Xserve VPN L2TP cannot see LDAP
After quite a bit of mucking around and getting no VPN activity through my router, I finally resolved that issue.
Only my local users can authenticate through VPN, any user from LDAP receives "The PPP server could not be authenticated"
Log:
2013-05-18 12:47:48 PDT Loading plugin /System/Library/Extensions/L2TP.ppp
2013-05-18 12:47:48 PDT Listening for connections...
2013-05-18 12:48:01 PDT Incoming call... Address given to client = 192.168.1.210
Sat May 18 12:48:01 2013 : Directory Services Authentication plugin initialized
Sat May 18 12:48:01 2013 : Directory Services Authorization plugin initialized
Sat May 18 12:48:01 2013 : L2TP incoming call in progress from 'xxx.xxx.xxx.xxx'...
Sat May 18 12:48:01 2013 : L2TP received SCCRQ
Sat May 18 12:48:01 2013 : L2TP sent SCCRP
Sat May 18 12:48:01 2013 : L2TP received SCCCN
Sat May 18 12:48:01 2013 : L2TP received ICRQ
Sat May 18 12:48:01 2013 : L2TP sent ICRP
Sat May 18 12:48:01 2013 : L2TP received ICCN
Sat May 18 12:48:01 2013 : L2TP connection established.
Sat May 18 12:48:01 2013 : using link 0
Sat May 18 12:48:01 2013 : Using interface ppp0
Sat May 18 12:48:01 2013 : Connect: ppp0 <--> socket[34:18]
Sat May 18 12:48:01 2013 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x6a5127d0> <pcomp> <accomp>]
Sat May 18 12:48:01 2013 : rcvd [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x241129ad> <pcomp> <accomp>]
Sat May 18 12:48:01 2013 : lcp_reqci: returning CONFACK.
Sat May 18 12:48:01 2013 : sent [LCP ConfAck id=0x1 <asyncmap 0x0> <magic 0x241129ad> <pcomp> <accomp>]
Sat May 18 12:48:01 2013 : rcvd [LCP ConfAck id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x6a5127d0> <pcomp> <accomp>]
Sat May 18 12:48:01 2013 : sent [LCP EchoReq id=0x0 magic=0x6a5127d0]
Sat May 18 12:48:01 2013 : sent [CHAP Challenge id=0x26 <7e687e746a7952624e5c520d3d44336f>, name = "xxx.local"]
Sat May 18 12:48:01 2013 : rcvd [LCP EchoReq id=0x0 magic=0x241129ad]
Sat May 18 12:48:01 2013 : sent [LCP EchoRep id=0x0 magic=0x6a5127d0]
Sat May 18 12:48:01 2013 : rcvd [LCP EchoRep id=0x0 magic=0x241129ad]
Sat May 18 12:48:01 2013 : rcvd [CHAP Response id=0x26 <2565138e1e78d0acd765e71dae4b040000000000000000006c440c372117acea2dbf7fe446b999ed7c6dddba9df36e4d00>, name = "xxx"]
Sat May 18 12:50:47 2013 : sent [CHAP Success id=0x26 "S=FD5CF3E38450AF9F992662394D54832EF54DD0B2 M=Access granted"]
Sat May 18 12:50:47 2013 : CHAP peer authentication succeeded for xxx
Sat May 18 12:50:47 2013 : DSAccessControl plugin: User 'xxx' authorized for access
Sat May 18 12:50:47 2013 : sent [IPCP ConfReq id=0x1 <addr 192.168.1.110>]
Sat May 18 12:50:47 2013 : sent [ACSCP ConfReq id=0x1]
Sat May 18 12:50:47 2013 : L2TP received CDN
Sat May 18 12:50:47 2013 : L2TP hangup
Sat May 18 12:50:47 2013 : Connection terminated.
Sat May 18 12:50:47 2013 : rcvd [CHAP Response id=0x26 <2565138e1e78d0acd765e71dae4b040000000000000000006c440c372117acea2dbf7fe446b999ed7c6dddba9df36e4d00>, name = "xxx"]
Sat May 18 12:50:47 2013 : Connect time 2.8 minutes.
Sat May 18 12:50:47 2013 : Sent 0 bytes, received 0 bytes.
Sat May 18 12:50:47 2013 : L2TP disconnecting...
Sat May 18 12:50:47 2013 : L2TP sent CDN
Sat May 18 12:50:47 2013 : L2TP sent StopCCN
Sat May 18 12:50:47 2013 : L2TP disconnected
2013-05-18 12:50:47 PDT --> Client with address = 192.168.1.210 has hungup
Xserve 10.6.8
While testing, I have all services available to all users.
LDAPv3 is on 127.0.0.1
I have run vpnaddkeyagentuser /LDAPv3/127.0.0.1
Using MS-CHAPv2 for authentication
Shared secret functions when using local user.
As per other sites and threads here, I have ensured that PPTP is currently on.
Ports are handled, we know this since VPN functions with local users.
Have reset/changed passwords for LDAP users multiple times to rule this out as an issue.
I'm not sure why the LDAP isn't able to be used. Any suggestions?
Xserve, Mac OS X (10.6.8)