L2TP / CHAP Authentication Faliure OS X Server Yosemite 10.10.1

Similar Messages

• VPN Settings Server Admin L2TP PPP Authentication Kereberos option dimmed?

  Hi. I set up my 10.4 server as an open directory master. Kerberos works on the LAN for single signon.
  I am trying to configure VPN service now. When I go to the "Settings" section of VPN in Server Admin, under L2TP, "PPP Authentication", MS-CHAPv2 is selectable but "Kerberos" is dimmed, i.e. I can't select it. What do I need to do to be able to used Kerberos here?
  Thanks,

  Thanks BrianFL. This helps hugely. Yes, I just to set up a simple filesharing VPN not the kind of VPN that bypass Internet censorship. I use ethernet connection directly from my router yes.
  1. I just need to use the server app to set up a VPN and port forwarding. That is it?
  2. The setting I have made according to the guide with Server Admin Tools seems never going away, even after I deleted the server that has all the settings inside Server Admin Tools. Upon creating a new server inside Server Admin Tools, the new server inherits all the settings from the one I just deleted. Any idea how I can restore to Server Admin Tools's defaults settings?
  3. Even VNC (I use RealVNC) on the mini stopped working after I made changes according to the guide and deleted all the changes I can find. What is the address format for lion's build in VNC (192.168.0.100:5800?) like? I forgot how it is.
  Thanks so much!

• VPN - CHAP authentication failed

  I am currently running a Mac mini server with 10.8.2 installed. I can connect to my VPN when connected to the internal network with the same credentials I'm trying when connecting externally, however I am not able to connect externally. The VPN server log says...
  Wed Jan  9 19:05:45 2013 : PPTP incoming call in progress from 'XXX.XXX.XXX.XXX'...Wed Jan  9 19:05:45 2013 : PPTP connection established.
  Wed Jan  9 19:05:45 2013 : using link 0
  Wed Jan  9 19:05:45 2013 : Using interface ppp0
  Wed Jan  9 19:05:45 2013 : Connect: ppp0 <--> socket[34:17]
  Wed Jan  9 19:05:45 2013 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x41729571> <pcomp> <accomp>]
  Wed Jan  9 19:05:45 2013 : rcvd [LCP ConfReq id=0x1 <mru 1400> <asyncmap 0x0> <magic 0x76af3698> <pcomp> <accomp>]
  Wed Jan  9 19:05:45 2013 : lcp_reqci: returning CONFACK.
  Wed Jan  9 19:05:45 2013 : sent [LCP ConfAck id=0x1 <mru 1400> <asyncmap 0x0> <magic 0x76af3698> <pcomp> <accomp>]
  Wed Jan  9 19:05:48 2013 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x41729571> <pcomp> <accomp>]
  Wed Jan  9 19:05:48 2013 : rcvd [LCP ConfAck id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x41729571> <pcomp> <accomp>]
  Wed Jan  9 19:05:48 2013 : sent [LCP EchoReq id=0x0 magic=0x41729571]
  Wed Jan  9 19:05:48 2013 : sent [CHAP Challenge id=0xcc <1b0470764c2477634532244f7056405b>, name = "server.robertsteeter.private"]
  Wed Jan  9 19:05:48 2013 : rcvd [LCP ConfReq id=0x2 <mru 1400> <asyncmap 0x0> <magic 0x5fbceae0> <pcomp> <accomp>]
  Wed Jan  9 19:05:48 2013 : sent [LCP ConfReq id=0x2 <asyncmap 0x0> <auth chap MS-v2> <magic 0x772dcec9> <pcomp> <accomp>]
  Wed Jan  9 19:05:48 2013 : lcp_reqci: returning CONFACK.
  Wed Jan  9 19:05:48 2013 : sent [LCP ConfAck id=0x2 <mru 1400> <asyncmap 0x0> <magic 0x5fbceae0> <pcomp> <accomp>]
  Wed Jan  9 19:05:48 2013 : rcvd [LCP ConfAck id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x41729571> <pcomp> <accomp>]
  Wed Jan  9 19:05:48 2013 : rcvd [LCP ConfAck id=0x2 <asyncmap 0x0> <auth chap MS-v2> <magic 0x772dcec9> <pcomp> <accomp>]
  Wed Jan  9 19:05:48 2013 : sent [LCP EchoReq id=0x0 magic=0x772dcec9]
  Wed Jan  9 19:05:48 2013 : sent [CHAP Challenge id=0x6a <65334e292e400860457a3e710278142e>, name = "server.robertsteeter.private"]
  Wed Jan  9 19:05:48 2013 : rcvd [LCP EchoRep id=0x0 magic=0x5fbceae0]
  Wed Jan  9 19:05:48 2013 : rcvd [CHAP Response id=0x6a <3c2c0bb90568f62f5ada84294038e828000000000000000032bf450620bf278e54e8d70b5ed48a 4a5567f528df9194bd00>, name = "matt"]
  Wed Jan  9 19:05:48 2013 : DSAuth plugin: unsupported authen authority: recved ShadowHash;HASHLIST:<SMB-NT,CRAM-MD5,RECOVERABLE,SALTED-SHA512-PBKDF2>, want ApplePasswordServer
  Wed Jan  9 19:05:48 2013 : DSAuth plugin: MPPE key required, but its retrieval failed.
  Wed Jan  9 19:05:48 2013 : sent [CHAP Failure id=0x6a "S=D43D9FBA673744184953601DBB181A5E9B2FF9C9 M=Access granted"]
  Wed Jan  9 19:05:48 2013 : CHAP peer authentication failed for matt
  Wed Jan  9 19:05:48 2013 : sent [LCP TermReq id=0x3 "Authentication failed"]
  Wed Jan  9 19:05:48 2013 : Connection terminated.
  Wed Jan  9 19:05:48 2013 : PPTP disconnecting...
  Wed Jan  9 19:05:48 2013 : PPTP disconnected
  2013-01-09 19:05:48 EST    --> Client with address = 192.168.100.241 has hungup
  Not sure what the issue is, however I'm sure I have the username/password and shared secret all correct since I can connect internally. Any suggestions?

