Re: pptp

[Dan Williams <dcbw redhat com>]

On Mon, 2008-09-29 at 15:25 +0200, Bjorge Solli wrote:
> Dan Williams wrote:
> > On Thu, 2008-09-25 at 08:46 +0200, Bjorge Solli wrote:
> >> *doh*
> >>
> >> It works if I don't use the domain field and set user domain in the user
> >> field. I guess @domain is a part of the username in our setup.
> > 
> > Can you try r4107 of the pptp plugin?  I added code that, when a domain
> > is given, sends username domain instead of just username.
> 
> Hm. After looking at this further, talking to our vpn-admin and playing
> around with the XP VPN tool I think this is the wrong approach.
> 
> Our setup use the format:
> username of type <user>@{staff,student}.uib.no
> AD-domain is ignored.
> <password>.
> username is split into <user> and {staff,student}.uib.no and LDAP on
> {staff,student}.uib.no is asked to verify the username <user> with the
> password <password>.
> 
> The XP-VPN-client can be configured to ask for windows domain logon, but
> (afaik) it is not sent in the form of username domain  I am not sure but
> I think it sends \\DOMAIN\username, but in the case at our place it then
> should be \\STUDENT\student001 student uib no or
> \\UIB\staff0018 staff uib no as this is our AD domains for students and
> staff. But AD is not asked in our case, VPN talks directly to two
> LDAP-servers, one for staff and the other for students. The @-notation
> in the username is in other words a local hack to get this to work
> without merging the user databases for staff and students.
> 
> In summary I think your change will benefit us, but only us, and it will
> not work on any other setup.

You're totally right.  r4122 now uses:

domain\\username

which seems to be the standard way of using Windows domains with pppd.
I clarified the UI label to be "NT Domain" too.

Dan

> I cannot check this as I have no Windows Server running a VPN server,
> but maybe someone else can help you verify this?
> 
> sincerely,
> Bjørge