We are using Google Apps for SSO authentication when a user connects to the VPN.
We have 30+ users that are using the Pritunl client without issue, but one client is not able to authenticate even though he is set up in the same way as the others.
In the audit log, we see this:
User disconnected from "all-staff"
109.157.xx.xx
2:10 pm - Apr 2 2024
User connection to "all-staff" denied. Too many authentication attempts
109.157.xx.xx
2:09 pm - Apr 2 2024
User disconnected from "all-staff"
109.157.xx.xx
2:09 pm - Apr 2 2024
User connected to "all-staff"
109.157.xx.xx
2:09 pm - Apr 2 2024
User disconnected from "all-staff"
[snip]
And in the system log, we see a more verbose error:
What does this relate to? These are “groups” that the user is associated with on the Google Workspace side… but what is it trying to associate them to on the Pritunl side?
All other users are also in the same groups above and they connect just fine.
Run sudo pritunl clear-auth-limit and check the top right logs for authentication errors. If the limit error occurs again run sudo pritunl set app.auth_limiter_count_max 90.
Thanks, tried this but the same issue. I think the aut hlimit is being reached due to the issue with the “orgs/groups” matching issue above… generally other users can connect fine so is there something specific I need to fix to allow this person to connect?
When a user logs into the web console Pritunl will take the supplied groups from Google and attempt to match one to an existing organization. If one matches the user will be added to that organization. If there is no match the user will be added to the default organization set in the top right settings. The log message only indicates no match was found and the user is being added to the default organization. This log message is also for a login to the web console to import the profile, the error in the audit logs is for a connection to a VPN server. The two log messages are likely unrelated.
It is likely an issue causing frequent reconnections, this should be fixed first. Check the RHEL connection fix documentation, that issue will cause connections to be dropped shortly after connecting.