  I have a similar problem:
  OS X Server 10.3.9 running on a G3; clients running OS X 10.4.8.
  I used Server Admin to set up the server with L2TP and set the shared secret[1]; I used Internet Connect to try to get a client to connect to the server. The result is always the same: The client says "Authentication Failed" and the server's logs record the conversation (Here's the relevant part):
  ...Tue Jan 16 15:55:08 2007 : sent [CHAP Challenge id=0x1 <c9af9d6375c13e5657d49c44c6ab8259>, name = "inside"]
  Tue Jan 16 15:55:08 2007 : rcvd [LCP EchoReq id=0x0 magic=0x9101c22f]
  Tue Jan 16 15:55:08 2007 : sent [LCP EchoRep id=0x0 magic=0xf01aa2]
  Tue Jan 16 15:55:08 2007 : rcvd [LCP EchoRep id=0x0 magic=0x9101c22f]
  Tue Jan 16 15:55:08 2007 : rcvd [CHAP Response id=0x1 <f27c5a611e1e9cf68c17d04d37448b6d00000000000000000f035bba35b5a714589e7292c1fba0 78d57fb3640b62a08e00>, name = "timberwoof"]
  Tue Jan 16 15:55:08 2007 : sent [CHAP Failure id=0x1 "E=691 R=1 C=C9AF9D6375C13E5657D49C44C6AB8259 V=0 M=Access denied."]
  Tue Jan 16 15:55:08 2007 : CHAP peer authentication failed for remote host timberwoof
  Tue Jan 16 15:55:08 2007 : sent [LCP TermReq id=0x2 "Authentication failed"]
  Tue Jan 16 15:55:08 2007 : rcvd [LCP TermReq id=0x2 "Failed to authenticate ourselves to peer"]
  The user 'timberwoof' exists on the server. I tried changing password type to Advanced, but there's a catch-22 situtation: no user is set up with Advanced password, and it can only be changed to that by a user using Advanced password.
  [1] Has anyone else noticed that the dialog box for setting this in Server Admin 10.4.7 is broken? It always forgets the shared secret and then complains that none has been entered.

• VPN CHAP authentication is extremely slow

  When a client connects to VPN server, its connection usually time-outs. Investigating the logs show that CHAP authentication takes almost 2 minutes to complete. No wonder that the clients time-out. Does anybody have any idea why this happens? The log looks like this:
  Fri Feb 15 14:44:57 2008 : rcvd [CHAP Response id=0xae <16d8af347907c328c8f5b372e5189d6700000000000000001ff63e1d9cb760c3ac7d3546075970 e6dcf77da48b6fdc4500>, name = "andrus"]
  Fri Feb 15 14:46:47 2008 : sent [CHAP Success id=0xae "S=F4AFFA3E4908A8963BE2F7E8F2572AF91030E0B3 M=Access granted"]
  There is 1:50 delay between lines 1 and 2.

