Skip navigation

VPN authentication error 10.7.3

16293 Views 37 Replies Latest reply: Jun 20, 2013 8:59 AM by YUZA-Tom RSS
1 2 3 Previous Next
dacary Calculating status...
Currently Being Moderated
Feb 2, 2012 2:16 AM

Since updating our server to Lion 10.7.3 the VPN service fails to allow connections. Clients get the message 'The PPP server could not be authenticated' whilst the server generates :-

 

Thu Feb  2 10:06:49 2012 : DSAuth plugin: Failed to retrieve MPPE encryption keys from the password server: errno -14484, ctxt 4

Thu Feb  2 10:06:49 2012 : Fatal signal 11

 

I've repaired permissions and removed and reconfigured both ends with joy.

 

Any ideas?

  • kristin. Level 2 Level 2 (230 points)
    Currently Being Moderated
    Feb 2, 2012 4:45 PM (in response to dacary)

    Is this valid for L2TP as well? Since upgrading to 10.7.3 this morning, L2TP is super-flaky, rarely connecting?

  • louser Calculating status...
    Currently Being Moderated
    Feb 2, 2012 7:11 PM (in response to kristin.)

    kristin:

     

    I can confirm the same problem with L2TP. I don't use, nor did I add PPTP since my access is always local user. Sometimes it would connect, and sometimes not. Mostly it was 1 successful to 15 unsuccessful tries.

     

    I had the same error and did not have PPTP enabled (DSAuth plugin: Failed to retrieve MPPE....blah). I followed the instructions for kb/HT4748 as dacary stated - and I was able to connect with VPN without fail. I think the addition of PPTP to the service may have broken the plugin's ability to grab the encryption keys - and the command line in kb article repairs this policy.

     

    Hope that answers your question or confirms your suspicions.

     

    Good Luck!

     

    Edit: - I did not have to do the part about subtracting and adding the Port Forwards in my AirPort - In case you have one.

     

    Message was edited by: louser

  • Samuel.b Calculating status...
    Currently Being Moderated
    Feb 3, 2012 10:57 AM (in response to dacary)

    Hi Guys,

     

    sorry for my bad English, I am from Germany...

    same problem here, but the support document linked by dacary didn't solved the problem.

    The strange thing is that I can log into VPN with my local admin account.

    So I just can't use the open directory accounts.

    Do you have any additional ideas for me?

    Every time I try to connect to the server, I get "The PPP server could not be authenticated" :-(

    Shall I try to use this command which rebuilds the authentication key?

     

    sudo vpnaddkeyagentuser /LDAPv3/127.0.0.1

     

    Thanks for your help


    Samuel

  • kristin. Level 2 Level 2 (230 points)
    Currently Being Moderated
    Feb 3, 2012 11:02 AM (in response to Samuel.b)

    Samuel: What OS is your client machine running? How long (how many charachters) is your shared secret? Are you using "special" characters (!@#$%^&*()'"[], etc.) in your shared secret?

  • Samuel.b Level 1 Level 1 (0 points)
    Currently Being Moderated
    Feb 3, 2012 11:07 AM (in response to kristin.)

    Kristin: iOs devices run 5.0.1 (iPad and iPhone)

    Mac OS X Lion 10.7.3

    everything worked before I updated to 10.7.3.

    The shared secret has about 20 characters and it also has "special" characters.

  • kristin. Level 2 Level 2 (230 points)
    Currently Being Moderated
    Feb 3, 2012 11:12 AM (in response to Samuel.b)

    Is there a possibility for you to change the shared secret as a test?

    Try something simple like 12345. Let me know if that works?

  • Samuel.b Level 1 Level 1 (0 points)
    Currently Being Moderated
    Feb 3, 2012 11:24 AM (in response to kristin.)

    I have tried it and it didn't work...

    I think it goes together with a open directory problem because the local admin account works fine already with 10.7.3.

    Do you think it could be helpful to rebuild the authentication key?

    Thanks a lot for your help!

    Samuel

  • kristin. Level 2 Level 2 (230 points)
    Currently Being Moderated
    Feb 3, 2012 11:28 AM (in response to Samuel.b)

    Are other OD-based services working correctly? Or is it just VPN? You could try rebuilding the key, or possibly rebuilding OD?

  • Samuel.b Level 1 Level 1 (0 points)
    Currently Being Moderated
    Feb 3, 2012 11:56 AM (in response to kristin.)

    Everything else like the iCal Server workes fine...

  • kristin. Level 2 Level 2 (230 points)
    Currently Being Moderated
    Feb 3, 2012 11:58 AM (in response to Samuel.b)

    Long shot, but do you have Back to my Mac running on any of your machines?

  • Samuel.b Level 1 Level 1 (0 points)
    Currently Being Moderated
    Feb 3, 2012 12:00 PM (in response to kristin.)

    No, I think not.

    Why do you ask?

  • kristin. Level 2 Level 2 (230 points)
    Currently Being Moderated
    Feb 3, 2012 12:04 PM (in response to Samuel.b)

    Well, Back to my Mac and VPN share some of the same ports, and Back to my Mac takes precedence over VPN. But, the fact that you can log in via a local user and not OD feels like it's something else. But again, the Back to my Mac thing is the only thing I can think of right now?

  • Samuel.b Level 1 Level 1 (0 points)
    Currently Being Moderated
    Feb 3, 2012 1:08 PM (in response to kristin.)

    Yes, Back to my Mac workes. I habe tried it out.

    I have also tried to add a new OD account but the new one didn't work, too.

    Do I have to restart the VPN Server after I have rebuild the VPN authentication key?

    Or do I have to do something else after I have rebuild the key?

    Thanks for your help.

    Samuel

1 2 3 Previous Next

Actions

More Like This

  • Retrieving data ...

Bookmarked By (4)

This site contains user submitted content, comments and opinions and is for informational purposes only. Apple disclaims any and all liability for the acts, omissions and conduct of any third parties in connection with or related to your use of the site. All postings and use of the content on this site are subject to the Apple Support Communities Terms of Use.