pptpd server on a Samba PDC
Jon Theil Nielsen
jontheil at gmail.com
Tue Mar 18 12:28:25 UTC 2008
My goal is to make our PDC (FreeBSD 7.0 - Samba 3.0.28) available through
VPN from Windows clients so clients can authenticate via Winbind, join the
domain and access there home shares.
I have tried to follow the instructions by Andrew Bartlett (
http://samba.org/ftp/unpacked/lorikeet/pppd/final-report.pdf) - without
success.
My main configuration file /usr/local/etc/httpd.conf looks like
option /etc/ppp/options.pptp
localip 192.168.1.4
remoteip 192.168.1.150-155
pidfile /var/run/pptpd.pid
# TAG: bcrelay <if>
bcrelay eth0
And the /etc/ppp/options.pptp:
lock
noauth
nobsdcomp
lcp-echo-failure 10
lcp-echo-interval 10
I have another file /etc/ppp/options:
lock
noauth
nobsdcomp
lcp-echo-failure 10
lcp-echo-interval 10
mflserver3# less /etc/ppp/options
name mflserver3
noipdefault
noauth
lock
local
lcp-echo-interval 30
lcp-echo-failure 4
lcp-max-configure 60
lcp-restart 2
idle 600
noipx
file /etc/ppp/filters
proxyarp
ms-dns 192.168.1.4
ms-wins 192.168.1.4
refuse-chap
refuse-mschap
Finally, I have both pap-secrets and chap-secrets.
With the existence of a /etc/ppp/ppp.conf looking like:
pptp:
set timeout 0
set log phase chat connect lcp ipcp command
set dial
set login
enable mssfixup
set ifaddr 192.168.1.4 192.168.150-192.168.1.155 255.255.255.0
set server /tmp/loop "" 0177
disable pap
# Authenticate against /etc/passwd
enable passwdauth
disable ipv6cp
enable proxy
accept dns
enable MSChapV2
enable mppe
disable deflate pred1
deny deflate pred1
set dns 195.184.96.2
set device !/etc/ppp/secure
I got the following in my log:
ppp[67205]: Warning: Label /etc/ppp/options.pptp rejected -direct
connection: Configuration label not found
When I removed ppp.conf, I got:
ppp[67267]: Warning: Label /etc/ppp/options.pptp rejected -direct
connection: /etc/ppp/ppp.conf : File not found
I am a bit confused. It seems that the reference to the options file makes
something go wrong. And it seems that pptpd needs the ppp configuration file
to work.
Does anyone have a working example of poptop-based vpn server for FreeBSD
that can make workstations join the domain?
Best regards,
Jon Theil Nielsen
More information about the freebsd-questions
mailing list