  I don't remember exactly what I did, because I tried out so many things, but I can summarize something.
  It was my first OS X server setup and considering Apple's legendary ease of use, I didn't plan much ahead. Turns out that although it looks easy, you can end up with a bad configuration 90% of the time and this is really easy.
  My planning was bad in a lot of ways.
  1) I configured both network interfaces at first assigning static IP-s. Turns out that when I later disabled the use of the second interface because I didn't need it, the configuration records about this interface were left in many places in the system, notably the Kerberos and Open Directory.
  2) I setup a local DNS server and used DNS domain name ".local" - a very bad idea, because it turned out that Bonjour (mDNS) uses that same name causing delays and conflicts. The idea was to setup the .local domain on the public IP addresses at first and later move over to private address use (192.168.x.x). Whenever you want to setup your own DNS on that same server and serve addresses that include your server's IP, then you absolutely MUST setup the DNS temporarily on another computer. After you have installed OS X you are free to migrate it over to it. You have to have all DNS records in place before you start the install, because Kerberos will be setu using the nane obtained using reverse lookup.
  I think the second mistake caused the most of the trouble, but stray IP address records were also a nuisance. In the end I made a clean install with 10.4.11 instead of Leopard.

• How to remove custom authentication provider in weblogic server 11g

  Hi ,
  I am trying to remove the custom authentication provider in weblogic server 11g, It disappears when i delete it from list of authentication providers. But upon server restart it appears again.
  Documentation for 10g says delete it from service administration but i couldn't find one in 11g. Please help me in removing the custom authentication provider
  Thanks
  Sandeep

  You can try editing the config.xml file and removing it there. (Re: After provider reorder I cannot login admin server console
  If you are referring to a jar file - custom authenticators are usually placed in the <middleware-home>wlserver_10.3/server/lib/mbeantypes/ directory.

• Windows Authentication on SP 14 Server

  Hi,
  i want to achieve Windows Authentication on SP 14 Server.
  which is the best way?
  Thanks in advance
  Regards,
  Bobu

  You can go for Kerberos Authentication. There are plenty of weblogs and forum discussions on this.
  Windows Integrated Authentication via Kerberos on an LDAP data source
  https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/library/uuid/b69f6f89-0a01-0010-1198-ba7fff95a2ec
  Regards,
  Piyush
  ps: please award points if useful.

• New install of SQL 2014 Std MSDN. Get "The SQL Server product key is not valid. To proceed, re-enter the product key values from the Certificate of Authenticity (COA) or SQL Server packaging."

  Trying to install a new version of SQL 2014 Std 64 or x86. Installing on Windows 8.1Pro 64bit machine.
  I get:
  "TITLE: SQL Server Setup failure.
  SQL Server Setup has encountered the following error:
  The SQL Server product key is not valid. To proceed, re-enter the product key values from the Certificate of Authenticity (COA) or SQL Server packaging.
  Error code 0x858C0017."
  I looked at the summary log and that is the only error.
  I made sure there were no other instances of SQL on this machine. Uninstalled all VS2013 and sql instances just in case. IF there is somewhere to check if a previous version or license is causing the issue, i would be glad to check.
  Any help would be appreciated.

  Hi,
  Please read this thread with similar issue
  http://social.msdn.microsoft.com/Forums/sqlserver/en-US/bdd94577-515c-49fa-be44-008eacece057/installing-sql-server-2012-on-a-new-vm-error-code-0x858c0017?forum=sqlsetupandupgrade
  Please mark this reply as answer if it solved your issue or vote as helpful if it helped so that other forum members can benefit from it
  My Technet Articles

• Web Authentication with MS IAS Server

  I'm trying to configure my 2106 WLC to authenticate with an MS IAS Radius Server. I had this working, but my boss did not want to do any configuration on the client side and now wants to do all authentication through Web authentication with the Radius server. The wireless client connects and is redirected to the login page like they're supposed to, but when I enter my credentials the login fails. However, if I enter the login of a local user to the controller the authentication works.
  I see in the logs the following error: AAA Authentication Failure for UserName:chevym User Type: WLAN USER. The authentication is reaching the server too, but the logs don't tell you much.
  Here is what is in the server logs: 192.168.0.77,chevym,07/29/2008,05:58:16,IAS,TESTLAB1,25,311 1 192.168.0.221 07/28/2008 17:27:10 48,4127,2,4130,TESTLAB\chevym,4129,TESTLAB\chevym,4154,Use Windows authentication for all users,4155,1,4128,Wireless LAN Controller,4116,9,4108,192.168.0.77,4136,3,4142,19
  I don't really understand any of that and I'm not really sure if I have the server itself configured correctly for what I want to do. Does anyone have instructions on how to do this?

  I had another thread going on this, but since it appears to be an IAS problem, I've been posting on the MS forum instead of here.
  I'm trying to set up wireless laptop-WLC-IAS authentication using PEAP.
  The machine authenticates on boot, but any login by any user results in this message in the Windows Event log on the IAS server:
  Event Type: Warning
  Event Source: IAS
  Event Category: None
  Event ID: 2
  Date: 9/3/2008
  Time: 11:00:55 PM
  User: N/A
  Computer: DC1
  Description:
  User SCOTRNCPQ003.scdl.local was denied access.
  Fully-Qualified-User-Name = SCDL\SCOTRNCPQ003.scdl.local
  NAS-IP-Address = 10.10.10.10
  NAS-Identifier = scohc0ciswlc
  Called-Station-Identifier = 00-21-55-C0-7D-70:Domain Staff
  Calling-Station-Identifier = 00-90-4B-4C-92-B7
  Client-Friendly-Name = WLAN Controller
  Client-IP-Address = 10.10.10.10
  NAS-Port-Type = Wireless - IEEE 802.11
  NAS-Port = 29
  Proxy-Policy-Name = Use Windows authentication for all users
  Authentication-Provider = Windows
  Authentication-Server =
  Policy-Name =
  Authentication-Type = EAP
  EAP-Type =
  Reason-Code = 8
  Reason = The specified user account does not exist.
  The policy is the default connection policy created when installing IAS.
  In ADUC, I've tried setting both the machine and users Dial-In properties to Allow Access or Control through policy, with the same result.
  I've gone through the policy and there isn't anything there, other than the Day-Time rule which is set to allow access for all hours of the whole day, every day.
  In the last few days, I've read about the Ignore User Dial In properties, but can't find where/how you set this.
  It sounded to me as if this had been resolved in this thread, so I wanted to know how this had been accomplished.

• Fatal error: Client does not support authentication protocol requested by server; consider upgrading MySQL client

  Fatal error: Client does not support authentication protocol
  requested by server; consider upgrading MySQL client in
  /homepages/28/d74942468/htdocs/cosmic/sites/onlinemove/Connections/db.php
  on line 9
  This is the error that comes up on the server where the site
  sits. The database is working on my local machine with the local
  settings, but wont connect due to the above.
  I think im using MySQL client 3.23 How do i upgrade?
  I found this on MySQL site:
  http://dev.mysql.com/doc/refman/5.0/en/old-client.html
  I'm not sure how to edit the connection string to make it
  accept the vaules.

  The_FedEx_Guy wrote:
  > Fatal error: Client does not support authentication
  protocol requested by
  > server; consider upgrading MySQL client in
  >
  /homepages/28/d74942468/htdocs/cosmic/sites/onlinemove/Connections/db.php
  on
  > line 9
  > I think im using MySQL client 3.23 How do i upgrade?
  The MySQL client that the error refers to isn't the version
  of MySQL,
  but the MySQL library bundled with PHP. It sounds as though
  your hosting
  company has upgraded to MySQL 4.1 or higher, but is still
  using PHP 4.
  > I'm not sure how to edit the connection string to make
  it accept the vaules.
  You can't. It's the way that the user account passwords are
  stored in
  MySQL. You need to get the hosting company to upgrade to PHP
  5 or to
  reset the passwords in MySQL using the OLD_PASSWORD()
  function. This
  needs to be done by someone with top-level administrative
  privileges on
  the database.
  David Powers, Adobe Community Expert
  Author, "Foundation PHP for Dreamweaver 8" (friends of ED)
  Author, "PHP Solutions" (friends of ED)
  http://foundationphp.com/

• Continous Authentication Popup for PI server while testing ABAP webservice

  Hi All,
  While testing ABAP webservice,authentication window for PI server pops up continously.
  I have created web service from SE37 for Z function module which is remote enabled.
  I can see that service and endpoint is created automatically.
  I have also given PI server credentials in SOAMANAGER->Technical Configuration->System Global settings->Access Information J2EE server.
  Can somebody please help in testing the web service created from FM.
  I have already gone through a lot of links but still need your expertise on this.
  Thanks in advace,
  Saurabh

  Hi
  Are you testing through WSNavigator. WSN  needs a java stack and  you have already set the corresponding setting.
  Please check if the User is locked.
  I think in gerenral PI credentials will be asked everytime you open WS navigator link.But once you provide the correct user it should not pop up again and u should be able to test.
  Regards.
  Srinivas

• Is there any way to add SQL Server 2008 R2 "SQL Authentication" logins to SQL Server Integration Services

  Hi Experts, 
  We have a way to add the Windows Authentication-logins /OS users  in SSIS
  Component Services -> Computers -> My Computer -> DCOM Config -> MSDTSServer
  Right click on MSDTSServer
  Click properties
  Click on the Security tab
  Select Customize and add the users/groups to the Launch/Activation and Access tabs accordingly
  Add the user to the local Distributed COM Users group
  Restart the SSIS service
  +++But do we have a way to add SQL Server Authetication logins to SSIS, Please clarify me 
  Prem Gokull

  Hi PREM,
  If I understand correctly, you want to use SQL Server Authentication log to SQL Server Integration Services.
  Based on my research, only Microsoft Windows Authentication is available for SSIS. So we cannot use SQL Server Authentication log to SQL Server Integration Services. Besides, we can only add OS users in the DCOM Config permission area.
  Reference:
  Connect to Server (Integration Services)
  Thanks,
  Katherine Xiong
  Katherine Xiong
  TechNet Community Support

• LaCie Raid manager unable to access localhost:8845 in OS X server Yosemite

  I am running OS X server Yosemite. I have an external LaCie RAID Storage box. The RAID manager software that comes with the LaCie communicates settings by accessing the hardware via a web browser (ie. localhost:8845). I am able to access this port on my macbook pro just running OS X Yosemite but when I plug the hardware into my OS X server, that access is blocked.
  Can anyone provide me with instructions to allow browser connection to the localhost.  I assume it is an apache2 problem. But maybe that is just my guess.
  Thank you in advance.

  Hi,
  Got a reply from LaCie, they are aware of this problem and are working on a permanent fix. In the meanwhile I got a zip file, which contained a terminal.command file from which I have posted the code here, you need to save that file as an executable so you can run it.
  As always create a backup first, goodluck!
  #!/bin/sh
  if sw_vers -productVersion|grep 10.10 >/dev/null
  then
  `cat << EOF > ~/lrm.conf
  LoadModule php5_module /usr/share/lrm/apacheForOs10/modules/libphp5.so
  Listen 8845
  <VirtualHost *:8845>
  ServerName localhost:8845
  DocumentRoot "/usr/share/lrm/root"
  ServerAdmin [email protected]
  ErrorLog "/usr/share/lrm/apacheForOs10/logs/error_log"
  CustomLog "/usr/share/lrm/apacheForOs10/logs/error_log" common
  LogLevel warn
  TraceEnable off
  UserDir disabled
  </VirtualHost>
  <Directory "/usr/share/lrm/root">
      Options FollowSymLinks Multiviews
      MultiviewsMatch Any
      AllowOverride None
      Require all granted
  </Directory>
  AliasMatch /MSU/(.*) "/usr/share/lrm/root/$1"
  AliasMatch /MSu/(.*) "/usr/share/lrm/root/$1"
  AliasMatch /Msu/(.*) "/usr/share/lrm/root/$1"
  AliasMatch /msu/(.*) "/usr/share/lrm/root/$1"
  EOF`
  else
  if sw_vers -productVersion|grep 10.9 >/dev/null
  then
  `cat << EOF > ~/lrm.conf
  LoadModule php5_module /usr/share/lrm/apacheForOs9/modules/libphp5.so
  Listen 8845
  <VirtualHost *:8845>
  ServerName localhost:8845
  DocumentRoot "/usr/share/lrm/root"
  ServerAdmin [email protected]
  ErrorLog "/usr/share/lrm/apacheForOs10/logs/error_log"
  CustomLog "/usr/share/lrm/apacheForOs10/logs/error_log" common
  LogLevel warn
  TraceEnable off
  UserDir disabled
  </VirtualHost>
  <Directory "/usr/share/lrm/root">
      Options Indexes FollowSymLinks Multiviews
      AllowOverride None
      Order allow,deny
      Allow from all
  </Directory>
  AliasMatch /MSU/(.*) "/usr/share/lrm/root/$1"
  AliasMatch /MSu/(.*) "/usr/share/lrm/root/$1"
  AliasMatch /Msu/(.*) "/usr/share/lrm/root/$1"
  AliasMatch /msu/(.*) "/usr/share/lrm/root/$1"
  EOF`
  else
  echo "Unsupported Mac OS system version";
  exit 5;
  fi
  fi
  if [ -d /usr/share/lrm ]
  then
    echo "Will update Mac OS apache Server configuration";
  else
    echo "failed to locate LaCie Raid Manager directory";
    exit 6;
  fi
  if [ -f ~/lrm.conf ]
  then
    sudo cp ~/lrm.conf /etc/apache2/other
  else
    echo “Error: Missing LRM config file”;
    exit 1;
  fi
  if [ $? -ne 0 ]
  then
    echo “failed to copy lm config file”;
    exit 2;
  else
    rm $(pwd)/lrm.conf;
  fi
  if [ -f /etc/apache2/other/lrm.conf ]
  then
    sudo mv /Library/LaunchDaemons/com.lacie.WebService.plist /Library/LaunchDaemons/com.lacie.WebService.backup;
  else
    echo “Error: Missing LRM config file for apache”;
    exit 3;
  fi
  if [ $? -ne 0 ]
  then
    echo “failed to backup WebService file”;
    exit 4;
  fi
  sudo httpd -k stop;
  sudo apachectl start;
  echo "Successfully reconfigure Apache server"

• Dead broadband - LCP down, CHAP authentication fai...

  Hi
  I am unable to connect to my BT broadband since last night.  I've tried multiple routers, and have confirmed that I have entered my username correctly (without the @btinternet.com bit on the end).
  My routers tell me that LCP is down and CHAP authentication failed, which normally means a wrong username/password combination - but that's definitely not being entered incorrectly.  Trust me, I've done it a hundred times.
  I've also performed hardware resets on my router.  I *can* get through to the test page if I give my username as bt_test@startup_domain but nothing else works.
  What number do i phone at BT to get them to look into this?  As I feel there must be something wrong at their end.
  I only run Macs, so can't try the Broadband Test diagnostic wotsit.
  Many thanks!!

  I agree with banz as to the username, and there's no password.
  If you are getting an ADSL sync (i.e. it's showing a connection speed), but you are unable to connect, then this could be a problem at the exchange. I had this happen to me a few weeks ago. It turned out that someone had been working at the exchange and switched my line to a different circuit when they shouldn't have done.

• Native iOS L2TP VPN not working on Lion Server

  Hi Folks,
  I have a very strange issue concerning making VPN work on two iOS devices I have. I have recently setup Lion Server on a MacMini here in the office with L2TP VPN using a shared secrert phrase and a password authentication.
  I have Lion running on an a MacBook Air (which I setup VPN using the provisioning profile "VPN.mobileprovision") and Snow Leopard running on an iMac. (VPN was set up manually). Both systems have been tested to work both inside and outsideof my internal network as I have tested with an air card.
  I also have an iPhone running 4.3.4/4.3.5 that I setup by emailing the provisioning profile and and iPad 1 running iOS 5 beta 4 setup with the vpn provisioning profile. Neither the iPad nor iPhone seem to work at all either internally nor externally. In fact I never see any activity in the vpnd.log when I attempt to connect to with these devices. All I get is the standard "The L2TP-VPN server did not respond. Try reconnecting. ..."
  Based on my success with the OSX Clients both inside and outside my local network I feel it is safe to say that I do not think the issue resides on the Lion Server nor the network/firewall configuration. I am running a Time Capsule with FW 7.5.2/7.4.2. There was no change in behavior with either version of the Time capsule firmware for the clients whether they were OSX or iOS. I must be clearly missing something here and I don't know what. Any help any of you could provide would be greatly appreciated. Thanks!
  Please see the below settings for my VPN Settings on the host and iOS client
  root# serveradmin settings vpn
  vpn:vpnHost = ""
  vpn:Servers:com.apple.ppp.pptp:Server:Logfile = "/var/log/ppp/vpnd.log"
  vpn:Servers:com.apple.ppp.pptp:Server:VerboseLogging = 1
  vpn:Servers:com.apple.ppp.pptp:Server:MaximumSessions = 128
  vpn:Servers:com.apple.ppp.pptp:DNS:OfferedSearchDomains:_array_index:0 = "ri.cox.net"
  vpn:Servers:com.apple.ppp.pptp:DNS:OfferedServerAddresses:_array_index:0 = "192.168.15.1"
  vpn:Servers:com.apple.ppp.pptp:Radius:Servers:_array_index:0:SharedSecret = "1"
  vpn:Servers:com.apple.ppp.pptp:Radius:Servers:_array_index:0:Address = "1.1.1.1"
  vpn:Servers:com.apple.ppp.pptp:Radius:Servers:_array_index:1:SharedSecret = "2"
  vpn:Servers:com.apple.ppp.pptp:Radius:Servers:_array_index:1:Address = "2.2.2.2"
  vpn:Servers:com.apple.ppp.pptp:enabled = no
  vpn:Servers:com.apple.ppp.pptp:Interface:SubType = "PPTP"
  vpn:Servers:com.apple.ppp.pptp:Interface:Type = "PPP"
  vpn:Servers:com.apple.ppp.pptp:PPP:LCPEchoFailure = 5
  vpn:Servers:com.apple.ppp.pptp:PPP:DisconnectOnIdle = 1
  vpn:Servers:com.apple.ppp.pptp:PPP:AuthenticatorEAPPlugins:_array_index:0 = "EAP-RSA"
  vpn:Servers:com.apple.ppp.pptp:PPP:AuthenticatorACLPlugins:_array_index:0 = "DSACL"
  vpn:Servers:com.apple.ppp.pptp:PPP:CCPEnabled = 1
