Use Open Directory on Mac OS X Server for Airport authentication?

Similar Messages

• Use Open Directory for intranet web acces

  Is it possible to tap in to Open Directory user information from other services than those build into the server? And that way use the Open Directory authentication for our own home-made service?
  We plan to setup an intranet on our OS X 10.6 server. We're still not sure whether to use one of the popular Open Source cms/portal platforms such as Drupal or maybe even WordPress.
  1. I would like to use the users accounts in our Open Directory to authenticate to the intranet. Is that possible in any way?
  2. Or does anyone know of a way to modify e.g. the build in blog function and integrate that with another system such as Drupal or WordPress?
  I'm guessing there are blocks of code in the blog that handle user authentication. And if I keep them where they are on the server and include them in other Drupal files, it may be possible? Is the build in blog build on an open source system like some of the other services on Mac OS X server? A system I can read about anywhere?
  +Note: The build in blog or wiki service does not match our needs for an intranet. We need to customize it a lot to make i suit our needs.+
  3. Plan B could be to export our 100 users and passwords from Open Directory and import them in the intranet system. But as far as I know it's impossible to export the passwords. Right?
  +New users would then have to be added to both Open Directory and the separate intranet system in the future. That would be okay for working but not perfect Plan B.+

  ryanowich wrote:
  Is it possible to tap in to Open Directory user information from other services than those build into the server?
  Yes.
  And that way use the Open Directory authentication for our own home-made service?
  Sure. I have HP OpenVMS systems that are authenticating to Mac OS X Server boxes. LDAP has a callable interface for applications written in most any active programming language, and many packages already have LDAP support.
  We plan to setup an intranet on our OS X 10.6 server. We're still not sure whether to use one of the popular Open Source cms/portal platforms such as Drupal or maybe even WordPress.
  You need to narrow your requirements and your ideas somewhat, and work toward a list of features.
  I have some discussions posted of what I went through when I ended up picking Drupal.
  1. I would like to use the users accounts in our Open Directory to authenticate to the intranet. Is that possible in any way?
  Network servers (Apache, DHCP, etc) can authenticate to LDAP, but (once granted access via DHCP and RADIUS, or analogous) clients don't usually further authenticate.
  Within Drupal, the [Drupal|http://drupal.org] module [ldapauth|http://drupal.org/node/118092] would be worth a test. That's an available connection into LDAP. (Haven't prototyped that module, though.)
  2. Or does anyone know of a way to modify e.g. the build in blog function and integrate that with another system such as Drupal or WordPress?
  You're apparently not familiar with Drupal. You might want to learn more about it, and particularly its extensibility. Drupal can be connected to some refrigerators, if you were inclined to do so.
  I'm guessing there are blocks of code in the blog that handle user authentication. And if I keep them where they are on the server and include them in other Drupal files, it may be possible? Is the build in blog build on an open source system like some of the other services on Mac OS X server? A system I can read about anywhere?
  Including random blocks of code isn't a strategy for success. Understanding the basics of how the pieces fit together tends to be a better strategy. For Drupal, there's always the [Drupal documentation|http://drupal.org/documentation], or the available books on the CMS. Or you can call in somebody that's done this stuff.
  +Note: The build in blog or wiki service does not match our needs for an intranet. We need to customize it a lot to make i suit our needs.+
  The built-in services are limited, yes. I've been running Drupal on Mac OS X Server for years now.
  3. Plan B could be to export our 100 users and passwords from Open Directory and import them in the intranet system. But as far as I know it's impossible to export the passwords. Right?
  I would sincerely hope you don't get the passwords out of your authentication system. That would be bad. Cleartext passwords are bad news. You don't want that ability.
  +New users would then have to be added to both Open Directory and the separate intranet system in the future. That would be okay for working but not perfect Plan B.+
  That would be a hassle.
  And I've tested with Wordpress on Mac OS X Server, but haven't deployed it in production. I'll leave discussions of its features and capabilities to others. That written, you might try the [Wordpress web site|http://Wordpress.org], as I'd expect there would be discussions of LDAP there.
  I'd suggest determining your requirements, otherwise you're going to flail around given the numbers of options an alternatives here. If you have your requirements, then you have a framework to pick your tools. [Here is what I looked at when I picked Drupal|http://labs.hoffmanlabs.com/node/100].

