Joined: 03 Oct 2014
Location: Fayetteville, NC, USA
|Posted: Tue Oct 27, 2015 3:04 pm Post subject: PPTP server with NTLM auth failing...
|I have a PPTP server at a client location that is a domain member, but will not authenticate against a single group. I created an AD group "PPTP" and added a few accounts to it. On the command-line I can do the following.
ntlm_auth --require-membership-of="KIGM\PPTP" --username=vpnusername
It asks for the user's password then returns success (0). However, this does not work in my pptp-options.
ntlm_auth-helper "/usr/bin/ntlm_auth --helper-protocol=ntlm-server-1 --require-membership-of=KIGM\\PPTP"
Once I add that, nobody can connect, but without it, every user can connect. We only want specific users using PPTP, so how can I correct this? The error on my client is that MSCAP authentication failed.
I removed the helper protocol parameter because when using it on the command-line it would hang. Now it just flat-out denies access to every user on the domain. If I remove the membership requirement, it works for everybody again. How can I limit this? It doesn't seem like it should be this difficult, but I have been stuck here since last week.
Ever picture systemd as what runs "The Borg"?