On Mon, 14 Feb 2005, Dustin Doris wrote: > On Mon, 14 Feb 2005, Joe H wrote: > > > On Sat, 12 Feb 2005, energy wrote: > > > > > Sorry, I'm just a lurker on this list and certainly no expert. However, > > > last > > > time I saw someone mention this issue it had to do with log rotation. > > > Check > > > to make sure logs are not being rotated every hour. > > > > > > Anyway, just a thought. > > > > > The accounting logs are on a seperate server so those logs shouldn't > > effect it. The radius.log file is rotated once a month and the ldap logs > > are rotated hourly because they get so large so fast, but it's done on the > > hour and the timeouts happen anytime. > > > > Thanks for the input. > > > > Joe H. > > > > > > > On Friday 11 February 2005 13:25, Joe H wrote: > > > > I work for an ISP with about 75,000 users. The user information is > > > > stored in and ldap database which freeradius uses to authenticate > > > > against. On a fairly regular basis I've been seeing radius timeouts for > > > > no appearent reason. It doesn't seem to be a server load issue and > > > > nothing is showing up in the logs. I've noticed that it seems to be > > > > pretty consistant time wise. Some people have reported it happening > > > > every > > > > hour or so and it seems to happen almost exactly an hour after it > > > > happened > > > > the previous time. for instance, if it first happend at 10:38am, it > > > > would > > > > most likely happen again at 11:38am. It's usually being noticed on > > > > email > > > > clients as they check email on pretty regular basis. > > > > > > > > My question is, has anyone else noticed symptoms similar to these? I > > > > know > > > > it seems pretty strange but I figured I'd check. I'm working on setting > > > > up monitoring and possibly a little more verbose logging but thought > > > > asking here might help point me in the right direction. System > > > > information below. > > > > > > > > OS - freebsd 4.10 > > > > freeradius - 1.0.1 > > > > openldap - 2.2.19 > > > > > > > > load on the box is pretty low so that shouldn't be an issue. > > > > > > > > Joe H. > > > > > > First, do you think you could get lucky enough to capture one of those in > debug mode? Perhaps if you encounter one you could fire up radius in > debug mode about 59 minutes later? > > Also, can you do an ldapsearch from the command line with a resonable > response time during one of those periods? > > If not, then what backend are you using for ldap? If you are using BDB > what are your DB_CONFIG settings? Also, do you have checkpoint set in > your slapd.conf file? > This is a production machine so messing with radius during the day is pretty much out but I haven't tried catching one at night. ldapsearch is pretty fast but I've never specifically tried one during one of the timeouts, I'll see what I can do.
We are currently using ldbm for our ldap backend. Is BDB a better choice for this kind of thing? Joe H. > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
