[RADIATOR] Timeout setting for Authby GROUP ?

Markus Moeller huaraz at moeller.plus.com
Sun Feb 21 05:55:09 CST 2010 

Hi Hugh,

    I use Authby PAM with pam_krb5 to authenticate against AD.   There are 
cases where finding the servers is delayed (e.g. DNS problem or AD is 
unavailable.).  As I have more than one AD domain I have to check each 
seperatly (usernames are guarantueed to be unique over the domains)

 <AuthBy GROUP>
         Identifier MyAuthentication
         AuthByPolicy ContinueUntilAccept
         AuthBy PAM_domain1
         AuthBy PAM_domain2
         AuthBy ...
 </AuthBy>

The overall time shouldn't be over 10 sec. So if the first domain has a 
problem all users have a problem. Unfortunately I can not use a REALM to 
differentiate the user and use seperate AuthBy groups.

I haven't tried AuthBy Krb5 yet, but I think PAM and Krb5 do not have a 
timeout option.

Regards
Markus

----- Original Message ----- 
From: "Hugh Irvine" <hugh at open.com.au>
To: "Markus Moeller" <huaraz at moeller.plus.com>
Cc: <radiator at open.com.au>
Sent: Saturday, February 20, 2010 10:42 PM
Subject: Re: [RADIATOR] Timeout setting for Authby GROUP ?



Hello Markus -

You don't say what type of AuthBy the group members are.

What are Auth1, Auth2, Auth3?

Most AuthBy clauses have Timeout settings, although the AuthBy GROUP itself 
does not.

regards

Hugh


On 20 Feb 2010, at 23:03, Markus Moeller wrote:

>
> HI,
>
>   Is there a way to set a timout per Authby statement in an Authby group ?
>
>   If I define an Authby group as below I know that my radius/tacacs client 
> has a timeout of 10 sec.  Can I say that if Authby Auth1 takes longer then 
> 3sec try AuthBy Auth2 and so on ?
>
> <AuthBy GROUP>
>         Identifier MyAuthentication
>         AuthByPolicy ContinueUntilAccept
>         AuthBy Auth1
>         AuthBy Auth2
>         AuthBy Auth3
> </AuthBy>
> How do other Radiator users manage timout issues in AuthBy groups ?
>
> Thank you
> Markus
> _______________________________________________
> radiator mailing list
> radiator at open.com.au
> http://www.open.com.au/mailman/listinfo/radiator



NB:

Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive 
(www.open.com.au/archives/radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
Includes support for reliable RADIUS transport (RadSec),
and DIAMETER translation agent.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.

More information about the radiator mailing list