pppd, pptpd and radius DNS assigns

pppd, pptpd and radius DNS assigns

[Edwardo Garcia]

Hello,

Trying to get DNS assignments from radius for remote users, I have verified that
freeradius is sending the MS-Primary/Secondary-DNS-Server attributes
along with all other attributes so I satisfy not a freeradius
problem.

I have include dictionary.microsoft and dictionary.merit in
radiusclient from freeradius-client 1.1.7, pptpd v1.4 and pppd 2.4.7,

if I use ms-dns in options file it assigns DNS servers, but for our
new network project we need radius to assign them for project reasons,
but the poptop client/pppd ignores, so not sure how to get ppptd/pppd
to accept this value and send it to remote userrs, apparently pppd
source code shows it know these attributes but does not take/use?

I try strace but it not too helpful, maybe  I miss an option to make
pppd do this?

/etc/ppp/options.ppptd contain:
name pptpd
lock
refuse-pap
refuse-chap
refuse-mschap
require-mschap-v2
require-mppe-128
proxyarp
nobsdcomp
novj
novjccomp
nologfd
mtu 1300
mru 1300
plugin radius.so
plugin radattr.so


and /etc/pptpd.conf
localip x.x.x.x
option /etc/ppp/options.pptpd
ppp /usr/sbin/pppd
noipparam
delegate
connections 2000


Willy

Re: pppd, pptpd and radius DNS assigns

[Edwardo Garcia]

Nobody?


On 9/3/15, Edwardo Garcia <wdgarc88@gmail.com> wrote:
> Hello,
>
> Trying to get DNS assignments from radius for remote users, I have verified
> that
> freeradius is sending the MS-Primary/Secondary-DNS-Server attributes
> along with all other attributes so I satisfy not a freeradius
> problem.
>
> I have include dictionary.microsoft and dictionary.merit in
> radiusclient from freeradius-client 1.1.7, pptpd v1.4 and pppd 2.4.7,
>
> if I use ms-dns in options file it assigns DNS servers, but for our
> new network project we need radius to assign them for project reasons,
> but the poptop client/pppd ignores, so not sure how to get ppptd/pppd
> to accept this value and send it to remote userrs, apparently pppd
> source code shows it know these attributes but does not take/use?
>
> I try strace but it not too helpful, maybe  I miss an option to make
> pppd do this?
>
> /etc/ppp/options.ppptd contain:
> name pptpd
> lock
> refuse-pap
> refuse-chap
> refuse-mschap
> require-mschap-v2
> require-mppe-128
> proxyarp
> nobsdcomp
> novj
> novjccomp
> nologfd
> mtu 1300
> mru 1300
> plugin radius.so
> plugin radattr.so
>
>
> and /etc/pptpd.conf
> localip x.x.x.x
> option /etc/ppp/options.pptpd
> ppp /usr/sbin/pppd
> noipparam
> delegate
> connections 2000
>
>
> Willy
>

Re: pppd, pptpd and radius DNS assigns

[James Carlson]

On 9/7/2015 2:46 AM, Edwardo Garcia wrote:
> Nobody?

I delayed responding because I'm not using freeradius.  I don't know who
might be.  If there's a support list for that software, you might have
better luck over there.  If not, you might be on your own.

>> I try strace but it not too helpful, maybe  I miss an option to make
>> pppd do this?

strace doesn't sound like the right sort of tool for this problem.
Instead, have you tried the pppd "debug" option?

Looking at the RADIUS source (and knowing nothing about it), it looks
like it needs to be compiled with "MSDNS" defined and that you need
RADIUS attributes 28 and 29 set.  Have you done that?

If it works with the ms-dns option from the pppd command line, then I'd
suggest that this is not a problem with pppd itself, but rather with the
RADIUS plug-in.  I'm not sure who supports that, but it looks like it
came from Roaring Penguin.

-- 
James Carlson         42.703N 71.076W         <carlsonj@workingcode.com>

Re: pppd, pptpd and radius DNS assigns

[Edwardo Garcia]

On 9/8/15, James Carlson <carlsonj@workingcode.com> wrote:
> On 9/7/2015 2:46 AM, Edwardo Garcia wrote:
>> Nobody?
>
> I delayed responding because I'm not using freeradius.  I don't know who
> might be.  If there's a support list for that software, you might have
> better luck over there.  If not, you might be on your own.
>
>>> I try strace but it not too helpful, maybe  I miss an option to make
>>> pppd do this?
>
> strace doesn't sound like the right sort of tool for this problem.
> Instead, have you tried the pppd "debug" option?

strace using  -ff  show far more information than ppp debug which we also try.

