12.3 Assigning the PPP IP Addresses

12.4 Adding a PPP Login User

When setting up a PPP server, the answering pppattachd daemon is started from the profile script of a special PPP user. The security of this user is dependent on the type of Internet server you are using and who will know the password of the server. In many cases, you will want this special user ID only available while starting a PPP session. This is especially true if you are setting up a server for outside users to dial into.

Special tasks specific to the PPP user include:

1. Make this user a member of the uucp group.

2. Do not allow other users to su to this user.

3. Do not allow a remote login to the user. (telnet, rlogin).

4. Disable ftp to the user.

5. Modify the .profile to start the pppcontrold.

In this section you will create a PPP user through SMIT.

You will use the command smitty user fastpath as follows:

1. Enter the command smitty user.

2. Choose the option Add a User.

3. Fill in the screen ensuring that the following is set:

User Name

pppuser

Primary Group

uucp

Group Set

uucp

Administrative Groups

uucp

Another user can su to user

false (for security)

Su Groups

Nogroup

Home directory

/home/pppuser

Initial Program

/usr/bin/ksh

User can Login?

true

User can Login Remotely?

false

Press Enter to create user. Press F3 to go to previous menu.

1. Select Change a User's Password. Give the user ID a password.

2. Edit the user .profile using:

   vi /home/pppuser/.profile
   

   Insert the first line:

   exec /usr/sbin/pppattachd server 2>/dev/null
   

3. At the initial login, the new user is prompted to change the assigned password. However, the chat script cannot do this and the connection will not be successful. Therefore, enter the following command to switch off this prompt:

   pwdadm -f NOCHECK USER_ID
   

   For this example, the command is:

   pwdadm -f NOCHECK goofy
   

4. Put the PPP user name in the /etc/ftpusers file.

   Create the file if it does not exist.

The user is ready for PPP login.

12.4.1 Adding the TTY Port

In this section you will add a TTY port with login capability.

12.4.1.1 Add the TTY Device

The procedure adds a tty device:

1. Enter the command smitty tty.

2. Choose the option Add a TTY.

3. Choose your tty type from the resulting list.

4. Choose your parent adapter from the resulting script.

5. Make the following changes:
   • Set your port number.

   • Enable login.

   • Set baud rate to the baud rate of the modem.

   • Set flow control as rts.

6. Press Enter to add the tty.

12.4.1.2 Add TTY to /etc/uucp/Devices File

For the cu command to configure the modem and for PPP to work, you will need an entry in the /etc/uucp/Devices file for this tty. Add this as follows:

1. Enter the command cd /etc/uucp.

2. Enter the command vi Devices.

3. Add a line at the following line at the bottom of the Devices file:

   Direct tty# - baud-rate direct
   

   For this example it is:

   Direct tty0 - 9600 direct
   

4. Save and exit the file.

12.4.2 Configure the Dial-In Modem

The setup of a modem will be different for different types of modems, and will also be different for the client or the server. Since the server is answering the call, you will need to make sure that the modem is set to answer a call. Modem setup strings vary, but a frequently-used generic setup string is as follows: AT&F&C1&D2S0=1Q2&W. A different string may be required by your modem. Some modems allow you to configure them directly, and that clears up the need to do any of these configuration from the software level. See the installation manual for your modem for details.

To setup the modem, do the following:

1. Disable the login with pdisable tty0.

2. Connect to the modem with cu -ml tty0. The modem should respond with Connected.

   If an entry is not made for tty0 in the /etc/uucp/Devices, file then the following error is displayed when the command cu -ml tty0 is executed:

   # cu -ml tty0
   cu: 0835-028 The connection failed. NO DEVICES AVAILABLE.
   

   
   
   

   Note
   The command cu -dml tty# provides you with debug information for the cu command. If there is no response from the cu -ml tty# command, then execute the command with the -d flag and troubleshoot the problem from the information supplied in the output.

   
   
   

3. Type AT and press Enter. The modem should respond with OK.

4. Set the modem to answer after one ring with ATS0=1.

5. Enter the generic setup string or use the specific setup string for your modem.

6. Exit the cu session with ~. That is the tilda character followed by a dot.

7. Press Enter. This should return Disconnected.

8. Enable the login with penable tty0.

12.4.2.1 Capturing Diagnostic Output

Before dialing out, provide for diagnostic information to use in case of failure to establish a connection. Do the following:

1. In the /etc/syslog.conf file, add the line: *.debug /tmp/ppp.

2. Create the file /tmp/ppp and set the permissions so it can be written to.

3. Tell syslogd that /etc/syslogd.conf has been updated. Enter the command: refresh -s syslogd.

4. pppcontrold can be set to provide more detailed output by sending it signal 30. Enter the following commands:
   • lssrc -s pppcontrold (Note the process ID (PID))

   • kill -30 pppcontrold_PID where pppcontrold_PID is the PID number of pppcontrold returned by the previous command.

   This will append a note to /tmp/ppp with a message indicating that debugging has been activated. This diagnostic output can be switched off using kill -31 pppcontrold_PID.

12.4.3 Start the PPP Control Daemon

Once the link and IP addresses are configured, you can start the control daemon pppcontrold. It is recommended that you do this from SMIT following the same procedure used for the server.

1. Return to the PPP main Panel that is using smitty ppp.

2. Select option Start PPP.

3. Select the type of startup you want.

4. At this point if you exit SMIT you can do the following to verify that the PPP subsystem is active on this system.

#lssrc -s pppcontrold

Subsystem         Group            PID     Status
pppcontrold      uucp             18914   active
This should show as active.
#ps -ef | grep ppp
root 18914  4456   0   Apr 18      -  0:00 /usr/sbin/pppcontrold

There should be a pppcontrold process running.

If there is a problem, look at the syslog daemon file /tmp/ppp you setup in section 12.4.2.1 Capturing Diagnostic Output.

12.5 AIX PPP Client