[Samba] samba + pptp

Robert Schetterer robert at schetterer.org
Tue May 10 21:26:03 GMT 2005 

Hi Hans,
user auth via smbpasswd for pptpd/ppp is outdated ( after all backend
smbpasswd is still working for samba 3 but not recommended )
as far i remember this was possible with a patch to ppp 2.4.1 ( this
should be still found via google )
but it was not ported to pppd 2.4.2 or 2.4.3
so for this versions either use the ldap/radius auth ( for sure can use
 plain chap ever in all versions, with having plain passwords in
chap.secrets ) or now try winbind auth
with pppd 2.4.3 which works nice for me.
Its real nice to create a group like vpnuser ( in ldap/samba )
trough the desired users in it and have the pptpd auth working
against the samba pdcs domain.
Dont smash your head about the so called stripped domain patch
which simply make the domain part of the login ignore, this is only
working with chap auth and not for winbind auth ( as it would make no
sense here at all, also there seems to be bug here about the domain part
of the login, so dont activate that on the win client vpn pptp entries )
At auth to a group with winbind to a smb pdc i have the bug that the
domain name is not recognized, but using the group SID works. ( but this
may be a distro thing with suse 9.2 / havent tried this setup with suse
9.3 yet.
I have not heard any bugs from users which did pppd winbind auth to a
real win server, running pptpd/pppd samba member servers.
Regards


Hans du Plooy schrieb:
> Hi guys,
> 
> I have samba domain controller running at a client.  It's a fairly
> simple and straightforward setup, uses smbpasswd for auth, nothing
> fancy.
> 
> The client wants to be able to vpn in and access their files.  I setup
> pptp, and use the built in WindowsXP client.
> 
> After establishing the vpn connection, I can access the domain
> controller.  I get asked for my username and pass - type in DOMAIN\user
> + pass, and can see a list of the shares in explorer.  But I can't
> access anything.  I just get a message saying something like I don't
> have permission to access this resource (sorry, paraphrasing).
> 
> Has anybody done this sort of thing before?  Any tips?
> 
> Thanks
> 


-- 
Mit freundlichen Gruessen
Best Regards
Robert Schetterer

robert_at_schetterer.org
Munich / Bavaria / Germany
https://www.schetterer.org

\**********************************
\* gnupgp
\* public key:
\* https://www.schetterer.org/public.key
\**********************************

More information about the samba mailing list