CHAP peer authentication failed with 10.6 PPTP VPN
Moving services from older machines to our new Xserve running 10.6.1 Server. I've set up PPTP VPN, but keep getting authentication errors. I can get in with my server administrator credentials, but OD credentials get "CHAP peer authentication failed" in the vpnd.log Any ideas?
Please post the vpn log (/var/log/ppp/vpnd.log). It is probably a 95% chance it is a simple (relatively) fix that has been there since at least 10.3 and the sequence of errors around that message is the key.
Well the log says you made it through the 3 exchanges and it was the server that denied the connection.
I think that means this is an account issue. This seems to be supported by your statement that only the administrator can login via PPTP. Is that account Local or OD? Are you 'securing' access to VPN with ACL's?
Let us try this. Make a new account, do NOT setup anything except the account (Don't fiddle with home dir, mail, account info), make the short name less than 8 char, password also less than 8 characters. Please do not make it an administration account. Put them into group 20 (staff) to start and attempt to login via PPTP.
If that does not work (probably not) then change them to group 80 (admin) and see if that does it. I am wondering if it is some issue with your Crypt database.
Ok... I had the exact same problem.... I tried changing configurations, removing the VPN, changing the authentication methods exct... Nothing worked.
Here is how I fixed it.
In workgroup manager under the short names I had 1 main name and 2 aliases. Originally the VPN was configured to authenticate with one of the aliases. I changed the authentication on the client to match the first (grayed out) short name and it works again.