Justin Kreger
2003-Nov-01 00:35 UTC
[Samba] authentication question: pptp tunnels for cisco vpn 3000
I have a Cisco VPN Concentrator 3000, It has the ability to auth PPTP tunnels off of a WinNT Domain controler. Well, I to use my samba3 box instead of a WinNT box. I have samba3 running off of an LDAP back end. Anyway, I setup the VPN Concentrator to auth off of the samba box, and when I test it with the test option, and it works, but when I try to auth a pptp tunnel, it fails saying the password is wrong. Any ideas? My vote is for the stupid concentrator to meet some thermite or a metal baseball batt. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part Url : http://lists.samba.org/archive/samba/attachments/20031031/3027eb72/attachment.bin
Jeremy Allison
2003-Nov-01 00:38 UTC
[Samba] authentication question: pptp tunnels for cisco vpn 3000
On Fri, Oct 31, 2003 at 07:35:18PM -0500, Justin Kreger wrote:> I have a Cisco VPN Concentrator 3000, It has the ability to auth PPTP > tunnels off of a WinNT Domain controler. Well, I to use my samba3 box > instead of a WinNT box. I have samba3 running off of an LDAP back end. > Anyway, I setup the VPN Concentrator to auth off of the samba box, and > when I test it with the test option, and it works, but when I try to > auth a pptp tunnel, it fails saying the password is wrong. Any ideas? > My vote is for the stupid concentrator to meet some thermite or a metal > baseball batt.Can you send in a debug level 10 of the concentrator trying to auth against the smbd ? That might help. Jeremy.
Justin Kreger
2003-Nov-01 01:44 UTC
[Samba] authentication question: pptp tunnels for cisco vpn 3000
I will next week. On Fri, 2003-10-31 at 19:38, Jeremy Allison wrote:> On Fri, Oct 31, 2003 at 07:35:18PM -0500, Justin Kreger wrote: > > I have a Cisco VPN Concentrator 3000, It has the ability to auth PPTP > > tunnels off of a WinNT Domain controler. Well, I to use my samba3 box > > instead of a WinNT box. I have samba3 running off of an LDAP back end. > > Anyway, I setup the VPN Concentrator to auth off of the samba box, and > > when I test it with the test option, and it works, but when I try to > > auth a pptp tunnel, it fails saying the password is wrong. Any ideas? > > My vote is for the stupid concentrator to meet some thermite or a metal > > baseball batt. > > Can you send in a debug level 10 of the concentrator trying to auth > against the smbd ? That might help. > > Jeremy.-------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part Url : http://lists.samba.org/archive/samba/attachments/20031031/2c57cf11/attachment.bin
Andrew Bartlett
2003-Nov-07 10:35 UTC
[Samba] authentication question: pptp tunnels for cisco vpn 3000
On Sat, 2003-11-01 at 11:35, Justin Kreger wrote:> I have a Cisco VPN Concentrator 3000, It has the ability to auth PPTP > tunnels off of a WinNT Domain controler. Well, I to use my samba3 box > instead of a WinNT box. I have samba3 running off of an LDAP back end. > Anyway, I setup the VPN Concentrator to auth off of the samba box, and > when I test it with the test option, and it works, but when I try to > auth a pptp tunnel, it fails saying the password is wrong. Any ideas? > My vote is for the stupid concentrator to meet some thermite or a metal > baseball batt.Any idea what protocols it is using? Is this a product on WinNT or CISCO's own OS? I suspect it's using radius, for connection to Microsoft's RADIUS server, but it certainly could get more interesting. Get a network trace, and see what's going on. I seem to have got myself into the VPN authentication game (see my paper at http://hawkerc.net/staff/abartlet/comp3700/final-report.pdf for what I've been up to), so I'm interesting in making the various combinations here work. I'll shortly be working on (or working with another developer on) a plugin for FreeRADIUS to make it authenticate against an MS domain (or a Samba domain for that matter). Andrew Bartlett -- Andrew Bartlett abartlet@pcug.org.au Manager, Authentication Subsystems, Samba Team abartlet@samba.org Student Network Administrator, Hawker College abartlet@hawkerc.net http://samba.org http://build.samba.org http://hawkerc.net -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part Url : http://lists.samba.org/archive/samba/attachments/20031107/7aa3c808/attachment.bin