Re: [Samba] VPN server and logon to Samba PDC

[Jon Theil Nielsen]

2008/3/17, David C. Rankin <[EMAIL PROTECTED]>:
>
> Jon Theil Nielsen wrote:
> > 2008/3/17, David C. Rankin <[EMAIL PROTECTED]
>
> > >:
>
> >
> > Jon Theil Nielsen wrote:
> >  > My goal is to make VPN access to our Samba PDC (FreeBSD 7.0) so
> > that users
> >  > can access there home shares from Windows clients.
> >  > I have read the instructions at
> >  > http://samba.org/ftp/unpacked/lorikeet/pppd/final-report.pdf, but
> > I can't
> >  > make it work.
> >
> > 
> >  > Regards,
> >  > Jon
> >
> > Jon,
> >
> > I do it this way:
> >
> > pptp VPN server
> >
> >
> > /etc/pptpd.conf
> > option /etc/ppp/options.pptp
> >
> > debug (comment out after testing)
>
> > localip 192.168.7.12 
>
> > remoteip 192.168.7.2-5
> > pidfile /var/run/pptpd.pid
> >
> > /etc/ppp/options.pptp
> > lock
> > noauth
> > nobsdcomp
> > lcp-echo-failure 10
> > lcp-echo-interval 10
> >
> > /etc/ppp/options
>
> > name bonza.rbpllc.com 
>
> > noipdefault
> > noauth
> > lock
> > local
> > lcp-echo-interval 30
> > lcp-echo-failure 4
> > lcp-max-configure 60
> > lcp-restart 2
> > idle 600
> > noipx
> > file /etc/ppp/filters
> > proxyarp
>
> > ms-dns 192.168.7.15 
> > ms-wins 192.168.7.15 
>
> > refuse-chap
> > refuse-mschap
> >
> > /etc/ppp/pap-secrets
>
> > *   bonza.rbpllc.com ""
> > > > *
>
> >
> > /etc/ppp/chap-secrets
> >* *
> >
> > Of course, use your own information and get rid of the "< >"
> > in the pap
> > and chap-secret files. Good luck. This works like a charm. Just
> don't
> > forget to open [port 1723] in your firewall and router for accessing
> the
> > server locally as well as remotely. Also, you may need:
> >
> > # TAG: bcrelay 
> > bcrelay eth0
> >
> > in /etc/pptpd.conf if you are running an older version of pptpd to
> > improve remote browsing.
> >
> > Thanks, David
> > Just a few questions before I try this solution.
> > Are you on FreeBSD too? As far as I understand, the main configuration
> > file here is /usr/local/etc/pptpd.conf. Or should it live in /etc/?
> > What does the line "file /etc/ppp/filters" refer to?
> > Can you use this configuration to join a Samba domain?
> >
> > Regards,
> > Jon
>
>
> Jon,
>
> It doesn't matter where the conf file goes. That is determined at
> compile time with the ./configure options. If your setup wants it in
> /usr/local, then that's where it goes. I'm running Linux, but as far as
> pptpd is concerned it shouldn't care. You may just have to adjust the
> path information to work with your setup. I would just make the
> configuration changes and start pptpd. You will get all the messages you
> need in /var/log/messages or /var/log/syslog depending on your setup.
>
Hi again,

Sure, it does read it from /usr/local/etc. I can see that from the
consequeces of changing it there. But as I stated in a previous message it
doesn't work. I'm sure it has something to do with the setup of ppp on
FreeBSD.
With respectively without the existence of /etc/ppp/ppp.conf the log says:

ppp[67205]: Warning: Label /etc/ppp/options.pptp rejected -direct
connection: Configuration label not found

and

ppp[67267]: Warning: Label /etc/ppp/options.pptp rejected -direct
connection: /etc/ppp/ppp.conf : File not found

I'm a bit lost here. I might have to ask some FreeBSD experts. Naturally, I
have been googling on the issue, but haven't yet seen any usefull hints.
Thanks for the help anyway!

