VPN Error

[kjoates]

We recently upgraded from 10.3 to 10.4, and the VPN stopped working. The release notes state that by default all users have VPN access, and previsouly they did. However, now that we have upgraded, the VPN only works for one user, System Administrator (short name sysman). All other users get the following message when trying to connect (this message is from inside the network for testing, but exactly the same result applies when connecting externally):

2006-07-24 09:50:06 EST Incoming call... Address given to client = 172.26.1.84
Mon Jul 24 09:50:06 2006 : Directory Services Authentication plugin initialized
Mon Jul 24 09:50:06 2006 : Directory Services Authorization plugin initialized
Mon Jul 24 09:50:06 2006 : PPTP incoming call in progress from '172.26.1.18'...
Mon Jul 24 09:50:06 2006 : PPTP connection established.
Mon Jul 24 09:50:06 2006 : Using interface ppp0
Mon Jul 24 09:50:06 2006 : Connect: ppp0 <--> socket[34:17]
Mon Jul 24 09:50:06 2006 : DSAccessControl plugin: User 'koates' not authorized for access
Mon Jul 24 09:50:06 2006 : Connection terminated.
Mon Jul 24 09:50:06 2006 : PPTP disconnecting...
Mon Jul 24 09:50:06 2006 : PPTP disconnected
2006-07-24 09:50:06 EST --> Client with address = 172.26.1.84 has hungup

Any suggestions?

 

[Rogue_Tr00per]

yes, the password is being rejected, can you try this login as the user, run the run the VPN as the admin account and login, you should be able to login as the admin user.

You should be able to login, then set up another VPN from scratch with the users login, try that if that fails I might be keyaccess ( under utills) delete the vpn password and run vpn again this should prompt you for a password.

try that.

 

[Rogue_Tr00per]

or try putting a $ in front of the password....

 

[kjoates]

The VPN connection problem applies exactly the same whether using a Mac or Windows client. The VPN service seems to recognise the user and password just fine, the issue is that it says the user is not authorised.

My understanding was that all users on the Mac server would have access to VPN unless specifically excluded. On the server "service" page, the access for all services (including VPN, AFP, SMB) is set to "allow all users and groups". I have tried adding the users, various groups etc to the VPN service, and that doesn't alter the result.

So my real problem is why does the Mac server recongise the user, but not allow them access through the DSAccessCOntrol plugin?

 

[kjoates]

Well, I can report that our investigation of the GeneratedUID (see my other thread) paid off! We have now solved our VPN access issues. The solution was that in the upgrade from earlier versions of OSX, the UUID had not been generated. Then in OSX 4, the source code for the VPN service was markedly different, simplified, but called for the UUID. So as the earlier users did not have one, the could not be authorised for access. We logged in through the terminal as each user, Generated the ID (using UIDGen) at the command line, used the inspection view in Workgroup manager to add the entry for the GeneratedUID for each user, copied in the generated code from the command line, and all was well again.