Hello all, I am working on a VPN solution using FC3-2.6.12-1.1381 - openswan 2.4.4-1 - l2tpd 0.69-13 - pppd 2.4.3-5 - samba 3.0.10-1. When attempting a connection from an XP-SP2 box pppd dies without authenticating the user (see below). I have run ntlm_auth from the command line with success. What tools can I use to identify the failure? Is there an obvious error in the ppp options file? Thanks, Brian Hoover messages: Nov 23 09:15:51 fw03 pppd[4862]: Plugin winbind.so loaded. Nov 23 09:15:51 fw03 pppd[4862]: WINBIND plugin initialized. Nov 23 09:15:51 fw03 pppd[4862]: pppd 2.4.3 started by root, uid 0 Nov 23 09:15:51 fw03 pppd[4862]: Using interface ppp0 Nov 23 09:15:51 fw03 pppd[4862]: Connect: ppp0 <--> /dev/pts/2 Nov 23 09:15:53 fw03 pppd[4862]: Peer VIDAR\\bch failed CHAP authentication Nov 23 09:15:53 fw03 pppd[4862]: Connection terminated. Nov 23 09:15:54 fw03 pppd[4862]: Exit. The ppp options file: noauth name l2tpd refuse-pap refuse-mschap require-mschap-v2 defaultroute ms-dns 192.168.0.19 ms-dns 192.168.0.49 ms-wins 192.168.0.19 ms-wins 192.168.0.49 proxyarp debug lock nobsdcomp nologfd plugin winbind.so ntlm_auth-helper "/usr/bin/ntlm_auth --helper-protocol=ntlm-server-1"
I have the same problem. My setup is same except my server is FC1 with kernel 2.4.32 and samba 3.0.21rc1. See "Unified logons with winbind and tdbsam backend": http://lists.samba.org/archive/samba/2005-November/113583.html I didn't get any responses to my message which I sent couple times here. I can't say for sure is this a samba bug or a configuration issue. Ppp-debug option gives following error messages: utils/ntlm_auth.c:manage_squid_request(1592) fgets() failed! dying..... errno=1 (Operation not permitted) Peer DOMAIN\\user failed CHAP authentication Juha Pietik?inen>Hello all,>I am working on a VPN solution using FC3-2.6.12-1.1381 - openswan >2.4.4-1 - l2tpd 0.69-13 - pppd 2.4.3-5 - samba 3.0.10-1. > >When attempting a connection from an XP-SP2 box pppd dies without >authenticating the user (see below). >I have run ntlm_auth from the command line with success. > >What tools can I use to identify the failure? > >Is there an obvious error in the ppp options file? > >Thanks, >Brian Hoover > >messages: >Nov 23 09:15:51 fw03 pppd[4862]: Plugin winbind.so loaded. >Nov 23 09:15:51 fw03 pppd[4862]: WINBIND plugin initialized. >Nov 23 09:15:51 fw03 pppd[4862]: pppd 2.4.3 started by root, uid 0 >Nov 23 09:15:51 fw03 pppd[4862]: Using interface ppp0 >Nov 23 09:15:51 fw03 pppd[4862]: Connect: ppp0 <--> /dev/pts/2 >Nov 23 09:15:53 fw03 pppd[4862]: Peer VIDAR\\bch failed CHAP >authentication >Nov 23 09:15:53 fw03 pppd[4862]: Connection terminated. >Nov 23 09:15:54 fw03 pppd[4862]: Exit. > >The ppp options file: >noauth >name l2tpd >refuse-pap >refuse-mschap >require-mschap-v2 >defaultroute >ms-dns 192.168.0.19 >ms-dns 192.168.0.49 >ms-wins 192.168.0.19 >ms-wins 192.168.0.49 >proxyarp >debug >lock >nobsdcomp >nologfd >plugin winbind.so >ntlm_auth-helper "/usr/bin/ntlm_auth --helper-protocol=ntlm-server-1"
On Wed, 2005-11-23 at 09:42 -0500, Brian Hoover wrote:> Hello all, > > I am working on a VPN solution using FC3-2.6.12-1.1381 - openswan > 2.4.4-1 - l2tpd 0.69-13 - pppd 2.4.3-5 - samba 3.0.10-1. > > When attempting a connection from an XP-SP2 box pppd dies without > authenticating the user (see below). > I have run ntlm_auth from the command line with success. > > What tools can I use to identify the failure?Perhaps pipe the ntlm_auth invokation via 'tee' and see what is being written to ntlm_auth? Also try an strace. Are you running the patched pppd, due to my snarfu with base64 encoding? (Patch on the poptop page). Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Samba Developer, SuSE Labs, Novell Inc. http://suse.de Authentication Developer, Samba Team http://samba.org Student Network Administrator, Hawker College http://hawkerc.net -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part Url : http://lists.samba.org/archive/samba/attachments/20051126/ed6b3081/attachment.bin
Thanks for responding. Andrew Bartlett wrote:> On Wed, 2005-11-23 at 09:42 -0500, Brian Hoover wrote: >> Hello all, >> >> I am working on a VPN solution using FC3-2.6.12-1.1381 - openswan >> 2.4.4-1 - l2tpd 0.69-13 - pppd 2.4.3-5 - samba 3.0.10-1. >> >> When attempting a connection from an XP-SP2 box pppd dies without >> authenticating the user (see below). >> I have run ntlm_auth from the command line with success. >> >> What tools can I use to identify the failure? > > Perhaps pipe the ntlm_auth invokation via 'tee' and see what is being > written to ntlm_auth? > > Also try an strace.I'll try these when I get back to the lab.> Are you running the patched pppd, due to my snarfu with base64 > encoding?I could not find the patch you speek of, but I am using the same daemon I used in a PPTP config that works. Thanks again, Brian
Andrew Bartlett wrote:>> I could not find the patch you speek of, but I am using the same >> daemon I used in a PPTP config that works. > > Oh, and that uses winbind auth?I'm using a version obtained from PopTop and yes it works with windbind auth.> > Is the l2tp in a chroot or similar?Not yet, still trying to get a simple set-up working.> > Andrew BartlettBrian Hoover
SOLVED! Follow-up: Andrew Bartlett wrote:> On Mon, 2005-11-28 at 06:27 -0500, Brian Hoover wrote: >> Andrew Bartlett wrote: >> >>>> I could not find the patch you speek of, but I am using the same >>>> daemon I used in a PPTP config that works. >>> >>> Oh, and that uses winbind auth? >> >> I'm using a version obtained from PopTop and yes it works with >> windbind auth. >> >>> >>> Is the l2tp in a chroot or similar? >> >> Not yet, still trying to get a simple set-up working. > > All I can suggest is to chase it down from the l2tp and pppd side > with strace. > > Andrew BartlettThis was a misconfigured l2tpd. The statement 'require-mschap' was left in from an earlier test. Thanks for the suggestions, Brian