  vpn:Servers:com.apple.ppp.pptp:PPP:IPCPCompressionVJ = 0
  vpn:Servers:com.apple.ppp.pptp:PPP:ACSPEnabled = 1
  vpn:Servers:com.apple.ppp.pptp:PPP:LCPEchoEnabled = 1
  vpn:Servers:com.apple.ppp.pptp:PPP:LCPEchoInterval = 60
  vpn:Servers:com.apple.ppp.pptp:PPP:MPPEKeySize128 = 1
  vpn:Servers:com.apple.ppp.pptp:PPP:AuthenticatorProtocol:_array_index:0 = "MSCHAP2"
  vpn:Servers:com.apple.ppp.pptp:PPP:MPPEKeySize40 = 0
  vpn:Servers:com.apple.ppp.pptp:PPP:AuthenticatorPlugins:_array_index:0 = "DSAuth"
  vpn:Servers:com.apple.ppp.pptp:PPP:Logfile = "/var/log/ppp/vpnd.log"
  vpn:Servers:com.apple.ppp.pptp:PPP:VerboseLogging = 1
  vpn:Servers:com.apple.ppp.pptp:PPP:DisconnectOnIdleTimer = 7200
  vpn:Servers:com.apple.ppp.pptp:PPP:CCPProtocols:_array_index:0 = "MPPE"
  vpn:Servers:com.apple.ppp.pptp:IPv4:ConfigMethod = "Manual"
  vpn:Servers:com.apple.ppp.pptp:IPv4:DestAddressRanges:_array_index:0 = "192.168.15.224"
  vpn:Servers:com.apple.ppp.pptp:IPv4:DestAddressRanges:_array_index:1 = "192.168.15.254"
  vpn:Servers:com.apple.ppp.pptp:IPv4:OfferedRouteAddresses = _empty_array
  vpn:Servers:com.apple.ppp.pptp:IPv4:OfferedRouteTypes = _empty_array
  vpn:Servers:com.apple.ppp.pptp:IPv4:OfferedRouteMasks = _empty_array
  vpn:Servers:com.apple.ppp.l2tp:Server:LoadBalancingAddress = "1.2.3.4"
  vpn:Servers:com.apple.ppp.l2tp:Server:MaximumSessions = 128
  vpn:Servers:com.apple.ppp.l2tp:Server:LoadBalancingEnabled = 0
  vpn:Servers:com.apple.ppp.l2tp:Server:Logfile = "/var/log/ppp/vpnd.log"
  vpn:Servers:com.apple.ppp.l2tp:Server:VerboseLogging = 1
  vpn:Servers:com.apple.ppp.l2tp:DNS:OfferedSearchDomains:_array_index:0 = "ri.cox.net"
  vpn:Servers:com.apple.ppp.l2tp:DNS:OfferedServerAddresses:_array_index:0 = "192.168.15.1"
  vpn:Servers:com.apple.ppp.l2tp:Radius:Servers:_array_index:0:SharedSecret = "1"
  vpn:Servers:com.apple.ppp.l2tp:Radius:Servers:_array_index:0:Address = "1.1.1.1"
  vpn:Servers:com.apple.ppp.l2tp:Radius:Servers:_array_index:1:SharedSecret = "2"
  vpn:Servers:com.apple.ppp.l2tp:Radius:Servers:_array_index:1:Address = "2.2.2.2"
  vpn:Servers:com.apple.ppp.l2tp:enabled = yes
  vpn:Servers:com.apple.ppp.l2tp:Interface:SubType = "L2TP"
  vpn:Servers:com.apple.ppp.l2tp:Interface:Type = "PPP"
  vpn:Servers:com.apple.ppp.l2tp:PPP:LCPEchoFailure = 5
  vpn:Servers:com.apple.ppp.l2tp:PPP:DisconnectOnIdle = 1
  vpn:Servers:com.apple.ppp.l2tp:PPP:AuthenticatorEAPPlugins:_array_index:0 = "EAP-KRB"
  vpn:Servers:com.apple.ppp.l2tp:PPP:AuthenticatorACLPlugins:_array_index:0 = "DSACL"
  vpn:Servers:com.apple.ppp.l2tp:PPP:VerboseLogging = 1
  vpn:Servers:com.apple.ppp.l2tp:PPP:IPCPCompressionVJ = 0
  vpn:Servers:com.apple.ppp.l2tp:PPP:ACSPEnabled = 1
  vpn:Servers:com.apple.ppp.l2tp:PPP:LCPEchoInterval = 60
  vpn:Servers:com.apple.ppp.l2tp:PPP:LCPEchoEnabled = 1
  vpn:Servers:com.apple.ppp.l2tp:PPP:AuthenticatorProtocol:_array_index:0 = "MSCHAP2"
  vpn:Servers:com.apple.ppp.l2tp:PPP:AuthenticatorPlugins:_array_index:0 = "DSAuth"
  vpn:Servers:com.apple.ppp.l2tp:PPP:Logfile = "/var/log/ppp/vpnd.log"
  vpn:Servers:com.apple.ppp.l2tp:PPP:DisconnectOnIdleTimer = 7200
  vpn:Servers:com.apple.ppp.l2tp:IPSec:SharedSecretEncryption = "Keychain"
  vpn:Servers:com.apple.ppp.l2tp:IPSec:LocalIdentifier = ""
  vpn:Servers:com.apple.ppp.l2tp:IPSec:SharedSecret = "com.apple.ppp.l2tp"
  vpn:Servers:com.apple.ppp.l2tp:IPSec:AuthenticationMethod = "SharedSecret"
  vpn:Servers:com.apple.ppp.l2tp:IPSec:RemoteIdentifier = ""
  vpn:Servers:com.apple.ppp.l2tp:IPSec:IdentifierVerification = "None"
  vpn:Servers:com.apple.ppp.l2tp:IPSec:LocalCertificate = <>
  vpn:Servers:com.apple.ppp.l2tp:IPv4:ConfigMethod = "Manual"
  vpn:Servers:com.apple.ppp.l2tp:IPv4:DestAddressRanges:_array_index:0 = "192.168.15.241"
  vpn:Servers:com.apple.ppp.l2tp:IPv4:DestAddressRanges:_array_index:1 = "192.168.15.249"
  vpn:Servers:com.apple.ppp.l2tp:IPv4:OfferedRouteAddresses = _empty_array
  vpn:Servers:com.apple.ppp.l2tp:IPv4:OfferedRouteTypes = _empty_array
  vpn:Servers:com.apple.ppp.l2tp:IPv4:OfferedRouteMasks = _empty_array
  vpn:Servers:com.apple.ppp.l2tp:L2TP:Transport = "IPSec"

