Hello Herman,
thanks for the hint to get this clean.
Indeed this was a problem due to a perl module, used. (Unfortunately at
the moment I do not remember which one).
This is not valid anymore for a system running ubuntu 14.04 or systems
“with similar module versions”.
I just ran a test with three parallel scripts issuing RADIUS requests
continously. I ended up with 5 requests per second on my local machine
and experienced no problems anymore.
So you may also omit the -t switch.
(I will have to adapt the documentation)
The HA setup will use a common database. Two privacyIDEA systems will
connect to the same database (or DB cluster). Each RADIUS server will
connect to a privacyIDEA server.
You RADIUS client can do a round robin on the two radius servers.
Kind regards
CorneliusAm Montag, den 22.06.2015, 01:39 -0700 schrieb Herman Cuppens:
Thanks for your info,
I see this note at
14. Application Plugins — privacyIDEA 3.8 documentation,
"Note
The perl module is not thread safe, so you need to start FreeRADIUS
with the -t switch.
You can test the RADIUS setup using a command like this:
"
but I am afraid I do not understand the possible impact:
does this mean we are “limited” to a single thread and
what about a clustered setup for HA for example - is this possible
with privacyIdea and tokendb, FreeRadius on 2 node cluster, using
this perl_module ?
kind regards,
Herman
On Friday, June 19, 2015 at 3:58:44 PM UTC+2, Cornelius Kölbel wrote:
See this
http://privacyidea.readthedocs.org/en/latest/application_plugins/radius.html?highlight=radius
For how to test your radius setup.
Kind regards
cornelius
Cornelius Kölbel
Corneliu...@netknights.it
+49 151 2960 1417
NetKnights GmbH
http://netknights.it
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798
Amtsgericht Kassel, HRB 16405
Geschäftsführer: Cornelius Kölbel
-------- Ursprüngliche Nachricht --------
Von: Herman Cuppens <cup...@gmail.com>
Datum: 19.06.2015 14:54 (GMT+01:00)
An: priva...@googlegroups.com
Betreff: LDAP and Google-authentication in VPN with qr-code
showing
Hello,
we would like our users to access a VPN with 2FA: LDAP and
TOTP (Google-authentication).
The VPN device will probably be a Cisco and I am only familiar
myself with the cisco-vpn desktop client.
I am trying to imagine how we can present to the user a form
where he/she can enter the LDAP-credentials (AD) and the
qr-code for google-authenticator.
Is there somewhere a step by step guide or demo to show how
this practically gets presented to the enduser ?
Currently I have privacyIdea and Freeradius installed, but I
cannot find doc that explians how the configure a Cisco-client
for 2fa (challenge response mode)?
kind regards,
Herman
–
Cornelius Kölbel
@cornelinux
+49 151 2960 1417
NetKnights GmbH
http://www.netknights.it
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798
Amtsgericht Kassel, HRB 16405
Geschäftsführer: Cornelius Kölbel
signature.asc (819 Bytes)