Regards,
Jon
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] VPN server and logon to Samba PDC

[David C. Rankin]

Jon Theil Nielsen wrote:
2008/3/17, David C. Rankin <[EMAIL PROTECTED] 
>:


Jon Theil Nielsen wrote:
 > My goal is to make VPN access to our Samba PDC (FreeBSD 7.0) so
that users
 > can access there home shares from Windows clients.
 > I have read the instructions at
 > http://samba.org/ftp/unpacked/lorikeet/pppd/final-report.pdf, but
I can't
 > make it work.


 > Regards,
 > Jon

Jon,

I do it this way:

pptp VPN server


/etc/pptpd.conf
option /etc/ppp/options.pptp

debug (comment out after testing)
localip 192.168.7.12 
remoteip 192.168.7.2-5
pidfile /var/run/pptpd.pid

/etc/ppp/options.pptp
lock
noauth
nobsdcomp
lcp-echo-failure 10
lcp-echo-interval 10

/etc/ppp/options
name bonza.rbpllc.com 
noipdefault
noauth
lock
local
lcp-echo-interval 30
lcp-echo-failure 4
lcp-max-configure 60
lcp-restart 2
idle 600
noipx
file /etc/ppp/filters
proxyarp
ms-dns 192.168.7.15 
ms-wins 192.168.7.15 
refuse-chap
refuse-mschap

/etc/ppp/pap-secrets
*   bonza.rbpllc.com ""
   http://yourserver.yourdomain.com>> *

/etc/ppp/chap-secrets
   * *

Of course, use your own information and get rid of the "< >"
in the pap
and chap-secret files. Good luck. This works like a charm. Just don't
forget to open [port 1723] in your firewall and router for accessing the
server locally as well as remotely. Also, you may need:

# TAG: bcrelay 
bcrelay eth0

in /etc/pptpd.conf if you are running an older version of pptpd to
improve remote browsing.

Thanks, David
Just a few questions before I try this solution.
Are you on FreeBSD too? As far as I understand, the main configuration 
file here is /usr/local/etc/pptpd.conf. Or should it live in /etc/?

What does the line "file /etc/ppp/filters" refer to?
Can you use this configuration to join a Samba domain?

Regards,
Jon


Jon,

	It doesn't matter where the conf file goes. That is determined at 
compile time with the ./configure options. If your setup wants it in 
/usr/local, then that's where it goes. I'm running Linux, but as far as 
pptpd is concerned it shouldn't care. You may just have to adjust the 
path information to work with your setup. I would just make the 
configuration changes and start pptpd. You will get all the messages you 
need in /var/log/messages or /var/log/syslog depending on your setup.


--
David C. Rankin, J.D., P.E.
Rankin Law Firm, PLLC
510 Ochiltree Street
Nacogdoches, Texas 75961
Telephone: (936) 715-9333
Facsimile: (936) 715-9339
www.rankinlawfirm.com
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] VPN server and logon to Samba PDC

[Jon Theil Nielsen]

2008/3/17, David C. Rankin <[EMAIL PROTECTED]>:
>
> Jon Theil Nielsen wrote:
> > My goal is to make VPN access to our Samba PDC (FreeBSD 7.0) so that
> users
> > can access there home shares from Windows clients.
> > I have read the instructions at
> > http://samba.org/ftp/unpacked/lorikeet/pppd/final-report.pdf, but I
> can't
> > make it work.
>
> 
> > Regards,
> > Jon
>
> Jon,
>
> I do it this way:
>
> pptp VPN server
>
>
> /etc/pptpd.conf
> option /etc/ppp/options.pptp
>
> debug (comment out after testing)
> localip 192.168.7.12
> remoteip 192.168.7.2-5
> pidfile /var/run/pptpd.pid
>
> /etc/ppp/options.pptp
> lock
> noauth
> nobsdcomp
> lcp-echo-failure 10
> lcp-echo-interval 10
>
> /etc/ppp/options
> name bonza.rbpllc.com
> noipdefault
> noauth
> lock
> local
> lcp-echo-interval 30
> lcp-echo-failure 4
> lcp-max-configure 60
> lcp-restart 2
> idle 600
> noipx
> file /etc/ppp/filters
> proxyarp
> ms-dns 192.168.7.15
> ms-wins 192.168.7.15
> refuse-chap
> refuse-mschap
>
> /etc/ppp/pap-secrets
> *   bonza.rbpllc.com""
> *
>
> /etc/ppp/chap-secrets
>* *
>
> Of course, use your own information and get rid of the "< >" in
> the pap
> and chap-secret files. Good luck. This works like a charm. Just don't
> forget to open [port 1723] in your firewall and router for accessing the
> server locally as well as remotely. Also, you may need:
>
> # TAG: bcrelay 
> bcrelay eth0
>
> in /etc/pptpd.conf if you are running an older version of pptpd to
> improve remote browsing.


