PPTP: Use LDAP or PAM as authentication backend
The MSCHAPv2 authentication requires the server to have cleartext passwords. I dont't think you can get around that if your clients are mobile phones - you need certificates for the other strong authentication methods.
I had once a setup pptpd->FreeRADIUS->MySQL running. The pppd has no direct ldap plugin AFAIK, so you absolutely need to employ RADIUS in between. And you need cleartext passwords somewhere - I would not feel that good storing them in LDAP, but it should be possible.
Related videos on Youtube
![Hank](https://i.stack.imgur.com/GX1bW.jpg?s=256&g=1)
Hank
Updated on September 18, 2022Comments
-
Hank almost 2 years
I'm using pptpd and pppd on a Debian linux host to provide VPN capabilities to mobile phones. I would like to use my OpenLDAP server for authentication and authorization purposes (instead of keeping users and cleartext passwords in
/etc/ppp/chap-secrets
). Is that possible?I have normal unix login working via libpam-ldap, does that help?
I've read some stuff about using FreeRADIUS in between pppd and OpenLDAP, but it sounds to me like overkill.
-
Hank about 13 yearsThanks, that clarifies it! I might look into L2TP instead then.