Currently Being ModeratedAug 16, 2012 11:05 AM (in response to smcfeeters)
I got PPTP working.
I deleted the VPN MPPE Key Access User and recreated it
I updated the pwpolicy for the recreated account
I created a new user from Server.app
This new user now has the ability to authenticate a PPTP session. I still cannot authenticate with any users that existed before the upgrade, but at least I have a means to establish a VPN connection.
Currently Being ModeratedOct 3, 2012 7:02 PM (in response to smcfeeters)
Hi, I got the same problem with pptp on ML server 10.8.2. I have deleted and recreated the VPN MPPE KEy access user but I am unsure how to change the pwpolicy for him. do you have a example of the command and options you used to resolve the problem?
Currently Being ModeratedMar 21, 2013 9:28 PM (in response to smcfeeters)
I don't understand your answer. VPN MPPE Key Access User? I see no "extra" users in the list presented to me by Server.app, and I also don't know what MPPE stands for.
pwpolicy? How do I set that? Did you not need to configure the services accessed by that user?
I think this feature of Server is a crock -- it's unusable. I've set up openvpn on my stinking Linux router and used it from there, and also configured it to go through a proxy server. This should be easier on a Mac, not harder.
Currently Being ModeratedMar 21, 2013 9:34 PM (in response to dr2chase)
I finally got it working.
It seems like you have to enable opendirectory for pptp vpn to work. Once you create a user in opendirectory and give him/her vpn access pptp authentification works for that user....
Currently Being ModeratedMar 21, 2013 9:52 PM (in response to Ivar Hosteng)
That did not work. I turned on Open directory. I saw mention of a "Key access user" when I turned it on, but I don't see that user in the user list. I created a new user "vpnuser" with access to the VPN service (after turning on Open directory) but I am still unable to log in -- Authentication Failure.
Is there something special about "create a user in opendirectory" that is different from clcking on "Users"?
I did not see this option in Open directory.
Am I supposed to "bind to the directory server"? (you did not mention this. It said to "use System preferences", but it was not specific about which one, and the Users/Groups pane seems to provide no option to do this, so as far as I know I have not done this yet. Whoever wrote that documentation needs a rap across the knuckles with a piece of wood of some unspecified size -- because after all, toothpick, 2-by-4, do the details matter?).
AND, the ? instructions appear to be incorrect. There is no "Type" pop-up menu, so I cannot proceed.
Currently Being ModeratedMar 21, 2013 9:53 PM (in response to dr2chase)
You have to define your users on the osx server using opendirectory and then bind the client macs to the opendirectory. You dont create your users in the system settings app anymore but in the server app unser accounts.
The users should then show up as "Local Network User" instead of "Local User"
Then you should be able to select the user you want to give vpn access, click the cogweel and select "Edit access to Services.."
Currently Being ModeratedMar 21, 2013 9:59 PM (in response to Ivar Hosteng)
Your instructions are rather sketchy. Is this what you meant?
1) turn on open directory on the server in Server.app.
2) in Server.app on the server, create a new user vpnuser (or do I not do this here?)
3) "do something" on the client macs to "bind" them to the open directory.
WHICH SYSTEM PREFERENCE IS THIS?
Will my existing users on the Mac be unaffected?
4) Create? Import? vpnuser on the client mac
Maybe you're working with a different version of the software than I am. Are you using Mountain Lion?
Currently Being ModeratedMar 21, 2013 10:11 PM (in response to dr2chase)
I am using mountain lion 10.8.3 with server app 2.2.1
To have a client mac join a open directory server go to the users and group page in its system preferences. At the bottom in the right pane there is a button named join after the text "Network Account Server". this will let the client join the open directory server on your ML server host.
If you can live with having a seperate userid for the vpn login you don't really need to do this (join the client)
Open the server app on your server and select the Open directory service and configure and start it. Then in the same server app you should have a section just about services that says ACCOUNTS. This is where you create a new user to use for the pptp login. Lets call him bob for this exersce.
Click the plus button below the userlist to create a new user
Fill in the details and select as home folder "none - Services only"
Then select bob in the list after he has appeared there. He should be of type Local Network User
click the cogweel next to the +/- buttons below the list and select edit access to servces. Unselect everything except VPN
That should do it. There is no use to mess around with vpnuser or any other userid's.
Currently Being ModeratedMar 21, 2013 10:19 PM (in response to smcfeeters)
"To have a client mac join a open directory server go to the users and group page in its system preferences. At the bottom in the right pane there is a button named join after the text "Network Account Server"."
This is in fact not true -- I don't know why, but it is not there on my machine. I do not dispute that it may appear on your machine, but not mine. (Mountain Lion, 10.8.3, everything latest.latest)
Edit: You forgot to say "Click 'Login Options'". Now it appeared. I'm a huge fan of detailed instructions.
However, the special-user-for-VPN trick is one that I have been trying all along (along with services only and only enabling VPN), and until just now this did not work, but I am glad to here that I do not need to make the network users work on the clients.
The missing step appears to be "Turn on profile manager". I did some additional dinking around in the web interface to the profile manager, but I think that may not have been necessary. I edited the VPN user to give him VPN settings, but it looked like the same stuff I had already entered on the client.
Currently Being ModeratedMar 21, 2013 10:22 PM (in response to dr2chase)
The join button is on the login options page in system preferences. But like I said dont do that. I have a server that have been using open directory so i dont remember all the steps for setting it up. I am at work (in Sydney) right now so I can look around to closly. Let me create a temporary new server in parallels (got a ML image canned just for stuff like this so its not much work) and Ill try to give you the steps needed. I will probably not have it done until tomorrow your time.
Currently Being ModeratedMar 21, 2013 10:26 PM (in response to Ivar Hosteng)
I'm okay, it finally worked for me (East coast of US, up late). I think Profile Manager is what is necessary (and I think Apple kinda needs to make VPN mention all the other services it depends on).
But if you figure out exactly what to do, it might be good to document it for the next guy. This is not the only instance of this problem, and most of them are unanswered.
Currently Being ModeratedMar 22, 2013 6:49 AM (in response to dr2chase)
Ok, this is a youtube wideo i made showing one way to set up your osx server as a pptp server.
This should show you all the step needed to configure the server and client. It does not cover how to set up port forwarding to your server in your router.
Currently Being ModeratedJun 20, 2013 8:59 AM (in response to smcfeeters)
I have had the same issue. I have posted my (simple) fix here, and I hope it helps you too! https://discussions.apple.com/thread/5117337
More Like This
- Retrieving data ...
- This solved my question - 10 points
- This helped me - 5 points