447 lines
25 KiB
HTML
447 lines
25 KiB
HTML
<!--startcut ==========================================================-->
|
|
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
|
|
<HTML>
|
|
<HEAD>
|
|
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
|
|
<META NAME="GENERATOR" CONTENT="Mozilla/4.06 [en] (Win95; I) [Netscape]">
|
|
<META NAME="Author" CONTENT="Josh Gentry">
|
|
<TITLE>Linux Dialin Server Setup LG #38</TITLE>
|
|
</HEAD>
|
|
<BODY BGCOLOR="#FFFFFF" TEXT="#000000" LINK="#0000FF" VLINK="#0000AF"
|
|
ALINK="#FF0000">
|
|
<!--endcut ============================================================-->
|
|
|
|
<H4>
|
|
"Linux Gazette...<I>making Linux just a little more fun!</I>"
|
|
</H4>
|
|
|
|
<P> <HR> <P>
|
|
<!--===================================================================-->
|
|
|
|
<center>
|
|
<H1><font color="maroon">Linux Dialin Server Setup Guide</font></H1>
|
|
<H4>By <a href="mailto:jgentry@swcp.com">Josh Gentry</a></H4>
|
|
</center>
|
|
<P> <HR> <P>
|
|
|
|
<B>Abstract</B>
|
|
<BR>v 1.3, 13 February 1999
|
|
<BR>This document is a step-by-step guide to setting up a Linux dialin
|
|
server which allows SLIP and PPP connections over a phone line.
|
|
<P><B>Copyright 1999 Josh Gentry</B>
|
|
<BR>I encourage redistribution of this document, non-commercial and commercial.
|
|
I would like to be notified of redistribution. You are NOT permitted
|
|
to alter the contents of this document, though I do not care about changes
|
|
in presentation.
|
|
<P><B>Acknowledgments</B>
|
|
<BR>Much of the information in this document was originally gleaned from
|
|
the following LDP HOWTOs: Linux Serial HOWTO
|
|
<BR>Linux Modem HOWTO
|
|
<BR>Linux Kernel HOWTO
|
|
<BR>Linux PPP HOWTO
|
|
<P>A great deal of information was found in Gert Doering's online documentation
|
|
for mgetty+sendfax. Additionally, the following online documents were valuable
|
|
in the configuration of AutoPPP in mgetty:
|
|
<BR><A HREF="http://members.bellatlantic.net/~mrdennis/mgetty.html">http://members.bellatlantic.net/~mrdennis/mgetty.html</A>,
|
|
Mick Dennis <A HREF="http://oh3tr.ele.tut.fi/~oh3fg/ppp/ppps.html">http://oh3tr.ele.tut.fi/~oh3fg/ppp/ppps.html</A>,
|
|
Kalevi Hautaniemi
|
|
<P>Much information on PAP was learned from Olaf Kirch's<A HREF="http://metalab.unc.edu/LDP/LDP/nag/nag.html">
|
|
Linux Network Administrators' Guide</A> and the S.u.S.E. Support Data Base
|
|
(<A HREF="http://wi-pc44.fh-konstanz.de/support-db/sdb_e/kfr_17.html">http://wi-pc44.fh-konstanz.de/support-db/sdb_e/kfr_17.html</A>).
|
|
<P>The majority of the information in this document was originally gathered
|
|
for, or derived from the process of setting up a Linux RedHat 5.1 dialin
|
|
server for Mr. James Hart. He teaches at the Technical/Vocational Institute
|
|
in Albuquerque, NM. Tony Lucero was my partner on that project. Their help
|
|
and guidance were invaluable.
|
|
<P>Finally, a big thank you to all those who have aided in the development
|
|
of the Linux kernel and Linux applications. This document is my small contribution
|
|
to their effort.
|
|
<P><B>Disclaimer</B>
|
|
<BR>This document carries no explicit or implied warranty. Nor is there
|
|
any guarantee that the information contained in this document is accurate.
|
|
It is offered in the hopes of helping others, but you use it at your own
|
|
risk. The author will not be liable for any damages that occur as a result
|
|
of using this document.
