FreeRadius LDAP connection to Google Workspce

[Benjamin Diehl]

root at FreeRadius:~# LDAPTLS_CERT={/etc/freeradius/3.0/certs/ldap-client.crt} LDAPTLS_KEY={/etc/freeradius/3.0/certs/ldap-client.key} ldapsearch -H ldaps://ldap.google.com:636 -b dc={foundationacademy},dc={net} '(main={admin at foundationacademy.net})' -d8
TLS: opening `{/etc/freeradius/3.0/certs/ldap-client.key}' failed: No such file or directory
TLS: could not use private key file `{/etc/freeradius/3.0/certs/ldap-client.key}`.
ldap_sasl_interactive_bind_s: Can't contact LDAP server (-1)

I believe this would be the issue, however, I don’t know why it wouldn’t find it. I’ve triple checked and the file is in there and named exactly the same as the command.


On Oct 1, 2021, 11:23 AM -0400, Alan DeKok <aland at deployingradius.com>, wrote:
> On Oct 1, 2021, at 10:22 AM, Benjamin Diehl <benjamin.diehl at foundationacademy.net> wrote:
> >
> > I think I found it in wireshark am I looking for something specific? I see the data go out and hits the server and comes back but nothing stands out as an error.
>
> What data is going out? What is coming back? It's all LDAP magic. I can't really help with no information.
>
> And try using the command-line "ldapsearch" tool. That may have better debugging for LDAP connections. The mods-available/ldap file has detailed instructions on how to use the FreeRADIUS configuration items as part of the "ldapsearch" command-line options.
>
> If ldapsearch doesn't work, then there's no reason to do tests with FreeRADIUS. Get ldapsearch working. Then once that works, transfer the configuration to the mods-available/ldap file
>
> The problems with LDAP are typically things like incorrect account name/password, bad client certificate, missing CA cert, etc. But if the only error message is "can't connect", then it's impossible to know what's the real cause of the error.
>
> Alan DeKok.
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html