[prev in list] [next in list] [prev in thread] [next in thread] 

List:       poptop-server
Subject:    [Poptop-server] Re: poptop + winbind problem
From:       Jeff Hardy <hardyjm () potsdam ! edu>
Date:       2005-03-18 19:02:30
Message-ID: 1111172551.5045.36.camel () fritzdesk ! potsdam ! edu
[Download RAW message or body]

Also, this is on stock kernel 2.6.11.3


On Fri, 2005-03-18 at 13:59 -0500, Jeff Hardy wrote:
> Having trouble setting up winbind auth with pptp and ppp.  I have
> installed the following on a fedora core 3 box:
> 
> pptpd-1.2.1-1
> kernel_ppp_mppe-0.0.5-2dkms
> ppp-2.4.3-4.fc3
> 
> I have options.pptp setup as follows:
> 
> name pptpd
> refuse-pap
> refuse-chap
> refuse-mschap
> require-mschap-v2
> require-mppe-128
> ms-dns 123.123.123.1
> ms-dns 123.123.123.2
> ms-wins 123.123.123.3
> proxyarp
> debug
> lock
> nobsdcomp
> 
> 
> As you can see, I have the box setup to do mschap-v2.  When I have
> secrets setup in the chap-secrets file, I can connect from Windows XP
> and OSX clients with no problems.  The following log snippet is a
> successful connect from a Windows XP machine (IPs sanitized):
> 
> Mar 18 13:33:44 vpn pptpd[6038]: CTRL: Client 192.168.1.1 control
> connection started
> Mar 18 13:33:44 vpn pptpd[6038]: CTRL: Starting call (launching pppd,
> opening GR E)
> Mar 18 13:33:44 vpn pppd[6039]: Plugin /usr/lib/pptpd/pptpd-logwtmp.so
> loaded.
> Mar 18 13:33:44 vpn pppd[6039]: pptpd-logwtmp: $Version$
> Mar 18 13:33:44 vpn pppd[6039]: pppd 2.4.3 started by root, uid 0
> Mar 18 13:33:44 vpn pppd[6039]: Using interface ppp0
> Mar 18 13:33:44 vpn pppd[6039]: Connect: ppp0 <--> /dev/pts/2
> Mar 18 13:33:44 vpn pptpd[6038]: GRE: Bad checksum from pppd.
> Mar 18 13:33:47 vpn pptpd[6038]: CTRL: Ignored a SET LINK INFO packet
> with real ACCMs!
> Mar 18 13:33:47 vpn kernel: PPP MPPE Compression module registered
> Mar 18 13:33:47 vpn pppd[6039]: MPPE 128-bit stateless compression
> enabled
> Mar 18 13:33:48 vpn pppd[6039]: found interface eth0.6 for proxy arp
> Mar 18 13:33:48 vpn pppd[6039]: local  IP address 192.168.2.1
> Mar 18 13:33:48 vpn pppd[6039]: remote IP address 192.168.2.10
> Mar 18 13:33:48 vpn pppd[6039]: pptpd-logwtmp.so ip-up ppp0 hardyjm
> 192.168.1.1
> 
> 
> I connect and go on my merry way.  Then I try to setup winbind auth with
> these options in the options.pptp file:
> 
> noauth
> plugin winbind.so
> ntlm_auth-helper "/usr/bin/ntlm_auth --helper-protocol=ntlm-server-1"
> 
> 
> I cannot connect and the Windows client reports: "Error 732: Your
> computer and the remote computer could not agree on PPP control
> protocols."  I have tried with defaultroute set on and off.  The log
> shows:
> 
> 
> Mar 18 13:45:27 vpn pptpd[6196]: CTRL: Client 192.168.1.1 control
> connection started
> Mar 18 13:45:27 vpn pptpd[6196]: CTRL: Starting call (launching pppd,
> opening GRE)
> Mar 18 13:45:27 vpn pppd[6197]: Plugin winbind.so loaded.
> Mar 18 13:45:27 vpn pppd[6197]: WINBIND plugin initialized.
> Mar 18 13:45:27 vpn pppd[6197]: Plugin /usr/lib/pptpd/pptpd-logwtmp.so
> loaded.
> Mar 18 13:45:27 vpn pppd[6197]: pptpd-logwtmp: $Version$
> Mar 18 13:45:27 vpn pppd[6197]: pppd 2.4.3 started by root, uid 0
> Mar 18 13:45:27 vpn pppd[6197]: Using interface ppp0
> Mar 18 13:45:27 vpn pppd[6197]: Connect: ppp0 <--> /dev/pts/2
> Mar 18 13:45:27 vpn pptpd[6196]: GRE: Bad checksum from pppd.
> Mar 18 13:45:30 vpn pppd[6197]: Modem hangup
> Mar 18 13:45:30 vpn pppd[6197]: Connection terminated.
> Mar 18 13:45:30 vpn pppd[6197]: Exit.
> Mar 18 13:45:30 vpn pptpd[6196]: CTRL: Client 192.168.1.1 control
> connection finished
> 
> 
> I followed the excellent docs on the poptop website regarding fedora
> core 3 (James Cameron), and another on replacing a Windows PPTP server
> (Matt Alexander), in addition to the great pdf located here:
> http://hawkerc.net/staff/abartlet/comp3700/final-report.pdf
> 
> It seems I have hit all the bases, as ntlm_auth works, etc.  Something
> is amiss.  It looks like it connects but simply cannot authenticate.
> Any help would be appreciated.
> 
> 



-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
_______________________________________________
Poptop-server mailing list
Poptop-server@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/poptop-server
[prev in list] [next in list] [prev in thread] [next in thread]