Solved

How to set up a Dial-In PPP Server

Posted on 2000-02-21
16
525 Views
Last Modified: 2013-12-16
I  have Slackware 7 and Zoltrix modem installed.
I'm trying to set up a Dial-In PPP Server starting
 mgetty.  Everytime a client tries to connect to the
PPP server,  I'm getting the following errors in
mgetty log file:

 --
02/20 21:53:52 ##### data dev=ttyS1, pid=139, caller=none, conn='38400/31200 LAP-M', name='', cmd='/usr/sbin/pppd', user='/AutoPPP/'
                       
 --
 02/20 21:53:53 yS1  TIOCMBIS failed: Input/output error
 02/20 21:53:53 yS1  cannot turn off soft carrier:
 Input/output error
 02/20 21:53:53 yS1  tcgetattr failed: Input/output error
 02/20 21:53:53 yS1  cannot get TIO: Input/output error
 02/20 21:53:53 yS1  mg_init_device failed, trying again
 02/20 21:55:24 ##### failed dev=ttyS1, pid=211, got signal 15, exiting

 Here's my login.config

 /AutoPPP/ - a_ppp   /usr/sbin/pppd auth modem refuse-chap require-pap

 Does anyone have the same problems to setup
 a Dial-In PPP Server?

   Thanks,
0
Comment
Question by:cpak
  • 8
  • 4
  • 3
  • +1
16 Comments
 
LVL 3

Expert Comment

by:tibori
Comment Utility
Sounds like you may be using software flow control on the client. Use hardware flow control.
0
 
LVL 2

Expert Comment

by:proglot
Comment Utility
Do you have AT&C1&D2 in you init string for modem
0
 
LVL 4

Expert Comment

by:kiffney
Comment Utility

As the estimable Clifford Kite says, "
tcgetattr has always meant that there is another process besides pppd that is contending for the modem IRQ.  Some examples are (1) an ethernet card that used the same IRQ as the modem, (2) a misconfigured ppp script that launched pppd twice, and (3) a mingetty that somehow had been configured for call-in.  "

This means, assuming this modem works for dialout (use minicom and call a BBS or an ISP or something) - if not, check /proc/ioports and /proc/interrupts, make sure you have no irq or port conflicts: then check /etc/inittab to make sure you are not running two gettys
on the same serial port; make sure pppd is not already running on that serial port.  Look at the contents of /var/lock/LCK...ttySx where x is 0 or 1 or whatever the number of the com port you are using for dialin (remember Unix calls com1 ttyS0, etc).  The contents of the LCK.. file shows you the Process ID (PID) of whoever has locked the com port.  then do "ps auxw" and look in the first column for that process ID, and see who's got it, and KILL that process (man kill for details).
0
 
LVL 3

Expert Comment

by:tibori
Comment Utility
cpak: I've just gotten the same log message as this. It happened when the user was disconnected and the pppd on the server side was still trying to communicate. Take a look at the tail of /var/log/messages. For me there's a CHAP authentication failed for user ... right before this log message. If that's the case for you then there's a problem with your pap or chap-secrets file settings(on the server or the client or both)
0
 
LVL 3

Expert Comment

by:tibori
Comment Utility
oops my fault, sounds like you're using pap. Check your /etc/ppp/pap-secrets file on the server side, make sure it's correct. Then make sure that your linux clients have a "noauth" in their /etc/ppp/options file, otherwise they're asking the server to authenticate itself, which by default it shouldn't but can be set up to do so.
0
 

Author Comment

by:cpak
Comment Utility
tibori:  Actually I setup the client on Window 98 and
PPP dial-up server on linux.  Should the client run on
linux?  I believe the client can run on any platform.
In your previous comments, what are the good examples
of /etc/ppp/pap-secrets and /etc/ppp/options?

Thanks,

Chong
0
 
LVL 3

Expert Comment

by:tibori
Comment Utility
The clients can be Windows or Linux, but their setup is a bit different. For Windows machines, you need to set a line like this in pap-secrets(on the server)

login-name server-machine-name password

This is the login name and password that you're using on the Windows client, and the same as you've defined the user and password on the server.

For a Linux client, the client itself sends the machine name and the secret(password) specified in pap-secrets(on the client) so on the server's pap-secrets you need to put in

client-machine-name server-machine-name secret

The secret in this case does not have to be the same as the user's login name, although to avoid confusion that's what I made mine to be.