• Autherntication using Open Directory and NO home folder

  We are looking to set up an Open Directory on a Snow Leopard server in our medium sized company - we would like to use it for Single Sign On authentication but do not want to create home folders on the server. All we want OD to do is authenticate
  We have been able to authenticate using OD bound and unbound but both need home folders. Is there a way to have no home holder and still authenticate?
  thanks

  What I did was in WGM select a user account. Then select the Home tab. Click the + button to add a home folder. In the sheet that drops down, in the bottom box put /Users/username. Leave the other boxes blank. This will create a home folder locally on whatever machine the user logs into.

• Using Open Directory as a Shared Address Book?

  Is there an elegant way to use Open Directory as a means of creating 'contacts' and their standard information without creating user account on OS X Server?

  Have a look here:
  http://www.addressbookserver.com/j2anywhere/index.jsp

• Reporting Services through ISA server for All Authenticated Users

  Hello colleagues.
  I have MS SQL 2012 server with Reporting Services and it work via link:
  https://reports2.domain.com/reports
  In LAN all work fine, but I want publish this resource via ISA for All Authenticated Users.
  When in publish rule I configure (in Condition) "All users" - all work fine, but when I configure "All Authenticated Users" - I have trouble on web form on
  https://reports2.domain.com/reports/Pages/Report.aspx?ItemPat...  - scripts not work, because it run how "anonymous" (I see on ISA logging) and ISA block scripts.
  I can't use "All Users", because it's not secure.
  Maybe somebody publish Reporting Services through ISA server for All Authenticated Users?
  OR maybe - how on Reporting Services configure Negotiate authenticated for scripts?

  Hi Alexander,
  All users or applications who request access to report server content or operations must be authenticated using the authentication type configured on the report server before access is allowed. The AuthenticationType named RSWindowsNegotiate is supported
  by Reporting Services. To configure Windows Authentication on the Report Server, please see:
  http://msdn.microsoft.com/en-us/library/cc281253(v=sql.110).aspx
  Besides, we can publish report server via ISA server. Please note that you should use a new web port number with a new listener which shouldn’t be used by other web site for report server. Reference:
  http://social.technet.microsoft.com/Forums/forefront/en-US/1cc68996-1ce6-4d88-a30d-2bfd13fba06e/how-to-publish-ssrs-2008-through-isa-2006?forum=Forefrontedgegeneral
  Hope this helps.
  Thanks,
  Katherine Xiong
  Katherine Xiong
  TechNet Community Support
  Katherine thanks for answer.
  Report Server service started as Domain account.
  I have in RSReportServer.config this:
  <Authentication>
  <AuthenticationTypes>
  <RSWindowsNegotiate />
  </AuthenticationTypes>
  <RSWindowsExtendedProtectionLevel>Allow</RSWindowsExtendedProtectionLevel>
  <RSWindowsExtendedProtectionScenario>Proxy</RSWindowsExtendedProtectionScenario>
  <EnableAuthPersistence>true</EnableAuthPersistence>
  </Authentication>
  In web.config I have this:
  <authentication mode="Windows" />
      <identity impersonate="true" />
  I can go (from Internet through ISA) to
  https://reports2.domain.com/reports  and LogOn Authentication is work, but scripts not work, because it run how "anonymous" (I see this on ISA logging) and ISA block scripts.
  Do you know where in Reporting Services configure run scripts with Negotiate authentication?

• Configuring OSX 10.6.8 server for Airport.

  How do I configure OSX 10.6.8 server for Airport when only configured for ethernet? I am moving to an un-cabled and non-ethernet environment. Is it straightforward and do-able by a moderately informed amateur?

  Bridged mode — what's more commonly called an "Access Point" or an "AP" configuration — means...
  the WiFi devices are network "transparent", and function roughly analogous to a hunk of Ethernet wiring.
  the WiFi devices are not operating as IP routers.
  DHCP and the rest of your services are running directly from your OS X Server box.
  that there is no need to deal with IP subnet routing.
  little or no need to change the OS X Server configuration.
  portable devices can move among multiple local WiFi (AP/bridged) devices, without reconnecting.
  If you choose to run your WiFi as routers, you'll be dealing with all the "fun" that is multiple routers. Which is entirely possible, but an approach that requires rather more knowledge of IP.   Also that if (when?) you start using have more than one WiFi device, that clients will have to drop off and reconnect.
  I also prefer a dedicated firewall-gateway box and preferably one with VPN server capabilities, and generally not prefering to use an Airport-class device in that role, nor do I prefer to use an OS X Server box as the firewall-gateway box.  This makes the network simpler, and avoids (unintentionally) exposing ports or such outside your network due to software reconfigurations or sometimes after software installs and updates.
  I'd encourage some general homework here, and do some reading on setting up an IP network, IP routing and related. This area is usually fairly simple — once you've done a few — but it's rather more that can easily fit into a small text input box.  Apple has some related documentation here and here and here and here, and probably a few other spots.  Or get some help.

