Date: Sat, 12 Jan 2002 15:37:13 -0500 From: "Joe & Fhe Barbish" <barbish@a1poweruser.com> To: "Stan Brown" <stanb@panix.com> Cc: "FBSD Questions" <questions@FreeBSD.ORG> Subject: RE: Troubles with login no exiting Message-ID: <LPBBIGIAAKKEOEJOLEGOOEEJCMAA.barbish@a1poweruser.com> In-Reply-To: <200201121956.g0CJup328688@panix3.panix.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Stan, I know which sample you are using as a example to build from.
I started with the same example. Let me save you a lot of time.
It does not work in FBSD 4.4.
First of all user ppp dialin function is not in dialer group it's now in the
network group. This group will not show up in group file if you vi it,
but take my word it is there. Use pw command to see it if you want.
That part about "Added the line /usr/local/bin/ppp_start to the new
users .profile" is also misinformation.
The following ppp.conf does what you want and more.
I run this in production.
Read and follow the comments and you will be up and running in one hour.
############################################################################
##
# /etc/ppp/ppp.conf File for dial out modem to ISP and Dial in modem for
# connection to this FBSD system and callback to originating caller so FBSD
# server incurs the cost of the phone call.
#
# Written by Joe Barbish 1/10/2002
#
# This is a working ppp.conf file I use to dial in to my ISP and to connect
# my Win98 box by dialing in to this FBSD box and accessing the internet.
#
# This ppp.conf documentation is based on a fresh install of FBSD 4.4 with
# all file content as delivered with no user changes.
#
# NOTE Any FBSD documentation that says that the physical modem has to have
# it's default options profile set to, NO command echo ATE0 and NO results
# string ATQ1 and saved to the physical modems onboard non-volatile memory
# (NVRAM) or any references to using programs tip, kermit, mgetty, or
minicom
# to perform the dial function is obsolete and out dated as of FBSD 4.0.
#
# Setup Instructions.
# Note steps 4 through 7 are only for dial in setup.
# 1. Recompile kernel and change pseudo-device tun 1 to tun 4
# GENERIC kernel defaults to 1 and you need 1 tun device for each com
port
# 2. Add gateway_enable="YES" to /etc/rc.conf so dialin connection can gain
# access to internet.
# 3. Since a private internal IP address numbering scheme is used for IP
# addresses behind this FBSD box the -nat option must be included on the
# ppp command that starts the ppp task to dial the ISP.
# NAT = Network Address Translation. Changes your private internal IP
# address to your public IP address that you get from your ISP for
# outbound messages and does the reverse for inbound messages.
# From the command line example ppp -background -nat dialisp
# 4. Using root create file /etc/ppp/ppplogin
# Create file ppplogin with following 2 statements
# #! /bin/sh
# exec /usr/sbin/ppp -direct incoming
#
# incoming is the section label name in ppp.conf to be processed when
# ppp is started by this script's exec command.
#
# This script will be launched by getty when it detects a ppp dialin
# connection attempt. Program ppp belongs to group network, so you have
to
# change file ppplogin group to network and it's permissions to
read/write
# for the owner, read/execute for group, and none for everyone else.
# chgrp network ppplogin assign file ppplogin to group network
# chmod 650 ppplogin set permissions
# 5. Change the default section of /etc/gettytab file for automatic ppp
# recognition by specifying the pp capability. Add following
# :pp=/etc/ppp/ppplogin:
# 6. Edit /etc/ttys to enable a getty on the port where the dialin modem
# is attached. com2 = ttyd1 find statement like this
# ttyd1 "/usr/libexec/getty std.38400" dialup off secure
# Change off to on to activate. Verify line speed is correct (std.38400)
# This value is defined in /etc/gettytab. After saving edited results
# issue kill -1 1 command to spawn getty. Use ps ax to show active tasks.
# 7. cp /usr/share/examples/ppp/ppp.secret.sample /etc/ppp/ppp.secret
# Edit /etc/ppp/ppp.secret file adding the ID and password for each user
# that is authorized to login to this FBSD box using dialin modems.
# Use adduser to add new user and put him in network group to access
dialin
# function og user ppp.
# 8. TESTING Issue command ppp -background -nat dialisp to test
configuration
# Use commands ps ax to see task list. ifconfig -a to see if tun is
running
# netstat -ir to see routing. /var/log/ppp.log to view ppp log events
# ps ax to get ppp -background task number & kill -1 number to terminate.
# 9. Once you are done with testing, make functions permanent.
# Dial ISP at FBSD bootup. Add following to /etc/rc.conf file
# ppp_enable="YES"
# ppp_mode="ddial"
# ppp_profile="dialisp"
# ppp_nat="YES"
#
############################################################################
#
default:
# The default section is processed ever time user ppp is started.
# Ever thing set here applies to all the following section.
set log Phase Chat LCP IPCP CCP tun command #use for testing
#set log Phase tun #use to avoid excessive log
sizes
# If 115200 connection speed does not work (it should work with any modem
newer
# that 1998) step down to 57600 or 38400 or 19200 for legacy modems.
set speed 115200 # connection speed
set timeout 0 # no idle time out, will not disconnect
disable pred1 deflate lqr # compression features & line quality
reporting
deny pred1 deflate lqr # compression features & line quality reporting
dialisp:
