subject:"Re\: \[PacketFence\-users\] R\: Setting up a local source with Google Workspace"

Re: [PacketFence-users] R: Setting up a local source with Google Workspace

2022-06-04 Thread P.Thirunavukkarasu via PacketFence-users

Create the Realm "schoolname.edu.in". Associate this realm with
authentication source. No need to configure nothing more than this (this is
my understanding) in the realm section
Regards,
Thirunavukkarasu
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] R: Setting up a local source with Google Workspace

2022-06-04 Thread P.Thirunavukkarasu via PacketFence-users

Hi Team,
This is the Secure LDAP schema
*Sample hierarchy*

cn=subschema
 dc=example,dc=com
ou=Users
ou=Sales
uid=lisasmith
uid=jimsmith
ou=Groups
cn=group1
cn=group2
For more details plz visit
https://support.google.com/cloudidentity/answer/9188164?hl=en
Regards,
Thirunavukkarasu
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] R: Setting up a local source with Google Workspace

2022-06-03 Thread Diego Garcia del Rio via PacketFence-users

Hi Leonardo

On jexplorer don't use any certificate,  since stunned handles that for
you. It's an "insecure to secure" TCP tunnel.

In jexplorer use 127.0.0.1:1636 as the server / port to connect

Select "no encryption" in jexplorer. And use the root path as the one
mentioned in the previous emails (ou=Users,DC=myschool)

But try using the bind username / password

That way you should be able to see all users / groups provisioned from
Google and check attributes, etc..




On Fri, Jun 3, 2022, 17:28  wrote:

> dear Diego, I would also like to give you the result of the actions you
> recommend + the Google Workspace logs:
>
>
>
> *Stunnel*
>
> in the stunnel.conf file I entered the following configuration:
>
>
>
> [ldap]
>
> client = yes
>
> accept = 127.0.0.1:1636
>
> connect = ldap.google.com:636
>
> cert = C:\tmp\cert\Google_2025_05_24_39655.crt
>
> key = C:\tmp\cert\Google_2025_05_24_39655.key
>
>
>
> and these are the logs:
>
> 2022.06.03 15:39:56 LOG5[main]: Reading configuration from file C:\Program
> Files (x86)\stunnel\config\stunnel.conf
>
> 2022.06.03 15:39:56 LOG5[main]: UTF-8 byte order mark detected
>
> 2022.06.03 15:39:56 LOG5[main]: FIPS mode disabled
>
> 2022.06.03 15:39:56 LOG4[main]: Service [ldap] needs authentication to
> prevent MITM attacks
>
> 2022.06.03 15:39:57 LOG5[main]: Configuration successful
>
>
>
> it seems to me that it is ok
>
>
>
> *JXplorer*
>
> In Security \ Client Certificates \ add Certificate \ I gave the Google
> Workspace certificate file and a name and then the default password which
> is "passphrase"
>
> Then I selected the imported certificate and clicked on Set Private Key \
> and I gave the Google Worksapce key file and then the default password
> which is "passphrase"
>
> I clicked on the "Connect to DSA" button
>
> I set up the fields as follows:
>
> host: ldap.google.com
>
> port: 636
>
> Protocol: LDAP v3
>
> Base DN: ou = Users, dc = school name, dc = edu, dc = it
>
> Level: SSL + User + Password
>
> User DN: username of credentials generated with LDAP clients in Google
> Worksapce
>
> Password: password of the credentials generated with the LDAP client in
> Google Worksapce.
>
> I get the following error:
>
> Error opening connection:
>
> ldap.google.com:636
>
>
>
> error details
>
> javax.naming.CommunicationException: ldap.google.com:636 [Root exception
> is java.net.ConnectException: Connection timed out: connect]
>
> at com.sun.jndi.ldap.Connection.(Unknown Source)
>
> at com.sun.jndi.ldap.LdapClient.(Unknown Source)
>
> at com.sun.jndi.ldap.LdapClient.getInstance(Unknown Source)
>
> at com.sun.jndi.ldap.LdapCtx.connect(Unknown Source)
>
> at com.sun.jndi.ldap.LdapCtx.(Unknown Source)
>
> at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(Unknown
> Source)
>
> at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(Unknown
> Source)
>
> at
> com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(Unknown Source)
>
> at
> com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(Unknown Source)
>
> at
> javax.naming.spi.NamingManager.getInitialContext(Unknown Source)
>
> at javax.naming.InitialContext.getDefaultInitCtx(Unknown
> Source)
>
> at javax.naming.InitialContext.init(Unknown Source)
>
> at javax.naming.ldap.InitialLdapContext.(Unknown
> Source)
>
> at
> com.ca.commons.jndi.JNDIOps.openContext(JNDIOps.java:529)
>
> at com.ca.commons.jndi.JNDIOps.(JNDIOps.java:123)
>
> at com.ca.commons.jndi.BasicOps.(BasicOps.java:55)
>
> at
> com.ca.commons.jndi.AdvancedOps.(AdvancedOps.java:59)
>
> at com.ca.commons.naming.DXOps.(DXOps.java:41)
>
> at
> com.ca.directory.jxplorer.broker.CBGraphicsOps.(CBGraphicsOps.java:46)
>
> at
> com.ca.directory.jxplorer.broker.JNDIDataBroker.openConnection(JNDIDataBroker.java:477)
>
> at
> com.ca.directory.jxplorer.broker.JNDIDataBroker.openConnection(JNDIDataBroker.java:422)
>
> at
> com.ca.directory.jxplorer.broker.JNDIDataBroker.processRequest(JNDIDataBroker.java:396)
>
> at
> com.ca.directory.jxplorer.broker.DataBroker.processQueue(DataBroker.java:200)
>
> at
> com.ca.directory.jxplorer.broker.JNDIDataBroker.processQueue(JNDIDataBroker.java:913)
>
> at
> com.ca.directory.jxplorer.broker.DataBroker.run(DataBroker.java:165)
>
> at java.lang.Thread.run(Unknown Source)
>
> Caused by: java.net.ConnectException: Connection timed out: connect
>
> at java.net.DualStackPlainSocketImpl.connect0(Native
> Method)
>
> at java.net.DualStackPlainSocketImpl.socketConnect(Unknown
> Source)
>
> at java.net.AbstractPlainSocketImpl.doConnect(Unknown
> Source)
>
> at
>

