On 26.9.2016 16.40, Fredrik Pettai wrote: > (A rough guestimate of the number of radius authentications handled > by these servers is ~500.000 Accepts/Rejects per day, RADSEC is > enabled/running too...)
If you are using EAP and have not disabled session resumption, can you try setting EAPTLS_SessionResumptionLimit to a non-default value, for example 3600 or 7200 (1 hour or 2 hours)? This would go to AuthBy(s) where the other EAPTLS_* parameters are. Now that the limit is no longer smaller of the EAP context timeout and this value, the default value might be too high for sites that do a lot of tunnelled EAP and end up caching a lot of sessions. Thanks, Heikki -- Heikki Vatiainen <h...@open.com.au> Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc. _______________________________________________ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator