Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

PPTP VPN + radius on lenny

96 views
Skip to first unread message

Mirko Scurk

unread,
Mar 25, 2010, 10:00:02 AM3/25/10
to
Hi!

On Lenny need to setup pptpd + radius for windows clients. Studied couple
of howtos but all seem to be incomplete or to complicated.

Linux 2.6.26-2-686-bigmem
libradiusclient-ng2 0.5.5-1
pptpd 1.3.4-2.1
freeradius 2.1.3-0lenny0


/etc/pptpd.conf

option /etc/ppp/pptpd-options
debug
delegate
connections 4
localip xxx.xxx.xxx.13
remoteip xxx.xxx.xxx.66-69


/etc/ppp/pptpd-options

name pptpd
domain xxxx.com
refuse-pap
refuse-chap
refuse-mschap
require-mschap-v2
require-mppe-128
ms-dns xx
ms-dns xx
ms-wins xx
ms-wins xx
proxyarp
nodefaultroute
debug
lock
nobsdcomp
plugin radius.so
radius-config-file /etc/radiusclient-ng/radiusclient.conf
plugin radattr.so


/etc/radiusclient-ng/radiusclient.conf

auth_order radius
login_tries 4
login_timeout 60
nologin /etc/nologin
issue /etc/radiusclient-ng/issue
authserver localhost:1812
acctserver localhost:1813
servers /etc/radiusclient-ng/servers
dictionary /etc/radiusclient-ng/dictionary
login_radius /usr/sbin/login.radius
seqfile /var/run/radius.seq
mapfile /etc/radiusclient-ng/port-id-map
default_realm
radius_timeout 10
radius_retries 3
login_local /bin/login


/etc/radiusclient-ng/servers
localhost secret


/etc/freeradius/clients.conf

client ip_addr {
secret = secret
shortname = vpn
}
client 127.0.0.1 {
secret = secret
shortname = vpn
}


Tnx.

--
Mirko Scurk


--
To UNSUBSCRIBE, email to debian-us...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org
Archive: http://lists.debian.org/957c5f503471ca22b1b3...@webmail.sfsb.hr

Sjoerd Hardeman

unread,
Mar 25, 2010, 10:40:02 AM3/25/10
to
Mirko Scurk schreef:

> Hi!
>
> On Lenny need to setup pptpd + radius for windows clients. Studied couple
> of howtos but all seem to be incomplete or to complicated.
That's because it is rather complicated.

>
> Linux 2.6.26-2-686-bigmem
> libradiusclient-ng2 0.5.5-1
> pptpd 1.3.4-2.1
> freeradius 2.1.3-0lenny0
>
> (conffiles)
What is exactly your question? I assume it is not working. Is radius
itself working? Try radtest for that.
Then, make sure you offer the passwords in the right format. pptp
requires the nt and lanman windows hash, which is not trivial to
achieve. If you offer the passowrd to the radiusserver in clear text
then radius should convert, if if you give it any hashed value it will
not work. In that case you need to store the nt/lm-hashed version as
well. smbpasswd can generate the proper hash, and for ldap you can
install an overlay that automatically generates the nt/lm hash when you
update the password.

If that's all working, set up pptp to do as much debug as possible (both
pptp debug and ppp debug on) and try to log in. The logs should give you
a clue of what's working and what not.

Good luck!
Sjoerd

signature.asc
0 new messages