Add a knob in the GUI to set the RADIUS authentication timeout. Previous default was 3s, new is 5s. When using two-factor auth via external (e.g. phone), this needs to be set much higher, 60-120.

author: jim-p <jimp@pfsense.org> 2013-02-13 15:54:27 -0500
committer: jim-p <jimp@pfsense.org> 2013-02-13 15:55:55 -0500
commit: bddd2be844d8f485ef41145c6384b7cacb74a944 (patch)
tree: dce329c6884c29aa7d7a7826826e1cd9fcb76032 /etc/inc/auth.inc
parent: bcb165e66b703bbfa273b7d6317ad952ac07b7e1 (diff)
download: pfsense-bddd2be844d8f485ef41145c6384b7cacb74a944.zip
pfsense-bddd2be844d8f485ef41145c6384b7cacb74a944.tar.gz
1 files changed, 5 insertions, 2 deletions
diff --git a/etc/inc/auth.inc b/etc/inc/auth.inc
index 56a55eb..d59ee70 100644
--- a/etc/inc/auth.inc
+++ b/etc/inc/auth.inc
@@ -1146,12 +1146,15 @@ function radius_backed($username, $passwd, $authcfg, &$attributes = array()) {
 		$radiusservers[0]['ipaddr'] = $authcfg['host'];
 		$radiusservers[0]['port'] = $authcfg['radius_auth_port'];
 		$radiusservers[0]['sharedsecret'] = $authcfg['radius_secret'];
+		$radiusservers[0]['timeout'] = $authcfg['radius_timeout'];
 	} else
 		return false;
 
 	/* Add a new servers to our instance */
-	foreach ($radiusservers as $radsrv)
-		$rauth->addServer($radsrv['ipaddr'], $radsrv['port'], $radsrv['sharedsecret']);
+	foreach ($radiusservers as $radsrv) {
+		$timeout = (is_numeric($radsrv['timeout'])) ? $radsrv['timeout'] : 5;
+		$rauth->addServer($radsrv['ipaddr'], $radsrv['port'], $radsrv['sharedsecret'], $timeout);
+	}
 
 	if (PEAR::isError($rauth->start())) {
 		$retvalue['auth_val'] = 1;
author	jim-p <jimp@pfsense.org>	2013-02-13 15:54:27 -0500
committer	jim-p <jimp@pfsense.org>	2013-02-13 15:55:55 -0500
commit	bddd2be844d8f485ef41145c6384b7cacb74a944 (patch)
tree	dce329c6884c29aa7d7a7826826e1cd9fcb76032 /etc/inc/auth.inc
parent	bcb165e66b703bbfa273b7d6317ad952ac07b7e1 (diff)
download	pfsense-bddd2be844d8f485ef41145c6384b7cacb74a944.zip pfsense-bddd2be844d8f485ef41145c6384b7cacb74a944.tar.gz