[Samba] VPN server and logon to Samba PDC
Jon Theil Nielsen
jontheil at gmail.com
Mon Mar 17 16:21:55 GMT 2008
My goal is to make VPN access to our Samba PDC (FreeBSD 7.0) so that users
can access there home shares from Windows clients.
I have read the instructions at
http://samba.org/ftp/unpacked/lorikeet/pppd/final-report.pdf, but I can't
make it work. Don't know if is due to my lack of skills or has something to
do with the Popop functionality in FreeBSD.
Following the instructions, i made a file
/usr/local/etc/pptpd.conf:
option /etc/ppp/options.pptpd
localip 192.168.1.4
remoteip 192.168.1.150-155
and another file
/etc/ppp/options.pptpd:
lock
debug
noauth
name pptpd
nobsdcomp
refuse-pap
refuse-chap
refuse-MSCHAP
require-MSCHAP-v2
require-mppe
ms-wins 192.168.1.4
ms-dns 195.184.96.2 213.173.225.86
defaultroute
plugin winbind.so
ntlm_auth-helper /usr/local/bin/ntlm_auth --helper-protocol=ntlm-server-1
This configuration does not work - the log says:
Warning: Label /etc/ppp/options.pptpd rejected -direct connection:
Configuration label not found
>From reading several howto's on Poptop on FreeBSD I ended up with a
partially working solution. I removed the reference to the option file in
/usr/local/etc/pptpd.conf and modified /etc/ppp/ppp.conf like this:
pptp:
set timeout 0
set log phase chat connect lcp ipcp command
set dial
set login
enable mssfixup
set ifaddr 192.168.1.4 192.168.150-192.168.1.155 255.255.255.0
set server /tmp/loop "" 0177
disable pap
# Authenticate against /etc/passwd
enable passwdauth
disable ipv6cp
enable proxy
accept dns
enable MSChapV2
enable mppe
disable deflate pred1
And I added the file /etc/ppp/secure:
#!/bin/sh
exec /usr/sbin/ppp -direct loop-in
And finaly the file /etc/ppp/ppp.secrets containing usernames and
passwords.
After restarting the server, I can now connect from a Windows client. But
will lose me access to the Internet (missing DNS), and I cannot join the
Samba domain.
I hope someone and lead me in the rigth direction...
Regards,
Jon
--
Jon Theil Nielsen
More information about the samba
mailing list