|
|
<P><B>1 Introduction</B>
|
|
<P>A dialin server is a host equipped with a modem and phone line, that
|
|
allows other hosts with modems and phone lines to call and connect to it.
|
|
There are several reasons a person might want to do this; to use the resources
|
|
on the dialin server, or, if the dialin server is on a network, to use
|
|
the dialin server to access the network. Further, if this LAN is connected
|
|
to the Internet, the client may be able to access the Internet via the
|
|
dialin server.
|
|
<P><B>1.1 Raison d'être</B>
|
|
<P>The majority of information needed to setup a Linux dialin server is
|
|
available in LDP HOWTOs. When I used these documents to setup such a server,
|
|
however, the fragmentary nature of the information was a major obstacle.
|
|
This document consolidates much of the needed information and presents
|
|
it as a step-by-step guide.
|
|
<P><B>1.2 This Document as Guide</B>
|
|
<P>Setting up a dialin server is a common project, but not a simple one.
|
|
This document attempts to rigorously set forth a step-by-step guide to
|
|
the process. It is likely, however, that you will need to reference additional
|
|
documents. The <A HREF="http://metalab.unc.edu/LDP/HOWTO/HOWTO-INDEX.html">LDP
|
|
HOWTO</A>s listed above should be considered invaluable companions to this
|
|
document, and should be consulted in the order listed above. Furthermore,
|
|
do not neglect the documentation included with your getty and PPP packages.
|
|
<P><B>1.3 Clients and Servers</B>
|
|
<P>The protocols used to connect two hosts via a phone line are technically
|
|
peer-to-peer protocols; there is no real difference between the machine
|
|
that dials and the machine that is dialed into. Conceptually, however,
|
|
it is easier to think in client/server terms. "When you dial into a site
|
|
to establish a PPP connection, you are a client. The machine to which you
|
|
connect is the server." (<A HREF="http://metalab.unc.edu/LDP/HOWTO/PPP-HOWTO.html">Linux
|
|
PPP HOWTO</A>, Hart) I will use this convention throughout the document.
|
|
<BR> Setting up a dialin server is the process of setting
|
|
up a machine to answer the phone, participate in the setup of a connection
|
|
with the client, and authenticate the client.
|
|
<P><B>1.4 Differences Between Linux Distributions</B>
|
|
<P>My experience is with RedHat Linux 5.1. I believe most of the information
|
|
in this document will apply to all distributions. Where I am aware of or
|
|
suspect differences between distributions, I will note it in the text.
|
|
<P><B>1.5 Software Packages Covered</B>
|
|
<P>Linux kernel v2.0.34--<A HREF="http://sunsite.unc.edu/LDP/HOWTO/INFO-SHEET.html">http://sunsite.unc.edu/LDP/HOWTO/INFO-SHEET.html</A>
|
|
<BR>mgetty+sendfax-<A HREF="http://www.leo.org/~doering/mgetty">http://www.leo.org/~doering/mgetty</A>
|
|
<BR>PPP-2.3.3-<A HREF="http://sunsite.unc.edu/pub/Linux/system/network/serial/ppp/!INDEX">http://sunsite.unc.edu/pub/Linux/system/network/serial/ppp/!INDEX</A>
|
|
<P><B>2 Modem Installation</B>
|
|
<P>For a host to be a dialin server, it must be physically possible to
|
|
dial into it. This requires that the host have at least one modem and phone
|
|
line. Modems are serial devices, therefor it is highly recommended that
|
|
you read the <A HREF="http://metalab.unc.edu/LDP/HOWTO/Serial-HOWTO.html">Linux
|
|
Serial HOWTO</A>, as well as the <A HREF="http://metalab.unc.edu/LDP/HOWTO/Modem-HOWTO.html">Linux
|
|
Modem HOWTO</A>.
|
|
<P><B>2.1 Modem Type</B>
|
|
<P>Plug-and -Play modems are not well supported by Linux. This means that
|
|
you want a jumperable modem, or an external modem. Start by asking your
|
|
vendor what brand they recommend.