  Issue is resolved. I used the initial random generated shared secret that was generated by Lion Server. The shared secret has special characters. IOS did not like the special characters. See iPhone Console Log below:
  Jul 26 20:00:36 iPhone-4 racoon[718] <Info>: [718] INFO: @(#)This product linked OpenSSL 0.9.7l 28 Sep 2006 (http://www.openssl.org/)
  Jul 26 20:00:36 iPhone-4 racoon[718] <Info>: [718] INFO: Reading configuration from "/etc/racoon/racoon.conf"
  Jul 26 20:00:36 iPhone-4 racoon[718] <Info>: [718] ERROR: /var/run/racoon/68.9.232.78.conf:6: "?gLA" syntax error
  Jul 26 20:00:36 iPhone-4 racoon[718] <Info>: [718] ERROR: fatal parse failure (1 errors)
  That is why I never saw any attempt to connect. The actual process would bomb out before attempting to make a connection to the server.
  The shared secret key was:
  Y|WNwvM_O"?gLA$F@adT
  Looks like it was the " or the ? symbols.
  Once I changed the shared secret key the issue went away and the iPhone and iPad could connect to vpn without issue.
  Figured I'd let you all know

• 802.1X Novell Chap authentication problems

  Ok, I've got FreeRadius up and authenticating successfully to eDir with
  LDAP. If I boot workstation only and use the built in Microsoft
  supplicant, etc. PEAP MSCHAP, I can authenticate to my access point
  using my edir credentials. Then I can click on the Novell client and log
  into the network.
  If I turn on the Novell Client 491sp4 802.1X support which puts in the
  Novell Chap as the authentication method it stops working. The
  Freeradius server shows the error <no password attribute> just as if my
  Universal Password wasn't set. But it is because it works with MSChap as
  the authentication method.
  I've applied all the Microsoft KB patches for WiFi I can find listed
  here in the listserv. Even the one that you have to submit to MS to
  receive 923154. I've set supplicant mode to 3 in the registry. I'm
  really at a loss.
  I'd just love to have the Novell Client do single sign on to our WPA
  protected wireless. Any advise is greatly appreciated. I see some of you
  have it working with minor problems. Can you help this long time Netware
  user since 2.X in college get it going too?
  Thanks in advance.
  -Nyle

  Nyle F. Landas wrote:
  > If I turn on the Novell Client 491sp4 802.1X support which puts in the
  > Novell Chap as the authentication method it stops working. The
  > Freeradius server shows the error <no password attribute> just as if my
  > Universal Password wasn't set. But it is because it works with MSChap as
  > the authentication method.
  Addendum: I've got it so if I log into Workstation only, it will
  authenticate using the Novell MSCHAP. It just won't authenticate with
  the Novell Client so that I have a single sign on.
  The error from the client changes but most of the time I get - "802.1X
  Found no connections to authenticate" Sometimes I get "802.1X
  Authentication failed. Timeout waiting for Authentication to finish.
  Logging into workstation only."
  If I set SuppliantMode to 3 it also won't even authenticate when I log
  in as workstation only. If I delete that key it will at least work at
  the workstation only.
  Again I believe I've applied all KB from Microsoft. Did I miss something
  simple? HELP, Please......
  -Nyle