Le jeudi 30 juillet 2009 à 22:53 +0100, Dean Smith a écrit : > During a recent network incident we had some very high churn in PPP > clients. Our NASes (Multiple Cisco 7200 as VPDN LNS) didn’t appear to > be able to authenticate as quickly as they needed to. In the Radius > packet logs we see quite a few Rejects for requests that should have > been OK – indeed the identical requests were repeated and answered > correctly seconds afterwards. > > > > In the radius log itself we have quite a few of these:- > > Mon Jul 27 22:51:24 2009 : Info: rlm_sql (sql): There are no DB > handles to use! skipped 0, tried to connect 0 > Mon Jul 27 22:51:25 2009 : Info: rlm_sql (sql): There are no DB > handles to use! skipped 0, tried to connect 0 > Mon Jul 27 22:51:29 2009 : Info: rlm_sql (sql): There are no DB > handles to use! skipped 0, tried to connect 0 > > > > From the archives the usual reason for the above would seem to be the > MySQL database not answering quickly enough. The relevant freeradius > configs are at the defaults – but the box(s) themselves don’t appear > to have struggled with CPU. > >
CPU is not the only bottle neck. For SGDB you should take care at IO more than cpu i think? > > Would getting that error in the logs result in valid authentication > requests being rejected ? > yes > > > Unfortunately I’m not very experienced in MySQL to be able to tune it. > Would increasing the number of “num_sql_socks” within the sql.conf > from the default 5 be a good starting point ? Are there other > FreeRadius configs I can adjust before moving onto the MySQL database > itself ? You could start here. I personnaly have to open 40 sockets to my oracle database when freeradius starts. > > Thanks > > Dean > > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
