[Samba] Re: Authenticating PPTP users against Samba/LDAP -
Patch doesn't seem to be working
Andrew Bartlett
abartlet at samba.org
Sat Jan 1 21:04:02 GMT 2005
On Fri, 2004-12-31 at 08:48 -0500, Alex Brown wrote:
> Andrew Bartlett wrote:
> > On Wed, 2004-10-20 at 00:44, Mike Brodbelt wrote:
> >
> >>Hi,
> >>
> >>I have a few remote user who use a PPTP based VPN. The server is running
> >>PoPToP (http://www.poptop.org/), and a pppd patched to support MPPE/MPPC
> >>for (some) added security. Currently, users authentication information
> >>is stored in plaintext in /etc/ppp/chap-secrets. I'd like to be able to
> >>put users into LDAP, and have ppp authenticate either directly against
> >>LDAP, or against Samba (with an LDAP backend). Any ideas on how I might
> >>go about this? Most of the docs I've seen suggest that you can't use PAM
> >>for authentication with CHAP, so it seems not to be as simple as I might
> >>have hoped.
> >>
> >>Disclaimer - I haven't actually tried any of this yet, I'm just trying
> >>to get it clear in my head before I start...
> >
> >
> > The pppd patch (one for 2.4.2, one for current CVS) is here:
> > http://download.samba.org/ftp/unpacked/lorikeet/trunk/pppd
> >
> > The documentation is:
> > http://hawkerc.net/staff/abartlet/comp3700/final-report.pdf
> >
> > Note that the patch changed a little since the report was written, use
> > the instructions in the README for configuration.
> >
> > Andrew Bartlett
> >
> >
>
> Hi Andrew,
>
> Thanks for creating the "final-report" document. It is very
> informative. I'm trying to set up a PoPToP server that authenticates to
> our Windows NT Domain (with a Windows NT 4.0 PDC) via Samba/Winbind.
> When I follow the instructions in your document, after changing to the
> ppp directory to apply the ntlm_auth patch, I get the following output.
Current ppp has everything you need already - I finally got it merged
upstream. All you need now is the configuration (which has changed
since the report was written):
Configuration (pppd config file):
plugin winbind.so
ntlm_auth-helper "/usr/local/bin/ntlm_auth --helper-protocol=ntlm-
server-1"
The --required-membership-of option is also available, to implement a
'dialin users' or 'vpn users' group.
Andrew Bartlett
--
Andrew Bartlett <abartlet at samba.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20050102/6b7c02ed/attachment.bin
More information about the samba
mailing list