search

FreeRADIUS / pam_radius

This is the PAM to RADIUS authentication module. It allows any Linux, OSX or Solaris machine to become a RADIUS client for authentication and password change requests.
GNU General Public License v2.0
102 stars 90 forks source link

About Radius Server Returned time out problem #71

Open DanivosYoun opened 1 year ago

DanivosYoun commented 1 year ago

Hi Contributors

I got some problem with Pam_Radius_auth,

I configured, Server(pam_radius_auth) -> Microsoft NPS (With Azure MFA Extension)

Auth flow

Try to login pam_radius_auth sent request code 1-> MS NPS received request -> send to Azure MFA -> MS Authenticator Push -> MS NPS Radius -> Response code 2 -> pam_radius_auth Auth Success,

when user clicked MS Authenticator Push with out delay it works perfect

but when, MS Authenticator Push clicked Permit with few delays (about 3~5s ) & auth failed & retry Auth request (on pam_radius.conf timeout parameter 20) ---------- Logs -------------- Apr 14 00:05:41 prd-was sshd[537431]: pam_radius_auth: Got user name twyoun Apr 14 00:05:41 prd-was sshd[537431]: pam_radius_auth: ignore last_pass, force_prompt set Apr 14 00:05:44 prd-was sshd[537431]: pam_radius_auth: Sending RADIUS request code 1 Apr 14 00:05:44 prd-was sshd[537431]: pam_radius_auth: DEBUG: get_ipaddr(.**..*) returned 0. Apr 14 00:06:04 prd-was sshd[537431]: pam_radius_auth: RADIUS server (*...) failed to respond Apr 14 00:06:24 prd-was sshd[537431]: pam_radius_auth: RADIUS server (.**..***) failed to respond Apr 14 00:06:27 prd-was sshd[537431]: pam_radius_auth: Got RADIUS response code 2 Apr 14 00:06:27 prd-was sshd[537431]: pam_radius_auth: authentication succeeded

alandekok commented 1 year ago

What does the conf file look like?

The code to parse timeout is pretty simple. There's not a lot which can go wrong here.