14. pptpd and freeradius
The section covers the configuration of pptpd + freeradius + AD. If you are looking at the integration via winbind. Go to this section.
To enable radiusd on bootup, use the chkconfig command.
[root@pptp ~]# chkconfig radiusd on
To start radiusd in daemon mode:
[root@pptp ~]# service radiusd start Starting RADIUS server: Sun Sep 4 11:26:24 2005 : Info: Starting - reading configuration files ...
[ OK ]
There are two configuration files for pptpd. The first one is /etc/pptpd.conf. You can very much keep it as it is except the ip address range for the ppp connections. Edit the file and add two lines at the bottom to specify the local ip address and the ip address pool for the remote connections.
localip 10.0.0.10
remoteip 10.0.0.101-200
10.0.0.10 is the ip address of the internal network card eth0. The remoteip is the address pool for the remote connections.
The second configuration file is /etc/ppp/options.pptpd. I stripped off all remarks from my options.pptpd and it is like this:
name pptpd refuse-pap
refuse-chap
refuse-mschap
require-mschap-v2
require-mppe-128 ms-dns 10.0.0.1 ms-wins 10.0.0.1 proxyarp lock nobsdcomp novj novjccomp nologfd auth nodefaultroute plugin radius.so plugin radattr.so
There are two plugins we used in here. The first one radius.so is required while the second one radattr.so is optional. Radattr.so basically records the parameters passed from radius to pppd in a file. Check the man page of pppd-radattr for details.
Then, we need to fix the permission of a winbind directory.
[root@pptp ~]# chgrp radiusd /var/cache/samba/winbindd_privileged/
After fixing the two files and permission, we can start pptpd and connect to it from remote client. To start it:
[root@pptp ~]# chkconfig pptpd on
[root@pptp ~]# service pptpd start
Starting pptpd: [ OK ]
That's all on the server side.
Note: The client PCs require special configurations. It will be discussed in here.