About service down when the number of sessions exceeded

Seiichirou Hiraoka seiichirou.hiraoka at gmail.com
Fri Aug 25 07:51:01 CEST 2017 

Thank you for your answer.

After updating to the freeradius-3.0.13-8 (the latest version of RHEL7)
in the test environment, we performed a reproduction test,
Freeradius does not kill, authentication fails when max_sessions is exceeded.

In other words, it seems to be an old version of a bug that ended abnormally.

Also, since it seems there are other bugs in the old version,
We will consider upgrading to the latest version.

Best regards,


2017-08-22 15:45 GMT+09:00 Alan DeKok <aland at deployingradius.com>:
> On Aug 22, 2017, at 8:35 AM, Seiichirou Hiraoka <seiichirou.hiraoka at gmail.com> wrote:
>> I use the following version with RHEL 7.
>>
>> # rpm -qa | grep freeradius
>> freeradius-3.0.4-6.el7.x86_64
>
>   Use 3.0.15.  It has a lot of fixes over 3.0.4.
>
>> We set max_sessions to the default 1024, and when there are many users,
>> radiusd forcibly shut down after outputting the following message.
>>
>> - /var/log/radius/radius.log
>>  Tue Jun 13 15:06:01 2017 : Error: rlm_eap (EAP): Too many open
>>  sessions. Try increasing "max_sessions" in the EAP moduleconfiguration
>>
>> Increasing the value of max_sessions now works without problems.
>
>   That's good, but there seems to be an underlying problem.  i.e. where sessions aren't finished, and so are marked "live" for long periods of time.
>
>> Here, I have a question.
>> I think that an error message is output in the following part of the
>> source code,
>> Change not to accept requests, not forced shutdown
>> Is there a way?
>
>   No.  That's not how EAP works.
>
>   The server either continues the EAP conversation, or rejects it.  There's no way to "not accept new requests".
>
>   Upgrade to 3.0.15.  And check what your users are doing.  It looks like lots of them start authentication... and then stop part-way through.  That's a problem.
>
>   You can also change "timer_expire = 10".  That will expire unfinished sessions in 10 seconds, instead of the default 60.  That should also help.
>
>   Alan DeKok.
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

More information about the Freeradius-Users mailing list