samba - Nov 2003 - authentication question: pptp tunnels for cisco vpn 3000

I have a Cisco VPN Concentrator 3000, It has the ability to auth PPTP
tunnels off of a WinNT Domain controler.  Well, I to use my samba3 box
instead of a WinNT box.  I have samba3 running off of an LDAP back end. 
Anyway, I setup the VPN Concentrator to auth off of the samba box, and
when I test it with the test option, and it works, but when I try to
auth a pptp tunnel, it fails saying the password is wrong.  Any ideas? 
My vote is for the stupid concentrator to meet some thermite or a metal
baseball batt.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url :
http://lists.samba.org/archive/samba/attachments/20031031/3027eb72/attachment.bin

On Fri, Oct 31, 2003 at 07:35:18PM -0500, Justin Kreger
wrote:
> I have a Cisco VPN Concentrator 3000, It has the ability to auth PPTP
> tunnels off of a WinNT Domain controler.  Well, I to use my samba3 box
> instead of a WinNT box.  I have samba3 running off of an LDAP back end. 
> Anyway, I setup the VPN Concentrator to auth off of the samba box, and
> when I test it with the test option, and it works, but when I try to
> auth a pptp tunnel, it fails saying the password is wrong.  Any ideas? 
> My vote is for the stupid concentrator to meet some thermite or a metal
> baseball batt.
Can you send in a debug level 10 of the concentrator trying to auth
against the smbd ? That might help.

Jeremy.

I will next week.


On Fri, 2003-10-31 at 19:38, Jeremy Allison wrote:
> On Fri, Oct 31, 2003 at 07:35:18PM -0500, Justin Kreger wrote:
> > I have a Cisco VPN Concentrator 3000, It has the ability to auth PPTP
> > tunnels off of a WinNT Domain controler.  Well, I to use my samba3 box
> > instead of a WinNT box.  I have samba3 running off of an LDAP back
end.
> > Anyway, I setup the VPN Concentrator to auth off of the samba box, and
> > when I test it with the test option, and it works, but when I try to
> > auth a pptp tunnel, it fails saying the password is wrong.  Any ideas?
> > My vote is for the stupid concentrator to meet some thermite or a
metal
> > baseball batt.
> 
> Can you send in a debug level 10 of the concentrator trying to auth
> against the smbd ? That might help.
> 
> Jeremy.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url :
http://lists.samba.org/archive/samba/attachments/20031031/2c57cf11/attachment.bin

On Sat, 2003-11-01 at 11:35, Justin Kreger wrote:
> I have a Cisco VPN Concentrator 3000, It has the ability to auth PPTP
> tunnels off of a WinNT Domain controler.  Well, I to use my samba3 box
> instead of a WinNT box.  I have samba3 running off of an LDAP back end. 
> Anyway, I setup the VPN Concentrator to auth off of the samba box, and
> when I test it with the test option, and it works, but when I try to
> auth a pptp tunnel, it fails saying the password is wrong.  Any ideas? 
> My vote is for the stupid concentrator to meet some thermite or a metal
> baseball batt.
Any idea what protocols it is using?  Is this a product on WinNT or
CISCO's own OS?  

I suspect it's using radius, for connection to Microsoft's RADIUS
server, but it certainly could get more interesting.  

Get a network trace, and see what's going on.  I seem to have got myself
into the VPN authentication game (see my paper at
http://hawkerc.net/staff/abartlet/comp3700/final-report.pdf for what
I've been up to), so I'm interesting in making the various combinations
here work.  I'll shortly be working on (or working with another
developer on) a plugin for FreeRADIUS to make it authenticate against an
MS domain (or a Samba domain for that matter).  

Andrew Bartlett

-- 
Andrew Bartlett                                 abartlet@pcug.org.au
Manager, Authentication Subsystems, Samba Team  abartlet@samba.org
Student Network Administrator, Hawker College   abartlet@hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url :
http://lists.samba.org/archive/samba/attachments/20031107/7aa3c808/attachment.bin