|
|
<P><B>2.2 Ports</B>
|
|
<P>Serial ports, like all I/O ports, have an address. By default,
|
|
Linux initializes four serial devices. Some may be familiar with
|
|
these ports as Microsoft refers to them, COM 1-4. In Linux these
|
|
ports are referred to as ttyS0-ttyS3. For example, the port known
|
|
to Microsoft as COM 1, would be known to Linux as ttyS0.
|
|
<BR> Note that if you use use a port address other than
|
|
these four, you will have to initialize that port with "setserial."
|
|
See the "setserial" man page.
|
|
<BR> External modems plug into external serial ports
|
|
(RS-232 ports) on your PC. These ports are automatically assigned
|
|
an address by Linux.
|
|
<BR> Internal modems plug into the internal PCI or ISA
|
|
slots of your PC. An internal modem is actually a modem and a serial
|
|
port. It carries its own, and it is the modem's serial port that
|
|
you plug into the internal slot. For these modems, you set the port
|
|
address on the modem. This is why you want a jumperable modem.
|
|
You use the jumpers to manually set address and IRQ. The prepriatorial
|
|
modem documentation should explain how to set the jumpers for port address
|
|
and IRQ.
|
|
<BR> Note, if your PC has two external serial (RS-232)
|
|
ports, as most PC's do, the Linux Modem HOW-TO recommends setting your
|
|
internal modem address to ttyS2 or higher.
|
|
<P><B>3 Kernel Support</B>
|
|
<P>This is the part of the process most likely to scare those new to Linux.
|
|
It scared me. Turns out not to be as difficult as you think, and if you
|
|
do make a mistake, you can usually just recompile your kernel again. You
|
|
should now read the <A HREF="http://metalab.unc.edu/LDP/HOWTO/Kernel-HOWTO.html">Linux
|
|
Kernel HOWTO</A>.
|
|
<BR> There is an alternative to compiling
|
|
the PPP driver into the kernel. You can install the driver as a loadable
|
|
module. The advantages of this are that your kernel is smaller, and
|
|
it is not necessary to recompile. The PPP driver is linked to the
|
|
kernel and loaded into memory space only when it is needed. I believe
|
|
the argument for compiling the driver into the kernel is that PPP does
|
|
execute faster if it is compiled into the kernel.
|
|
<BR> You can link the loadable module to the kernel by
|
|
recompiling the kernel as described below, but as Matt Kressel has pointed
|
|
out to me, if you have the "insmod" command installed on your system, it
|
|
is not neccessary to recompile. Issue the command "insmod ppp" to
|
|
install the PPP driver as a loadable module. I found that I had to
|
|
"insmod slhc" before I could successfully install PPP with "insmod ppp".
|
|
I am not sure why, but "insmod ppp" would not work without the slhc module.
|
|
<BR> The command "lsmod" lists the loadable modules currently
|
|
installed on the system. There is also a command for removing modules.
|
|
If these commands are installed on your system, then you should also have
|
|
the man pages. Do a "man insmod" for more information.
|
|
<P><B>3.1 Kernel and Source Code</B>
|
|
<P>The kernel is a binary, an executable program. Developers do not write
|
|
the kernel as an executable, they write code that is fed into a compiler,
|
|
and the compiler produces the executable from that source code.
|
|
<BR> With Linux, you have the source code that is used
|
|
to produce the kernel executable. This means that you can customize your
|
|
kernel to include only the capabilities that you need, creating a leaner,
|
|
meaner kernel. Because of this, you can not assume that a kernel includes
|
|
support for specialized tasks, such as those required for networking. You
|
|
will have to check and see, and if your kernel does not contain the necessary
|
|
support, you will have to recompile your kernel.
|
|
<P><B>3.2 Recompiling the Kernel</B>
|
|
<P>To compile the kernel, you create a configuration file. You can check
|
|
your current configuration file to see if needed capabilities are already
|
|
compiled into your kernel.
|
|
<BR>Most dialin servers will be hosts on a LAN. This document assumes that
|
|
the host is already configured as part of the LAN. If this is not the case,
|
|
you should reference other documents at the LDP before continuing, such
|
|
as the Linux Network Administrators' Guide.
