i just compiled ppp 2.4.3 on suse 9.2 which worked nice.
for yet, i didnt get ready to test ppp winbind auth, as i want a new smb server for this.
But i have another question to this stuff did you include the pppd-2.4.2-chapms-strip-domain.patch in 2.4.3 ? or do you know anyone has ported it? ( its very usefull to me )
Finally, a backport of ppp-ntlm_auth.patch
to version 2.4.2 would be great so i could produce
a new suse 2.4.2 rpm including this brand new winbind stuff. ( rpmbuild fails at create for many suse patches on 2.4.3 )
I dont think suse will upgrade to ppp 2.4.3 until a new distro version is comming up
Happy New Year and Best Regards Robert
Andrew Bartlett schrieb:
On Fri, 2004-12-31 at 08:48 -0500, Alex Brown wrote:
Andrew Bartlett wrote:
On Wed, 2004-10-20 at 00:44, Mike Brodbelt wrote:
Hi,
I have a few remote user who use a PPTP based VPN. The server is running PoPToP (http://www.poptop.org/), and a pppd patched to support MPPE/MPPC for (some) added security. Currently, users authentication information is stored in plaintext in /etc/ppp/chap-secrets. I'd like to be able to put users into LDAP, and have ppp authenticate either directly against LDAP, or against Samba (with an LDAP backend). Any ideas on how I might go about this? Most of the docs I've seen suggest that you can't use PAM for authentication with CHAP, so it seems not to be as simple as I might have hoped.
Disclaimer - I haven't actually tried any of this yet, I'm just trying
to get it clear in my head before I start...
The pppd patch (one for 2.4.2, one for current CVS) is here: http://download.samba.org/ftp/unpacked/lorikeet/trunk/pppd
The documentation is: http://hawkerc.net/staff/abartlet/comp3700/final-report.pdf
Note that the patch changed a little since the report was written, use the instructions in the README for configuration.
Andrew Bartlett
Hi Andrew,
Thanks for creating the "final-report" document. It is very informative. I'm trying to set up a PoPToP server that authenticates to our Windows NT Domain (with a Windows NT 4.0 PDC) via Samba/Winbind. When I follow the instructions in your document, after changing to the ppp directory to apply the ntlm_auth patch, I get the following output.
Current ppp has everything you need already - I finally got it merged upstream. All you need now is the configuration (which has changed since the report was written):
Configuration (pppd config file):
plugin winbind.so ntlm_auth-helper "/usr/local/bin/ntlm_auth --helper-protocol=ntlm- server-1"
The --required-membership-of option is also available, to implement a 'dialin users' or 'vpn users' group.
Andrew Bartlett
-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
