On Wed, Sep 14, 2016 at 4:58 PM, Nux! <nux at li.nux.ro> wrote: > Hello, > While getting PAM to talk to both Radius and Duo is still not solved, I managed to install the Duo proxy software which acts like a local RADIUS client; in the background it checks both our RADIUS server in the LAN and DUO's 2FA service. > > All good and well, I can connect with my RADIUS password and the DUO application on my mobile asks for approval, but unless I'm really quick with the approval the auth fails. It must be something like 5 seconds max. > I tried specifying "auth-timeout = 30" in ocserv.conf to give me more time, but it doesn't seem to fix the issue. > > Any ideas? > > ocserv[7916]: radius-auth: communicating username (foobar) and password > ocserv[7922]: common.c:609: recvmsg: Connection timed out > ocserv[7922]: worker: 172.16.5.34 worker-auth.c:688: error receiving auth reply message That seems to be in the communication between the worker process and the security module process. I guess that you have to type your reply before the worker thinks that the security module is stuck providing its response, that's by default 10 secs. Does this address your issue? https://gitlab.com/ocserv/ocserv/commit/ede5d97be86cf94f5e88cccc850f3626295f9028 regards, Nikos