We help IT Professionals succeed at work.

Ubuntu PPTP server...Need to authenticate users against active directory

J C
J C asked
on
Medium Priority
1,677 Views
Last Modified: 2012-05-12
I have an OpenVPN server that is working great but need to be able to support VPN for tablet's/phones. I installed PPTP on the same openvpn server. My question is, does anyone here know how I can setup pptp to authenticate users against AD? I have a radius plugin that I am using to handle the authentication on the openvpn side. Would it be possible to use the same plugin?
Comment
Watch Question

CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
YOu can configure PPTP to authenticate using RAdius and configure the AD server with IAS/NPS to provide the functionality you want.
J C

Author

Commented:
I have this happening on the openvpn side. I am trying to use the same plugin. Here is the error I see when a client tries to connect.

Nov  4 16:46:03 vpn pppd[5868]: /etc/openvpn/radiusplugin.so has no initialization entry point

Other error which I think could be related to the issue with the plugin, as they cannot login without it.

Nov  4 16:46:03 vpn pptpd[5867]: GRE: read(fd=6,buffer=611640,len=8196) from PTY failed: status = -1 error = Input/output error, usually caused by unexpected termination of pppd, check option syntax and pppd logs
Nov  4 16:46:03 vpn pptpd[5867]: CTRL: PTY read or GRE write failed (pty,gre)=(6,7)


Need me to post my configs?
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
within pptpd_option for PPP
plugin radius.so
and you need to have radiusclient.conf.
I do not think you can use the same share library from openvpn.

You could use the exchange in http://www.experts-exchange.com/Software/System_Utilities/Remote_Access/VPN/Q_27408110.html?cid=1572#a37046340 to configure your PPTPd with radius backend.

need to install the radiusclient-ng which is the mechanism through which pptp/ppp will send the radius auth requests to the server configured within the /etc/radiusclient which can be a sym link to /etc/radiusclient-ng

http://www.experts-exchange.com/OS/Linux/Q_27385286.html
J C

Author

Commented:
Arnold,

I think you are right that I do not have the correct mechanism to send the radius auth requests to my radius server. I have a radius plugin and conf specified in the pptpd config. It's the same plugin and conf that I was using for the openvpn server that resides on the same machine.

Where can I find radiusclient-ng? Should I be able to apt-get it?
CERTIFIED EXPERT
Distinguished Expert 2019
Commented:
Yes you can get it using apt-get install radiusclient-ng.
The referenced link includes a reference to a poptop setup with radius.
Note that using the plugin radius.so option negates any use of pptp via chap/pap in the local file as a means of authenticating users.
The client/plugin used for openvpn is likely not recognized by pptp/ppp mechanism.
J C

Author

Commented:
apt-get install radiusclient-ng does not exist within the apt sources I have. It can't find it. I will see if I can find the installation package and manually install it
J C

Author

Commented:
Looks like it is apt-get install libradiusclient-ng2
J C

Author

Commented:
I installed the above. I am still seeing the same errors in the logs. I will post the configs when I get a chance so you can see what I've got so far.
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
make sure to enable debug in pptp and ppp so that you can see what is going on during the attempts.
can you use the radtest to query radius?