>
> Looking at the RADIUS source (and knowing nothing about it), it looks
> like it needs to be compiled with "MSDNS" defined and that you need
> RADIUS attributes 28 and 29 set.  Have you done that?
>

Yes, this is default and is not freeradius problem as freeradius send
the information in accept packet, just pppd ignore it, my colleuge has
email someone at roaring penguin about it, but will not be available
until next couple hours so do not know if he has receive answer or not

> If it works with the ms-dns option from the pppd command line, then I'd
> suggest that this is not a problem with pppd itself, but rather with the
> RADIUS plug-in.  I'm not sure who supports that, but it looks like it
> came from Roaring Penguin.
>

> --
> James Carlson         42.703N 71.076W         <carlsonj@workingcode.com>
>

Re: pppd, pptpd and radius DNS assigns

[Jan Just Keijser]

Edwardo Garcia wrote:
> On 9/8/15, James Carlson <carlsonj@workingcode.com> wrote:
>   
>> On 9/7/2015 2:46 AM, Edwardo Garcia wrote:
>>     
>>> Nobody?
>>>       
>> I delayed responding because I'm not using freeradius.  I don't know who
>> might be.  If there's a support list for that software, you might have
>> better luck over there.  If not, you might be on your own.
>>
>>     
>>>> I try strace but it not too helpful, maybe  I miss an option to make
>>>> pppd do this?
>>>>         
>> strace doesn't sound like the right sort of tool for this problem.
>> Instead, have you tried the pppd "debug" option?
>>     
>
> strace using  -ff  show far more information than ppp debug which we also try.
>
>   
>> Looking at the RADIUS source (and knowing nothing about it), it looks
>> like it needs to be compiled with "MSDNS" defined and that you need
>> RADIUS attributes 28 and 29 set.  Have you done that?
>>
>>     
>
> Yes, this is default and is not freeradius problem as freeradius send
> the information in accept packet, just pppd ignore it, my colleuge has
> email someone at roaring penguin about it, but will not be available
> until next couple hours so do not know if he has receive answer or not
>
>   
did you read/follow
  http://wiki.freeradius.org/guide/PopTop-HOWTO

?  the radius server *must* respond with the Microsoft vendor id (311) 
set, otherwise the plugin will not pick up the supplied DNS values.


JJK

Re: pppd, pptpd and radius DNS assigns

[Edwardo Garcia]

On 9/8/15, Jan Just Keijser <jan.just.keijser@gmail.com> wrote:
> Edwardo Garcia wrote:
>> On 9/8/15, James Carlson <carlsonj@workingcode.com> wrote:
>>
>>> On 9/7/2015 2:46 AM, Edwardo Garcia wrote:
>>>
>>>> Nobody?
>>>>
>>> I delayed responding because I'm not using freeradius.  I don't know who
>>> might be.  If there's a support list for that software, you might have
>>> better luck over there.  If not, you might be on your own.
>>>
>>>
>>>>> I try strace but it not too helpful, maybe  I miss an option to make
>>>>> pppd do this?
>>>>>
>>> strace doesn't sound like the right sort of tool for this problem.
>>> Instead, have you tried the pppd "debug" option?
>>>
>>
>> strace using  -ff  show far more information than ppp debug which we also
>> try.
>>
>>
>>> Looking at the RADIUS source (and knowing nothing about it), it looks
>>> like it needs to be compiled with "MSDNS" defined and that you need
>>> RADIUS attributes 28 and 29 set.  Have you done that?
>>>
>>>
>>
>> Yes, this is default and is not freeradius problem as freeradius send
>> the information in accept packet, just pppd ignore it, my colleuge has
>> email someone at roaring penguin about it, but will not be available
>> until next couple hours so do not know if he has receive answer or not
>>
>>
> did you read/follow
>   http://wiki.freeradius.org/guide/PopTop-HOWTO
>
> ?  the radius server *must* respond with the Microsoft vendor id (311)
> set, otherwise the plugin will not pick up the supplied DNS values.
>
>
> JJK
>

yes, and yes but it does not

>