Greetings FR-users,
I am running 3.0.17.
I've got a question about my radius deployment...
Our institution is proxying auth requests to a Duo enabled RADIUS server
off site. Due to the delay in the WAN, plus the human delay of the 2FA I
would like to have an appropriate configured timeout for the proxy. I am
thinking 60 seconds. Is that value too large?
Attempting to change the timeout for the proxy yields a message that I
cannot set the value to 60 seconds:
WARNING: Ignoring "response_window = 60.000000", forcing to
"response_window = 30.000000"
Here is my config:
home_server radius_1 {
type = auth
ipaddr = 10.0.0.1
secret = REMOVED
require_message_authenticator = yes
response_window = 60
}
According to the docs it looks like it should accept 60:
# The response window can be a number between 0.001 and 60.000
# Values on the low end are discouraged, as they will likely
# not work due to limitations of operating system timers.
#
# The default response window is large because responses may
# be slow, especially when proxying across the Internet.
#
# Useful range of values: 5 to 60
response_window = 30
Is response_window the right config parameter for adjusting the proxy
timeout?
Is the 30 second limitation a bug? or is the documentation wrong? Or is the
issue corrected in a more recent release?
Thanks for the help!
-m
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
Locked
