[RADIATOR] AuthBy DUO issue

Alexander.Hartmaier at t-systems.com Alexander.Hartmaier at t-systems.com
Thu May 27 11:58:16 UTC 2021


I've tracked down the issue to the poke call at the beginning of checkForResponses which doesn't return for half a minute sometimes::q

00000000 Thu May 27 11:24:19 2021: DEBUG: before poke
00000000 Thu May 27 11:24:19 2021: DEBUG: after poke
00000000 Thu May 27 11:24:19 2021: DEBUG: after while loop: 0
00000000 Thu May 27 11:24:19 2021: DEBUG: before poke
00000000 Thu May 27 11:24:52 2021: DEBUG: after poke
00000000 Thu May 27 11:24:52 2021: DEBUG: 200 OK

Digging deeper revealed _process_in_progress is the function called by poke which doesn´t return in a timely manner.

Is this a known issue?
Is forking recommended for AuthBy DUO? So far we don´t have Fork in use.

Thanks, Alex

T-SYSTEMS AUSTRIA GESMBH
PU Cyber Security
Network Architecture
Operation Manager Authentication
Rennweg 97-99, A-1030 Vienna
+43 57057 4320 (phone)
+43 676 8642 4320 (mobile)
E-mail: alexander.hartmaier at t-systems.com
Internet: www.t-systems.at
Blog: blog.t-systems.at
Social Media: Facebook, Linkedin, Twitter

BIG CHANGES START SMALL – CONSERVE RESOURCES BY NOT PRINTING EVERY E-MAIL.

****************************************************************************************************************
T-Systems Austria GesmbH, Rennweg 97-99, A-1030 Vienna
Commercial Court Vienna, FN 79340b
****************************************************************************************************************
Notice: This transmittal and/or attachments may be privileged or confidential. It is
intended solely for the addressee named above. If you received this transmittal in error,
please notify us immediately by reply and delete this message and all its attachments.
Thank you.
****************************************************************************************************************
________________________________
Von: radiator <radiator-bounces at lists.open.com.au> im Auftrag von Hartmaier, Alexander <alexander.hartmaier at t-systems.com>
Gesendet: Donnerstag, 27. Mai 2021 12:52
An: radiator at lists.open.com.au <radiator at lists.open.com.au>
Betreff: [RADIATOR] AuthBy DUO issue

Hi,
today we experienced an issue where two handlers using AuthBy DUO blocked a whole radiator instance.
It seems to be triggerend when a user doesn't response to the push notification.
As Radiator is using HTTP::Async this shouldn't happen.
A packet capture of the Duo https api calls and level 5 Radiator trace shows that the response to the POST takes 60 seconds and contains the status_msg: "Login timed out.".
During those 60 seconds no other radius requests are handled.

This instance is running Debian 10 with the radiator_4.25-5_all.deb and radiator-radius-utilxs_2.3-1.buster_amd64.deb packages.

Any ideas what's causing this? I'm out of ideas after reading lots of HTTP::Async and Radiator source code.

What I noticed it that the level 5 LOG_EXTRA_DEBUG messages are missing the LogTraceId value.

Thanks, Alex

T-SYSTEMS AUSTRIA GESMBH
PU Cyber Security
Network Architecture
Operation Manager Authentication
Rennweg 97-99, A-1030 Vienna
+43 57057 4320 (phone)
+43 676 8642 4320 (mobile)
E-mail: alexander.hartmaier at t-systems.com
Internet: www.t-systems.at
Blog: blog.t-systems.at
Social Media: Facebook, Linkedin, Twitter

BIG CHANGES START SMALL – CONSERVE RESOURCES BY NOT PRINTING EVERY E-MAIL.

****************************************************************************************************************
T-Systems Austria GesmbH, Rennweg 97-99, A-1030 Vienna
Commercial Court Vienna, FN 79340b
****************************************************************************************************************
Notice: This transmittal and/or attachments may be privileged or confidential. It is
intended solely for the addressee named above. If you received this transmittal in error,
please notify us immediately by reply and delete this message and all its attachments.
Thank you.
****************************************************************************************************************
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.open.com.au/pipermail/radiator/attachments/20210527/6d429a68/attachment-0001.html>


More information about the radiator mailing list