I'm running 10.8.5 (not server) on my home laptop and wanted to set up a vpn server on it. I found a number of tutorials online (eg http://hints.macworld.com/article.php?story=20060616150640529) for configuring vpnd and have gotten to the point where it's up and running. I set up a shared secret password according to the tutorial. When I try to login from my phone using my standard admin account and password it fails with this
2013-10-10 16:50:45 PDT Incoming call... Address given to client = 10.0.0.213
Thu Oct 10 16:50:45 2013 : Directory Services Authentication plugin initialized
Thu Oct 10 16:50:45 2013 : ACSP plugin: while reading prefs - route address, mask, and type counts not equal
Thu Oct 10 16:50:45 2013 : L2TP incoming call in progress from '66.87.135.204'...
Thu Oct 10 16:50:45 2013 : L2TP connection established.
Thu Oct 10 16:50:45 2013 : Using interface ppp0
Thu Oct 10 16:50:45 2013 : Connect: ppp0 <--> socket[34:18]
Thu Oct 10 16:50:46 2013 : CHAP peer authentication failed for *USERNAME*
Thu Oct 10 16:50:46 2013 : Connection terminated.
Thu Oct 10 16:50:46 2013 : L2TP disconnecting...
Thu Oct 10 16:50:46 2013 : L2TP disconnected
2013-10-10 16:50:46 PDT --> Client with address = 10.0.0.213 has hungup
Some other people have had this issue and it's been suggested to try
sudo dscl . change /users/username AuthenticationAuthority \
';ShadowHash;' \
';ShadowHash;HASHLIST:<SALTED-SHA1,SMB-NT,SMB-LAN-MANAGER>'
But that gives me the error
<main> attribute status: eDSAttributeNotFound
<dscl_cmd> DS Error: -14134 (eDSAttributeNotFound)
Anyone have any suggestions on how to move forward
Best Answer
The article that you've referenced seems to mention that the fix for the CHAP authentication in newer systems is to modify the file at /Library/Preferences/SystemConfiguration/com.apple.RemoteAccessServers.plist by changing the value of "AuthenticatorProtocol" from "MSCHAPv2" to "PAP":
If you still have issues, posting the contents of /var/log/ppp/vpnd.log may also be helpful.
I do not recommend using the dscl command that you're referencing above to configure your user record. The 'pwpolicy' command could be better suited for that task.