We have a system running fedora 8 using pptpd from the poptop yum
repository.
See http://www.poptop.org/
pptpd/pppd use the winbind plugin from the ppp package to authenticate
to Active Directory.
This works just fine.
Then I found the same setup would not work on a fedora 9 setup.
In order to exclude any possible configuration errors I built
a virtual machine and simulated an upgrade. This is what I found:
- fedora 8 out of the box works just fine
- fedora 8 yummed up-to-date still works fine
- after upgrading to fc9 it stops working
- yum update would not change things
- reverting to last f8 kernel would not help
- reverting to last f8 ppp rpm would not help
- reverting to pptpd rpm built for f8 would not help
- reverting to last f8 samba rpms would help!
What's happening when things don't work is that the XP client
comes with this error, after a successful authentication:
"Error 778: It was not possible to verify the identity of the server"
I can see in the log files and in wireshark traces that the authentication
was indeed successful. If I, on purpose, type a wrong password, I get
the authentication failure message one would expect.
Wireshark shows that the XP client is terminating the connection
immediately after a successful CHAP handshake.
I've seen several reports of this error on the poptop mailing list, all
unanswered.
Maybe they are seeing the same problem.
Fedora 9 comes with a major Samba update, from 3.0 to 3.2
The winbind plugin that pptpd is using is supplied by Samba,
so of course winbind bugs or changes affect pptpd.
Still I wonder what exactly broke, as winbind is in fact
authenticating just fine.
Pim