<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
<meta http-equiv="Content-Language" content="en-us">
<title>AutoPPP feature of mgetty with ACUA howto</title>
</head>
<body>
<h1> AutoPPP feature of mgetty with ACUA howto:</h1>
<p> version 1.0.1, a recent version can be obtained from <a href="http://www.viket.net/acua/autoppp.html">http://www.viket.net/acua/autoppp.html</a></p><p>Kliment Toshkov <<a href="mailto:sag@viket.net">sag@viket.net</a>></p><p>last modified
16.12.2000, 14:17 EET
</p>
<hr>
<h2>Table of contents:</h2>
<ol>
<li><a href="##1">Configuration basics</a></li>
<li><a href="##2">Software needed</a></li>
<li><a href="##3">mgetty</a></li>
<li><a href="##4">pppd</a></li>
<li><a href="##5">acua</a></li>
<li><a href="##6">logging in with a terminal window</a></li>
<li><a href="##7">Troubleshooting</a></li>
</ol>
<p>
</p>
<h2><a name="#1"></a>1. Configuration basics
</h2>
<p>I am using ACUA 3.00 with pppd 2.3.11 and mgetty 1.1.14. At the time the
tests were done, ACUA version 2.10 was used, then upgraded to ACUA 3.00. Many
thanks to Robert Davidson for his patience and writing of acua_login_debug
especially for me.
</p>
<p>
</p>
<h2><a name="#2"></a>2. Software needed
</h2>
<p>This howto applies to any version of linux you may be using. Here I use
RedHat Linux 6.2 for base, with many tweaks and manually installed packages.
First and most important, you need to have properly installed and working linux.
=)
</p>
<p>The point of this document is not telling you how to install and run properly
any part of the software needed. I will assume you have it already installed and
running ok.
</p>
<p>
</p>
<h2><a name="#3"></a>3. Configuring mgetty
</h2>
<p>Ensure that you have AutoPPP support compiled in mgetty. If not, go through
README.mgetty and compile with -DAUTO_PPP. Then insert the following into <font face="Courier New" size="2">/etc/mgetty+sendfax/login.config</font>:
</p>
<blockquote>
<p><font face="Courier New" size="2">/AutoPPP/ -
a_ppp /usr/sbin/pppd auth -chap +pap login modem crtscts lock</font>
</p>
</blockquote>
<p>At this point, we have configured mgetty to automagically recognise LCP configure request
and start pppd. Otherwise, <font face="Courier New" size="2">/bin/login </font>is
executed.
</p>
<p>
</p>
<h2><a name="#4"></a>4. Configuring pppd
</h2>
<p>There are a lot of files, used to configure <font face="Courier New" size="2"> pppd</font>. I suggest you first read <font face="Courier New" size="2">man
pppd</font>. Remember that <font face="Courier New" size="2">pppd </font>should
be suid root to run. Then open <font face="Courier New" size="2">/etc/ppp/options</font>
and insert the following:
</p>
<blockquote>
<table border="0">
<tr>
<td valign="top"><font size="2" face="Courier New">62.176.81.4:</font></td>
<td valign="top">this should be the ethernet IP address of the machine
running pppds (note the semicolon
at the end of IP)</td>
</tr>
<tr>
<td valign="top"><font size="2" face="Courier New"> modem</font></td>
<td valign="top">specifies that modem control lines should be used</td>
</tr>
<tr>
<td valign="top"><font size="2" face="Courier New">lock</font></td>
<td valign="top">do old style UUCP locking</td>
</tr>
<tr>
<td valign="top"><font size="2" face="Courier New">login</font></td>
<td valign="top">use /etc/passwd to log the user instead of /etc/ppp/pap-secrets</td>
</tr>
<tr>
<td valign="top"><font size="2" face="Courier New"> noauth</font></td>
<td valign="top">do not require authorization by default (useful when
logging in with terminal window)</td>
</tr>
<tr>
<td valign="top"><font size="2" face="Courier New">ms-dns 62.176.81.1</font></td>
<td valign="top">I guess, you are serving MS Windows clients, so put your
DNS address here. You may specify multiple DNS addreses. Also, if you
are a linux user, giving <font face="Courier New" size="2">pppd</font>
the option <font face="Courier New" size="2">usepeerdns</font> enables
it to use the DNS specified.</td>
</tr>
<tr>
<td valign="top"><font size="2" face="Courier New"> mru 576</font></td>
<td valign="top">maximum receive unit, 576 is suitable for slow async
connections</td>
</tr>
<tr>
<td valign="top"><font size="2" face="Courier New"> mtu 576</font></td>
<td valign="top">maximum transmit unit, 576 is suitable for slow async
connections</td>
</tr>
</table>
</blockquote>
<p>Second step, let's create the files that tell <font face="Courier New" size="2">pppd</font>
which IP address belongs to a given tty (this is called dynamic IP addressing).
