'Re: pam_radius_auth delay'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       freeradius-users
Subject:    Re: pam_radius_auth delay
From:       Steve Phillips <steve () focb ! co ! nz>
Date:       2017-04-29 0:58:53
Message-ID: 2835228E-E742-4C58-ADD0-39DF849ABA99 () focb ! co ! nz
[Download RAW message or body]

[Attachment #2 (multipart/signed)]


Ahh, wait - bad form replying to myself I know, but realise what you just mentioned \
was the host generating the query.

I'll look into this and ensure there is a PTR entry, but I'm pretty sure there was.

Of note though, surely the system would just use the 'hostname' to populate this \
rather than trying to do a PTR lookup?

-- 
Steve.

On 29/04/2017, 10:54 AM, "Freeradius-Users on behalf of Steve Phillips" \
<freeradius-users-bounces+steve=focb.co.nz@lists.freeradius.org on behalf of \
steve@focb.co.nz> wrote:

    Hey Matthew,
    
    The delay happens if I use an IP address or a FQDN, and whether the FQDN is in \
the DNS system (of which there are two servers on the same subnet/switch) or if it is \
in my /etc/hosts file. This was one my original thoughts as well as generally delays \
like this are due to some form of timeout - but there doesn't seem to be anything in \
the logs indicating a timeout.  
    -- 
    Steve.
    
    On 28/04/2017, 8:10 PM, "Freeradius-Users on behalf of Matthew Newton" \
<freeradius-users-bounces+steve=focb.co.nz@lists.freeradius.org on behalf of \
mcn4@leicester.ac.uk> wrote:  
        Given that between these two log lines
        
        On Fri, Apr 28, 2017 at 04:35:21PM +1000, Steve Phillips wrote:
        > Apr 28 16:09:40 bastion sshd[9197]: pam_radius_auth: ignore last_pass, \
force_prompt set  
        <here>
        
        > Apr 28 16:10:00 bastion sshd[9197]: pam_radius_auth: Sending RADIUS request \
code 1  
        there is a call to add a RADIUS attribute with details of the
        remote host the user is connecting from, I would suspect that
        there is a missing reverse DNS entry for it.
        
        Matthew
        
        
        -- 
        Matthew Newton, Ph.D. <mcn4@leicester.ac.uk>
        
        Systems Specialist, Infrastructure Services,
        I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
        
        For IT help contact helpdesk extn. 2253, <ithelp@le.ac.uk>
        -
        List info/subscribe/unsubscribe? See \
                http://www.freeradius.org/list/users.html
    -
    List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


["smime.p7s" (application/pkcs7-signature)]
[Attachment #6 (text/plain)]

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic