I've got a two very strange problems and have not been able to solve it myself. I hope this is the right place to ask.
I'm using pptpd-1.3 and pppd 2.4.1 on a SuSE Enterprise Server for quite some time now and its all running very smoothly. So I think (thought) I had some experience with vpn and routing.
But a week ago i wanted to upgrade the Internetgateway to SuSE Prof 9.3 with pppd 2.4.3 and pptpd 1.2.3 with authentication via winbind. At first there were absolutly no problems. Authentication was working perfectly (with winbind.so plugin and ntlm_auth) and clients could log in and access their samba-shares, sync their outlook with an exchange server and access internal web-pages (e.g. Outlook Web Access).
However this happy state was not for long:
First Problem: Authentication
Every possible Loginname worked, but a 4 Letter Loginname.
If I wanted to login with abcd, the winbind logs only showed abc. On every 4Letter-Word the last char was dropped. abc and abcde worked fine as login-names.
Second Problem: Routing?
I'm using SuSEfirewall2 with ClassRouting enabled and it works just fine. (I can ping every PC in the LAN, when connected via PPTP). But some services just wound not work. There is an interal website running on a JBoss, that, if I want to access it via VPN, is found (website found. Waiting for reply..) but gets timed out later.
The same Issue happens with a Client / Server application (Innovator http://www.mid.de/de/innovator/). After a very short periode of time the client answers with (server is not responding). These two things are working perfectly via the old SuSE Server.
The odd thing, however, is , that the firewall logs a very nice traffic. ppp0 to eth0 and eth0 to ppp0. So I figure request and reply are send to server and client without problems. There aren't any packages which are dropped.
I'm guessing that i'm missing some kind of protocol, but that guess did not bring me any closer to a solution.
I'm kind of desperate here, so help would be very appreciated
Thanks
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I just wanted to confirm that there is something wrong with 4 letter user names. I am using poptop 1.2.1 on a debian box authenticating agains a windows PDC.
I finally noticed when running winbind in debug mode to the console that 4 letter user names were being stripped back to 3. For now, the work around is to change to the length of the user name, but still, that is an interesting problem, eh?
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Hi,
I've got a two very strange problems and have not been able to solve it myself. I hope this is the right place to ask.
I'm using pptpd-1.3 and pppd 2.4.1 on a SuSE Enterprise Server for quite some time now and its all running very smoothly. So I think (thought) I had some experience with vpn and routing.
But a week ago i wanted to upgrade the Internetgateway to SuSE Prof 9.3 with pppd 2.4.3 and pptpd 1.2.3 with authentication via winbind. At first there were absolutly no problems. Authentication was working perfectly (with winbind.so plugin and ntlm_auth) and clients could log in and access their samba-shares, sync their outlook with an exchange server and access internal web-pages (e.g. Outlook Web Access).
However this happy state was not for long:
First Problem: Authentication
Every possible Loginname worked, but a 4 Letter Loginname.
If I wanted to login with abcd, the winbind logs only showed abc. On every 4Letter-Word the last char was dropped. abc and abcde worked fine as login-names.
Second Problem: Routing?
I'm using SuSEfirewall2 with ClassRouting enabled and it works just fine. (I can ping every PC in the LAN, when connected via PPTP). But some services just wound not work. There is an interal website running on a JBoss, that, if I want to access it via VPN, is found (website found. Waiting for reply..) but gets timed out later.
The same Issue happens with a Client / Server application (Innovator http://www.mid.de/de/innovator/). After a very short periode of time the client answers with (server is not responding). These two things are working perfectly via the old SuSE Server.
The odd thing, however, is , that the firewall logs a very nice traffic. ppp0 to eth0 and eth0 to ppp0. So I figure request and reply are send to server and client without problems. There aren't any packages which are dropped.
I'm guessing that i'm missing some kind of protocol, but that guess did not bring me any closer to a solution.
I'm kind of desperate here, so help would be very appreciated
Thanks
I just wanted to confirm that there is something wrong with 4 letter user names. I am using poptop 1.2.1 on a debian box authenticating agains a windows PDC.
I finally noticed when running winbind in debug mode to the console that 4 letter user names were being stripped back to 3. For now, the work around is to change to the length of the user name, but still, that is an interesting problem, eh?
Ok first Problem is a known bug and should be solved.
That's just leaving me the second issue. Any suggestions?
Second Issue was a wrong MTU of 1396 (to low).