On Aug 22, 2017, at 8:35 AM, Seiichirou Hiraoka <seiichirou.hiraoka@gmail.com> wrote:
I use the following version with RHEL 7.
# rpm -qa | grep freeradius freeradius-3.0.4-6.el7.x86_64
Use 3.0.15. It has a lot of fixes over 3.0.4.
We set max_sessions to the default 1024, and when there are many users, radiusd forcibly shut down after outputting the following message.
- /var/log/radius/radius.log Tue Jun 13 15:06:01 2017 : Error: rlm_eap (EAP): Too many open sessions. Try increasing "max_sessions" in the EAP moduleconfiguration
Increasing the value of max_sessions now works without problems.
That's good, but there seems to be an underlying problem. i.e. where sessions aren't finished, and so are marked "live" for long periods of time.
Here, I have a question. I think that an error message is output in the following part of the source code, Change not to accept requests, not forced shutdown Is there a way?
No. That's not how EAP works. The server either continues the EAP conversation, or rejects it. There's no way to "not accept new requests". Upgrade to 3.0.15. And check what your users are doing. It looks like lots of them start authentication... and then stop part-way through. That's a problem. You can also change "timer_expire = 10". That will expire unfinished sessions in 10 seconds, instead of the default 60. That should also help. Alan DeKok.