• Do I need to use open directory on Yosemite Server, I'm only looking to use file sharing and VPN

  I'm setting up a new mac mini server with Yosemite and I was wondering if there are any advantages or disadvantages to not using the open directory service? The only services I'm planning on using are File Sharing and VPN.

  You don't need Open Directory unless you want to manage user accounts centrally on the server.

• Blue screen after logout when using Open Directory-bound computers

  I'm having a weird problem with the Open Directory-bound computers that I'm managing. I recently deployed it to a lab of 30 computers (after doing initial testing with 1 computer), and I'm having one problem in particular:
  Sometimes, when a user logs out of one of these OD-bound computers, the login window fails to appear. The user is logged out, the desktop for that user disappears (being replaced with the standard blue desktop), but the login window doesn't appear.
  What's strange is that Remote Desktop says these computers are at the login window, and I can manipulate them via Remote Desktop as if nothing is wrong (I can restart, shut down, etc.). But I can't do anything at the computer locally with the keyboard or mouse -- if I try to bring up the shutdown dialog with Control-Power (which works sometimes in these situations), it doesn't work.
  This doesn't happen all the time or with the same computers. But it happens often enough that it's a bit of an annoyance -- I usually just restart them from Remote Desktop to get the login window to appear. (The other problem is that sometimes I'm not around to fix it, and so if people come in when I'm not around, they have to force shutdown the computer using the power button and then start it back up to get to the login window.)
  I've also noticed that some of the computers have been taking a lot longer to login, which seems to suggest that the computers are trying to access the server or something, but the server is always up and is usually very reliable (with a few exceptions here and there).
  Any ideas?
  G4 eMacs   Mac OS X (10.4.8)  

  We are having the same problem with our lab of about 30 eMacs. All are computers bound to and managed by the server. Have you found any solutions yet.
  Anybody?

• Authenticate windows users accessing os x client using open directory?

  I need to setup an OS X client machine (10.4.6) so that windows users (XP) can access folders based on their open directory credentials. (Using OS X server, open directory, windows PDC). If I turn on windows sharing in system preferences on the mac, it will only share local home folders to users with local accounts - not what I need. Any ideas? thanks.

  Thanks!  So now I see Open Directory, but it seems like it should be listed under the Server app with all the other services...
  Anyhow, I seem to remember a way to administer the users and groups.  This app shows me the status of the services, logs, settings.  The Server app, if I click on Add Users button, then click "connect to it" to supposedly connect to the directory server, it won't take my credentials.  I always get "Cannot authenticate to server.  Please authenticate by entering the name and password of a user account in this server's directory."
  Connect anonymously doesn't seem to do anything, it doesn't even dismiss the dialog.
  So what am I missing?

• Memory Leak and 100% CPU in slapd process when using Open Directory OS X 10.8.5

  Has anyone seen the slapd (LDAP daemon from OpenLDAP which OS X Server uses) run away when running Open Directory? We've tried disabling replication but it doesn't seem to matter. The slapd process will start up and take up about 400MB and then at night will consume all the available memory and crashing the server.
  Any thoughts? Any benefit in upgrading to Mavericks' Server app?
  Thanks,
  John