# This label is used in the ppp -background -nat dialisp startup
# command for auto logon to ISP provider.
# Ensure that "device" references the correct serial port
# for your modem. (cuaa0 = COM1, cuaa1 = COM2)
# Only needed for dial out device.
set device /dev/cuaa1
# This dial string is needed for ISP's which use standard Unix style
# login. Not needed if ISP uses chap or pap login.
#
set dial "ABORT BUSY ABORT NO\\sCARRIER TIMEOUT 5 \
\"\" AT OK-AT-OK ATE1Q0 OK \\dATDT\\T TIMEOUT 40 CONNECT"
# edit the next three lines and replace the values with
# the values which have been assigned by your ISP.
# Needed for Unix, chap, and Pap style logins.
set phone 12345678 # only use this phone number
set authname barbish
set authkey xxxxxxxx
set redial 10 4 # if busy redial 4 times with 10 second pause
# enable pap # select pap login authentication
# get dynamic IP address from ISP.
set ifaddr 10.0.0.1/0 10.0.0.2/0 255.255.255.0 0.0.0.0
# if ISP issues static IP address un-commnet this section and comment out
above
# set static IP address your ISP assigned to you.
# s.s.s.s = your static IP address
# g.g.g.g = IP of machine you connect to at ISP or default to 10.0.0.0/0
# set ifaddr s.s.s.s g.g.g.g 255.255.255.255 0.0.0.0
add default HISADDR # Add a (sticky) default route (Mandatory)
enable dns # Gets the ISP's DNS IP address & places them
# in resolv.conf for reference by FBSD box.
incoming:
# Configuration for dial in modem access to this FBSD system.
# This label is used in ppp -direct incoming command
# which is buried in script /etc/ppp/ppplogin that starts
# the whole process of accepting the incoming call.
# Enable passwdauth forces use of /etc/passwd file
# instead of /etc/ppp/ppp.secret file for PAP only.
# CHAP must use ppp.secret because ppp must have access to
# unencrypted passwords. This is ok over dialin modem lines.
# A unique IP address is assigned to the ttyd activated in the
# /etc/ttys/ file from the internal Private IP pool range.
# Every user that will be using PPP login must have there login ID
# in the allow user command to authorize them to run ppp.
allow users barbish bob
# SECURITY WARNING - It is VITAL that either pap or chap are enabled. If
# one or the other is not, you are allowing anybody to establish an dialin
# ppp session with your FBSD box using any ID/password. There is no
# authentication being done on incoming ppp connections if pap or chap is
not
# enabled. SECURITY WARNING
enable pap # uses ppp.secret file
accept dns # give dialin connection access to dns lookup
# Assign static IP address to this dialin line
# 10.0.0.74 = static IP address for this dialin line
# 10.0.0.1 = IP address of this FBSD box
# set ifaddr 10.0.0.1 10.0.0.74 255.255.255.255
# I have 4 modems connected to com1-com4 for dialin access and activated
# ttyd0-ttyd3 in /etc/ttys file this ppp.conf section [incoming] will work
# as is. Set ifaddr command assigns dynamic IP address from a range of
# reserved IP address. 10.0.0.71 through 10.0.0.74 inclusive) is the
# IP address pool reserved for dialin users.
set ifaddr 10.0.0.1 10.0.0.71-10.0.0.74 255.255.255.0
# Activate microsoft callback feature triggered by callback phone
# numbers configured in /etc/ppp/ppp.secret (the 5th field):
#
set callback cbcp
set cbcp
set log +cbcp
set redial 3 1
set device /dev/cuaa2 /dev/cuaa1 # dev names of dialin modem pool
set speed 115200
set dial "ABORT BUSY ABORT NO\\sCARRIER TIMEOUT 5 \
\"\" AT OK-AT-OK ATE1Q0 OK \\dATDT\\T TIMEOUT 40 CONNECT"
-----Original Message-----
From: owner-freebsd-questions@FreeBSD.ORG
[mailto:owner-freebsd-questions@FreeBSD.ORG]On Behalf Of Stan Brown
Sent: Saturday, January 12, 2002 2:57 PM
To: Free BSD Questions list
Subject: Troubles with login no exiting
I'm trying to set up a new STABLE bbox of incoming ppp conections.
Here is what I am doing:
1. added new user ppp_login with login class dialer.
2. Created script /usr/local/bin/ppp_start which runs ppp with the -direct
flag, and the name f a lable I have created in /etc/ppp.conf
3. Added the line /usr/local/bin/ppp_start to the new users .profile
4. Added exit as teh last line in the new users .profile
Now, what's hapening is that I am getting dialed in, conected, and a ppp
link started up.
What's not happneing is the login task for the new user termianting!
I shutdown ppp on the remote end, and the users login task does not exit
What have I down wrong here?
--
"They that would give up essential liberty for temporary safety deserve
neither liberty nor safety."
-- Benjamin Franklin
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?LPBBIGIAAKKEOEJOLEGOOEEJCMAA.barbish>