new message at the bottom of the 
thread list.

> >
> > --- /etc/smb.conf ---
> >    workgroup = WestLogic
> >    server string = Linux Samba Server
> >    hosts allow = 192.168.0. 127.
> >    security = user
> >    encrypt passwords = yes
> >    smb passwd file = /etc/smbpasswd
> >    unix password sync = Yes
> >    passwd program = /usr/bin/passwd %u
> >    passwd chat = *New*UNIX*password* %n\n
> > *ReType*new*UNIX*password* %n\n
> > *passwd:*all*authentication*tokens*updated*successfully*
> >    username map = /etc/smbusers
> >    include = /etc/smb.conf.%m
> >    socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
> >    #eth0 and eth1 - so don't want NetBIOS hanging its arse
> > off my ext eth
> >    interfaces = 192.168.0.0/24
>
>I have always set this to the IP address/netmask or interface name that I
>want active, not the network address.

So really, I should have "interfaces = eth0" instead?

> >    bind interfaces only = yes
?
>Are you sure you want to use this parameter??? From the man pages regarding

Pretty sure.  I set SMB up at one of my clients without doing this and they 
were attacked via the NetBIOS port (139) of the external interface.  I 
always make sure to close 139 for NT and Linux Samba servers - always.  
Otherwise, the risk is there for outsiders to poke around the share list of 
not just the Linux gateway, but other machines on the private LAN.

The one thing is that when a pptp client connects, they are given a remote 
and local IP within the 192.168 subnet, so really SMB should be running just 
fine in theory.  What do you think?

I'd really hate to have to tell my clients that we'll have to open that 
NetBIOS port again for them to use pptp, especially when I know it can be 
done under NT without dangling the dreaded port 139 wide open to the 
Internet.

>the use of bind interfaces only:
>
>   For file service it causes smbd to bind only to the
>   interface list given in the ´interfaces´ parameter.
>   This restricts the networks that smbd will serve to
>   packets  coming in those interfaces.  Note that you
>   should not use this parameter for machines that are  <---
>   serving  PPP or other intermittent or non-broadcast  <---
>   network interfaces as it will not  cope  with  non-  <---
>   permanent interfaces.
>
> >    remote announce = 192.168.0.255
> >    local master = yes
> >    domain master = yes
> >    preferred master = yes
>
>Since I do not understand your network architecture i.e. domain/workgroup,
>I'm assuming you want this system to win the master browser election
>process. To insure that is does... I would try adding
>
>      os level = 100

OK.  This may help.  Thx.

>
> >    name resolve order = wins lmhosts bcast
> >    wins support = yes
> >    wins proxy = yes
>
>Is there a reason you are using WINS proxy?

Sorry, I disabled that line just after I sent this message.  (My own 
stupidity.)  I was swapping WINS control back and forth between my NT server 
and my Linux box to test incoming pptp connections.  The NT box was 
misbehaving without it being able to be THE primary wins server.

>
> >    preserve case = yes
> >    case sensitive = yes
> >
>
>I don't know if you have had a chance to read some of the samba docs, but a
>good starting place is BROWSE.txt. On my system, its located in the
>/usr/doc/samba<revision>/docs/textdocs directory. If you have the samba
>source tree, its included in the docs directoy.
>
>
>Steve Cowles

OK.  Thx, man.
_________________________________________________________________________
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.




More information about the pptp-server mailing list