Domain logins via PPP?

Chris Tooley ctooley at joslyn.org
Wed Sep 22 12:35:11 GMT 1999


The only thing I can think of, which means nothing because I'm certainly 
not great at this stuff, is; do you have ip forwarding set up?  You may not 
need it with ipfw and nat under FreeBSD 3.2, I don't know for sure.

chris Tooley

-----Original Message-----
From:	Steve Shoecraft [SMTP:steve56 at home.com]
Sent:	Tuesday, September 21, 1999 6:19 PM
To:	Multiple recipients of list SAMBA-NTDOM
Subject:	Domain logins via PPP?


	Has anyone been able to do domain logins via a PPP link?

	If so, how?

	I am running FreeBSD 3.2.  I have 2 network interface cards on the 
machine,
one to the internet, one to my local network.  I am running ipfw (firewall
support), as well as nat (network address translation).  I have a ppp link
which I am able to connect to.  Once connected via ppp, I can
ping/ftp/telnet to any machine on my internal network as well as the
internet, so it looks like I have the network component setup correctly.
Here's the info:

	x.x.x.x:255.255.255.0 - internet interface
	192.168.69.1:255.255.255.0 - internal interface
	192.168.69.80 -> 192.168.69.81 - ppp interface

	When I establish a ppp login, the ppp server adds a proxy arp entry.  When
I do an arp 192.168.69.81, it reports:

		ppp1.<domain>.<net> (192.168.69.81) at 0:40:5:a3:4d:f permanent published
(proxy only)

	When I do a netstat, I see the entry for the interface:

		Destination        Gateway            Flags ...
		...
		192.168.69.81      192.168.69.80      UH
		192.168.69.81      0:40:5:a3:4d:f     UHLS2
		...

	When I do a ifconfig, I see this:
	...
	tun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1500
	        inet 192.168.69.80 --> 192.168.69.81 netmask 0xffffff00
	...

	I have a samba server on 192.168.69.2.  The samba server has only 1 
network
interface.  The internal machines do domain logins (successfully) to the
samba server, and the browse list is working fine.

	When I establish the ppp connection (the client is a Win98 box), however, 
I
do NOT get a domain login.  Also, the ppp client is able to see the 
internal
machines in it's network neighborhood, but the internal machines are NOT
able to see the ppp client.

	The client is setup like this: Dialup Networking->(connection
name)->Properties->Server types shows that the the logon to network box is
checked.  For the protocols, only TCP/IP is checked.  The TCP/IP settings
are to get the IP address and name server addresses from the server.  A 
look
at ipconfig/All or winipcfg reports that the IP address is 192.168.69.81,
netmask is 255.255.255.0, DNS server is 192.168.69.1 (which is correct --
DNS server is on my firewall), and the WINS server is 192.168.69.2.

	I have tcpdumped the ppp interface on the server.  I see that when the
client connects, the 1st thing it does it spit out 3 back-to-back multicast
packets with a destination of 224.0.0.2 (router solicitation). It then
registers with the WINS server, and that's it.  No domain login.

	Here's what a tcpdump output of the router solicitation messages looks 
like
(it is never responded to):

		(ts) 192.168.69.83 > 224.0.0.2: icmp: router solicitation

	Should this be responded to?  If so, how so?

	Also, how do I get the ppp client to appear on the internal machines'
network neighborhood?

	ANY help on this would be GREATLY appreciated!

- Steve
P.S.  Here's the [global] section of my smb.conf:
[global]
        workgroup = HOME
        netbios name = THOR
        server string = SCO UnixWare 7.1
        interfaces = 192.168.69.2/24
        security = DOMAIN
        encrypt passwords = Yes
        passwd program = /usr/bin/passwd %u
        passwd chat = New\spassword: %n\n \nRe-enter\snew\spassword: %n\n
        unix password sync = Yes
        log level = 1
        time server = Yes
        logon script = syslogon.bat
        logon drive = H:
        domain logons = Yes
        os level = 65
        lm announce = True
        preferred master = Yes
        domain master = Yes
        wins proxy = Yes
        wins support = Yes



More information about the samba-ntdom mailing list