If you are using ttyS16 through ttyS25 for dialin access (like I do), then the
following should be fine for you: create <font face="Courier New" size="2">/etc/ppp/options.ttyS16</font>,
<font face="Courier New" size="2">/etc/ppp/options.ttyS17</font>, etc, and then
put this into each of them depending on it's name and desired IP address given
to appropriate ttySxx:
</p>
<blockquote>
<table border="0">
<tr>
<td>filename:</td>
<td>contains:</td>
</tr>
<tr>
<td>options.ttyS16</td>
<td>:62.176.81.17 - this is the IP address for that tty</td>
</tr>
<tr>
<td>options.ttyS17</td>
<td>:62.176.81.18 - note the semicolon before IP address</td>
</tr>
<tr>
<td>etc.</td>
<td>etc.</td>
</tr>
</table>
</blockquote>
<p>Step three, Robbie suggests using <font face="Courier New" size="2">/etc/ppp/ip-up</font>
to run <font face="Courier New" size="2">acua_login</font>, but I have better
idea: open (create it if doesn't exists) <font face="Courier New" size="2">/etc/ppp/auth-up</font>
and put inside:
</p>
<blockquote>
<p><font face="Courier New" size="2">#!/bin/bash<br>
/usr/sbin/acua_login $2 < $4 || kill -HUP $PPID </font>
</p>
</blockquote>
<p>If something goes wrong, you might replace <font face="Courier New" size="2">acua_login
</font>with <font face="Courier New" size="2">acua_login_debug </font>and look
carefully in your system log, there should be a message there that tells you why
the user was not allowed to login. The message will most likely be in <font face="Courier New" size="2">/var/log/syslog</font>
or <font face="Courier New" size="2">/var/log/messages</font> if using RedHat
Linux.
</p>
<p>Finally, it's good to teach <font face="Courier New" size="2">pppd</font> to
authorize users against <font face="Courier New" size="2">/etc/passwd</font> (or
shadow, if installed). Open <font face="Courier New" size="2">/etc/ppp/pap-secrets</font>
and insert this:
</p>
<blockquote>
<p><font face="Courier New" size="2">* * ""
*</font>
</p>
</blockquote>
<p>
</p>
<h2><a name="#5"></a>5. Configuring ACUA
</h2>
<p>If you have ACUA running fine, there is nothing additional to configure.
</p>
<p>
</p>
<h2><a name="#6"></a>6. Logging in with a terminal window
</h2>
<p>Let's say, you want to let users log in with a terminal window. All you need is to create
<font face="Courier New" size="2">/usr/local/bin/ppp </font>and put inside:
</p>
<blockquote>
<p><font face="Courier New" size="2">#!/bin/bash TTY=`tty`<br>
case $TTY in <br>
/dev/ttyS16) NO=17;;<br>
/dev/ttyS17) NO=18;;<br>
/dev/ttyS18) NO=19;;<br>
/dev/ttyS19) NO=20;;<br>
/dev/ttyS20) NO=21;;<br>
/dev/ttyS21) NO=22;;<br>
/dev/ttyS22) NO=23;;<br>
/dev/ttyS23) NO=24;;<br>
/dev/ttyS0) NO=25;;<br>
/dev/ttyS1) NO=26;;<br>
/dev/pts*) NO=147;;<br>
*) echo Improper connection; logout;;<br>
esac<br>
<br>
USERIP=62.176.81.$NO<br>
stty -echo<br>
/usr/sbin/acua_login || logout<br>
echo Press F7 now...<br>
/usr/sbin/pppd 62.176.81.4:$USERIP crtscts lock ms-dns 62.176.81.1 modem mru 576 mtu 576<br>
logout</font>
</p>
</blockquote>
<p>Edit<font face="Courier New" size="2"> /etc/passwd</font> and put this file
as shell for appropriate users:
</p>
<blockquote>
<p><font face="Courier New" size="2">viket:x:728:728::/home/viket:/usr/local/bin/ppp</font>
</p>
</blockquote>
<p>
</p>
<h2><a name="#7"></a>7. Troubleshooting
</h2>
<p>It took me a lot of time to get the above configuration running. I have done
all properly, but there were bugs in <font face="Courier New" size="2">pppd</font>
which slowed me down.
</p>
<p>First, be sure to recompile <font face="Courier New" size="2">pppd</font> so
it supports your shadow libs.<br>
Second, remember that <font face="Courier New" size="2">/etc/ppp/pap-secrets </font>should
be configured to allow every user to get in.<br>
Third, at the stage if running <font face="Courier New" size="2">pppd</font> a
user called <font face="Courier New" size="2">a_ppp</font> should appear in <font face="Courier New" size="2">w</font>
or <font face="Courier New" size="2">who</font> output. After <font face="Courier New" size="2">pppd</font>
has authorized the user properly, it should change the utmp entry to the proper
username. If not, <font face="Courier New" size="2">acua_login</font> will not
allow the user login, and this is a sign that you need to recompile your <font face="Courier New" size="2">pppd</font>
program. It is generally only Red Hat that is affected by this problem.
</p>
<p>
</p>
<hr>
<p>Kliment Toshkov <<a href="mailto:sag@viket.net">sag@viket.net</a>>
</p>
<p><a href="http://www.viket.net">http://www.viket.net</a>
</p>
</body>
</html>
