FreeRadius not stable on my server

Nataniel Klug nata at cnett.psi.br
Tue Oct 31 12:17:50 CET 2006


Hi Alan,

Thank you again for helping me, I will try to explain myself bellow:

Alan DeKok escreveu:
> Nataniel Klug <nata at cnett.psi.br> wrote:
>   
>> I am having a problem: sometimes my freeradius 
>> get a little crazy and close some connections and other times it just 
>> says that the client is still connected and block the client to use 
>> (becouse of max login set to 1) like in this two situatios:
>>     
>
>   FreeRADIUS doesn't close connections.  If it blocks users, it's
> because it thinks the user is still logged in.
>
>   
Sometimes my NAS send a disconnect for the radius (I have remote logging 
and I am monitoring every step of the NAS(es) and the radius) and, for 
some reason that I could not know, this request for disconect do not get 
into the FreeRadius. I really dont know if the radius is not receiving 
the message (for network reasons or something) or its is comming to the 
radius server but the program (radiusd) is not able to process this request.

This way the client keep logged in and, if the same client, trys to 
connect it is rejected.
>>     What can I do to make my radius system more stable? Migrate it to a 
>> MySQL solution? I have about 200 login records in most usage time and a 
>> average of 80 all day.
>>     
>
>   It's stable.  Migrating to MySQL won't help.  A load of 80 logins
> per day is tiny, and isn't a problem.
>   
I know this is very low busy for freeradius... But the problem is 
killing me.
>   I think the problem is that you're not clear why the server is
> behaving the way it is.  Please explain *why* you think it's
> "unstable" when someone tries to log in twice, and it rejects the
> second attempt.  Why do you think the server "closes connections"?
>   
I am not sure what is making the problem. Thats why I came here, I need 
to know what tools can I use to identify where is the problem. The 
request from NAS to Radius I know that is coming throw my netowork and 
it is registered in my logger server. This is my network topology:

router - ns1 (logger/gw) --> nas1 (gw-int1) <--> nas2
            ns2 (radius)                                             nas3

All the nases are sending their logs to ns1 and it logs every single try 
to disconect a client that nas sends but some of them do not get into 
radius server.
>   And the "no login record" issue is the fault of the NAS.  FreeRADIUS
> is just logging what the NAS sends it.  See the FAQ.
>   
No logging record does not mean that the NAS send a message to remove 
some client from the "connected" and the radius look for the client but, 
when it can not be found, the radius log this message?

Thank you again.
>   Alan DeKok.
> --
>   http://deployingradius.com       - The web site of the book
>   http://deployingradius.com/blog/ - The blog
> - 
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>
>
>   



More information about the Freeradius-Users mailing list