Domain logins via PPP? (SOLVED)

Steve Shoecraft steve56 at
Thu Sep 23 10:56:05 GMT 1999

	Well, it turned out that it had nothing to do with networking.  I checked
the Microsoft knowledge base articles, and found one that solved the problem
(article Q229158).
	I ALSO have a network card in the client PC (the laptop).  The client is
configured so that when I plug the laptop into my network and reboot, it
will log into my domain (using DHCP, etc.).
	That means when I reboot, and I'm not connected to a network, I get the
message "Unable to authenticate with a domain server", and I click OK.
WELL, it turns out that's a bad thing.  When I tried to log into using VPN,
the client THOUGHT it was already logged into a domain (but not
authenticated), so it didn't try to log in again :-( ARGH!
	The knowledge base article suggests you remove microsoft networking and
file and printer sharing (anything that uses networking) from the bindings
of the TCP/IP protocol for your ethernet card.  What a pain in the butt that
would be to disable and re-enable them every time you wanted to switch from
a dialup to a LAN connection (typical microsoft response).
	My answer: pop out the ethernet card and reboot the laptop.
	After I did that, I established a PPP connection to my ISP, and logged in
using my VPN connection --  the domain login screen and came up, validated
me with my samba server, and everything was fine :-)

- Steve
P.S.  Please note that I created a 'standard' VPN connection and THAT worked
fine too -- I just went into dialup networking, clicked make new connection,
selected the VPN adapter, typed in the IP address of my server, and that's
it -- no special options in TCP/IP settings, etc...

> -----Original Message-----
> From:	Steve Shoecraft [mailto:steve56 at]
> Sent:	Tuesday, September 21, 1999 4:17 PM
> To:	'Multiple recipients of list SAMBA-NTDOM'
> Subject:	Domain logins via PPP?
> 	Has anyone been able to do domain logins via a PPP link?
> 	If so, how?
> 	I am running FreeBSD 3.2.  I have 2 network interface
> cards on the machine, one to the internet, one to my local
> network.  I am running ipfw (firewall support), as well as
> nat (network address translation).  I have a ppp link which I
> am able to connect to.  Once connected via ppp, I can
> ping/ftp/telnet to any machine on my internal network as well
> as the internet, so it looks like I have the network
> component setup correctly.  Here's the info:
> 	x.x.x.x: - internet interface
> - internal interface
> -> - ppp interface
> 	When I establish a ppp login, the ppp server adds a
> proxy arp entry.  When I do an arp, it reports:
> 		ppp1.<domain>.<net> ( at
> 0:40:5:a3:4d:f permanent published (proxy only)
> 	When I do a netstat, I see the entry for the interface:
> 		Destination        Gateway            Flags ...
> 		...
>      UH
>      0:40:5:a3:4d:f     UHLS2
> 		...
> 	When I do a ifconfig, I see this:
> 	...
> 	tun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1500
> 	        inet --> netmask 0xffffff00
> 	...
> 	I have a samba server on  The samba
> server has only 1 network interface.  The internal machines
> do domain logins (successfully) to the samba server, and the
> browse list is working fine.
> 	When I establish the ppp connection (the client is a
> Win98 box), however, I do NOT get a domain login.  Also, the
> ppp client is able to see the internal machines in it's
> network neighborhood, but the internal machines are NOT able
> to see the ppp client.
> 	The client is setup like this: Dialup
> Networking->(connection name)->Properties->Server types shows
> that the the logon to network box is checked.  For the
> protocols, only TCP/IP is checked.  The TCP/IP settings are
> to get the IP address and name server addresses from the
> server.  A look at ipconfig/All or winipcfg reports that the
> IP address is, netmask is, DNS
> server is (which is correct -- DNS server is on
> my firewall), and the WINS server is
> 	I have tcpdumped the ppp interface on the server.  I
> see that when the client connects, the 1st thing it does it
> spit out 3 back-to-back multicast packets with a destination
> of (router solicitation). It then registers with
> the WINS server, and that's it.  No domain login.
> 	Here's what a tcpdump output of the router solicitation
> messages looks like (it is never responded to):
> 		(ts) > icmp: router
> solicitation
> 	Should this be responded to?  If so, how so?
> 	Also, how do I get the ppp client to appear on the
> internal machines' network neighborhood?
> 	ANY help on this would be GREATLY appreciated!
> - Steve
> P.S.  Here's the [global] section of my smb.conf:
> [global]
>         workgroup = HOME
>         netbios name = THOR
>         server string = SCO UnixWare 7.1
>         interfaces =
>         security = DOMAIN
>         encrypt passwords = Yes
>         passwd program = /usr/bin/passwd %u
>         passwd chat = New\spassword: %n\n
> \nRe-enter\snew\spassword: %n\n
>         unix password sync = Yes
>         log level = 1
>         time server = Yes
>         logon script = syslogon.bat
>         logon drive = H:
>         domain logons = Yes
>         os level = 65
>         lm announce = True
>         preferred master = Yes
>         domain master = Yes
>         wins proxy = Yes
>         wins support = Yes

More information about the samba-ntdom mailing list