samba - Jul 2005 - Authenticate pptpd server on a domain controller

Hello.

I have two servers:
 -One is a vpn server with pptpd. It has debian sarge 3.1, kernel(2.6.8),
pptd(1.2.1-4), ppp(2.4.3-2) and Samba(3.0.14a-3). All the accounts to log on the
vpn are on /etc/ppp/chap-secrets file.

 -The other is a pdc with samba(2.2.7) in red hat 8 

I want the accounts in the first server (chap-secrets file) authenticate against
the pdc server (/etc/samba/smbpasswd) on the second.

I read that it is possible using winbind, kerberos and pam. I have been making
some configurations but I haven't made yet it works.  I want to know what is
the best way and how to make.

I have traied these two links.:
1- Replacing a Windows PPTP server with Linux HOWTO
http://poptop.sourceforge.net/dox/replacing-windows-pptp-with-linux-howto.phtml

2- Chapter 23. Winbind: Use of Domain Accounts
http://us2.samba.org/samba/docs/man/Samba3-HOWTO/winbind.html

but the two show the same error when I try to join the pptpd server on the pdc.
All the configurations were made in the pptpd server not on the pdc.

-The fisrt one displays
   Proxy2:/etc/samba# net join -U root
   root's password:
   [2005/07/22 16:02:01, 0] utils/net_ads.c:ads_startup(191)
    ads_connect: Transport endpoint is not connected
   [2005/07/22 16:02:01, 0] rpc_client/cli_netlogon.c:cli_nt_setup_creds(256)
    cli_nt_setup_creds: request challenge failed
   Creation of workstation account failed
   User specified does not have administrator privileges
   Unable to join domain DUCOR.

-The second one displays
  Proxy2:/etc/samba# net rpc join -S servdb1 -U root
  [2005/07/22 16:03:35, 0] rpc_client/cli_netlogon.c:cli_nt_setup_creds(256)
    cli_nt_setup_creds: request challenge failed
  Password: 
  Creation of workstation account failed
  User specified does not have administrator privileges
  Unable to join domain DUCOR.

I would thank if somebody can help me.

I'm running the following configuration:

samba3/ldap --> freeradius --> mpd(freebsd pptp server)

the key word here is radius (freeradius, for instance) it makes use of NT 
hashes which are already present in ldap.

not sure that I can help with samba-2.2, but if You consider upgrading to 
3.0, I can share config.

Cheers,
Ilia Chipitsine
> Hello.
>
> I have two servers:
> -One is a vpn server with pptpd. It has debian sarge 3.1, kernel(2.6.8),
pptd(1.2.1-4), ppp(2.4.3-2) and Samba(3.0.14a-3). All the accounts to log on the
vpn are on /etc/ppp/chap-secrets file.
>
> -The other is a pdc with samba(2.2.7) in red hat 8
>
> I want the accounts in the first server (chap-secrets file) authenticate
against the pdc server (/etc/samba/smbpasswd) on the second.
>
> I read that it is possible using winbind, kerberos and pam. I have been
making some configurations but I haven't made yet it works.  I want to know
what is the best way and how to make.
>
> I have traied these two links.:
> 1- Replacing a Windows PPTP server with Linux HOWTO
http://poptop.sourceforge.net/dox/replacing-windows-pptp-with-linux-howto.phtml
>
> 2- Chapter 23. Winbind: Use of Domain Accounts
http://us2.samba.org/samba/docs/man/Samba3-HOWTO/winbind.html
>
> but the two show the same error when I try to join the pptpd server on the
pdc. All the configurations were made in the pptpd server not on the pdc.
>
> -The fisrt one displays
>   Proxy2:/etc/samba# net join -U root
>   root's password:
>   [2005/07/22 16:02:01, 0] utils/net_ads.c:ads_startup(191)
>    ads_connect: Transport endpoint is not connected
>   [2005/07/22 16:02:01, 0]
rpc_client/cli_netlogon.c:cli_nt_setup_creds(256)
>    cli_nt_setup_creds: request challenge failed
>   Creation of workstation account failed
>   User specified does not have administrator privileges
>   Unable to join domain DUCOR.
>
> -The second one displays
>  Proxy2:/etc/samba# net rpc join -S servdb1 -U root
>  [2005/07/22 16:03:35, 0] rpc_client/cli_netlogon.c:cli_nt_setup_creds(256)
>    cli_nt_setup_creds: request challenge failed
>  Password:
>  Creation of workstation account failed
>  User specified does not have administrator privileges
>  Unable to join domain DUCOR.
>
> I would thank if somebody can help me.
>
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba
>