Re: [PacketFence-users] Radius Authentication Source Timeout for 2FA

[Benjamin Shirley - Simplicity via PacketFence-users]

Hi Fabrice,   thanks for getting back to me. I have tried the settings but that does not solve the problem. Raddebug shows following information:   (8) Fri Apr 15 03:45:53 2022: Debug: Finished request (7) Fri Apr 15 03:45:56 2022: ERROR: rest: Request failed: 28 - Timeout was reached (7) Fri Apr 15 03:45:56 2022: ERROR: rest: Server returned no data (7) Fri Apr 15 03:45:56 2022: Debug:       [rest] = fail (7) Fri Apr 15 03:45:56 2022: Debug:     } # if (! EAP-Type || (EAP-Type != TTLS  && EAP-Type != PEAP) )  = fail (7) Fri Apr 15 03:45:56 2022: Debug:   } # post-auth = fail (7) Fri Apr 15 03:45:56 2022: Debug: Using Post-Auth-Type Reject (7) Fri Apr 15 03:45:56 2022: Debug: # Executing group from file /usr/local/pf/raddb/sites-enabled/packetfence     Hope this information is any good!   Kind regards Benjamin         Benjamin Shirley . simplicity networks GmbH   Heinrich-Hertz-Straße 2 . 59302 Oelde . Phone: +49 2522 8330 3124 . Mobile: +49 170 9496681 E-Mail: b.shir...@simplicity.ag . Web: www.simplicity.ag USt-IdNr DE 210993280 . HRB 14936 Münster . Managing Director: Stefan Leewe  We operate for OPUS and someday Think before you print!       Von: Fabrice Durand <oeufd...@gmail.com> Datum: Freitag, 15. April 2022 um 03:18 An: packetfence-users <packetfence-users@lists.sourceforge.net> Cc: Benjamin Shirley <b.shir...@simplicity.ag> Betreff: Re: [PacketFence-users] Radius Authentication Source Timeout for 2FA   Hello Benjamin,   first you need to raise the timeout value of the radius-auth service. You should be able to do it there:   https://github.com/inverse-inc/packetfence/blob/devel/conf/radiusd/auth.conf.example#L23   and add that:   ``` limit {       max_connections = 16       lifetime = 0       idle_timeout = 60 } ```   you probably have to add an option to the duo radius source too, like:   response_timeouts = 30   if it still not work then run raddebug to see where in freeradius it timeout.   raddebug -f /usr/local/pf/var/run/radiusd.sock -t 3000   Regards Fabrice   Le jeu. 14 avr. 2022 à 14:22, Benjamin Shirley - Simplicity via PacketFence-users <packetfence-users@lists.sourceforge.net> a écrit : Hi @all, trying to bypass an issue i'm having using 2 different radius server (packetfence / duo authproxy) one for admin login purpose (DUO 2FA) and the other beeing packetfence for MAB in our network environment - which is a known bug in Dell OS6 Network Operating System - I had the idea to simply add the Duo Authproxy as an Radius Authentication Source in Packetfence meaning I only have to configure  1 radius authentication server on our switches. It works! I am able to proxy the authentication to the DUO Authproxy from within PF but there is a tiny problem I am not able to overcome and kindly ask for help.   The problem is that RADIUS Authentication for the Shell-Access in PF times out so quickly I am hardly able to tap the push notification, open the DUO App and Confirm the Login Proccess, regardless to say that authentication via Phone Call will be impossible.   Is there a way to configure a higher value of lets say 15 seconds somewhere maybe only for this one Authentication Source which is only used for the purpose of  2FA to our switches?? Kind Regards Benjamin     Benjamin Shirley . simplicity networks GmbH   Heinrich-Hertz-Straße 2 . 59302 Oelde . Phone: +49 2522 8330 3124 . Mobile: +49 170 9496681 E-Mail: b.shir...@simplicity.ag . Web: www.simplicity.ag USt-IdNr DE 210993280 . HRB 14936 Münster . Managing Director: Stefan Leewe  We operate for OPUS and someday   Think before you print!       _______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users

smime.p7s
Description: S/MIME cryptographic signature

_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users