|
|
<BR> I prefer to use xconfig. It is a graphical tool
|
|
for viewing and modifying the kernel configuration file. It requires that
|
|
you have X-windows installed and running, and that you have Tk installed.
|
|
<BR>In xconfig you will find the options for SLIP and PPP support in the
|
|
category "Network devices." These have to be supported for a SLIP and PPP
|
|
dialin server. If the server will provide access to a network, the
|
|
kernel must include support for IP forwarding. In xconfig this is found
|
|
in the category "Network options."
|
|
<BR> If you must recompile the kernel, it is highly recommended
|
|
that you read the <A HREF="http://metalab.unc.edu/LDP/HOWTO/Kernel-HOWTO.html">Linux
|
|
Kernel HOWTO</A>. These are the basic steps:
|
|
<P>1. Make a copy of your present kernel in case of emergency
|
|
<BR>2. cd /usr/src/linux-(kernel version number)
|
|
<BR>3. Issue the command "make config". If you are running X-windows
|
|
you can try "make xconfig" to use a point-and-click interface for this
|
|
process.
|
|
<BR>4. Say "yes" to all the proper networking options: SLIP, PPP,
|
|
IP forwarding, etc (your LAN network configuration should already be configured).
|
|
<BR>5. Save and exit
|
|
<BR>6. Issue the command "make dep"
|
|
<BR>7. Issue the command "make clean"
|
|
<BR>8. Issue the command "make zImage"
|
|
<BR>9. cd /usr/src/linux-(kernel version number)/arch/i386/boot
|
|
<BR>10. cp zImage /vmlinuz (or wherever your kernel resides)
|
|
<BR>11. Issue the command "lilo"
|
|
<P>That should do it. The Linux Kernel HOWTO states that you should
|
|
be able to issue the command "make zlilo" after you have made the zImage,
|
|
and that making zlilo will copy and install the new kernel for you.
|
|
This did not work on my system, however.
|
|
<P><B>4 gettys</B>
|
|
<P>You will need a getty that can handle modem communications. Once started,
|
|
usually from inittab, the getty runs as a background process. Your modem
|
|
getty will be idle until the modem receives a call, at which point it will
|
|
"answer" the phone and negotiate the specifics of modem-to-modem communication
|
|
with the client. There are several gettys that can be used for this task.
|
|
<BR>This document covers the usage of mgetty. You can acquire the mgetty+sendfax
|
|
package and official documentation at Gert Doering's website, http://www.leo.org/~doering/mgetty.
|
|
It was included with RedHat 5.1 and lived in /sbin/mgetty and /etc/mgetty+sendfax.
|
|
<BR> Note that anytime you see something like "/sbin/mgetty"
|
|
that it is simply the path to the file. Files may be located in different
|
|
locations in the directory structure on different machines, and possibly
|
|
with different distributions. Therefor, the path to the file would be different.
|
|
You will need to verify the location of the necessary files on your system.
|
|
<BR> There are many options for mgetty that you can edit
|
|
to your desired configuration, most importantly in /etc/mgetty+sendfax/mgetty.config.
|
|
Refer to the mgetty documentation if you need to make changes to the default
|
|
settings. The default settings worked for us. If you wish to enable AutoPPP,
|
|
you will need to edit /etc/mgetty+sendfax/login.config. Detailed instructions
|
|
on that task appear later in this section.
|
|
<BR> To start mgetty, edit /etc/inittab. Here is another
|
|
point where the serial and modem HOWTOs are helpful. You must tell mgetty
|
|
which serial port to monitor. In Linux these ports are numbered 0-3, and
|
|
named ttyS* for dialin. For a modem we installed on the third internal
|
|
port, we added this line to /etc/inittab:
|
|
<P>S2:2345:respawn:/sbin/mgetty ttyS2 -D /dev/ttyS2
|
|
<P>The option "-D" tells mgetty to expect data only, no faxes. After this
|
|
use the command "kill -1 1" to force initd to re-read inittab. This will
|
|
cause mgetty to be started.
