[Samba] Re: Authenticating PPTP users against Samba/LDAP - Patch
doesn't seem to be working
Alex Brown
alexjrb at bellsouth.net
Fri Dec 31 13:48:54 GMT 2004
Andrew Bartlett wrote:
> On Wed, 2004-10-20 at 00:44, Mike Brodbelt wrote:
>
>>Hi,
>>
>>I have a few remote user who use a PPTP based VPN. The server is running
>>PoPToP (http://www.poptop.org/), and a pppd patched to support MPPE/MPPC
>>for (some) added security. Currently, users authentication information
>>is stored in plaintext in /etc/ppp/chap-secrets. I'd like to be able to
>>put users into LDAP, and have ppp authenticate either directly against
>>LDAP, or against Samba (with an LDAP backend). Any ideas on how I might
>>go about this? Most of the docs I've seen suggest that you can't use PAM
>>for authentication with CHAP, so it seems not to be as simple as I might
>>have hoped.
>>
>>Disclaimer - I haven't actually tried any of this yet, I'm just trying
>>to get it clear in my head before I start...
>
>
> The pppd patch (one for 2.4.2, one for current CVS) is here:
> http://download.samba.org/ftp/unpacked/lorikeet/trunk/pppd
>
> The documentation is:
> http://hawkerc.net/staff/abartlet/comp3700/final-report.pdf
>
> Note that the patch changed a little since the report was written, use
> the instructions in the README for configuration.
>
> Andrew Bartlett
>
>
Hi Andrew,
Thanks for creating the "final-report" document. It is very
informative. I'm trying to set up a PoPToP server that authenticates to
our Windows NT Domain (with a Windows NT 4.0 PDC) via Samba/Winbind.
When I follow the instructions in your document, after changing to the
ppp directory to apply the ntlm_auth patch, I get the following output.
itsge2000-28:/tmp/TestVPN-Project/ppp# patch -p0 < ../ppp-ntlm_auth.patch
patching file linux/Makefile.top
Hunk #1 FAILED at 3.
1 out of 1 hunk FAILED -- saving rejects to file linux/Makefile.top.rej
patching file pppd/chap_ms.c
Hunk #1 FAILED at 97.
Hunk #2 FAILED at 468.
Hunk #3 FAILED at 582.
Hunk #4 FAILED at 605.
Hunk #5 succeeded at 657 (offset 29 lines).
Hunk #6 FAILED at 698.
Hunk #7 FAILED at 722.
Hunk #8 FAILED at 775.
Hunk #9 FAILED at 812.
Hunk #10 FAILED at 857.
Hunk #11 FAILED at 895.
10 out of 11 hunks FAILED -- saving rejects to file pppd/chap_ms.c.rej
patching file pppd/chap_ms.h
Hunk #1 FAILED at 94.
1 out of 1 hunk FAILED -- saving rejects to file pppd/chap_ms.h.rej
patching file pppd/plugins/Makefile.linux
Hunk #1 FAILED at 1.
1 out of 1 hunk FAILED -- saving rejects to file
pppd/plugins/Makefile.linux.rej
The next patch would create the file pppd/plugins/winbind.c,
which already exists! Assume -R? [n]
Apply anyway? [n]
Skipping patch.
1 out of 1 hunk ignored -- saving rejects to file pppd/plugins/winbind.c.rej
itsge2000-28:/tmp/TestVPN-Project/ppp#
Should I be getting this? Even if I do you "y" to create the winbind.c
file I get the same output. When I try to make the file (if this is
indeed the output I should be getting, I receive the following output:
itsge2000-28:/tmp/TestVPN-Project/ppp# make
cd chat; make all
make[1]: Entering directory `/tmp/TestVPN-Project/ppp/chat'
make[1]: Nothing to be done for `all'.
make[1]: Leaving directory `/tmp/TestVPN-Project/ppp/chat'
cd pppd/plugins; make all
make[1]: Entering directory `/tmp/TestVPN-Project/ppp/pppd/plugins'
for d in rp-pppoe pppoatm radius; do make -w -C $d all; done
make[2]: Entering directory `/tmp/TestVPN-Project/ppp/pppd/plugins/rp-pppoe'
make[2]: Nothing to be done for `all'.
make[2]: Leaving directory `/tmp/TestVPN-Project/ppp/pppd/plugins/rp-pppoe'
make[2]: Entering directory `/tmp/TestVPN-Project/ppp/pppd/plugins/pppoatm'
make[2]: Nothing to be done for `all'.
make[2]: Leaving directory `/tmp/TestVPN-Project/ppp/pppd/plugins/pppoatm'
make[2]: Entering directory `/tmp/TestVPN-Project/ppp/pppd/plugins/radius'
make[2]: Nothing to be done for `all'.
make[2]: Leaving directory `/tmp/TestVPN-Project/ppp/pppd/plugins/radius'
make[1]: Leaving directory `/tmp/TestVPN-Project/ppp/pppd/plugins'
cd pppd; make all
make[1]: Entering directory `/tmp/TestVPN-Project/ppp/pppd'
cc -O2 -pipe -Wall -g -DHAVE_PATHS_H -DIPX_CHANGE -DHAVE_MMAP
-I../include -DCHAPMS=1 -DMPPE=1 -DHAS_SHADOW -DHAVE_CRYPT_H=1
-DUSE_CRYPT=1 -DHAVE_MULTILINK -DUSE_TDB=1 -DPLUGIN -DMAXOCTETS -c -o
chap_ms.o chap_ms.c
chap_ms.c:654: error: redefinition of `GenerateAuthenticatorResponsePlain'
chap_ms.c:633: error: `GenerateAuthenticatorResponsePlain' previously
defined here
chap_ms.c:675: error: redefinition of `GenerateAuthenticatorResponsePlain'
chap_ms.c:654: error: `GenerateAuthenticatorResponsePlain' previously
defined here
chap_ms.c:633: warning: `GenerateAuthenticatorResponsePlain' defined but
not used
chap_ms.c:654: warning: `GenerateAuthenticatorResponsePlain' defined but
not used
make[1]: *** [chap_ms.o] Error 1
make[1]: Leaving directory `/tmp/TestVPN-Project/ppp/pppd'
make: *** [all] Error 2
itsge2000-28:/tmp/TestVPN-Project/ppp#
Please help me. I really want to get this working. You've done a great
thing.
Thanks for any help you can give,
Alex
More information about the samba
mailing list