Copyright © 2005 Wing S Kwok
by: Wing S Kwok
email: skwok (at) acnielsen.com.au
Revision History:
This document covers how to integrate Poptop with Microsoft Active Directory on Fedora Core 4. Two different implementations are described: a) winbind; and b) freeradius.
This document descibes how to build a Linux PPTP server with Poptop and use Microsoft Active Directory to authenticate users. There are a few howtos on this topic, such as the Replacing a Windows PPTP Server with Linux Howto maintained by Matt Alexander. Most of them, however, concentrate on Samba and winbind. I followed them and got it working in the test environment. Unfortunately, winbind does not scale very well in a AD setup which has thousands of objects. The AD in my work is a big tree. It spans across all continents and has thousands of users and groups. Winbind simply times out before it can harvest a complete list of users/groups.
The other way of doing it is with radius. Information on how to setup pptpd with radius against Active Directory is scarce. I can only find bits and pieces information from forums but never find any comprehensive documents. I spent days to try to get it configured properly. After countless frustrations and tears, I eventually got a working setup. I therefore decided to make this howto to document it. Hopefully, you will find it useful.
To make this howto complete, I include the winbind configuration as well although it may duplicate Matt's work.
Note: this howto is based on Fedora Core 4 and use pre-packaged RPMs whenever possible. If you are using other distributions or like to compile software, you will have to make the necessary adjustments.
This document is provided as is. I have tried my best to make it as accurate as I can but it may contain wrong information. Use it at your own risk.
I will greatly appreciate any comments on this document.
Thanks to the following individuals who provided feedback and suggestions to make this document better.
Peter Mueller - suggested to add information on Kerberos version (R0.1)
Francis Lessard - provided details on implementing pptp access control (R0.3)
James Cameron - provided info on MPPE support on kernel v2.6.15-rc1 (R0.5)
Phil Oester - pointed out the kernel-2.6.15/ppp-2.4.3-5 problem is Gentoo specific (R0.71)