Hello Sergiy,
Sergiy Genyuk via FreeIPA-users <[email protected]>
writes:
> I have setup radius proxy (DUO) and associate user with it. Everything works
> except radius
> timeout. It is 5 seconds and you have to be blazing fast to push the button
> :-)
> I did adjust radius timeout in freeipa to 30 seconds but it is still 5
> seconds. As well I
> have tried a trick with krb.conf [otp] settings, same still 5 seconds.
> Please point me to proper way to change radius timeout.
I had a similar problem some time ago. In my case FreeIPA did a DNS
query for the RADIUS server IP address. The answer was IPv6, but
freeradius didn't listen for IPv6. So FreeIPA did a retry with IPv4
after 5 or 6 seconds. I did see that when sniffing radius traffic on my
radius server.
Here's the diff for my configuration:
diff --git a/freeradius/radiusd.conf b/freeradius/radiusd.conf
index d80312e..85669c4 100644
--- a/freeradius/radiusd.conf
+++ b/freeradius/radiusd.conf
@@ -354,6 +354,18 @@ listen {
# clients = per_socket_clients
}
+listen {
+ ipv6addr = ::
+ port = 0
+ type = auth
+}
+listen {
+ ipv6addr = ::
+ port = 0
+ type = acct
+}
I can't find the original thread in the archive, but check with "tcpdump
-i <dev> port 1812" if you see a failed attempt with IPv6 on your radius
server followed some seconds later with IPv4.
Jochen
--
This space is intentionally left blank.
_______________________________________________
FreeIPA-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/[email protected]