Now for a linux client to be able to connect you also have to modify pap-secrets on the client side to tell it how to authenticate itself to the server. For that you can just put in

client-machine-name server-machine-name secret

The secrets on the client and the server of course have to match. Also on a Linux client you want to put "noauth" in /etc/ppp/options otherwise you'll have to add an extra line to both client and server's pap-secrets to allow the server to authenticate itself to the client(which is not really necessary, but to be absolutely safe, it's a good idea)
If you want to set that up just have a pair of lines on both the client and the server, one as mentioned above and the second line with the client and server machine names reversed, then you can change the noauth to auth on the client side.
I hope that all made sense, let me know if it didn't. Also take a look at the tail end of your /var/log/messages file on both server and client to know what's going on..why the conecction wasn't successful. If you're having problems let me know what those have in them.
0
 
LVL 3

Expert Comment

by:tibori
Comment Utility
there needs to be a white space between the three fields for the pap-secrets file.
0
Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

 
LVL 4

Expert Comment

by:kiffney
Comment Utility
I really don't think this is an authentication problem.  You are not getting a ppp connection at all.  You have (1) a bad serial cable, if your modem is external (2) a misconfigured modem (3) a misconfigured mgetty.   In /etc/inittab, next to the S1 entry, you should NOT have an -r option on mgetty.  You might want to add an initialization string here, such as AT&C1&D2 to make sure the carrier detect signals are correct.  add the following:
/sbin/mgetty -m '"" AT&C1&D2 OK' -x9
to the command line, or change the /etc/mgetty/mgetty.config
and add a

port ttyS1
  init-chat "" AT&C1&D2 OK

to it.

Have you used this port for anything yet - can you dial OUT using this port, say to a BBS, successfully? can you dial IN using minicom and get a login?  Are you sure you don't have something besides mgetty also watching this port - say, a mingetty - look in /etc/inittab and make sure there is only ONE Line that starts with S1 and that that line calls mgetty.  Check the contents of the LCK... files in /var/lock/ and check the PIDs you see.  Check the contents of /proc/interrupts and make sure that
interrupt 3 says 'serial' next to it.  

If this still doesn't work post the contents of your /var/log/messages file also, and the contents of /etc/inittab.  
0
 

Author Comment

by:cpak
Comment Utility
The remote client on Windows98 tried to
dial-in to my PPP server on linux twice.
I believe that PPP-connection's OK, but
the remote connection's terminated as
soon as it connected to the server.
Here's the /var/log/message file:

Mar  2 22:34:04 sushi kernel: PPP line discipline registered.
Mar  2 22:34:04 sushi kernel: PPP BSD Compression module registered
                                         Mar  2 22:34:04 sushi kernel:   kernel build: 2.2.13 #22 Wed Oct 20 17:32:52 CDT
 1999
Mar  2 22:34:04 sushi kernel:   options:  [pci] [cardbus]
Mar  2 22:34:04 sushi kernel: Intel PCIC probe: not found.
Mar  2 22:34:04 sushi kernel: Databook TCIC-2 PCMCIA probe: not found.
Mar  2 22:34:04 sushi kernel: ds: no socket drivers loaded!
Mar  2 22:34:09 sushi sendmail[115]: starting daemon (8.9.3): SMTP+queueing@00:1
5:00
Mar  2 22:34:10 sushi kernel: iBCS: socksys registered on character major 30
 
Mar  2 22:40:29 sushi kernel: registered device ppp0
Mar  2 22:40:30 sushi pppd[219]: pppd 2.3.10 started by LOGIN, uid 0
Mar  2 22:40:30 sushi pppd[219]: Using interface ppp0
Mar  2 22:40:30 sushi pppd[219]: Connect: ppp0 <--> /dev/ttyS1
Mar  2 22:40:36 sushi pppd[219]: Connection terminated.
Mar  2 22:40:36 sushi pppd[219]: Exit.
 
Mar  2 22:41:19 sushi pppd[236]: pppd 2.3.10 started by LOGIN, uid 0
Mar  2 22:41:19 sushi pppd[236]: Using interface ppp0
Mar  2 22:41:19 sushi pppd[236]: Connect: ppp0 <--> /dev/ttyS1
Mar  2 22:41:26 sushi pppd[236]: Connection terminated.
Mar  2 22:41:26 sushi pppd[236]: Exit.


Here's my /etc/ppp/pap-secrets:

# PAP authentication file: /etc/ppp/pap-secrets
# This file should have a permission of
# 600.
# ~# chmod 600 /etc/ppp/pap-secrets
# Username      Server      Password
# IP addresses
# Dial-in clients
cpak    myhostname   mypassword 192.168.31.2

In my /etc/inittab, there's only one S1
entry for that device.  
Here's the /etc/inittab:

#
# inittab       This file describes how the INIT process should set up
#               the system in a certain run-level.
#
# Version:      @(#)inittab             2.04    17/05/93        MvS
#                                       2.10    02/10/95        PV
#                                       3.00    02/06/1999      PV
#
# Author:       Miquel van Smoorenburg, <miquels@drinkel.nl.mugnet.org>
# Modified by:  Patrick J. Volkerding, <volkerdi@ftp.cdrom.com>
#

# These are the default runlevels in Slackware:
#   0 = halt
#   1 = single user mode
#   2 = unused (but configured the same as runlevel 3)
#   3 = multiuser mode (default Slackware runlevel)
#   4 = X11 with KDM/GDM/XDM (session managers)
#   5 = unused (but configured the same as runlevel 3)
#   6 = reboot

