Domain logins via PPP? (SOLVED)
steve56 at home.com
Thu Sep 23 10:56:05 GMT 1999
Well, it turned out that it had nothing to do with networking. I checked
the Microsoft knowledge base articles, and found one that solved the problem
I ALSO have a network card in the client PC (the laptop). The client is
configured so that when I plug the laptop into my network and reboot, it
will log into my domain (using DHCP, etc.).
That means when I reboot, and I'm not connected to a network, I get the
message "Unable to authenticate with a domain server", and I click OK.
WELL, it turns out that's a bad thing. When I tried to log into using VPN,
the client THOUGHT it was already logged into a domain (but not
authenticated), so it didn't try to log in again :-( ARGH!
The knowledge base article suggests you remove microsoft networking and
file and printer sharing (anything that uses networking) from the bindings
of the TCP/IP protocol for your ethernet card. What a pain in the butt that
would be to disable and re-enable them every time you wanted to switch from
a dialup to a LAN connection (typical microsoft response).
My answer: pop out the ethernet card and reboot the laptop.
After I did that, I established a PPP connection to my ISP, and logged in
using my VPN connection -- the domain login screen and came up, validated
me with my samba server, and everything was fine :-)
P.S. Please note that I created a 'standard' VPN connection and THAT worked
fine too -- I just went into dialup networking, clicked make new connection,
selected the VPN adapter, typed in the IP address of my server, and that's
it -- no special options in TCP/IP settings, etc...
> -----Original Message-----
> From: Steve Shoecraft [mailto:steve56 at home.com]
> Sent: Tuesday, September 21, 1999 4:17 PM
> To: 'Multiple recipients of list SAMBA-NTDOM'
> Subject: Domain logins via PPP?
> Has anyone been able to do domain logins via a PPP link?
> If so, how?
> I am running FreeBSD 3.2. I have 2 network interface
> cards on the machine, one to the internet, one to my local
> network. I am running ipfw (firewall support), as well as
> nat (network address translation). I have a ppp link which I
> am able to connect to. Once connected via ppp, I can
> ping/ftp/telnet to any machine on my internal network as well
> as the internet, so it looks like I have the network
> component setup correctly. Here's the info:
> x.x.x.x:255.255.255.0 - internet interface
> 192.168.69.1:255.255.255.0 - internal interface
> 192.168.69.80 -> 192.168.69.81 - ppp interface
> When I establish a ppp login, the ppp server adds a
> proxy arp entry. When I do an arp 192.168.69.81, it reports:
> ppp1.<domain>.<net> (192.168.69.81) at
> 0:40:5:a3:4d:f permanent published (proxy only)
> When I do a netstat, I see the entry for the interface:
> Destination Gateway Flags ...
> 192.168.69.81 192.168.69.80 UH
> 192.168.69.81 0:40:5:a3:4d:f UHLS2
> When I do a ifconfig, I see this:
> tun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1500
> inet 192.168.69.80 --> 192.168.69.81 netmask 0xffffff00
> I have a samba server on 192.168.69.2. The samba
> server has only 1 network interface. The internal machines
> do domain logins (successfully) to the samba server, and the
> browse list is working fine.
> When I establish the ppp connection (the client is a
> Win98 box), however, I do NOT get a domain login. Also, the
> ppp client is able to see the internal machines in it's
> network neighborhood, but the internal machines are NOT able
> to see the ppp client.
> The client is setup like this: Dialup
> Networking->(connection name)->Properties->Server types shows
> that the the logon to network box is checked. For the
> protocols, only TCP/IP is checked. The TCP/IP settings are
> to get the IP address and name server addresses from the
> server. A look at ipconfig/All or winipcfg reports that the
> IP address is 192.168.69.81, netmask is 255.255.255.0, DNS
> server is 192.168.69.1 (which is correct -- DNS server is on
> my firewall), and the WINS server is 192.168.69.2.
> I have tcpdumped the ppp interface on the server. I
> see that when the client connects, the 1st thing it does it
> spit out 3 back-to-back multicast packets with a destination
> of 18.104.22.168 (router solicitation). It then registers with
> the WINS server, and that's it. No domain login.
> Here's what a tcpdump output of the router solicitation
> messages looks like (it is never responded to):
> (ts) 192.168.69.83 > 22.214.171.124: icmp: router
> Should this be responded to? If so, how so?
> Also, how do I get the ppp client to appear on the
> internal machines' network neighborhood?
> ANY help on this would be GREATLY appreciated!
> - Steve
> P.S. Here's the [global] section of my smb.conf:
> workgroup = HOME
> netbios name = THOR
> server string = SCO UnixWare 7.1
> interfaces = 192.168.69.2/24
> security = DOMAIN
> encrypt passwords = Yes
> passwd program = /usr/bin/passwd %u
> passwd chat = New\spassword: %n\n
> \nRe-enter\snew\spassword: %n\n
> unix password sync = Yes
> log level = 1
> time server = Yes
> logon script = syslogon.bat
> logon drive = H:
> domain logons = Yes
> os level = 65
> lm announce = True
> preferred master = Yes
> domain master = Yes
> wins proxy = Yes
> wins support = Yes
More information about the samba-ntdom