On Oct 6, 2015, at 9:41 , Chris Abel <[email protected]> wrote:
> # reboot
Yes, but how?
I am asking because your logs show that the database was not shutdown cleanly.
>
> A simple restart of packetfence won't fix things. I need to turn of sql
> accounting and reboot the server.
Reboots are not magical.
If you just change the radius configuration, a (proper) restart of the radiusd
process will update it’s configuration and result in the same thing as a reboot.
If you need to reboot it’s because you are missing something somewhere.
> Then my radius log looks like this:
>
> Tue Oct 6 09:21:05 2015 : Auth: Login OK: [f4f951e90034] (from client
> 10.131.4.18 port 0 cli F4-F9-51-E9-00-34)
> Tue Oct 6 09:21:05 2015 : Auth: Login OK: [f4f951e90034] (from client
> 10.131.4.10 port 0 cli F4-F9-51-E9-00-34)
> Tue Oct 6 09:21:05 2015 : Auth: Login OK: [f4f951e90034] (from client
> 10.131.4.13 port 0 cli F4-F9-51-E9-00-34)
> Tue Oct 6 09:21:05 2015 : Info: WARNING: Child is hung for request 456 in
> component post-auth module packetfence.
> Tue Oct 6 09:21:07 2015 : Info: WARNING: Child is hung for request 456 in
> component post-auth module packetfence.
> Tue Oct 6 09:21:07 2015 : Error: Discarding duplicate request from client
> 10.131.4.18 port 56942 - ID: 66 due to unfinished request 458 in component
> post-auth module packetfence.
> Tue Oct 6 09:21:08 2015 : Error: Discarding duplicate request from client
> 10.131.4.10 port 53447 - ID: 4 due to unfinished request 459 in component
> post-auth module packetfence.
> Tue Oct 6 09:21:08 2015 : Auth: Login OK: [48d705c10339] (from client
> 10.128.4.14 port 0 cli 48-D7-05-C1-03-39)
> Tue Oct 6 09:21:08 2015 : Error: Discarding duplicate request from client
> 10.131.4.13 port 37715 - ID: 16 due to unfinished request 460 in component
> post-auth module packetfence.
> Tue Oct 6 09:21:08 2015 : Auth: Login OK: [48d705c10339] (from client
> 10.128.4.16 port 0 cli 48-D7-05-C1-03-39)
> Tue Oct 6 09:21:08 2015 : Auth: Login OK: [48d705c10339] (from client
> 10.128.4.12 port 0 cli 48-D7-05-C1-03-39)
>
>
> I still get some child is hung messages, not sure if that's just left over
> from before the reboot or that is what is actually causing my system to stall.
radiusd children get hung when a backend does not reply (or not fast enough).
Look to the database, the httpd.aaa or possibly your Active Directory if you
use one.
You did enable the slow query log, right?
And you set it to log something meaningful, like all queries that take longer
than 0.5 seconds?
Your graphs show horrendous performance from the httpd.aaa process.
No wonder your radius server is getting hammered.
That can come from a number of places but the two I would look to first would
be that database and your authentication sources.
How long does it take to run an LDAP query (if you have any LDAP or AD sources)
for instance?
A decent performance for it would have to be under 100ms at most.
Try to fix one thing at a time.
Do not enable accounting until you have fixed your authentication problems.
Increase the logging level to debug maybe (under conf/log.conf and
conf/log.conf.d/httpd.*.conf.
Trace one authentication attempt and try to see from the logs where the time is
spent.
Any function call that takes more than a few ms is something to be looked into.
Regards,
--
Louis Munro
[email protected] :: www.inverse.ca
+1.514.447.4918 x125 :: +1 (866) 353-6153 x125
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence
(www.packetfence.org)
------------------------------------------------------------------------------
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