# Default runlevel. (Do not set to 0 or 6)
id:4:initdefault:

# System initialization (runs when system boots).
si:S:sysinit:/etc/rc.d/rc.S

# Script to run when going single user (runlevel 1).
su:1S:wait:/etc/rc.d/rc.K

# Script to run when going multi user.
rc:2345:wait:/etc/rc.d/rc.M

# What to do at the "Three Finger Salute".
ca::ctrlaltdel:/sbin/shutdown -t5 -rf now

# Runlevel 0 halts the system.
l0:0:wait:/etc/rc.d/rc.0

# Runlevel 6 reboots the system.
l6:6:wait:/etc/rc.d/rc.6

# What to do when power fails (shutdown to single user).
pf::powerfail:/sbin/shutdown -f +5 "THE POWER IS FAILING"

# If power is back before shutdown, cancel the running shutdown.
pg:0123456:powerokwait:/sbin/shutdown -c "THE POWER IS BACK"

# If power comes back in single user mode, return to multi user mode.
ps:S:powerokwait:/sbin/init 3

# The getties in multi user mode on consoles an serial lines.
#
# NOTE NOTE NOTE adjust this to your getty or you will not be
#                able to login !!
#
# Note: for 'agetty' you use linespeed, line.
# mgetty -------------
s1:45:respawn:/usr/local/sbin/mgetty -m '"" AT&C1&D2 OK' -D -x9 /dev/ttyS1

Is there any reason the client's
terminated immediately?

Thanks,

Chong
0
 

Author Comment

by:cpak
Comment Utility
Here's my /etc/ppp/options:

# General configuration options for PPPD:
lock
defaultroute
noipdefault
modem
/dev/ttyS1
115200
crtscts
# Uncomment the line below for more verbose error reporting:
#debug
# If you have a default route already, pppd may require the other side
# to authenticate itself, which most ISPs will not do.  To work around this,
# uncomment the line below.  Note that this may have negative side effects
# on system security if you allow PPP dialins.  See the docs in /usr/doc/ppp*
# for more information.
#noauth
passive
asyncmap 0
name "cpak"

To make one more time, the remote
client tried to login using
corrent username and
password....

Chong
0
 
LVL 3

Expert Comment

by:tibori
Comment Utility
by specifing "name" in /etc/ppp/options, you're setting or changing the name of the host. If the /etc/ppp/pap-secrets file you posted is the server one, you need to change it around to be
remote-client's-loginname cpak remote-client's password.
0
 
LVL 4

Expert Comment

by:kiffney
Comment Utility
I think tibori is onto it.  Your earlier log messages indicated communication failure.  But this log shows pppd starting.  Try removing the
name "cpak"
and
passive
lines, perhaps adding
debug
kdebug 1
to the pppd options file, and retrying.

You don't need passive if mgetty is starting pppd, and passive will allow multiple copies of pppd to start, causing you more lock and contention problems on your port.
0
 

Author Comment

by:cpak
Comment Utility
Thank  you so much for all of the comments.
So, what's the bottom line here?
Do I need to remove the lines "name cpak" or
to replace the line  into "cpak   password" in
/etc/ppp/options ?

Chong
0
 
LVL 3

Expert Comment

by:tibori
Comment Utility
if you remove "name cpak" pppd will report the actual name of your server, so then that's what you'd have to put into pap secrets:

clients-name actual-server-name clients-password

If you leave it there then you can put what I specified above. Either way should work.
0
 
LVL 3

Accepted Solution

by:
tibori earned 100 total points
Comment Utility
cpak: Any progress?

Just to clarify:

Specifing the "name" option on the server changes the actual name of the server to the name specified by "name"
So if the server's actual name is "dialin.cpak.com" but you want it to appear as "cpak.cpak.com" to users dialing from ppp, then specify this option. It doesn't matter either way...except that in the pap-secrets file, you need to specify the server name as it appears to the PPP users. So if you used the name cpak(NO QUOTES!!)
in /etc/ppp/options then your /etc/ppp/pap-secrets on the server would need to look like:

clientname cpak password (optional ip)

if you didn't use the name option then your pap-secrets would look like:

clientname actualservername password (optional ip)

The optional IP is used for if you want to specify what IP address the client should and should not be allowed to connect with.

Speaking of the client's IP's, with the settings you've specified, you NEED to give the client an IP address(so do not choose dynamically assigned IP). That's because you've specified "noipdefault" and you've also not given any directive for the server to assign an IP address to the connecting client. If however you want to do this, then take out "noipdefault" and add x.x.x.x:y.y.y.y where the x's will be the clients local address and the y's will be the clients remote address. This is still static, but youre controlling your client's ip's so not just anybody could connect and of course you can access the client from the server this way. This of course you'd specify in /etc/options, or if you plan to have multiple users then you could put it in each users home directory in a file called .ppprc .
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

This is the error message I got (CODE) Error caused by incompatible libmp3lame 3.98-2 with ffmpeg I've googled this error message and found out sometimes it attaches this note "can be treated with downgrade libmp3lame to version 3.97 or 3.98" …
I am a long time windows user and for me it is normal to have spaces in directory and file names. Changing to Linux I found myself frustrated when I moved my windows data over to my new Linux computer. The problem occurs when at the command line.…
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now