<div dir="ltr">We have 2500 wireless clients at peak time, and I have seen as much as 20 simultaneous authentications before I optimised the freeradius server. We only have one RADIUS server in operation, and another for failover.<div>
<br></div><div>The number of users is one tree in the forest IMO. Have you timed how long one user takes to authenticate? What is the load of your current server? How long the associate systems take to answer? </div><div>
<br></div><div>At the end of the day, again, IMO, you have to balance good sysadmin practices while fine-tuning the associated systems, and fine-tune your freeradius configuration as well. Pay well attention to the debug information, as you can fine tune unlang for some events to not repeat all the way in the several steps of the negotiation; also the latest 2.2 versions seem to perform better than the 2.1.X - we went from 50-90ms down to less than 10ms.</div>
<div><br></div><div>Note: have a look at eapol_test and raddebug if you are not using them. </div><div><br></div><div>Regards</div><div><div><div class="gmail_extra"><br><br><div class="gmail_quote">On 11 February 2014 22:01, <span dir="ltr"><<a href="mailto:freeradius-users-request@lists.freeradius.org" target="_blank">freeradius-users-request@lists.freeradius.org</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><br><br></blockquote><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Message: 6<br>
Date: Tue, 11 Feb 2014 20:53:08 +0000<br>
From: "McNutt, Justin M." <<a href="mailto:McNuttJ@missouri.edu">McNuttJ@missouri.edu</a>><br>
To: FreeRadius users mailing list<br>
<<a href="mailto:freeradius-users@lists.freeradius.org">freeradius-users@lists.freeradius.org</a>><br>
Subject: Recommended number of threads<br>
Message-ID:<br>
<<a href="mailto:81D8D62C6E5AD1499D9C16729DB5B3DEDED03CE8@UM-MBX-N02.um.umsystem.edu">81D8D62C6E5AD1499D9C16729DB5B3DEDED03CE8@UM-MBX-N02.um.umsystem.edu</a>><br>
Content-Type: text/plain; charset="us-ascii"<br>
<br>
I've been seeing some unexplained failures to authenticate 802.1X clients when my system is under heavier load, and I suspect that I don't have enough threads running. For reference, I currently have four servers in a load balanced group with identical configs. Thread settings are these:<br>
<br>
max_servers = 32<br>
min_spare_servers = 3<br>
max_spare_servers = 10<br>
max_requests_per_server = 0<br>
<br>
We have about 14,500 wireless clients at peak times, though that number will climb, I'm sure.<br>
<br>
Is there a rule of thumb that will tell me how many threads I should have (max_servers)? Also, I suspect that there have been authentication failures due to all threads on a server being busy. Is there a good way to confirm that? I've poked around in the radiusd logs a bit, but haven't found much, other than the odd "Login failed" with no reason given. (For "normal" failures, there are two messages, one of which has a cause like "bad password" or "account locked out" or some such thing.)<br>
<br>
Advice is welcome.<br>
<br>
--J<br></blockquote></div></div></div></div></div>