Solved

Linux as PPP server

Posted on 2000-03-29
7
329 Views
Last Modified: 2010-03-18
I know it's been asked a hundred times before, but I've already spent about 50 points looking up PAQ's and still cannot find the correct answer.

Here's the deal... setting up our RedHat 6.1 as a ppp dialin server.

I installed mgetty. I can dial in and get a shell account access.

How do I turn that to ppp?

I read PPP-HOWTO and that seems hacky... log in, type ppp, then negotiate PPP on the client end? That's bad form.

I read some stuff on comp.os.linux.networking, which helped a little, but not completely.

What I need to know:
Once mgetty is set up (I did compile with -DAUTO_PPP) what next?

How do you set up the pap-secrets file? On the newsgroup I saw that you only need:
* * "" *

How does the client receive it's IP? Do I need DHCP server set up on the dialin server?

Basically: Once mgetty is installed, what files need to be edited, and how?

Thanks... I know this is a huge repeat question, but like I said, I read 6 or 7 PAQ's and didnt get my full answer.
0
Comment
Question by:edskee
  • 4
  • 3
7 Comments
 
LVL 2

Author Comment

by:edskee
ID: 2666707
This is the best I get... I get a login shell, regardless of the auto-ppp I turned on... and when I manually run pppd:

pppd: The remote system is required to authenticate itself but I
pppd: couldn't find any secret (password) which would let it use an IP address.

Here's my pap-secrets:
* * "" *

Thats it... what pppd options should I use?

This is driving me nuts.
0
 
LVL 4

Accepted Solution

by:
kiffney earned 50 total points
ID: 2671673
You have to edit the /etc/mgetty/login.conf file and set up a line like this:

/AutoPPP/  -  a_ppp   /usr/sbin/pppd

And (this may be the part missing) you have to make sure mgetty answers the phone (and not mingetty, uugetty, agetty, or bibbity-bobbity-getty) by editing /etc/inittab (as root) like this:

SO:2345:respawn:/sbin/mgetty -s 115200 -x 3 ttyS0
if you want it to answer with the modem on ttyS0 (COM1 in DOS world).

Replace /sbin/mgetty with the actual location of your mgetty, and the S0 and ttyS0 with S1 and ttyS1 if you're on that port, etc.

Then tell init to reread the inittab with 'kill -HUP 1'

Be careful editing inittab - you can make your system hard to use with a mistake here (been there myself).

Once you do this mgetty should answer and cough up a PPP connection - then your new troubles (authorization, IP addresses) will begin!

In short, you want /etc/ppp/options.ttyS0 (if you're using serial line 0/com1) to have something like this in  it:

:192.68.1.11  
(or whatever IP address makes sense for the network you're dialing into)
proxyarp  
(so that your dialing-in machine appears to be on the net)
ms-dns 192.68.1.2  
(or whatever address you want windows dialin guys to use for a domain name server, if you have one - don't need to)

Finally, fix pap-secrets like this:

a_name    *     a_password   *

and when you dial in, use that name and password.

That might be enough to get things going.  Let us know what happens.  And be patient, it's a pain to set up, but once set up works perfectly forever.
0
 
LVL 2

Author Comment

by:edskee
ID: 2673559
How do you get it to use the existing username/password combos in /etc/passwd instead of the pap-secrets file?
0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 2

Author Comment

by:edskee
ID: 2673582
It works! All except the username and password part... for each person who needs to dialin, I really dont want to have to edit the pap-secrets file... how do I do it otherwise?
0
 
LVL 4

Expert Comment

by:kiffney
ID: 2673610
Use the 'login' option on the server's pppd setup.  You still need an entry in the pap-secrets file, but you can put "" in the secrets column.  The dialer-in has the username in the name column, * in the server column, "" in the secrets column, and either * or a set of ip addresses allowed in the address columnt.
0
 
LVL 4

Expert Comment

by:kiffney
ID: 2673629
I meant to say, the dialed-into machine has "" in the secrets column and 'login' in the options file - this makes the server check the user's password against /etc/passwd.  You still need a username entry in the server's pap-secrets, but it can just be

*  *  ""  *

and the dialing-in person sets "remotename" to be his login name and his password to be his login password.
0
 
LVL 2

Author Comment

by:edskee
ID: 2673684
Thanks man, fixed all my problems!
0

Featured Post

Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

Join & Write a Comment

I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
It is a freely distributed piece of software for such tasks as photo retouching, image composition and image authoring. It works on many operating systems, in many languages.
Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…

759 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now