We help IT Professionals succeed at work.

Linux PPP gateway to NT

jscart
jscart asked
on
Medium Priority
324 Views
Last Modified: 2010-03-18
I have my RH 7.1 box setup as a dialin ppp server.
Works great not problems with that. But I can't access
my NT servers through the ppp server. What has to be done
to allow my NT PDC to auth me over my ppp? I can browse
the network just can't access NT resources or exchange
email 'cause I'm not authed. At present no firewall
exsists on this box. So that's not the problem. The IP
is static although I do run a DHCP server, but that
shouldn't effect it either. Any ideas????
Comment
Watch Question

Commented:
Can you use ping to ping the nt-server?

If yes, have you checked the option to log on to network in RAS?

If you have wins-servers you should define them in ras, or let the ppp-server define them in ppp-options. You can also make a c:\windows\lmhosts file that looks something like this:

192.168.1.1    SERVER   #PRE  #DOM:ntdomain
CERTIFIED EXPERT

Commented:
krod4, what should #PRE do if done on the RAS server?
The linux box has no problems to reach NT.

jscart, please check the authentification protocol on both sides, is it PAP, CHAP, etc.? Must be the same.

Commented:
if the user can auth to ppp-server, he is online, doesn't matter if he uses pap or chap. the nt-server won't know that he is off-site.

#pre on the ras-client is for the ras-client to know that it should preload this entry, not really necessary I guess, but won't hurt...

I didn't mean to ask if the linux-box could ping the nt-server. I wanted to know if the ras-client can ping it. If not that is the problem and you will have to put in the proxyarp-option.

The lmhosts-file is of course on the ras-client!
CERTIFIED EXPERT

Commented:
oops, missed that the linux box is just the gateway, not the client. Sorry for confusion.

Author

Commented:
Ok I'll try the lmhosts file. I have no problem pinging anything on the network from
my dialup client. Proxyarp is good to go.

Commented:
You can also run nbtstat netserver on the ras-client to check that it can communicate over netbios (could be some ipchains/iptables problems).

Commented:
Just curious, what os is the client running? Presuming this is no NT-authentication thing ???(i mean: (NT)domain-settings on the (ms?) client are correct and if necessary, a machine account was created?). If the client is also linux, you would have to setup samba.

Question for krod4: if the ppp-connection creates a "transparent" connection to the nt-pdc so it won't know that the client is off-site, then what has (nt)-ras to do with this? (as i'm not a thorough nt-wizard, pls. forgive me obvious things :-)

Author

Commented:
ok I haven't had a chance yet to test it I'll do it today.
the client is win95 and the machine is fully setup. When
I test my settings I just unplug from the network and
dial-in. So I'll post again once I have tested that nbtstat
and the lmhost settings.

Commented:
Dear jscart,

have you tried giving the option of Authentication in the
PPP Options file.
i.e pap-secrets in /etc/ppp directory.
example line
ClientName  ClientIP Secret    IPLocal
NTuser        *      NTPasswd     *

if you did not add then try and add the NT server IP Address and the username and the Password for NT to connect and then it shall be running as any other machine.

as usual dial using the NT PPP Dialer.

Bye
Arun

Author

Commented:
Ok I had a chance to try it. "LMHOSTS"
The hosts file did it. As soon as I verified with Linux
it ran my NT scripts and mapped the drivers. Thank you all.

Note: Arun- I don't think placing NT passwords in the
pap file would be viable for 100+ users.

Author

Commented:
Nailed it.
It just took me a few weeks to get around to trying it.

Explore More ContentExplore courses, solutions, and other research materials related to this topic.