Hi again,

Tried  the proposed configurataion. The first time my log said:

ppp[67205]: Warning: Label /etc/ppp/options.pptp rejected -direct
connection: Configuration label not found

Then I thought that I maybe didn't needed the old /etc/ppp.conf, so I moved
that away. Now the result was:

ppp[67267]: Warning: Label /etc/ppp/options.pptp rejected -direct
connection: /etc/ppp/ppp.conf : File not found
ppp[67205]: Warning: Label /etc/ppp/options.pptp rejected -direct
connection: Configuration label not found

To me it is a bit confusing which files pptpd on FreeBSD uses. Do you have a
/etc/ppp/ppp.conf and if so, what does it contain?

Regards,
Jon
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] VPN server and logon to Samba PDC

[Jon Theil Nielsen]

2008/3/17, David C. Rankin <[EMAIL PROTECTED]>:
>
> Jon Theil Nielsen wrote:
> > My goal is to make VPN access to our Samba PDC (FreeBSD 7.0) so that
> users
> > can access there home shares from Windows clients.
> > I have read the instructions at
> > http://samba.org/ftp/unpacked/lorikeet/pppd/final-report.pdf, but I
> can't
> > make it work.
>
> 
> > Regards,
> > Jon
>
> Jon,
>
> I do it this way:
>
> pptp VPN server
>
>
> /etc/pptpd.conf
> option /etc/ppp/options.pptp
>
> debug (comment out after testing)
> localip 192.168.7.12
> remoteip 192.168.7.2-5
> pidfile /var/run/pptpd.pid
>
> /etc/ppp/options.pptp
> lock
> noauth
> nobsdcomp
> lcp-echo-failure 10
> lcp-echo-interval 10
>
> /etc/ppp/options
> name bonza.rbpllc.com
> noipdefault
> noauth
> lock
> local
> lcp-echo-interval 30
> lcp-echo-failure 4
> lcp-max-configure 60
> lcp-restart 2
> idle 600
> noipx
> file /etc/ppp/filters
> proxyarp
> ms-dns 192.168.7.15
> ms-wins 192.168.7.15
> refuse-chap
> refuse-mschap
>
> /etc/ppp/pap-secrets
> *   bonza.rbpllc.com""
> *
>
> /etc/ppp/chap-secrets
>* *
>
> Of course, use your own information and get rid of the "< >" in
> the pap
> and chap-secret files. Good luck. This works like a charm. Just don't
> forget to open [port 1723] in your firewall and router for accessing the
> server locally as well as remotely. Also, you may need:
>
> # TAG: bcrelay 
> bcrelay eth0
>
> in /etc/pptpd.conf if you are running an older version of pptpd to
> improve remote browsing.
>
> Thanks, David
Just a few questions before I try this solution.
Are you on FreeBSD too? As far as I understand, the main configuration file
here is /usr/local/etc/pptpd.conf. Or should it live in /etc/?
What does the line "file /etc/ppp/filters" refer to?
Can you use this configuration to join a Samba domain?

Regards,
Jon
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] VPN server and logon to Samba PDC

[David C. Rankin]

Jon Theil Nielsen wrote:

My goal is to make VPN access to our Samba PDC (FreeBSD 7.0) so that users
can access there home shares from Windows clients.
I have read the instructions at
http://samba.org/ftp/unpacked/lorikeet/pppd/final-report.pdf, but I can't
make it work. 