|
|
<BR> Note that if you use a multi-port serial board,
|
|
those ports might be named differently than the four ports Linux initializes
|
|
by default. In his excellent document on mgetty and AutoPPP, Mick Dennis
|
|
reports naming the ports on his Cyclade Cyclom 16YeP as /dev/ttyC*.
|
|
<BR> Using the default settings, mgetty negotiates a
|
|
SLIP (Serial Line Internet Protocol) connection and allows authentication
|
|
via /etc/passwd. This is a functional system that allows a user to login
|
|
to a shell account. If desired, a mechanism can be provided to allow users
|
|
to start pppd after logging in over there SLIP connection. First, make
|
|
sure that all users have permission to execute pppd by issuing the command:
|
|
<P>chmod u+s /usr/sbin/pppd
|
|
<P>Next, add this line to /etc/bashrc:
|
|
<P>alias ppp="exec /usr/sbin/pppd -detach"
|
|
<P>This way, after the user has logged in over the SLIP connection, they
|
|
can start pppd by typing "ppp." This procedure is taken from Robert Hart's
|
|
Linux PPP HOWTO.
|
|
<BR>Another option is to create a PPP account. The entry in /etc/passwd
|
|
might look like this:
|
|
<P>ppp:x:351:230:pppclient:/home/ppp:/usr/sbin/pppd
|
|
<P>When a user connects they simply login as "ppp." Once they provide the
|
|
password, pppd starts automatically.
|
|
<BR> For Microsoft clients to work with this setup, the
|
|
client must be configured to provide a terminal screen after connection.
|
|
This is not a default setting. These are the steps to do it in Windows
|
|
95:
|
|
<P>1. Click on My Computer
|
|
<BR>2. Click on Dial-Up Networking
|
|
<BR>3. Right-click on the icon for the connection
|
|
<BR>4. Click on Properties
|
|
<BR>5. Click on Configure
|
|
<BR>6. Click on Options
|
|
<BR>7. Click box next to "Bring up terminal window after dialing"
|
|
<P><B>4.1 AutoPPP and mgetty</B>
|
|
<P>Most Windows users will not like the requirement to use a login screen
|
|
after connecting to the server. It is possible for the system administrator
|
|
to remove this annoying extra step by using mgetty's ability to start pppd
|
|
upon initiating a connection. To do this, you enable AutoPPP.
|
|
<P><B>4.2 Compiling mgetty</B>
|
|
<P>Note: I have been told by several people, that when they chose
|
|
to install mgetty from their Redhat 5.2 distribution mgetty was automatically
|
|
compiled to include AutoPPP.
|
|
<BR> For AutoPPP to function, you must edit the makefile
|
|
before compiling. On or near line 110 you will need this:
|
|
<P>CFLAGS=-02 -Wall -pipe -DAUTO_PPP
|
|
<P>After that edit, compile mgetty according to the mgetty documentation
|
|
instructions.
|
|
<BR>Next, you edit /etc/mgetty+sendfax/login.config to look like this around
|
|
line 50:
|
|
<P>/AutoPPP/ - - /usr/sbin/pppd file /etc/ppp/options.server
|
|
<P>Once you have completed this configuration, mgetty will automatically
|
|
start pppd when it receives the LCP configure request. (For more on LCP
|
|
read the pppd man page.) The "file" option tells pppd to read the file
|
|
/etc/ppp/options.server instead of the default /etc/ppp/options. Since
|
|
pppd uses /etc/ppp/options for acting as a client or server by default
|
|
(remember, it is technically peer-to-peer), using this option helps keep
|
|
the desired options for acting as client or server separate.
|
|
<BR> Assuming that you have edited /etc/mgetty+sendfax/mgetty.config
|
|
to your preferences, you are done. Note that in every instance that
|
|
you change the options for a process, the process will have to be restarted
|
|
before the new options can take affect.
|
|
<BR> Note: If you wish to be able to dial out with
|
|
a modem that is being monitored by mgetty, you will need to pay attention
|
|
to what device your communications program uses. See <A HREF="http://www.leo.org/~doering/mgetty/mgetty_10.html#SEC10">http://www.leo.org/~doering/mgetty/mgetty_10.html#SEC10</A>
|
|
<P><B>5 PPP (Point-to-Point Protocol)</B>
|
|
<P>The Point-to-Point Protocol is the most popular protocol used for connecting
|
|
hosts by phone line.
