ldap google auth

Antonio Cangiano antoniocangiano76sp at gmail.com
Wed Jul 13 20:01:48 UTC 2022


>a) the credentials are wrong
I insert google auto generated identity & password only in
/etc/freeradius/3.0/mods-enabled/ldap ...

identity = 'WordySiame'   --> google auto generated user with single quote
password = pwd --> google auto generated password (just password with
nothing else)
They are correct, but I have a doubt.  When in the log say ...

(5) eap_gtc: # Executing group from file
/etc/freeradius/3.0/sites-enabled/inner-tunnel
(5) eap_gtc:   Auth-Type PAP {
rlm_ldap (ldap): Reserved connection (1)
(5) ldap: Login attempt by "antoniocangiano"
(5) ldap: Using user DN from request
"uid=antoniocangiano,ou=Users,dc=iissgarrone,dc=edu,dc=it"
(5) ldap: Waiting for bind result...
(5) ldap: ERROR: Bind credentials incorrect: Invalid credentials
(5) ldap: ERROR: Server said: Incorrect password.

It try to login with "antoniocangiano" (user)...shouldn't try to
connect with google identity (WordySiame) ?

>b) you're using the wrong DN
I've always thought this is the problem but I'm too inexperienced to check.
Log say ...
(5) ldap: User object found at DN
"uid=antoniocangiano,ou=Users,dc=iissgarrone,dc=edu,dc=it"
then the object is found but in the next row say ...
(17) ldap: WARNING: No "known good" password added. Ensure the admin
user has permission to read the password attribute
In ldap I entered as base_dn ...
base_dn = 'dc=iissgarrone,dc=edu,dc=it'
because domain is iissgarrone.edu.it
With ldapsearch ...
-b "uid=antoniocangiano,ou=Users,dc=iissgarrone,dc=edu,dc=it"   --> Success
-b "ou=Users,dc=iissgarrone,dc=edu,dc=it" --> Success
-b "dc=iissgarrone,dc=edu,dc=it" --> Success
how can i verify the correct DN ?
Thanks

Il giorno mer 13 lug 2022 alle ore 20:09 Alan DeKok
<aland at deployingradius.com> ha scritto:
>
> On Jul 13, 2022, at 1:50 PM, Antonio Cangiano <antoniocangiano76sp at gmail.com> wrote:
> >
> >> rlm_ldap (ldap): Reserved connection (5)
> >> (5) ldap: Login attempt by "antoniocangiano"
> >> (5) ldap: Using user DN from request
> >> "uid=antoniocangiano,ou=Users,dc=iissgarrone,dc=edu,dc=it"
> >> (5) ldap: Waiting for bind result...
> >> (5) ldap: ERROR: Bind credentials incorrect: Invalid credentials
> >> (5) ldap: ERROR: Server said: Incorrect password.
> >
> > I read the logs but I'm sure credentials are correct.
>
>   Google says that the credentials are wrong.
>
> a) the credentials are wrong
>
> b) you're using the wrong DN
>
>    There aren't many other choices.
>
>   There's no magic "poke FreeRADIUS" configuration which will make the Google servers work.  You have to find out what the Google servers want, and then configure FreeRADIUS to send that information.
>
>   Alan DeKok.
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


More information about the Freeradius-Users mailing list