poptop_ads_howto_10.htm 4.0 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384
  1. <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
  2. "http://www.w3.org/TR/html4/loose.dtd">
  3. <html>
  4. <head>
  5. <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
  6. <title>Poptop MSCHAP2 ADS Howto</title>
  7. </head>
  8. <body>
  9. <p><strong>16. pptpd and freeradius </strong></p>
  10. <p>The section covers the configuration of pptpd + freeradius + AD. If you are looking at the integration via winbind. Go to <a href="poptop_ads_howto_7.htm">this section</a>.</p>
  11. <hr>
  12. <a name="radiusd"></a><strong>16.1 Enable freeradius</strong>
  13. <p>To enable radiusd on bootup, use the chkconfig command.</p>
  14. <blockquote>
  15. <pre>[root@pptp ~]# chkconfig radiusd on </pre>
  16. </blockquote>
  17. <p>To start radiusd in daemon mode:
  18. </p>
  19. <blockquote>
  20. <pre>[root@pptp ~]# service radiusd start
  21. Starting RADIUS server: Sun Sep 4 11:26:24 2005 : Info: Starting - reading configuration files ...<br>[ OK ]</pre>
  22. </blockquote>
  23. <p></p>
  24. <hr>
  25. <a name="pptpdradius"></a><strong>16.2 Configure pptpd </strong>
  26. <p>There are two configuration files for pptpd. The first one is /etc/pptpd.conf. You can very much keep it as it is except the ip address range for the ppp connections. Edit the file and add two lines at the bottom to specify the local ip address and the ip address pool for the remote connections. </p>
  27. <blockquote>
  28. <pre>localip 10.0.0.10<br>remoteip 10.0.0.101-200 </pre>
  29. </blockquote>
  30. <p>10.0.0.10 is the ip address of the internal network card eth0. The remoteip is the address pool for the remote connections. If you are running FC6, please refer to <a href="file:///C:/StudioMX/poptop_ads_howto_4.htm#pptpd">Section 8.2</a> for details on the logwtmp option.</p>
  31. <p>Please note that pptpd by default has a 100 connections limit. You can override it by the "connection" parameter in the pptp.conf file. Read the remarks in the file.</p>
  32. <p>The second configuration file is /etc/ppp/options.pptpd. I stripped off all remarks from my options.pptpd and it is like this:</p>
  33. <blockquote>
  34. <pre>name pptpd
  35. refuse-pap<br>refuse-chap<br>refuse-mschap<br>require-mschap-v2<br>require-mppe-128
  36. ms-dns 10.0.0.1
  37. ms-wins 10.0.0.1
  38. proxyarp
  39. lock
  40. nobsdcomp
  41. novj
  42. novjccomp
  43. nologfd
  44. auth
  45. nodefaultroute
  46. plugin radius.so
  47. plugin radattr.so</pre>
  48. </blockquote>
  49. <p>There are two plugins we used in here. The first one radius.so is required while the second one radattr.so is optional. Radattr.so basically records the parameters passed from radius to pppd in a file. Check the man page of pppd-radattr for details. </p>
  50. <p>If you have Windows XP clients, you may want to reduce the MTU size. Add the line, /sbin/ifconfig $1 mtu 1400, to /etc/ppp/ip-up as shown in the following list.</p>
  51. <blockquote>
  52. <pre>[root@pptp ppp]# cat ip-up
  53. #!/bin/bash
  54. # This file should not be modified -- make local changes to
  55. # /etc/ppp/ip-up.local instead
  56. PATH=/sbin:/usr/sbin:/bin:/usr/bin
  57. export PATH
  58. LOGDEVICE=$6
  59. REALDEVICE=$1
  60. [ -f /etc/sysconfig/network-scripts/ifcfg-${LOGDEVICE} ] && /etc/sysconfig/network-scripts/ifup-post ifcfg-${LOGDEVICE}
  61. /etc/ppp/ip-up.ipv6to4 ${LOGDEVICE}
  62. [ -x /etc/ppp/ip-up.local ] && /etc/ppp/ip-up.local "$@"
  63. <strong>/sbin/ifconfig $1 mtu 1400</strong>
  64. exit 0</pre>
  65. </blockquote>
  66. <p>The above example reduces the MTU size to 1400. In my environment, I found that XP will connect the VPN and ping all servers without problems, however, it cannot connect to the Microsoft Exchange server properly. Reduce the MTU size to 1400 fixed the problem.</p>
  67. <p>After fixing the files and permission, we can start pptpd and connect to it from remote client. To start it:</p>
  68. <blockquote>
  69. <pre>[root@pptp ~]# chkconfig pptpd on<br><br>[root@pptp ~]# service pptpd start<br>Starting pptpd: [ OK ] </pre>
  70. </blockquote>
  71. <p>That's all on the server side. </p>
  72. <p><strong>Note</strong>: The client PCs require special configurations. It will be discussed in <a href="poptop_ads_howto_11.htm">here</a>.</p>
  73. <hr>
  74. <a href="poptop_ads_howto_11.htm">Next</a> &nbsp;&nbsp;<a href="poptop_ads_howto_9.htm">Previous</a>&nbsp;&nbsp;<a href="poptop_ads_howto_1.htm#toc">Content</a>
  75. <p>&nbsp;</p>
  76. </body>
  77. </html>