Authentication: Configurable RADIUS timeout
The RADIUS timeout setting is hardcoded, and can't be adjusted from the UI. Third part two factor authentication systems like PhoneFactor use "out of band" methods to complete authentication. Such schemes can take 20-30 seconds to complete an Auth. With the current hardcoded RADIUS timeout Astrado is not compatible with these solutions as the timeout needs to be set appropriately.
I would also find this feature to be extremely useful. The ability to extend the RADIUS timeout would be an indispensable feature for those trying to integrate external dual factor authentication to the UTM's services such as WebAdmin, User Portal, VPN, etc...Andrew's suggestion seems to work, but it appears that you have to reset the change after some upgrades otherwise the timeout is too short again if using some sort of push authentication.
Andrew G commented
I have at least received this from Sophos Support:
You may run: sudo vi /var/aua/AuaConfig.pm then edit the value for $radius_timeout.
***Please be informed that it is not adviseable to edit this settings and Sophos Support is not liable if in case there's an issue happened after updating this settings.***
Doing this has stopped the timeout error but I haven't quite gotten it working, it only works when it's already cached the previous radius authentication
Radek Hruby commented
Hi Sophos, this has been requested back in 2012 - is it that hard to implement such a small change that might make your system compatible with many dual factor authentications???
I would like use two factor also with PhoneFactor with Microsoft Azur application
Please can you add this functionality ASAP because other competing solutions have well this setting why not you ?
this would be really useful
Harrison Heck commented
In this day and age, this is a must. This should be a very high priority.
I second this request. We are forced to have two factor authentication and PhoneFactor is pretty easy to roll-out.
Steve T. commented
I would really like to implement Phonefactor with our Sophos UTM but the timeout issue appears to be the only roadblock.
I second this request. Most of the tow factor authentication methods we have looked at are not compatible with the ASG. Our client base is moving towards two factor authentication.