|
|
<P><B>5.1 Compiling pppd</B>
|
|
<P>Adhere to the PPP package documentation. If you will be using shadow
|
|
passwords, you will need to use the following command:
|
|
<P>make HAS_SHADOW=1
|
|
<P>To use the MS-DNS option for Windows compatibility, and shadow, use:
|
|
<P>make USE_MS_DNS=1 HAS_SHADOW=1
|
|
<P>For more on this, see <A HREF="http://oh3tr.ele.tut.fi/~oh3fg/ppp/ppps.html">http://oh3tr.ele.tut.fi/~oh3fg/ppp/ppps.html.</A>
|
|
<P><B>5.2 Configuring pppd</B>
|
|
<P>PPP is configured by editing the options files read by pppd in /etc/ppp.
|
|
Remember that in this configuration pppd will read /etc/ppp/options.server
|
|
when it is started by mgetty. The most complete list of pppd options I
|
|
have found is in the pppd man page. If you do not use PAP or CHAP, your
|
|
file /etc/ppp/options.server might look like this:
|
|
<P>-detach
|
|
<BR>asyncmap 0
|
|
<BR>modem
|
|
<BR>crtscts
|
|
<BR>lock
|
|
<BR>proxyarp
|
|
<BR>ms-dns aa.bb.cc.dd
|
|
<BR>ms-dns ee.ff.gg.hh
|
|
<P>-detach-do not fork to become a background process
|
|
<BR>asyncmap 0-to allow pppd to work over a rlogin/telnet connection
|
|
<BR>modem-use the modem control lines
|
|
<BR>crtscts-use hardware flow control
|
|
<BR>lock-specifies that pppd use the UUCP-style lock on the serial device
|
|
<BR>proxyarp-adds an entry into the ARP table with the IP address of the
|
|
client and the IP address of the NIC
|
|
<BR>ms-dns-specifies the address of the DNS server to be used by Microsoft
|
|
clients (As far as I know, there is now equivelent option for non-Microsoft
|
|
clients. A Linux client must have the address of the DNS in /etc/hosts.)
|
|
<P><B>5.3 Configuring + PAP</B>
|
|
<P>PAP (Password Authentication Protocol) is one of the two protocols that
|
|
PPP uses to authenticate peers. The other is CHAP (Challenge Handshake
|
|
Authentication Protocol). CHAP is a more secure protocol, but is not as
|
|
widely supported as PAP. Thus, this document addresses the use of PAP,
|
|
only. For more information on both PAP and CHAP, see Olaf Kirch's Linux
|
|
Network Administrators' Guide.
|
|
<BR> Since PPP is technically a peer-to-peer protocol,
|
|
PAP allows two-way authentication. This means that not only the "server"
|
|
can request the "client" to authenticate itself, but the reverse is also
|
|
true. The "client" can require the "server" to authenticate itself. In
|
|
practice, this in not often done. Most PPP servers are not configured to
|
|
authenticate themselves to clients.
|
|
<BR> It is not difficult to configure your PPP server
|
|
to use PAP. To the /etc/ppp/options.server file above, simply add the following
|
|
entry:
|
|
<P>require-pap
|
|
<BR>refuse-chap
|
|
<P>With this configuration, pppd will check client login names and passwords
|
|
against the file /etc/ppp/pap-secrets. The client will be granted access
|
|
only if it matches an entry I /etc/ppp/pap-secrets. Example:
|
|
<P>#user server secret
|
|
addrs
|
|
<BR>jdoe *
|
|
password *
|
|
<P>If the "server" and "addrs" fields are filled in, then the client will
|
|
only be granted access if the login name and password are sent from the
|
|
designated server and IP address/fully qualified domain name.
