This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Make radius timeout value persistent across updates

I use an external radius authentication that takes longer than the default 3 seconds to send, receive, and pass OK.  I usually have that set to 30 in the config file (AUAconfig.pm?).  Not lately, but in the past, updates might reset that value to 3 and I forget to check sometimes.  Is there a way to make that change persistent?  I could not find a cc command that matched.

I am using UTM Home 9.355-1 (latest).



This thread was automatically locked due to age.
  • Interesting, Darrell - where is the config file for RADIUS?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • It is the radius timeout entry in /var/aua/AuaConfig.pm:

    # Wait timeouts
    #
    our $handle_client_timeout   = 5;
    our $shutdown_client_timeout = 2;
    our $radius_timeout          = 30;
    our $tacacs_timeout          = 30;
    our $ldap_connection_timeout = 10;
    our $ldap_search_timeout     = 10;
    our $ldap_bind_timeout       = 10;

    It is the radius_timeout I have changed from 3 to 30.  It has been a while since it was an issue, but I would typically not notice until I could not authenticate remotely (home user) :).


    Sorry for the slow reply.

  • Thanks, Darrell - great contribution!

    I tried this and found that the file name ends with a .pm instead of .pem so I edited your post to correct that.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Thanks Bob.  Sorry I missed that, too much certificate work lately I guess...

  • I'm not a linux scripter, but someone with that skill could craft a sed to make that replacement and you could then add it to /etc/crontab-static using @reboot.  As an example, where I have clients with Sophos APs, I added the following line last year to deal with a temporary bug:

    @reboot root /sbin/ethtool -K wlan0 tso off && date>/home/ethtoolran

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Thanks for this.  I was hoping for something more "official" when I saw someone else's post using the cc commands.  I may look and hacking something together.  It has not been an issue in the last several updates, but that may just be luck that the auth pkgs were included in the updates.  Knowing which crontab will get me to the same place!

  • Hi Guys,

    thanks for the information.