freeradius-oauth2-perl icon indicating copy to clipboard operation
freeradius-oauth2-perl copied to clipboard

Published 20 hours ago verified publisher icon jimdigriz

logging severity to highlight problems

Open jimdigriz opened this issue 2 years ago • 2 comments

From https://lists.freeradius.org/pipermail/freeradius-users/2022-March/101576.html by @drthiruna

rlm_perl: oauth2 worker (tanuvas.edu.in): supervisor started (tid=1)
rlm_perl: oauth2 worker (tanuvas.edu.in): fetching discovery document
Waking up in 0.4 seconds.
rlm_perl: oauth2 worker (tanuvas.edu.in): started (tid=2)
rlm_perl: oauth2 worker (tanuvas.edu.in): sync
rlm_perl: oauth2 worker (tanuvas.edu.in): sync users
rlm_perl: oauth2 worker (tanuvas.edu.in): users page
rlm_perl: oauth2 worker (tanuvas.edu.in): fetching token
rlm_perl: oauth2 worker (tanuvas.edu.in): token failed: 401 Unauthorized
Waking up in 0.7 seconds.
Use of uninitialized value $v in concatenation (.) or string at
/usr/local/pf/lib_perl/lib/perl5/Net/HTTP/Methods.pm line 167.
rlm_perl: oauth2 worker (tanuvas.edu.in): users failed: 400 Bad Request
rlm_perl: oauth2 worker (tanuvas.edu.in): sync groups
rlm_perl: oauth2 worker (tanuvas.edu.in): groups page
rlm_perl: oauth2 worker (tanuvas.edu.in): fetching token
rlm_perl: oauth2 worker (tanuvas.edu.in): token failed: 401 Unauthorized
rlm_perl: oauth2 worker (tanuvas.edu.in): groups failed: 500 Can't connect
to graph.microsoft.com:443 (SSL connect attempt failed error:27069065:OCSP
routines:OCSP_basic_verify:certificate verify error)
Thread 2 terminated abnormally: token (tanuvas.edu.in): 500 Can't connect
to graph.microsoft.com:443 (SSL connect attempt failed error:27069065:OCSP
routines:OCSP_basic_verify:certificate verify error) at
/usr/local/pf/raddb/mods-config/perl/oauth2.pm line 191.
rlm_perl: oauth2 worker (tanuvas.edu.in): died, sleeping for 0 seconds
rlm_perl: oauth2 worker (tanuvas.edu.in): started (tid=3)
rlm_perl: oauth2 worker (tanuvas.edu.in): sync
rlm_perl: oauth2 worker (tanuvas.edu.in): sync users
rlm_perl: oauth2 worker (tanuvas.edu.in): users page
rlm_perl: oauth2 worker (tanuvas.edu.in): fetching token

...also fix passing junk to Net::HTTP.

jimdigriz avatar Mar 18 '22 10:03 jimdigriz

@drthiruna looks like the credentials used speaking to Azure AD are bad, you need to get those fixed.

jimdigriz avatar Mar 18 '22 10:03 jimdigriz

The MS O365 support team messaged me that, Azure AD integration with enterprise applications like PF can do only with the subscription of Azure AD Services. This is not available for Azure AD Free (O365 Education)

drthiruna avatar Dec 07 '22 10:12 drthiruna