Hello guys,
I would like an opinion concerning a situation that is happening with us. I'm
sure you have faced a similar situation.
Currently I have about 3000 clients connected simultaneously in 8
concentrators Mikrotik. These concentrators authenticate to 3 servers
freeradius doing consulting and accounting users in a mysql db.
The time we have the message "Discarding duplicate request ..." and "
Discarding conflicting ..." and in recent days began using ippool in
postgresql where we started having problems duplicating IPs.
We believed that such duplication was due to these messages which were
caused by our server mysql which was ancient and did not allow more make the
necessary adjustments as the number of clients and memory.
So we did the installation of new server Mysql and changed the parameters
possible and even indicated by mysqltunner and mysqlprimer, but the message
continued Discarding occurs.
So we started using two tables for the radacct, but the message remains.
Finally, we migrated the radacct for postgresql, where the number (two
tables) where the incidence of this message decreased, but remains on
average 50 per hour to about 1300 sections with pppoe interim-update 5
minutes.
What are the parameters that could be changed to make the tuning of
freeradius?
The question that remains ... MySQL or PostgreSQL?
We've done several settings in radius and mysql and still can not stop these
messages.
Attached my freeradius settings.
I appreciate the attention and the help of everyone,
Att
prefix = /usr
exec_prefix = /usr
sysconfdir = /etc
localstatedir = /var
sbindir = ${exec_prefix}/sbin
logdir = /var/log/freeradius
raddbdir = /etc/freeradius
radacctdir = ${logdir}/radacct
name = freeradius
confdir = ${raddbdir}
run_dir = ${localstatedir}/run/${name}
db_dir = ${raddbdir}
libdir = /usr/lib/freeradius
pidfile = ${run_dir}/${name}.pid
user = freerad
group = freerad
max_request_time = 60
cleanup_delay = 5
max_requests = 2048
listen {
type = auth
ipaddr = *
port = 0
}
listen {
ipaddr = *
port = 0
type = acct
}
hostname_lookups = no
allow_core_dumps = no
regular_expressions = yes
extended_expressions = yes
log {
destination = files
file = ${logdir}/radius.log
syslog_facility = daemon
stripped_names = no
auth = yes
auth_badpass = yes
auth_goodpass = no
}
checkrad = ${sbindir}/checkrad
security {
max_attributes = 200
reject_delay = 0
status_server = yes
}
proxy_requests = yes
$INCLUDE proxy.conf
$INCLUDE clients.conf
thread pool {
start_servers = 5
max_servers = 32
min_spare_servers = 3
max_spare_servers = 10
max_requests_per_server = 0
}
modules {
$INCLUDE ${confdir}/modules/
$INCLUDE eap.conf
$INCLUDE sql.conf
}
instantiate {
exec
expr
expiration
logintime
}
$INCLUDE policy.conf
authorize {
preprocess
chap
mschap
digest
suffix
eap {
ok = return
}
files
bdmysql
expiration
logintime
pap
}
authenticate {
Auth-Type PAP {
pap
}
Auth-Type CHAP {
chap
}
Auth-Type MS-CHAP {
mschap
}
digest
unix
eap
}
preacct {
preprocess
acct_unique
suffix
files
}
accounting {
detail
unix
radutmp
bdpgsql
exec
attr_filter.accounting_response
}
session {
bdpgsql
}
post-auth {
exec
Post-Auth-Type REJECT {
attr_filter.access_reject
}
}
pre-proxy {
}
post-proxy {
eap
}
sql bdmysql {
database = "mysql"
driver = "rlm_sql_${database}"
server = "server.domain.com.br"
login = "radius-user"
password = "Radius!23"
radius_db = "radius"
acct_table1 = "radacct"
acct_table2 = "radacct"
postauth_table = "radpostauth"
authcheck_table = "radcheck"
authreply_table = "radreply"
groupcheck_table = "radgroupcheck"
groupreply_table = "radgroupreply"
usergroup_table = "usergroup"
deletestalesessions = yes
sqltrace = no
sqltracefile = ${logdir}/sqltrace.sql
num_sql_socks = 150
connect_failure_retry_delay = 60
lifetime = 0
max_queries = 0
readclients = yes
nas_table = "nas"
$INCLUDE sql/${database}/dialup.conf
}
sql bdpgsql {
database = "postgresql"
driver = "rlm_sql_${database}"
server = "serverpg.domain.com.br"
login = "radius_user"
password = "Radius!23$"
radius_db = "pgsql_autenticacao"
acct_table1 = "pgsql_autenticacao.radacct1"
acct_table2 = "pgsql_autenticacao.radacct0"
postauth_table = "pgsql_autenticacao.radpostauth"
authcheck_table = "pgsql_autenticacao.radcheck"
authreply_table = "pgsql_autenticacao.radreply"
groupcheck_table = "pgsql_autenticacao.radgroupcheck"
groupreply_table = "pgsql_autenticacao.radgroupreply"
usergroup_table = "pgsql_autenticacao.usergroup"
deletestalesessions = yes
sqltrace = no
sqltracefile = ${logdir}/sqltrace.sql
num_sql_socks = 30
connect_failure_retry_delay = 60
lifetime = 0
max_queries = 0
nas_table = "pgsql_autenticacao.nas"
$INCLUDE sql/${database}/dialup.conf
}
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
