https://community.cisco.com/t5/managing-users/radius-client-host-must-be-an-ip-address/m-p/4880429#M596 <DIV class="duo-migrated-content"><P>Hi <A class="mention" href="https://community.duo.com/u/jozefrebjak">@jozefrebjak</A> ,</P> <P>Using hostnames in the <CODE>host</CODE> config for the <CODE>[radius_client]</CODE> section is currently not supported and will cause the <A href="https://duo.com/docs/authproxy-reference#using-the-connectivity-tool" rel="noopener nofollow ugc">Connectivity Tool</A> to error.</P> <P>Please feel free to submit this and any future Feature Request via your Duo Account Executive, Customer Success Manager (if applicable), or our <A href="https://duo.com/support" rel="noopener nofollow ugc">Support Team</A>.</P> <P>Thank you!</P></DIV> Fri, 27 Jan 2023 21:22:53 GMT DuoPablo 2023-01-27T21:22:53Z https://community.cisco.com/t5/managing-users/radius-client-host-must-be-an-ip-address/m-p/4880428#M595 <DIV class="duo-migrated-content"><P>Is there any reason why <CODE>host</CODE> in <CODE>radius_client</CODE> must be an IPv4 Address ? As I can see with <CODE>ad_client</CODE> is possible to specify <STRONG>Hostname.</STRONG></P> <P>In <A href="https://duo.com/docs/authproxy-reference" rel="noopener nofollow ugc">reference</A> is described Host within <CODE>ad_client</CODE></P> <P><CODE>host</CODE></P> <P><STRONG>The hostname</STRONG> or IP address of your domain controller or directory server. If this host doesn’t respond to a primary authentication request and no additional hosts are specified (as <CODE>host_2</CODE> , <CODE>host_3</CODE> , etc.) then the user’s login attempt fails.</P> <P>But with <CODE>radius_client</CODE> it’s:</P> <P><CODE>host</CODE></P> <P>The IP address of your primary RADIUS server. If this host doesn’t respond to a primary authentication request and no additional hosts are specified (as <CODE>host_2</CODE>, <CODE>host_3</CODE>, etc.) then the user’s login attempt fails.</P> <P>We would like to have an option to specify <STRONG>Hostname</STRONG> with Radius as well.</P></DIV> Thu, 26 Jan 2023 16:45:23 GMT https://community.cisco.com/t5/managing-users/radius-client-host-must-be-an-ip-address/m-p/4880428#M595 jozefrebjak 2023-01-26T16:45:23Z https://community.cisco.com/t5/managing-users/radius-client-host-must-be-an-ip-address/m-p/4880429#M596 <DIV class="duo-migrated-content"><P>Hi <A class="mention" href="https://community.duo.com/u/jozefrebjak">@jozefrebjak</A> ,</P> <P>Using hostnames in the <CODE>host</CODE> config for the <CODE>[radius_client]</CODE> section is currently not supported and will cause the <A href="https://duo.com/docs/authproxy-reference#using-the-connectivity-tool" rel="noopener nofollow ugc">Connectivity Tool</A> to error.</P> <P>Please feel free to submit this and any future Feature Request via your Duo Account Executive, Customer Success Manager (if applicable), or our <A href="https://duo.com/support" rel="noopener nofollow ugc">Support Team</A>.</P> <P>Thank you!</P></DIV> Fri, 27 Jan 2023 21:22:53 GMT https://community.cisco.com/t5/managing-users/radius-client-host-must-be-an-ip-address/m-p/4880429#M596 DuoPablo 2023-01-27T21:22:53Z https://community.cisco.com/t5/managing-users/radius-client-host-must-be-an-ip-address/m-p/4880430#M597 <DIV class="duo-migrated-content"><P><A class="mention" href="https://community.duo.com/u/duopablo">@DuoPablo</A> Thanks for a quick answer.</P> <P>My use case is as follow:</P> <P>We would like to bring Duo Auth Proxy to a front of our FreeRadius deployment to authorise users which are connecting to various network devices. Our deployment is fully containerised in Docker Swarm.</P> <P>I successfully made an Docker Image of the Duo Auth Proxy for Linux.</P> <P>The only limit there is radius client host must be an IPv4 and it’s not accepting hostname at all and we can’t use overlay network to isolate communication between the services.</P> <P>Btw service will start as normal. This issue is there after first request from a user.</P> <P>From my troubleshooting the issue is in:</P> <PRE><CODE class="lang-auto"> File "/opt/duoauthproxy/usr/local/lib/python3.8/site-packages/duoauthproxy/lib/radius/server.py", line 96, in datagramReceived yield self.handle_datagram_received(datagram, host, port) File "/opt/duoauthproxy/usr/local/lib/python3.8/site-packages/duoauthproxy/lib/radius/server.py", line 114, in handle_datagram_received request = yield server.protocol._handle_request(datagram, (host, port)) File "/opt/duoauthproxy/usr/local/lib/python3.8/site-packages/Twisted-21.2.0-py3.8.egg/twisted/internet/defer.py", line 1443, in _inlineCallbacks result = current_context.run(result.throwExceptionIntoGenerator, g) File "/opt/duoauthproxy/usr/local/lib/python3.8/site-packages/Twisted-21.2.0-py3.8.egg/twisted/python/failure.py", line 500, in throwExceptionIntoGenerator return g.throw(self.type, self.value, self.tb) File "/opt/duoauthproxy/usr/local/lib/python3.8/site-packages/duoauthproxy/lib/radius/server.py", line 265, in _handle_request raise e File "/opt/duoauthproxy/usr/local/lib/python3.8/site-packages/duoauthproxy/lib/radius/server.py", line 237, in _handle_request request.response = yield self._get_response(request) twisted.internet.error.InvalidAddressError: ('radius', 'write() only accepts IP addresses, not hostnames') </CODE></PRE> <P>If <CODE>ad_client</CODE> is accepting hostname then maybe there is not so hard to implement this feature also for Radius.</P> <P>I’ll try to look at that python code, maybe we should find a way how to handle also hostname. For now we will wait if this could be implemented in next releases.</P> <P>We will open an feature request as well.</P></DIV> Fri, 27 Jan 2023 22:09:51 GMT https://community.cisco.com/t5/managing-users/radius-client-host-must-be-an-ip-address/m-p/4880430#M597 jozefrebjak 2023-01-27T22:09:51Z