  @Strontium90
  Found this in opendirectory.log which seems to just show ldap requests starting to slow down.
  2013-12-06 09:54:19.736670 PST - State information (some requests have been active for extended period):
            Sessions: {
                2839 -- opendirectoryd:
                            Session ID: CBAE3152-1A3B-4C7E-89D6-2F836C28F5BA
                            Refs: singleton
                            Type: Default
                            Target: localhost
            Nodes: {
                2839 -- opendirectoryd:
                            Node ID: CC6FC6C3-AD02-4068-9E8F-8FDC228F4C48
                            Nodename: /Search
                            Session ID: <Default>
                            Refs: 3
                            Internal Use: X
                2816 -- automount:
                            Node ID: 8FC03A24-46F2-4DAA-A0EC-3FF98B458FB4
                            Nodename: /Search
                            Session ID: <Default>
                            Refs: 2
                277 -- SystemUIServer:
                            Node ID: FFF97865-2FBE-474A-BD53-43A35DA09D3A
                            Nodename: /Search
                            Session ID: <Default>
                            Refs: 3
                            Internal Use: X
            Requests: {
                2816 -- automount:
                            Nodename: /Search
                            Refs: 5
                            Active Time: 65170959
                            Type: ODNodeCopySubnodeNames
                            Current Module: search
                            Node ID: 8FC03A24-46F2-4DAA-A0EC-3FF98B458FB4
                            Request ID: 5
                2839 -- opendirectoryd:
                            Nodename: /Search
                            Refs: 5
                            Active Time: 65971987
                            Type: ODQueryCreateWithNode
                            Current Module: search
                            Node ID: CC6FC6C3-AD02-4068-9E8F-8FDC228F4C48
                            Request ID: 4
                277 -- SystemUIServer:
                            Current Module: SystemCache
                            Type: getpwuid
                            Request ID: 10
                            Refs: 4
                            Active Time: 13397955
                            Nodename: /Search
                            Parent Request: 10
                            Refs: 5
                            Active Time: 11041999
                            Type: ODQueryCreateWithNode
                            Current Module: search
                            Request ID: 12
                            Node ID: FFF97865-2FBE-474A-BD53-43A35DA09D3A
                68 -- coreservicesd:
                            Current Module: SystemCache
                            Type: getpwuid
                            Request ID: 8
                            Refs: 3
                            Active Time: 13484131
                2832 -- sshd:
                            Current Module: SystemCache
                            Type: getpwnam
                            Request ID: 9
                            Refs: 3
                            Active Time: 13483916
                640 -- SystemUIServer:
                            Current Module: SystemCache
                            Type: getpwuid
                            Request ID: 7
                            Refs: 3
                            Active Time: 13522530
  2013-12-06 09:54:19.737704 PST - requesting spindump generation
  In slapd.log around the same time:
  Dec  6 06:55:23 dms-out-01.int.payoff.com slapd[118]: conn=-1 op=0: attribute "entryCSN" index delete failure
  Dec  6 06:58:25 dms-out-01.int.payoff.com slapd[118]: connection_read(46): no connection!
  Dec  6 07:00:23 dms-out-01.int.payoff.com slapd[118]: connection_read(48): no connection!
  Dec  6 07:27:34 dms-out-01.int.payoff.com slapd[118]: connection_read(47): no connection!
  Dec  6 07:56:30 dms-out-01.int.payoff.com slapd[118]: connection_read(47): no connection!
  Dec  6 08:10:24 dms-out-01.int.payoff.com slapd[118]: => bdb_idl_delete_key: c_get failed: DB_LOCK_DEADLOCK: Locker killed to resolve a deadlock (-30994)
  Dec  6 08:10:24 dms-out-01.int.payoff.com slapd[118]: conn=-1 op=0: attribute "entryCSN" index delete failure
  Dec  6 08:10:25 dms-out-01.int.payoff.com slapd[118]: => bdb_idl_delete_key: c_get failed: DB_LOCK_DEADLOCK: Locker killed to resolve a deadlock (-30994)
  Dec  6 08:10:25 dms-out-01.int.payoff.com slapd[118]: conn=-1 op=0: attribute "entryCSN" index delete failure
  Dec  6 08:18:29 dms-out-01.int.payoff.com slapd[118]: connection_input: conn=12372 deferring operation: binding
  Dec  6 08:18:55 dms-out-01.int.payoff.com slapd[118]: connection_input: conn=12373 deferring operation: binding
  Dec  6 08:19:50 dms-out-01.int.payoff.com slapd[118]: connection_read(53): no connection!
  Dec  6 08:27:16 dms-out-01.int.payoff.com slapd[118]: => bdb_idl_delete_key: c_get failed: DB_LOCK_DEADLOCK: Locker killed to resolve a deadlock (-30994)
  Dec  6 08:27:16 dms-out-01.int.payoff.com slapd[118]: conn=-1 op=0: attribute "entryCSN" index delete failure
  Dec  6 09:08:00 dms-out-01.int.payoff.com slapd[118]: connection_input: conn=12871 deferring operation: binding
  Dec  6 09:16:10 dms-out-01.int.payoff.com slapd[118]: connection_input: conn=12871 deferring operation: pending operations
  The deadlock from what I can tell is a more of a warning from OpenLDAP, but it is a common pattern and occurring every few minutes.
  Not much useful in slapconfig.log.
  Any insights? Thanks so much.
  ~john

• Unable to set Open Directory master on brand new server

  I have a brand new Mac Mini server running 10.6.2 which I am unable to set as an OD master, receiving the error "There was a configuration error when configuring your server as an Open Directory Master. See the Configuration Log for more information about the failure."
  The log reads as follows...
  2010-01-10 10:34:31 +1100 - slapconfig -createldapmasterandadmin
  2010-01-10 10:34:31 +1100 - Creating password server slot
  2010-01-10 10:34:31 +1100 - command: /usr/sbin/mkpassdb -a -u diradmin -p -q
  2010-01-10 10:34:32 +1100 - command: /usr/sbin/mkpassdb -a -u root -p -q
  2010-01-10 10:34:32 +1100 - command: /usr/sbin/mkpassdb -a -u paisleypark.local$ -p -q
  2010-01-10 10:34:32 +1100 - command: /usr/sbin/mkpassdb -setcomputeraccount 0x4b4912886b8b45670000001b0000001b
  2010-01-10 10:34:32 +1100 - Setting SASL realm to <OpenDirectory.pIxrV9>
  2010-01-10 10:34:32 +1100 - command: /usr/sbin/mkpassdb -setrealm OpenDirectory.pIxrV9
  2010-01-10 10:34:32 +1100 - Copied file from /etc/openldap/slapd.conf to /etc/openldap/slapd.conf.backup.
  2010-01-10 10:34:34 +1100 - command: /usr/bin/net getlocalsid
  2010-01-10 10:34:34 +1100 - Removed file at path /var/db/openldap/openldap-data/DB_CONFIG.
  2010-01-10 10:34:34 +1100 - Starting LDAP server (slapd)
  2010-01-10 10:34:54 +1100 - Error: The slapd process did not start.
  2010-01-10 10:34:54 +1100 - Stopping LDAP server (slapd)
  2010-01-10 10:34:54 +1100 - Removed file at path /var/run/slapconfig.lock.
  ... but I am unable to locate any reference to the specific error in these forums or via my friendly neighbourhood Google.
  Any ideas greatly appreciated.

  Well, like I mentioned, if DNS is not properly configured, all bets are off. And again, if you start services before making it an OD master, you could be asking for trouble. You may be able to fix the installation, but I'd seriously consider starting over.
  You might be able to fix what you have well enough to make it work, but what happens in 6 months when it gets flaky about something. You may end up wondering of there was something wrong to begin with.
  So yes, I'd start over.

• How to set permissions IN Open Directory USING Open Directory groups?

  Hi all,
  Apologies if I've missed this but have been searching for two days trying to figure out how to delegate permissions within the OD to a number of different OD groups and i can't seem to find any way to do this either at the command line or with WGM.
  Examples: an OD group containing those who will manage the full directory need to have permissions on all containers, child objects, and their attributes in the directory. For this one in particular I seem to be able to nest a group in the default Admin group, but this isn't really what i'm after. I need to create OD groups with the ability only to manipulate objects of class apple-computer and similarly, apple-user (really all inetOrgPerson objects). In a nutshell: how do i set permissions on specific attributes or object classes using OD groups?
  thanks for any pointers...
  -andrew

  I think i just answered my own question: Open Directory is OpenLDAP. slapd is all i need.

• Using OS X Lion as a Business Server for a Windows & Mac Enviroment

  Hi there, I am debating on using OS X Lion (on a Mac Mini) as a server for a small business.  I have some lingering questions that I need help with.
  If I am using OS X Lion as the mail server,
  Does it provide any kind of online/web access (similar to OWA)?
  Does it work with Mac Outlook 2011?
  Will it work with Windows Outlook?
  Will the messenger work with a Window's machine at all?  (i.e., remote employee on a Windows laptop.)
  If I am using OS X Lion as a file server,
  Can I restrict access to certain folders?
  Is there a way to allow clients access to certain folders (similar to SharePoint)?
  Is there any FTP capabilities?
  How secure is OS X Lion?  I work in a very contentious / data sensitive field.  The information we will have is highly confidential and highly sought after.
  In the end, I am looking for a cost effective solution for a small group of consultants that deal with high profile matters, need to quickly and easily communicate and collaborate from both Windows laptops and MacBook Pros (90% remotely).
  Thanks for the help!

