Network users can't login via VPN and Profile Manager

Anyone has any suggestions?

In more simple terms my problem is: Mobile Accounts can not logon to the Profile Manager nor can they be used for VPN access (I am getting authentication errors in both cases). This problem does not occur for local accounts or accounts with the home directory on the server.

The users I tested are listed under VPN in the Server Admin Access pane (I didn't make any changes myself in the access pane).

I also studied my logfile again and compared successful and not successful events. I found trhe follwing in case of a successful connection:

but in an unsuccessful attempt I saw Open Directory crashed:

About a minute later Open Directory crashes again and then continues to work normally.

Can this information help to get my problem resolved?

I decided to experiment a bit further and take some more drastic measures (I did not have critical data or userids on my server yet).

1. Follow the instructions on the following thread: https://discussions.apple.com/thread/3704295?start=0&tstart=0
   Unfiortunately my problem was different and Apple's KB article http://support.apple.com/kb/HT4748 didn't solve it for me.
2. I had read about rebuilding my OD master but was somewhat reluctant to do so. I found some 'crypted' instructions on krypted.com (http://krypted.com/mac-os-x-server/server-app-and-open-directory-rebuilds/) which I decided to follow:
   1. take a backup of my OD master (Server Admin.app)
   2. Destroy my OD master: slapconfig -destroyldapserver
   3. restart
   4. delete all my network userids in Server.app (which I had expected to disappear when deleting my OD master)
   5. restart (not sure whether this restart is required)
   6. promote my OD to a OD Master (Server Admin.app)
   7. enable SSL again for the OD master (ditto)
   8. restart (not sure whether this restart is required)
   9. create a network test user account and log in/log out remotely ...
   10. test VPN and remote profile manager access ... low and behold I could suddenly access my account remotely
   11. restore my OD backup from step 1 above
   12. 😠 no joy ... the network accounts still don't work remotely through VPN or profile manager

At least I now know I have to recreate my OD and subsequently all my network user accounts. I hope I can still link to them to the existing home folders on the server.

Hi SnakeDog. Apologies for the delayed response. I did not use VPN for some time and agree with you my response is somewhat crypted when I looked at it again today 😊

I wanted to use it again today and see I still have the same problems (I have moved to 10.8.2 in the mean time):

1. My existing local network users can't get access through VPN ("chap peer authentication failed" is the message in the server log for pppd)
2. A new local net work user does have access through VPN
3. An existing local user also has access through VPN

So the conclusion I have to recreate "old" local network user account is still valid. In the mean time my local network users can use profile manager ... they have to provide their credentials twice to work 😝

Let me know if you have found a solution in the mean time.

Success.