Hello Alfred, how would the reverse proxy help? Just by ensuring that there is always (as long as the reverse proxy works 😉) a response to the https request?
Thanks, Alex T-SYSTEMS AUSTRIA GESMBH PU Cyber Security Network Architecture Operation Manager Authentication Rennweg 97-99, A-1030 Vienna +43 57057 4320 (phone) +43 676 8642 4320 (mobile) E-mail: [email protected] Internet: www.t-systems.at Blog: blog.t-systems.at Social Media: Facebook, Linkedin, Twitter BIG CHANGES START SMALL – CONSERVE RESOURCES BY NOT PRINTING EVERY E-MAIL. **************************************************************************************************************** T-Systems Austria GesmbH, Rennweg 97-99, A-1030 Vienna Commercial Court Vienna, FN 79340b **************************************************************************************************************** Notice: This transmittal and/or attachments may be privileged or confidential. It is intended solely for the addressee named above. If you received this transmittal in error, please notify us immediately by reply and delete this message and all its attachments. Thank you. **************************************************************************************************************** ________________________________ Von: radiator <[email protected]> im Auftrag von Alfred Reibenschuh <[email protected]> Gesendet: Dienstag, 17. August 2021 11:26 An: [email protected] <[email protected]> Betreff: Re: [RADIATOR] AuthBy DUO issue hello seams like you are facing the same "uncooperative" upstream system issue i have had in the past. i have had similar problems with radius and other protocols, that radiator would mark all upstream servers offline and never recovering. i did not follow your complete conversation, but iirc DUO is http-based, so if your issue is ha-related you could get away with setting CheckTimerInterval to 0 and putting a reverse-proxy between radiator and DUO like NGINX (the community edition of nginx would be sufficient) Yours sincerely Alfred Reibenschuh Network Engineer (Management & Monitoring Architect) Unified Communication Services Network & Telecommunication AT Value Transformation Services GmbH An IBM Company Obere Donaustrasse 95 1020 Wien Phone: +43-1-2056320-143 Mobile: +43-664-3523820 mail: [email protected]<mailto:[email protected]> webex: https://ibm.webex.com/meet/alfred.reibenschuh_v-tservices Please consider the environment before printing this e-mail. This e-mail is confidential and may also contain privileged information. If you are not the intended recipient you are not authorized to read, print, save, process or disclose this message. If you have received this message by mistake, please inform the sender immediately and delete this e-mail, its attachments and any copies. Any use, distribution, reproduction or disclosure by any person other than the intended recipient is strictly prohibited and the person responsible may incur penalties. Thank you! Message: 1 Date: Mon, 16 Aug 2021 16:23:45 +0000 From: <[email protected]> To: <[email protected]>, <[email protected]> Subject: Re: [RADIATOR] AuthBy DUO issue Message-ID: <fr2p281mb05961db02c47793a3557fce8a5...@fr2p281mb0596.deup281.prod.outlook.com> Content-Type: text/plain; charset="windows-1252" Hi, that sounds like a sane solution. A simpler might be to mark Duo dead for a configurable number of seconds after which it's marked as alive again without a check. The next authentication would then either work or again trigger marking it as dead. Thanks, Alex T-SYSTEMS AUSTRIA GESMBH PU Cyber Security Network Architecture Operation Manager Authentication Rennweg 97-99, A-1030 Vienna +43 57057 4320 (phone) +43 676 8642 4320 (mobile) E-mail: [email protected] Internet: www.t-systems.at Blog: blog.t-systems.at Social Media: Facebook, Linkedin, Twitter BIG CHANGES START SMALL ? CONSERVE RESOURCES BY NOT PRINTING EVERY E-MAIL. **************************************************************************************************************** T-Systems Austria GesmbH, Rennweg 97-99, A-1030 Vienna Commercial Court Vienna, FN 79340b **************************************************************************************************************** Notice: This transmittal and/or attachments may be privileged or confidential. It is intended solely for the addressee named above. If you received this transmittal in error, please notify us immediately by reply and delete this message and all its attachments. Thank you. **************************************************************************************************************** ________________________________ Von: radiator <[email protected]> im Auftrag von Heikki Vatiainen <[email protected]> Gesendet: Mittwoch, 14. Juli 2021 20:26 An: [email protected] <[email protected]> Betreff: Re: [RADIATOR] AuthBy DUO issue On 13.7.2021 18.05, [email protected] wrote: > We've encountered another issue today: when CheckTimerInterval is > configured to 0, to disable the periodic DUO API check which fills our > log and generated unnecessary traffic and load, the API never recovers > when marked as dead. That seems to be correct, but likely not expected. > Do you have a suggestion how to solve this besides configuring > CheckTimerInterval for something else? Currently there is nothing to solve this. A strategy, such as starting the poll timer when the API is down and letting it poll until it's up, would be needed. If you have a preferred idea, please let us know. Thanks, Heikki -- Heikki Vatiainen <[email protected]> Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, TACACS+, PAM, Active Directory, EAP, TLS, TTLS, PEAP, WiMAX, RSA, Vasco, Yubikey, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, etc. _______________________________________________
_______________________________________________ radiator mailing list [email protected] https://lists.open.com.au/mailman/listinfo/radiator
