Newsroom Update
Beginning in May, a special Today at Apple series titled “Made for Business” will offer small business owners and entrepreneurs free opportunities to learn how Apple products and services can support their growth and success. Learn more >
Beginning in May, a special Today at Apple series titled “Made for Business” will offer small business owners and entrepreneurs free opportunities to learn how Apple products and services can support their growth and success. Learn more >
I'm running OSX Server on Mountain Lion and I'm trying to get VPN to work. If I enable it and try to connect it comes back with an authentication error on VPN client. If enable Open Directory and create a new *network* user it does work. Is this a requirement for VPN to work?
Mac mini (Late 2012), OS X Mountain Lion (10.8.4)
In osx server, open directory is the glue that handles all network user authentication issues.
So there is no way for a local user to have VPN access?
To the server, the only thing considered a "local" user is someone sitting at the server itself.
For all other users (others inside your local network), the nerver needs some what to verify that they are who they say they are. OD does that.
As far as server know, you might have placed the server on the open internet, or opened your firewall, so anyone outside the server box itself could be anywhere (your office, or across the globe). It has to enforce security the same way on all of them.
Sorry, I'm not getting it. What's wrong with the normal local authentication? I can connect from my other computers using that "local" account so obviously OD is not required for authentication across a network.
I don't mind having to turn on OD so much, but I'm confused why they seem to have to be *network* users (can't find any documentation on this). I already have a local account and I don't want a 2nd one. Changing a local to a network account is somewhat dodgy and again no official Apple documentation. So I'm sort of stuck.
Yes, VPN under 10.8 Server will work with local accounts.
Bryan Dulock
Houston, TX
Is this a requirement for VPN to work?
No.
Sounds promising. Any idea how I would go about troubleshooting VPN authentication? Using local accounts gives me "Authentication failed", network accounts work fine.
Some ideas in these threads:
CHAP peer authentication failed
CHAP peer authentication failed with 10.6 PPTP VPN
If none of those works for you, post a representative extract from /var/log/ppp/vpnd.log. No more than about 50 lines, please.
Make sure the local account has access to the VPN service. "Authentication Failed" can mean you have an incorrect VPN setting (user password or shared secret) or it can mean the account is not allowed to use this service.
To troubleshoot, watch the VPN log when attempting to connect to the VPN service.
Ah can't believe I missed the VPN log. Problem solved. Thank you 🙂
You are welcome. What was causing the problem?
Subtle typo in the account name wouldn't have found it without the log.
On the network users make a group called VPN Access and under users click on the user you want to have access and put it in the VPN Access group.
Does VPN require Open Directory?
