Computer Security
 » 
Encryption and Cryptography
 » 
Poptop
 » 
poptop-server

FreeBSD VPN server and Samba PDC

View: New views
1 Messages — Rating Filter:   Alert me  

FreeBSD VPN server and Samba PDC

by Jon Theil Nielsen :: Rate this Message:

Reply to Author | View Threaded | Show Only this Message

Some parts of this message have been removed. Learn more about Nabble's security policy.
My goal is to make VPN access to our Samba PDC (FreeBSD 7.0) so that users can access there home shares from Windows clients.
I have read the instructions at http://samba.org/ftp/unpacked/lorikeet/pppd/final-report.pdf, but I can't make it work. Don't know if is due to my lack of skills or has something to do with the Popop functionality in FreeBSD.
Following the instructions, i made a file

/usr/local/etc/pptpd.conf:
option /etc/ppp/options.pptpd
localip 192.168.1.4
remoteip 192.168.1.150-155

and another file

/etc/ppp/options.pptpd:
lock
debug
noauth
name pptpd
nobsdcomp
refuse-pap
refuse-chap
refuse-MSCHAP
require-MSCHAP-v2
require-mppe
ms-wins 192.168.1.4
ms-dns 195.184.96.2 213.173.225.86
defaultroute
plugin winbind.so
ntlm_auth-helper /usr/local/bin/ntlm_auth --helper-protocol=ntlm-server-1

This configuration does not work - the log says:
Warning: Label /etc/ppp/options.pptpd rejected -direct connection: Configuration label not found

From reading several howto's on Poptop on FreeBSD I  ended up with a partially working solution. I removed the reference to the option file in /usr/local/etc/pptpd.conf and modified /etc/ppp/ppp.conf like this:
pptp:
    set timeout 0
    set log phase chat connect lcp ipcp command
    set dial
    set login
    enable mssfixup
    set ifaddr 192.168.1.4 192.168.150-192.168.1.155 255.255.255.0
    set server /tmp/loop "" 0177
    disable pap
    # Authenticate against /etc/passwd
    enable passwdauth
    disable ipv6cp
    enable proxy
    accept dns
    enable MSChapV2
    enable mppe
    disable deflate pred1

And I added the file /etc/ppp/secure:

#!/bin/sh
exec /usr/sbin/ppp -direct loop-in

And  finaly the file /etc/ppp/ppp.secrets containing usernames and passwords.

After restarting the server, I can now connect from a Windows client. But will lose me access to the Internet (missing DNS), and I cannot join the Samba domain.
I hope someone and lead me in the rigth direction...

Regards,
Jon
--
Jon Theil Nielsen
-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
Poptop-server mailing list
Poptop-server@...
https://lists.sourceforge.net/lists/listinfo/poptop-server
Free embeddable forum powered by Nabble Forum Help