I recently posted a VPN error, which I have continued to investigate locally. The error said that the users were not authorised for access. I then found that new users, created after the upgrade from 10.3 to 10.4 had VPN access, but the older users migrated from 10.3 did not. This set me to look at what the differences were, and when we ran dscl (command line utility for directory services), it showed that the newer users had a GeneratedUID, and the older users did not. Otherwise, there was little difference between the entries for users. When I went back into Workgroup manager I found that none of the older users (apart from system manager) had a GeneratedUID attribute against them.
There seems to be a way to generate the UUID, but I am not sure what to put into the text box that would create what the DSAccessControl plugin is expecting to see. Does any of this seem plausible for why we cannot connect to the VPN?
There seems to be a way to generate the UUID, but I am not sure what to put into the text box that would create what the DSAccessControl plugin is expecting to see. Does any of this seem plausible for why we cannot connect to the VPN?