14. pptpd and freeradius

The section covers the configuration of pptpd + freeradius + AD. If you are looking at the integration via winbind. Go to this section.

To enable radiusd on bootup, use the chkconfig command.

[root@pptp ~]# chkconfig radiusd on 

To start radiusd in daemon mode:

[root@pptp ~]# service radiusd start
Starting RADIUS server: Sun Sep  4 11:26:24 2005 : Info: Starting - reading configuration files ...
[  OK  ]

There are two configuration files for pptpd. The first one is /etc/pptpd.conf. You can very much keep it as it is except the ip address range for the ppp connections. Edit the file and add two lines at the bottom to specify the local ip address and the ip address pool for the remote connections.

localip 10.0.0.10
remoteip 10.0.0.101-200 

10.0.0.10 is the ip address of the internal network card eth0. The remoteip is the address pool for the remote connections.

The second configuration file is /etc/ppp/options.pptpd. I stripped off all remarks from my options.pptpd and it is like this:

name pptpd
refuse-pap
refuse-chap
refuse-mschap
require-mschap-v2
require-mppe-128
ms-dns 10.0.0.1
ms-wins 10.0.0.1
proxyarp
lock
nobsdcomp
novj
novjccomp
nologfd
auth
nodefaultroute
plugin radius.so
plugin radattr.so

There are two plugins we used in here. The first one radius.so is required while the second one radattr.so is optional. Radattr.so basically records the parameters passed from radius to pppd in a file. Check the man page of pppd-radattr for details.

Then, we need to fix the permission of a winbind directory.

[root@pptp ~]# chgrp radiusd /var/cache/samba/winbindd_privileged/ 

After fixing the two files and permission, we can start pptpd and connect to it from remote client. To start it:

[root@pptp ~]# chkconfig pptpd on

[root@pptp ~]# service pptpd start
Starting pptpd: [  OK  ]	 

That's all on the server side.

Note: The client PCs require special configurations. It will be discussed in here.