Any genius ideas for getting MacOS10.4 server VPN to auth against AD?

[Anonymous]

Apple Server support says that it won’t work against AD plugin due to a missing key that needs to be passed.

What about round about ways to get there versus going straight to AD? To OD tied to AD? Somehow to radius tied to AD?

for either L2TP or PPTP.

[tbone]

This was the response to me on this same subject some months ago.

Thursday, June 30 2005 @ 01:16 PM CDT
The VPN needs MSChapV2 password hashes to work. We can’t get that out of AD, so for the most part, no, the VPN will not work with AD.

There is the outside option, new under 10.4, to auth to your VPN using Kerberos. An interesting idea, but for this to be effective you’ll need to get krb tickets first. Which would require exposing your AD system to the public net. Something that you usually get fired for.

[sethmonster]

Didn’t work for me. Specifically – where is that file you are speaking of – there was no postoptions folder out there.

10.4.5 Server on Windows 2003

[Anonymous]

So I’m trying to do the same thing, but am running into some issues. I ran through the steps outlined, but get a failed authentication when I try to log in with the AD user / pass. It doesn’t even seem like the OSX server hosting VPN service is comminicating with the AD server which also has IAS activated. Here’s the log:

#Start-Date: 2006-04-25 21:51:34 PDT
#Fields: date time s-comment
2006-04-25 21:51:34 PDT Loading plugin /System/Library/Extensions/PPTP.ppp
#Start-Date: 2006-04-25 21:51:34 PDT
#Fields: date time s-comment
2006-04-25 21:51:34 PDT Loading plugin /System/Library/Extensions/L2TP.ppp
2006-04-25 21:51:35 PDT Listening for connections…
2006-04-25 21:51:35 PDT Listening for connections…
2006-04-25 21:53:54 PDT Incoming call… Address given to client = 10.0.0.231
Tue Apr 25 21:53:55 2006 : Directory Services Authentication plugin initialized
Tue Apr 25 21:53:55 2006 : Directory Services Authorization plugin initialized
Tue Apr 25 21:53:55 2006 : L2TP incoming call in progress
Tue Apr 25 21:53:55 2006 : L2TP received SCCRQ
Tue Apr 25 21:53:55 2006 : L2TP sent SCCRP
Tue Apr 25 21:53:55 2006 : L2TP received SCCCN
Tue Apr 25 21:53:55 2006 : L2TP received ICRQ
Tue Apr 25 21:53:55 2006 : L2TP sent ICRP
Tue Apr 25 21:53:55 2006 : L2TP received ICCN
Tue Apr 25 21:53:55 2006 : L2TP connection established.
Tue Apr 25 21:53:55 2006 : using link 0
Tue Apr 25 21:53:55 2006 : Using interface ppp0
Tue Apr 25 21:53:55 2006 : Connect: ppp0 <–> socket[34:18]
Tue Apr 25 21:53:55 2006 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0xcde7e170> <pcomp> <accomp>]
Tue Apr 25 21:53:55 2006 : rcvd [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x5cd3a52f> <pcomp> <accomp>]
Tue Apr 25 21:53:55 2006 : lcp_reqci: returning CONFACK.
Tue Apr 25 21:53:55 2006 : sent [LCP ConfAck id=0x1 <asyncmap 0x0> <magic 0x5cd3a52f> <pcomp> <accomp>]
Tue Apr 25 21:53:55 2006 : rcvd [LCP ConfAck id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0xcde7e170> <pcomp> <accomp>]
Tue Apr 25 21:53:55 2006 : sent [LCP EchoReq id=0x0 magic=0xcde7e170]
Tue Apr 25 21:53:55 2006 : sent [CHAP Challenge id=0xd0 <e1ce699a5977a1ce4f23fd33a75a3944>, name = "ftpvpn.sm.radius60.com"]
Tue Apr 25 21:53:55 2006 : rcvd [LCP EchoReq id=0x0 magic=0x5cd3a52f]
Tue Apr 25 21:53:55 2006 : sent [LCP EchoRep id=0x0 magic=0xcde7e170]
Tue Apr 25 21:53:55 2006 : rcvd [LCP EchoRep id=0x0 magic=0x5cd3a52f]
Tue Apr 25 21:53:55 2006 : rcvd [CHAP Response id=0xd0 <906805d1e3032d679005fa80c3ab4fac00000000000000000c61557cf54fa5608be39f3ee6f0e8671437c1b9461d81c700>, name = "aotero"]
Tue Apr 25 21:53:55 2006 : Radius : Authentication error -1. No valid RADIUS responses received.
Tue Apr 25 21:53:55 2006 : Peer aotero failed CHAP authentication
Tue Apr 25 21:53:55 2006 : sent [CHAP Failure id=0xd0 "\37777777677\37777777777\377777777720"]
Tue Apr 25 21:53:55 2006 : sent [LCP TermReq id=0x2 "Authentication failed"]
Tue Apr 25 21:53:55 2006 : rcvd [LCP TermReq id=0x2 "Failed to authenticate ourselves to peer"]
Tue Apr 25 21:53:55 2006 : sent [LCP TermAck id=0x2]
Tue Apr 25 21:53:55 2006 : rcvd [LCP TermAck id=0x2]
Tue Apr 25 21:53:55 2006 : Connection terminated.
Tue Apr 25 21:53:55 2006 : L2TP disconnecting…
Tue Apr 25 21:53:55 2006 : L2TP sent CDN
Tue Apr 25 21:53:55 2006 : L2TP sent StopCCN
Tue Apr 25 21:53:55 2006 : L2TP disconnected
2006-04-25 21:53:55 PDT –> Client with address = 10.0.0.231 has hungup

10.0.0.10 is the address for the AD / IAS Services machine. Any ideas or any further information I can provide to help resolve the issue?

Thanks!

[Author]

Posts