  And this is my problem.
  In windows terms:
  I want to assign a drive letter to a network drive, and have that be a machine-wide assignment, that is activated during bootup, and is visible to all users and services.
  I can do that for an arbitrary partition that is physically attached to the machine.
  I cannot seem to do that for any partition that is mounted over the network.
  The problems are:
  1. It doesn't map for every user,
  2. It doesn't map for services that run when a user isn't logged in
  3. It generates annoying inconsistencies in what programs see what.
  Is there really no way for an XP box to use a file server? Even a microsoft file server? (if there is, how do I make my mac os with samba look like a real microsoft file server).
  Annoying tidbit: The "conncet at login" information is stored in the user profile; if you rely on that, then the user profile cannot be stored with the rest of the user's personal files. If it weren't for that, I could probably live with a work around.
  (2 to 1 someone will say "Xp Professional can do that trivially" and tell me to upgrade. I thought XP home was supposed to support home and small office networking, and I thought that included a single shared file server.)
  Mac Mini 1.42 1G   Mac OS X (10.4.3)  

• EMC Isilon cannot use Open Directory for SMB authentication

  Hi All,
  I have a EMC Isilon as a NAS and OS X server 10.6.8 with OD enabled. I have tried to integrate OD with Isilon as LDAP server for authentication. The Isilon can query the user from OD. But we got a strange problem. We can log into Isilon via ftp, http, nfs and ssh but not for SMB. Does anyone got this problem before?

  Did you ever resolve this issue?

• VPN connection on Mac gives "PPP Server cannot be authenticated"

  Hello all
  I am trying to connect my mac mini to my company's VPN. On my mac mini I tried the following to connect to VPN.
  - System Preferences -> Network
  - Created a new network, interface: VPN, VPN type: L2TP over IPSec, service name: Office VPN
  - Configuration: default, Server Address: 222.222.22.222, Account Name: user1
  Authentication Settings -> User Authentication Password: (password), Machine Authentication Shared Secret: (secret)
  This does connect the mac to the vpn but after an interval of 6-10 minutes I always get a "PPP server cannot be authenticated" error. I can't seem to understand what is going wrong over here. The same problem is with every mac trying to connect to this vpn. Windows PC users did not report a problem of such sort.
  I checked the system logs as well. Here's what happened until the connection was disconnected.
  Thu Apr 14 14:43:02 2011 : L2TP connecting to server '222.222.22.222' (222.222.22.222)...
  Thu Apr 14 14:43:02 2011 : IPSec connection started
  Thu Apr 14 14:43:04 2011 : IPSec connection established
  Thu Apr 14 14:43:04 2011 : L2TP connection established.
  Thu Apr 14 14:43:04 2011 : Using interface ppp0
  Thu Apr 14 14:43:04 2011 : Connect: ppp0 <--> socket[34:18]
  Thu Apr 14 14:43:04 2011 : CHAP authentication succeeded
  Thu Apr 14 14:43:07 2011 : local IP address 192.168.69.100
  Thu Apr 14 14:43:07 2011 : remote IP address 192.168.1.254
  Thu Apr 14 14:43:07 2011 : primary DNS address 192.168.1.84
  Thu Apr 14 14:43:07 2011 : secondary DNS address 192.168.1.85
  Thu Apr 14 14:43:07 2011 : l2tpwaitinput: Address added. previous interface setting (name: en1, address: 192.168.4.14), current interface setting (name: ppp0, family: PPP, address: 192.168.69.100, subnet: 255.255.255.0, destination: 192.168.1.254).
  Thu Apr 14 14:43:37 2011 : l2tpwaitinput: Other Address event (8). previous interface setting (name: en1, address: 192.168.4.14), other interface setting (name: 99, family: 8716788, address: 4.0.69.100, subnet: 0.0.0.1, destination: 128.192.31.0).
  **Thu Apr 14 14:43:34 2011 : IPV6CP: timeout sending Config-Requests**
  Thu Apr 14 14:55:07 2011 : Connection terminated.
  Thu Apr 14 14:55:07 2011 : Connect time 12.1 minutes.
  Thu Apr 14 14:55:07 2011 : Sent 20233 bytes, received 48346 bytes.
  Thu Apr 14 14:55:07 2011 : L2TP disconnecting...
  Thu Apr 14 14:55:07 2011 : L2TP disconnected
  Can somebody help me out over here? What could be going wrong over here?

  I'm looking for much the same answer, so can't help with the big picture. However, the Firewall options are not in System Preferences, but in the Server Admin in the Dock. Click on it, click on the triangle next to your server's name, then go down to FIrewall.