Authenticating Active Directory Users to Mac OS X Mavericks Server L2TP VPN Service
Posted
by
dean
on Server Fault
See other posts from Server Fault
or by dean
Published on 2014-06-06T23:04:38Z
Indexed on
2014/06/07
3:31 UTC
Read the original article
Hit count: 493
We have a Windows Server 2012 Active Directory Infrastructure that consists of two domain controllers. Bound to the Active Directory Domain is a Mac OS X Mavericks Server 10.9.3. The server runs Profile Manager and VPN Services. My Active Directory users are able to authenticate to the Profile Manager, but not the VPN.
I have found several threads on other forums of other users reporting similar issues, here is just one of many references: https://discussions.apple.com/thread/5174619
It appears as though the issue is related to a CHAP authentication failure.
- Can anyone suggest what next troubleshooting steps I might take?
- Is there a way to liberalize the authentication mechanism to include MSCHAP?
Here is an excerpt of the transaction from the logs. Please note the domain has been changed to example.com.
Jun 6 15:25:03 profile-manager.example.com vpnd[10317]: Incoming call... Address given to client = 192.168.55.217
Jun 6 15:25:03 profile-manager.example.com pppd[10677]: publish_entry SCDSet() failed: Success!
Jun 6 15:25:03 --- last message repeated 2 times ---
Jun 6 15:25:03 profile-manager.example.com pppd[10677]: pppd 2.4.2 (Apple version 727.90.1) started by root, uid 0
Jun 6 15:25:03 profile-manager.example.com pppd[10677]: L2TP incoming call in progress from '108.46.112.181'...
Jun 6 15:25:03 profile-manager.example.com racoon[257]: pfkey DELETE received: ESP 192.168.55.12[4500]->108.46.112.181[4500] spi=25137226(0x17f904a)
Jun 6 15:25:04 profile-manager.example.com pppd[10677]: L2TP connection established.
Jun 6 15:25:04 profile-manager kernel[0]: ppp0: is now delegating en0 (type 0x6, family 2, sub-family 0)
Jun 6 15:25:04 profile-manager.example.com pppd[10677]: Connect: ppp0 <--> socket[34:18]
Jun 6 15:25:04 profile-manager.example.com pppd[10677]: CHAP peer authentication failed for alex
Jun 6 15:25:04 profile-manager.example.com pppd[10677]: Connection terminated.
Jun 6 15:25:04 profile-manager.example.com pppd[10677]: L2TP disconnecting...
Jun 6 15:25:04 profile-manager.example.com pppd[10677]: L2TP disconnected
Jun 6 15:25:04 profile-manager.example.com vpnd[10317]: --> Client with address = 192.168.55.217 has hung up
© Server Fault or respective owner