Hello Sergiy,
Sergiy Genyuk via FreeIPA-users <freeipa-users(a)lists.fedorahosted.org>
writes:
I have setup radius proxy (DUO) and associate user with it.
Everything works except radius
timeout. It is 5 seconds and you have to be blazing fast to push the button :-)
I did adjust radius timeout in freeipa to 30 seconds but it is still 5 seconds. As well
I
have tried a trick with krb.conf [otp] settings, same still 5 seconds.
Please point me to proper way to change radius timeout.
I had a similar problem some time ago. In my case FreeIPA did a DNS
query for the RADIUS server IP address. The answer was IPv6, but
freeradius didn't listen for IPv6. So FreeIPA did a retry with IPv4
after 5 or 6 seconds. I did see that when sniffing radius traffic on my
radius server.
Here's the diff for my configuration:
diff --git a/freeradius/radiusd.conf b/freeradius/radiusd.conf
index d80312e..85669c4 100644
--- a/freeradius/radiusd.conf
+++ b/freeradius/radiusd.conf
@@ -354,6 +354,18 @@ listen {
# clients = per_socket_clients
}
+listen {
+ ipv6addr = ::
+ port = 0
+ type = auth
+}
+listen {
+ ipv6addr = ::
+ port = 0
+ type = acct
+}
I can't find the original thread in the archive, but check with "tcpdump
-i <dev> port 1812" if you see a failed attempt with IPv6 on your radius
server followed some seconds later with IPv4.
Jochen
--
This space is intentionally left blank.