Regards,
Jon


Jon,

I do it this way:

pptp VPN server

/etc/pptpd.conf
option /etc/ppp/options.pptp
debug (comment out after testing)
localip 192.168.7.12
remoteip 192.168.7.2-5
pidfile /var/run/pptpd.pid

/etc/ppp/options.pptp
lock
noauth
nobsdcomp
lcp-echo-failure 10
lcp-echo-interval 10

/etc/ppp/options
name bonza.rbpllc.com
noipdefault
noauth
lock
local
lcp-echo-interval 30
lcp-echo-failure 4
lcp-max-configure 60
lcp-restart 2
idle 600
noipx
file /etc/ppp/filters
proxyarp
ms-dns 192.168.7.15
ms-wins 192.168.7.15
refuse-chap
refuse-mschap

/etc/ppp/pap-secrets
*   bonza.rbpllc.com""
*

/etc/ppp/chap-secrets
   * *

	Of course, use your own information and get rid of the "< >" in the pap 
and chap-secret files. Good luck. This works like a charm. Just don't 
forget to open [port 1723] in your firewall and router for accessing the 
server locally as well as remotely. Also, you may need:


# TAG: bcrelay 
bcrelay eth0

in /etc/pptpd.conf if you are running an older version of pptpd to 
improve remote browsing.



--
David C. Rankin, J.D., P.E.
Rankin Law Firm, PLLC
510 Ochiltree Street
Nacogdoches, Texas 75961
Telephone: (936) 715-9333
Facsimile: (936) 715-9339
www.rankinlawfirm.com
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] VPN server and logon to Samba PDC

[Jon Theil Nielsen]

My goal is to make VPN access to our Samba PDC (FreeBSD 7.0) so that users
can access there home shares from Windows clients.
I have read the instructions at
http://samba.org/ftp/unpacked/lorikeet/pppd/final-report.pdf, but I can't
make it work. Don't know if is due to my lack of skills or has something to
do with the Popop functionality in FreeBSD.
Following the instructions, i made a file

/usr/local/etc/pptpd.conf:
option /etc/ppp/options.pptpd
localip 192.168.1.4
remoteip 192.168.1.150-155

and another file

/etc/ppp/options.pptpd:
lock
debug
noauth
name pptpd
nobsdcomp
refuse-pap
refuse-chap
refuse-MSCHAP
require-MSCHAP-v2
require-mppe
ms-wins 192.168.1.4
ms-dns 195.184.96.2 213.173.225.86
defaultroute
plugin winbind.so
ntlm_auth-helper /usr/local/bin/ntlm_auth --helper-protocol=ntlm-server-1

This configuration does not work - the log says:
Warning: Label /etc/ppp/options.pptpd rejected -direct connection:
Configuration label not found

>From reading several howto's on Poptop on FreeBSD I  ended up with a
partially working solution. I removed the reference to the option file in
/usr/local/etc/pptpd.conf and modified /etc/ppp/ppp.conf like this:
pptp:
set timeout 0
set log phase chat connect lcp ipcp command
set dial
set login
enable mssfixup
set ifaddr 192.168.1.4 192.168.150-192.168.1.155 255.255.255.0
set server /tmp/loop "" 0177
disable pap
# Authenticate against /etc/passwd
enable passwdauth
disable ipv6cp
enable proxy
accept dns
enable MSChapV2
enable mppe
disable deflate pred1

And I added the file /etc/ppp/secure:

#!/bin/sh
exec /usr/sbin/ppp -direct loop-in

And  finaly the file /etc/ppp/ppp.secrets containing usernames and
passwords.

After restarting the server, I can now connect from a Windows client. But
will lose me access to the Internet (missing DNS), and I cannot join the
Samba domain.
I hope someone and lead me in the rigth direction...

Regards,
Jon
-- 
Jon Theil Nielsen
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba