FreeBSD + MPD PPtP authenticate users from NT domain?

FreeBSD + MPD PPtP authenticate users from NT domain?

Post by nate llo » Sat, 30 Jun 2001 06:34:09



Hi all.
I just set up a "VPN" server for some win98 clients to connect to my
work network, and I had a question that I hope someone here can
answer..

The server is FreeBSD running MPD, and I would like to authenticate
the incoming users to our Windows NT domain instead of having separate
entries for each user in the MPD.SECRET file.

Can this be done?
Do I need to suply more info?
I'm kinda new at this, but I already love FreeBSD and MPD..

-Thanks all
=Nate

 
 
 

FreeBSD + MPD PPtP authenticate users from NT domain?

Post by Gregory Bon » Sat, 30 Jun 2001 09:00:37



> The server is FreeBSD running MPD, and I would like to authenticate
> the incoming users to our Windows NT domain instead of having separate
> entries for each user in the MPD.SECRET file.

There are some patches to mpd-netgraph on my website that add
capability for running external authentication programs.  This adds a
fair bit of flexibility in the mpd authentication.

But authenticating against NT (or RADIUS, for that matter) is unlikely
to be usable for PPtP links.  This is because PPtP needs the plaintext
password to build the crypto keys for the link encryption and (for
RADIUS) to do the non-standard password hashing for authentication.
RADIUS and NT Domain server can only answer the question "Is this the
correct hashed password?", not the required "What is the plaintext
password?"

Greg.
http://www.itga.com.au/~gnb/vpn/