Access permissions FreeRadius-Google LDAP failed

Benjamin Diehl benjamin.diehl at foundationacademy.net
Tue Oct 5 14:33:05 CEST 2021


Would there be anything in Google Admin stopping it from communicating with FreeRadius? All the accounts and creds that I have tried are all correct and would have the correct access.


On Oct 5, 2021, 8:30 AM -0400, Jonathan Davis <jonathan at prioritycolo.com>, wrote:
> The last error might be the clue "Insufficient access. Check the identity and password configuration directives"
>
> > On Oct 5, 2021, at 8:18 AM, Benjamin Diehl <benjamin.diehl at foundationacademy.net> wrote:
> >
> > I am trying to figure out what could be causing this issue with FreeRadius and Google LDAP. I am getting a few errors when FreeRadius is trying to search for the user. I bolded the Error spots. I have tried multiple different username and password combos in the LDAP section, even tried it without. The accounts I have tested with have Super admin access and then I have triple checked the info when it's the Google LDAP credentials.
> >
> > (2) suffix: Checking for suffix after "@"
> > (2) suffix: Looking up realm "foundationacademy.net" for User-Name = "benjamin.diehl at foundationacademy.net"
> > (2) suffix: Found realm "foundationacademy.net"
> > (2) suffix: Adding Stripped-User-Name = "benjamin.diehl"
> > (2) suffix: Adding Realm = "foundationacademy.net"
> > (2) suffix: Proxying request from user benjamin.diehl to realm foundationacademy.net
> > (2) suffix: Preparing to proxy authentication request to realm "foundationacademy.net"
> > (2) [suffix] = updated
> > (2) eap: Request is supposed to be proxied to Realm foundationacademy.net. Not doing EAP.
> > (2) [eap] = noop
> > (2) [files] = noop
> > rlm_ldap (ldap): Closing connection (6): Hit idle_timeout, was idle for 60839 seconds
> > rlm_ldap (ldap): You probably need to lower "min"
> > rlm_ldap (ldap): Closing connection (7): Hit idle_timeout, was idle for 60839 seconds
> > rlm_ldap (ldap): You probably need to lower "min"
> > rlm_ldap (ldap): 0 of 0 connections in use. You may need to increase "spare"
> > rlm_ldap (ldap): Opening additional connection (8), 1 of 32 pending slots used
> > rlm_ldap (ldap): Connecting to ldaps://ldap.google.com:636
> > rlm_ldap (ldap): Waiting for bind result...
> > ber_get_next failed.
> > rlm_ldap (ldap): Bind successful
> > rlm_ldap (ldap): Reserved connection (8)
> > (2) ldap: EXPAND (uid=%{%{Stripped-User-Name}:-%{User-Name}})
> > (2) ldap: --> (uid=benjamin.diehl)
> > (2) ldap: Performing search in "dn=foundationacademy,dc=net" with filter "(uid=benjamin.diehl)", scope "sub"
> > (2) ldap: Waiting for search result...
> > (2) ldap: ERROR: Failed performing search: Insufficient access. Check the identity and password configuration directives
> > rlm_ldap (ldap): Released connection (8)
> > Need 2 more connections to reach min connections (3)
> > rlm_ldap (ldap): Opening additional connection (9), 1 of 31 pending slots used
> > rlm_ldap (ldap): Connecting to ldaps://ldap.google.com:636
> > rlm_ldap (ldap): Waiting for bind result...
> > ber_get_next failed.
> > rlm_ldap (ldap): Bind successful
> > (2) [ldap] = fail
> > (2) } # authorize = fail
> > (2) Invalid user (ldap: Failed performing search: Insufficient access. Check the identity and password configuration directives): [benjamin.diehl at foundationacademy.net] (from client localhost port 0 cli 50-E0-85-F7-E2-0C)
> >
> >
> > -
> > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


More information about the Freeradius-Users mailing list