Re: [PacketFence-users] R: Setting up a local source with Google Workspace

2022-06-03 Thread Diego Garcia del Rio via PacketFence-users

Indeed. The realm is needed. Otherwise packetfence doesn't know against
which source to authenticate

On Fri, Jun 3, 2022, 14:29 P.Thirunavukkarasu via PacketFence-users <
packetfence-users@lists.sourceforge.net> wrote:

> Hi Leonardo,
>
> In 'Bind DN' and 'Password' I have to enter the credentials generated by
> the Google Workspace console -> Authentication section -> "Generate new
> credentials". Quite right?
>
> Yes. Correct..
>
> In the 'Base DN' field I have entered the customer's domain in DN format,
> i.e. the domain is schoolname.edu.it so in this field I have entered the
> string: dc = schoolname, dc = edu, dc = it. Quite right?
>
> *dc=schoolname,dc=edu,dc=it*
>
> This is my setup in our campus with Google Workspace
>
> 'Host' = ldap.google.com on SSL port 636
>
> 'SSL Verify Mode' = none
>
> 'Dead duration' = 60
>
> 'Connection timeout' = 1
>
> 'Request timeout' = 5
>
> 'Response timeout' = 10
>
> 'Scope' = Subtree
>
> 'Search Attributes' = null
>
> 'Append search attributes' = null
>
> 'Email Attribute' = mail
>
> 'Cache match' = off
>
> 'Monitor' = on
>
> 'Shuffle' = off
>
> 'Associated Realms' = *I associated the realm created in the realm
> "schoolname.edu.in "*
>
> *Also I wanted to know what to put in the 'Username Attribute' field.*
>
> *uid*
>
> Hope it will help you...
>
> Thanks
> Thirunavukkarasu
>
> On Fri, Jun 3, 2022 at 3:43 PM leonardo.izzo--- via PacketFence-users <
> packetfence-users@lists.sourceforge.net> wrote:
>
>> Hi, I would like to update you on the situation.
>>
>> With the configuration shown below, regardless of the value entered in
>> the 'Username Attribute' field, by clicking on the 'Test' button the result
>> is positive, therefore the parameters indicated are probably correct.
>>
>> On my pf server configured in inline mode, I created a connection profile
>> having as source the local source configured with Google Workspace just
>> tested correctly.
>>
>> In the captive portal that appears on the client side in the wifi on the
>> inline network, I enter the credentials of a Google Workspace user, but
>> unfortunately the error "Invalid login or password" comes out despite these
>> credentials being correct (usern...@schoolname.edu. It).
>>
>> Can you help me? Thank you
>>
>>
>>
>>
>>
>> *Da:* leonardo.i...@itsinformatica.it 
>> *Inviato:* venerdì 27 maggio 2022 15:17
>> *A:* 'packetfence-users@lists.sourceforge.net' <
>> packetfence-users@lists.sourceforge.net>
>> *Oggetto:* Setting up a local source with Google Workspace
>>
>>
>>
>> Hello everyone, I have some doubts regarding some fields of the source in
>> question.
>>
>>
>>
>> In 'Bind DN' and 'Password' I have to enter the credentials generated by
>> the Google Workspace console -> Authentication section -> "Generate new
>> credentials". Quite right?
>>
>> In the 'Base DN' field I have entered the customer's domain in DN format,
>> i.e. the domain is schoolname.edu.it so in this field I have entered the
>> string: dc = schoolname, dc = edu, dc = it. Quite right?
>>
>> 'Host' = ldap.google.com on SSL port 636
>>
>> 'SSL Verify Mode' = none
>>
>> 'Dead duration' = 60
>>
>> 'Connection timeout' = 1
>>
>> 'Request timeout' = 5
>>
>> 'Response timeout' = 10
>>
>> 'Scope' = Subtree
>>
>> 'Search Attributes' = null
>>
>> 'Append search attributes' = null
>>
>> 'Email Attribute' = mail
>>
>> 'Cache match' = off
>>
>> 'Monitor' = on
>>
>> 'Shuffle' = off
>>
>> 'Associated Realms' = nothing
>>
>> Also I wanted to know what to put in the 'Username Attribute' field.
>>
>>
>>
>> Thanks
>>
>
>
>> PacketFence-users mailing list
>> PacketFence-users@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>
>
> ___
> PacketFence-users mailing list
> PacketFence-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] R: Setting up a local source with Google Workspace

