GeneratedUID

K

kjoates

Registered
I recently posted a VPN error, which I have continued to investigate locally. The error said that the users were not authorised for access. I then found that new users, created after the upgrade from 10.3 to 10.4 had VPN access, but the older users migrated from 10.3 did not. This set me to look at what the differences were, and when we ran dscl (command line utility for directory services), it showed that the newer users had a GeneratedUID, and the older users did not. Otherwise, there was little difference between the entries for users. When I went back into Workgroup manager I found that none of the older users (apart from system manager) had a GeneratedUID attribute against them.

There seems to be a way to generate the UUID, but I am not sure what to put into the text box that would create what the DSAccessControl plugin is expecting to see. Does any of this seem plausible for why we cannot connect to the VPN?
 
Well, I can report that our investigation of the GeneratedUID paid off! We have now solved our VPN access issues. the solution was that in the upgrade from earlier versions of OSX, the UUID had not been generated. Then in OSX 4, the source code for the VPN service was markedly different, simplified, but called for the UUID. So as the earlier users did not have one, the could not be authorised for access. We logged in through the terminal as each user, Generated the ID (using UIDGen) at the command line, used the inspection view in Workgroup manager to add the entry for the GeneratedUID for each user, copied in the generated code from the command line, and all was well again.
 
You must log in or register to reply here.
Back
Top