[pptp-server] Thorough PPTPD Setup

Andrew W. Davis awdavis at waretec.com
Wed Jul 25 22:55:25 CDT 2001


On Thu, Jul 26, 2001 at 12:55:31AM -0600, No Spam! wrote:
> 
> Latest pppd compatible with the 2.2 kernel
> 	ppp-2.3.11
> Am I correct in my understanding that ppp-2.4.x only work with 2.4
> kernels?

yes

> Enable & require encryption
> 	http://themm.net/require-mppe.diff (patch to pppd2.3.11)
> 
> Strip domain off username when using MS-CHAP authentication
> 	http://themm.net/strip-MSdomain-patch.diff (patch to pppd2.3.11?)
> How do I use MS-CHAP authentication/why would I want to? My current
> configuration seems to allow my Windows laptop to log on just fine,
> although it's not encrypted ...
 
pptp session login attempts from windows machines try to tack on the domain
name to the user name so nt/2000 pptp servers can validate against domain
security.  you need this unless you want to have "user//domain" as the actual
users on you linux box in either the chap.secrets or smbpasswd files.

> Use smbpasswd for MS-CHAP authentication
> 	http://www.ednet.ns.ca/~macleajb/pppsmb.pat
> 	http://www.mssl.ucl.ac.uk/~atp/comp/libsmb/libsmbpw-1.1.tar.gz 
> 
> Why is this required? (from http://www.vibres.com/pptpd/example.html)

this isn't required unless you want to do username and password validation via
your smbpasswd file.  this is better than chap.secrets because it's encrypted
on the machine ulike the chap.secrets which is in clear text.  it's also
easier if you're going to be using samba on the machine and just plain better
IMHO...

> ftp://ftp.binarix.com/pub/ppp-mppe/ppp-2.3.11-openssl-0.9.5-mppe.patch
> .gz
> (Incidentally, it's not at the URL anymore ...)

encryption patch for mppe-48 mppe-128 and mppe-stateless encryption.  again,
microsoft stuff...

> Ditto-why is this required?
> (http://www.vibres.com/pptpd/example.html)
> 	http://www.vibres.com/pptpd/ppp_mppe_compressed_data_fix.diff

a fix for the above patch.

> Ditto this ... and will it work on the 2.2.19 kernel?
> 	if_ppp_2.2.17.diff

it's required, and no it won't work on the 2.2.19 kernel.  pretty sure on
this one but someone may want to back me up or shoot me down here...

> 5) Are there any other 'glitches' I can expect?

yes, many...but that's why we're this list exists right?

Andrew Davis

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Weather Metrics, Inc.
www.weathermetrics.com
LAN/WAN Administrative Engineer
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-



More information about the pptp-server mailing list