|
|
<P><B>5.4 PAP using /etc/password</B>
|
|
<P>If you do not wish to create an entry in /etc/ppp/pap-secrets for each
|
|
client allowed PPP access, you can instruct pppd to check login names and
|
|
passwords against /etc/passwd instead of /etc/ppp/pap-secrets. Add the
|
|
option "login" to /etc/ppp/options.server. For this configuration, your
|
|
/etc/ppp/options.server file will look like this:
|
|
<P>-detach
|
|
<BR>asyncmap 0
|
|
<BR>modem
|
|
<BR>crtscts
|
|
<BR>lock
|
|
<BR>require-pap
|
|
<BR>refuse-chap
|
|
<BR>login
|
|
<BR>proxyarp
|
|
<BR>ms-dns aa.bb.cc.dd
|
|
<BR>ms-dns ee.ff.gg.hh
|
|
<P>If the "login" option is used, the file /etc/ppp/pap-secrets need not
|
|
exist. In fact, it might interfere with the proper functioning of PAP.
|
|
You can remove the file, or it can contain the following line:
|
|
<P>* * ""
|
|
<P>The advantage of maintaining /etc/ppp/pap-secrets with this line is
|
|
that it leaves you the option of denying PPP access to individual accounts
|
|
that have entries in /etc/passwd. To do so, below the above line, enter
|
|
the following line:
|
|
<P>username * -
|
|
<P>where "username" is the username of the account you wish to deny PPP
|
|
access. Example:
|
|
<P>#user server
|
|
secret addrs
|
|
<BR> *
|
|
*
|
|
""
|
|
*
|
|
<BR>jdoe *
|
|
-
|
|
*
|
|
<P><B>5.5 IP Address Allocation with PPP</B>
|
|
<P>For PPP to work, the client must have an IP address. Most dialin clients
|
|
will not have their own IP address, so it is necessary to assign an IP
|
|
address to the serial port that the client connects through.
|
|
<BR>Earlier, we created a PPP options file that specifies the configuration
|
|
of PPP connections the server will provide, /etc/ppp/options.server. It
|
|
is also possible to create an options file that is specific to connections
|
|
made through a specified serial port. For example, to create a file for
|
|
ttyS2, your create the file /etc/ppp/options.ttyS2.
|
|
<BR> One of the options that can be defined in such a
|
|
file is IP address assigned to the port for PPP connections. This is the
|
|
format for this option:
|
|
<P>ii.jj.kk.ll:mm.nn.oo.pp
|
|
<P>The first IP address, from left to right, is the IP address of the server.
|
|
The second IP address is the IP address assigned to the serial port for
|
|
PPP connections.
|
|
<BR> Note, it is extremely important that you verify
|
|
that the IP address you assign to the serial port is a valid IP address
|
|
on your subnet, and that it is not assigned to any other device on the
|
|
network.
|
|
<P><B>6 Congratulations</B>
|
|
<P>You are done.
|
|
<BR>
|
|
<P>Feed back on this document is appreciated: email <A HREF="mailto:jgentry@swcp.com">jgentry@swcp.com</A>
|
|
|
|
<!--===================================================================-->
|
|
<P> <hr> <P>
|
|
<center><H5>Copyright © 1999, Josh Gentry <BR>
|
|
Published in Issue 38 of <i>Linux Gazette</i>, March 1999</H5></center>
|
|
|
|
<!--===================================================================-->
|
|
<P> <hr> <P>
|
|
<A HREF="./index.html"><IMG ALIGN=BOTTOM SRC="../gx/indexnew.gif"
|
|
ALT="[ TABLE OF CONTENTS ]"></A>
|
|
<A HREF="../index.html"><IMG ALIGN=BOTTOM SRC="../gx/homenew.gif"
|
|
ALT="[ FRONT PAGE ]"></A>
|
|
<A HREF="./blanchard.html"><IMG SRC="../gx/back2.gif"
|
|
ALT=" Back "></A>
|
|
<A HREF="./jenkins7.html"><IMG SRC="../gx/fwd.gif" ALT=" Next "></A>
|
|
<P> <hr> <P>
|
|
<!--startcut ==========================================================-->
|
|
</BODY>
|
|
</HTML>
|
|
<!--endcut ============================================================-->
|