I am a newbie, running 3 (for redundancy) FreeRadius servers (1.1.7) on SUSE 10 SP1 (32-bit) to authenticate our wireless clients (PEAP MSCHAPv2) to our eDirectory via LDAP. We average 800-900 simultaneous wireless clients (need to support a potential 4K in the future). The setup works well and authenticates users very quickly, but every couple days, the radiusd process will either blow up and start consuming 99% of the CPU or die altogether. More often it blows up. We had stability problems initially, even when the process was running, so I took everything out of the config that we didn't need and that seemed to help. Can anyone comment on our configuration and tell me if I'm doing something wrong? This is my first FreeRadius deployment and I don't consider myself a Linux guru, let alone claim to know much about Radius. Thanks in advance, Nathan Hay Network Engineer Cedarville University prefix = /usr/local exec_prefix = ${prefix} sysconfdir = ${prefix}/etc localstatedir = ${prefix}/var sbindir = ${exec_prefix}/sbin logdir = ${localstatedir}/log/radius raddbdir = ${sysconfdir}/raddb radacctdir = ${logdir}/radacct confdir = ${raddbdir} run_dir = ${localstatedir}/run/radiusd log_file = ${logdir}/radius.log libdir = ${exec_prefix}/lib pidfile = ${run_dir}/radiusd.pid user = radiusd group = radiusd max_request_time = 30 delete_blocked_requests = no cleanup_delay = 5 max_requests = 512000 bind_address = * port = 0 hostname_lookups = no allow_core_dumps = no regular_expressions = yes extended_expressions = yes log_stripped_names = yes log_auth = no log_auth_badpass = no log_auth_goodpass = no usercollide = no lower_user = no lower_pass = no nospace_user = no nospace_pass = no checkrad = ${sbindir}/checkrad security { max_attributes = 200 reject_delay = 1 status_server = no } proxy_requests = no $INCLUDE ${confdir}/clients.conf snmp = no thread pool { start_servers = 16 max_servers = 64 min_spare_servers = 8 max_spare_servers = 16 max_requests_per_server = 0 } modules { $INCLUDE ${confdir}/eap.conf mschap { authtype = MS-CHAP use_mppe = yes require_encryption = yes require_strong = yes } ldap { server = "XXX" identity = "cn=XXX,o=XXX" password = XXX basedn = "o=XXX" filter = "(cn=%{Stripped-User-Name:-%{User-Name}})" base_filter = "(objectclass=radiusprofile)" start_tls = yes tls_cacertfile = /usr/local/etc/raddb/certs/ldap.cer tls_cacertdir = /usr/local/etc/raddb/certs/ tls_require_cert = "demand" dictionary_mapping = ${raddbdir}/ldap.attrmap ldap_connections_number = 10 password_attribute = nspmPassword edir_account_policy_check=no timeout = 4 timelimit = 3 net_timeout = 1 } } authorize { mschap eap ldap } authenticate { Auth-Type MS-CHAP { mschap } Auth-Type LDAP { ldap } eap } post-auth { ldap Post-Auth-Type REJECT { ldap } }