Currently Being ModeratedJan 16, 2013 8:00 PM (in response to brianw815)
I have exactly the same problem.
Local users can access create a VPN connection. At that point the any user including "local-networked" users can authenticate and see their appropriate files.
The work around that I can use is to create a "local user" called VPN Access. Allow the users to access the VPN through this user and then "Connect to Server" under the suer's name.
Not ideal... but..
Currently Being ModeratedJan 22, 2013 5:01 PM (in response to brianw815)
I also have encountered this problem. The frustrating thing is that OD users cannot log in either, only local accounts created on the server itself are logging in. In Lion Server you could import AD or OD users or aka Users from Another Directory, in Mountain LIon Server this doesnt seem to exist anymore.
However I can answer the second part of your question. 'Not Allowed' or "Allowed' is in reference to the users access to services. So any user that you have allowed to access the VPN or File Sharing on that server is 'Allowed'. By default all AD users are 'Not Allowed. Conversely OD users or 'Local Network Users' have all services turned on by default at the time of their creation. This access / denial of services are refereed to as SACL's or Service Access Control Lists.
I am going to play around with this somemore, if I find a solution I'll post it here.