Re: FATAL! Server is too busy to process requests
On Thu, February 16, 2006 11:07 am, Alan DeKok wrote: > "Mitchell, Michael J" <[EMAIL PROTECTED]> wrote: >> I'm at a bit of a loss. I'm currently trying to load test the >> authentication proxy performance of freeRADIUS 1.0.1 in preparation for >> a deployment this weekend. >> >> Unfortunately, I'm running into this error "Error: FATAL! Server is too >> busy to process requests". > > Either the server is overloaded, or the back-end databases are too > slow. > >> Interestingly, this error doesn't seem to occur when the openLDAP server >> is running on a different server, however the rate of requests that I >> can push through the server is also a lot less in this circumstance >> (about 25%). Following up on the slow back-end, which I'd suspect given the problem goes away with a different LDAP server, one of the things we ran into with request time (both with FreeRADIUS and with some custom web apps) with our OpenLDAP servers was optimizing our indexing and caching settings to better fit the search patterns we were using. As a result of these optimizations, we're handling some pretty heavy loads with very quick response times. The OpenLDAP lists would be able to help you with this, or if you want more details on what we did here, email me privately. Hope this helps. -- Douglas G. Phillips Development Information Technology Services Eastern Illinois University (217) 581-7631 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
OpenLDAP / FreeRADIUS / Cisco 5350 problem
I'm running into an issue here, and I can't seem to find the forest for
the trees. I'm probably overlooking something obvious, and am not
searching correctly for the problem.
Our LDAP server is using crypted passwords at the moment.
The router is a cisco 5350. RADIUS is FreeRADIUS 1.0.1-2 on Debian
Sarge.
The problem is this: If I pass the radtest client a clear-text password,
authentication is successful. If either I pass the client an encrypted
password (copied from the logs) or point the 5350 at the radius server,
it doesn't work. I verified that the shared secret is correctly matched
with what is in the router.
Here is a sample of the password that is being passed:
User-Password = "\240d\351E\3737\025\022\0227,(rest removed)"
Here is the configuration (comments omitted to save space). I have
tried with the password_header both set to {CRYPT} and commented out.
ldap {
server = "***"
identity =
password =
basedn = "ou=people,dc=eiu,dc=edu"
filter = "(uid=%{Stripped-User-Name:-%{User-Name}})"
dictionary_mapping = ${raddbdir}/ldap.attrmap
ldap_connections_number = 5
password_header = "{CRYPT}"
timeout = 4
timelimit = 3
net_timeout = 1
}
authorize {
preprocess
auth_log
suffix
ldap
}
authenticate {
Auth-Type LDAP {
ldap
}
}
Any ideas?
Thanks.
--
Douglas G. Phillips
Distributed Computing Information Technology Services
Eastern Illinois University(217) 581-7631
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
SOLVED: OpenLDAP / FreeRADIUS / Cisco 5350 problem
On Wed, 2005-05-11 at 17:28 -0500, Douglas G. Phillips wrote: > The problem is this: If I pass the radtest client a clear-text password, > authentication is successful. If either I pass the client an encrypted > password (copied from the logs) or point the 5350 at the radius server, > it doesn't work. I verified that the shared secret is correctly matched > with what is in the router. The problem was indeed that the shared secret was incorrect. The secret was stored in the configuration on the router as a HEX value. I had copied that directly into my configuration. When I realized that it was a HEX value, I got the clear-text version in the RADIUS config, and everything worked. Thanks everyone. -- Douglas G. Phillips Distributed Computing Information Technology Services Eastern Illinois University(217) 581-7631 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
