What is the genesis of the "You do not have permission to login." message on mac OS10.5, 10.6 when trying to launch netconnect? We are running 6.4.r2. Current ruleset is that macs are allowed to connect just for being macs.
Have you done a Policy Trace to ensure proper role assignment? I've seen a similiar message ("You are not allowed to sign in.") when the user/client doesn't meet any of the Role Mapping condiftions in the Realm.
Ok, are you using Authentication Policies on the Realm? I tested Source IP and Browser Authentication Policies on a machine that didn't match and received the exact error message you described.
good thought but no .... only host checker policies, and in the case of the mac, there are (as yet) no requirements defined other than "not windows".
Host checker may not be compatible with the broswer on those versions of Mac OS. Look in the User logs for something like:
Info AUT23571 2009-10-27 15:06:26 - ive - [127.0.0.1] Root:ystem() - Browser on host 220.127.116.11 is not supported for Host Checker or Cache Cleaner: User agent a10hm/1.0 (linux swo 2.6.14)
If possible, create a duplicate Realm without Host Checker and see if you get the error.