On Apr 30, 2021, at 10:52 AM, Fatih Boy <fatih@encbulut.com> wrote:
In fact, I was using exec modüle to trigger an validation phone call (IVR/IVN) and wait for the response. Since validation may take some time longer than 30sec, exec command returns with timeout error and user gets rejected.
Since perl module doesn't have a timeout value, I thought switching to it will some the problem.
No. The server still has "max_request_time". It will stop any request which takes more than 30 seconds. The solution to a crappy back-end is not to make FreeRADIUS wait longer. The solution is to fix the back-end so that it takes less time. If the back-end involves a human phone call.. then just stop doing that. Use another method. RADIUS does *not* work with 30+ second delays for authentication. This is a fundamental limitation of *everything* in RADIUS. NAS, GGSN, BNG, all RADIUS servers, etc. You cannot work around this problem by switching to Perl, or by changing max_request_time. Your solution simply will not work if it takes more than 30 seconds. Alan DeKok.