Q: Network users can't login via VPN and Profile Manager
I have a problem with Network Users defined on my Lion Server accessing the server through VPN or Profile Manager (via Safari) ... I keep on getting authentication errors. Is this because they are network users or am I missing something else?
This works: when I logon to my Lion Server with either local or network users everything seems to be OK including home directory synchronisation.
I tried the following for VPN:
- my local server account can logon to the server (ie my secret key, user account/password combination are OK ("chap peer authentication succeeded for ...")
- when I try the same with two of my network accounts I keep on getting authentication errors (VPN) but I'm sure I use the same userid/password combinations as above ("chap peer authentication failed for ...")
I get similar results when I access the Profile Manager (https://myserver/profilemanager/)
- my local server account can logon on to the Profile Manager and sees as all the information
- when I try this with one of my network accounts (which has devices assigned) I keep on getting 'incorrect user name or password
Thanks in advance for the help provided.
Mac mini, Mac OS X (10.7.3), (Server)
Posted on Apr 7, 2012 9:42 AM
I decided to experiment a bit further and take some more drastic measures (I did not have critical data or userids on my server yet).
- Follow the instructions on the following thread: https://discussions.apple.com/thread/3704295?start=0&tstart=0
Unfiortunately my problem was different and Apple's KB article http://support.apple.com/kb/HT4748 didn't solve it for me. - I had read about rebuilding my OD master but was somewhat reluctant to do so. I found some 'crypted' instructions on krypted.com (http://krypted.com/mac-os-x-server/server-app-and-open-directory-rebuilds/) which I decided to follow:
- take a backup of my OD master (Server Admin.app)
- Destroy my OD master: slapconfig -destroyldapserver
- restart
- delete all my network userids in Server.app (which I had expected to disappear when deleting my OD master)
- restart (not sure whether this restart is required)
- promote my OD to a OD Master (Server Admin.app)
- enable SSL again for the OD master (ditto)
- restart (not sure whether this restart is required)
- create a network test user account and log in/log out remotely ...
- test VPN and remote profile manager access ... low and behold I could suddenly access my account remotely
- restore my OD backup from step 1 above
- no joy ... the network accounts still don't work remotely through VPN or profile manager
At least I now know I have to recreate my OD and subsequently all my network user accounts. I hope I can still link to them to the existing home folders on the server.
Posted on Apr 20, 2012 3:33 PM