2022-06-03 Thread P.Thirunavukkarasu via PacketFence-users

Hi Leonardo,

In 'Bind DN' and 'Password' I have to enter the credentials generated by
the Google Workspace console -> Authentication section -> "Generate new
credentials". Quite right?

Yes. Correct..

In the 'Base DN' field I have entered the customer's domain in DN format,
i.e. the domain is schoolname.edu.it so in this field I have entered the
string: dc = schoolname, dc = edu, dc = it. Quite right?

*dc=schoolname,dc=edu,dc=it*

This is my setup in our campus with Google Workspace

'Host' = ldap.google.com on SSL port 636

'SSL Verify Mode' = none

'Dead duration' = 60

'Connection timeout' = 1

'Request timeout' = 5

'Response timeout' = 10

'Scope' = Subtree

'Search Attributes' = null

'Append search attributes' = null

'Email Attribute' = mail

'Cache match' = off

'Monitor' = on

'Shuffle' = off

'Associated Realms' = *I associated the realm created in the realm
"schoolname.edu.in "*

*Also I wanted to know what to put in the 'Username Attribute' field.*

*uid*

Hope it will help you...

Thanks
Thirunavukkarasu

On Fri, Jun 3, 2022 at 3:43 PM leonardo.izzo--- via PacketFence-users <
packetfence-users@lists.sourceforge.net> wrote:

> Hi, I would like to update you on the situation.
>
> With the configuration shown below, regardless of the value entered in the
> 'Username Attribute' field, by clicking on the 'Test' button the result is
> positive, therefore the parameters indicated are probably correct.
>
> On my pf server configured in inline mode, I created a connection profile
> having as source the local source configured with Google Workspace just
> tested correctly.
>
> In the captive portal that appears on the client side in the wifi on the
> inline network, I enter the credentials of a Google Workspace user, but
> unfortunately the error "Invalid login or password" comes out despite these
> credentials being correct (usern...@schoolname.edu. It).
>
> Can you help me? Thank you
>
>
>
>
>
> *Da:* leonardo.i...@itsinformatica.it 
> *Inviato:* venerdì 27 maggio 2022 15:17
> *A:* 'packetfence-users@lists.sourceforge.net' <
> packetfence-users@lists.sourceforge.net>
> *Oggetto:* Setting up a local source with Google Workspace
>
>
>
> Hello everyone, I have some doubts regarding some fields of the source in
> question.
>
>
>
> In 'Bind DN' and 'Password' I have to enter the credentials generated by
> the Google Workspace console -> Authentication section -> "Generate new
> credentials". Quite right?
>
> In the 'Base DN' field I have entered the customer's domain in DN format,
> i.e. the domain is schoolname.edu.it so in this field I have entered the
> string: dc = schoolname, dc = edu, dc = it. Quite right?
>
> 'Host' = ldap.google.com on SSL port 636
>
> 'SSL Verify Mode' = none
>
> 'Dead duration' = 60
>
> 'Connection timeout' = 1
>
> 'Request timeout' = 5
>
> 'Response timeout' = 10
>
> 'Scope' = Subtree
>
> 'Search Attributes' = null
>
> 'Append search attributes' = null
>
> 'Email Attribute' = mail
>
> 'Cache match' = off
>
> 'Monitor' = on
>
> 'Shuffle' = off
>
> 'Associated Realms' = nothing
>
> Also I wanted to know what to put in the 'Username Attribute' field.
>
>
>
> Thanks
>


> PacketFence-users mailing list
> PacketFence-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] R: Setting up a local source with Google Workspace

Re: [PacketFence-users] R: Setting up a local source with Google Workspace

Re: [PacketFence-users] R: Setting up a local source with Google Workspace

Re: [PacketFence-users] R: Setting up a local source with Google Workspace

Re: [PacketFence-users] R: Setting up a local source with Google Workspace

5 matches

Site Navigation

Mail list logo

Footer information