Xserve VPN L2TP cannot see LDAP

Discussion in 'Mac OS X Server, Xserve, and Networking' started by SouthFresh, May 18, 2013.

  1. macrumors newbie

    Joined:
    May 18, 2013
    #1
    After quite a bit of mucking around and getting no VPN activity through my router, I finally resolved that issue.

    Only my local users can authenticate through VPN, any user from LDAP receives "The PPP server could not be authenticated"

    Log:

    Code:
    2013-05-18 12:47:48 PDT Loading plugin /System/Library/Extensions/L2TP.ppp
    2013-05-18 12:47:48 PDT Listening for connections...
    2013-05-18 12:48:01 PDT Incoming call... Address given to client = 192.168.1.210
    Sat May 18 12:48:01 2013 : Directory Services Authentication plugin initialized
    Sat May 18 12:48:01 2013 : Directory Services Authorization plugin initialized
    Sat May 18 12:48:01 2013 : L2TP incoming call in progress from 'xxx.xxx.xxx.xxx'...
    Sat May 18 12:48:01 2013 : L2TP received SCCRQ
    Sat May 18 12:48:01 2013 : L2TP sent SCCRP
    Sat May 18 12:48:01 2013 : L2TP received SCCCN
    Sat May 18 12:48:01 2013 : L2TP received ICRQ
    Sat May 18 12:48:01 2013 : L2TP sent ICRP
    Sat May 18 12:48:01 2013 : L2TP received ICCN
    Sat May 18 12:48:01 2013 : L2TP connection established.
    Sat May 18 12:48:01 2013 : using link 0
    Sat May 18 12:48:01 2013 : Using interface ppp0
    Sat May 18 12:48:01 2013 : Connect: ppp0 <--> socket[34:18]
    Sat May 18 12:48:01 2013 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x6a5127d0> <pcomp> <accomp>]
    Sat May 18 12:48:01 2013 : rcvd [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x241129ad> <pcomp> <accomp>]
    Sat May 18 12:48:01 2013 : lcp_reqci: returning CONFACK.
    Sat May 18 12:48:01 2013 : sent [LCP ConfAck id=0x1 <asyncmap 0x0> <magic 0x241129ad> <pcomp> <accomp>]
    Sat May 18 12:48:01 2013 : rcvd [LCP ConfAck id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x6a5127d0> <pcomp> <accomp>]
    Sat May 18 12:48:01 2013 : sent [LCP EchoReq id=0x0 magic=0x6a5127d0]
    Sat May 18 12:48:01 2013 : sent [CHAP Challenge id=0x26 <7e687e746a7952624e5c520d3d44336f>, name = "xxx.local"]
    Sat May 18 12:48:01 2013 : rcvd [LCP EchoReq id=0x0 magic=0x241129ad]
    Sat May 18 12:48:01 2013 : sent [LCP EchoRep id=0x0 magic=0x6a5127d0]
    Sat May 18 12:48:01 2013 : rcvd [LCP EchoRep id=0x0 magic=0x241129ad]
    Sat May 18 12:48:01 2013 : rcvd [CHAP Response id=0x26 <2565138e1e78d0acd765e71dae4b040000000000000000006c440c372117acea2dbf7fe446b999ed7c6dddba9df36e4d00>, name = "xxx"]
    Sat May 18 12:50:47 2013 : sent [CHAP Success id=0x26 "S=FD5CF3E38450AF9F992662394D54832EF54DD0B2 M=Access granted"]
    Sat May 18 12:50:47 2013 : CHAP peer authentication succeeded for xxx
    Sat May 18 12:50:47 2013 : DSAccessControl plugin: User 'xxx' authorized for access
    Sat May 18 12:50:47 2013 : sent [IPCP ConfReq id=0x1 <addr 192.168.1.110>]
    Sat May 18 12:50:47 2013 : sent [ACSCP ConfReq id=0x1]
    Sat May 18 12:50:47 2013 : L2TP received CDN
    Sat May 18 12:50:47 2013 : L2TP hangup
    Sat May 18 12:50:47 2013 : Connection terminated.
    Sat May 18 12:50:47 2013 : rcvd [CHAP Response id=0x26 <2565138e1e78d0acd765e71dae4b040000000000000000006c440c372117acea2dbf7fe446b999ed7c6dddba9df36e4d00>, name = "xxx"]
    Sat May 18 12:50:47 2013 : Connect time 2.8 minutes.
    Sat May 18 12:50:47 2013 : Sent 0 bytes, received 0 bytes.
    Sat May 18 12:50:47 2013 : L2TP disconnecting...
    Sat May 18 12:50:47 2013 : L2TP sent CDN
    Sat May 18 12:50:47 2013 : L2TP sent StopCCN
    Sat May 18 12:50:47 2013 : L2TP disconnected
    2013-05-18 12:50:47 PDT    --> Client with address = 192.168.1.210 has hungup
    Xserve 10.6.8

    While testing, I have all services available to all users.

    LDAPv3 is on 127.0.0.1

    I have run vpnaddkeyagentuser /LDAPv3/127.0.0.1

    Using MS-CHAPv2 for authentication

    Shared secret functions when using local user.

    As per other sites and threads here, I have ensured that PPTP is currently on.

    Ports are handled, we know this since VPN functions with local users.

    Have reset/changed passwords for LDAP users multiple times to rule this out as an issue.

    I'm not sure why the LDAP isn't able to be used. Any suggestions?
     

Share This Page