Hi List, During periods of high load, we are seeing many messages like the following: radiusd[28187]: rlm_eap: No EAP session matching the State variable. I understand the meaning of the message, but I need some assistance on how to go about locating the source of the problem. During peak times, we have about 8K wireless logins per minute, for extended periods. We have 6 wireless controllers, from which the Access-Requests are sent. Due to the high load, I am unable to run the server with -X, because it gets crushed while running single threaded. I can use radmin, but I'm not sure what to set the debug condition to. I don't see any errors about child processes being hung, or winbind/ntlm_auth taking too long. Some values which may be relevant: radiusd.conf: max_request_time = 30 radiusd.conf: cleanup_delay = 5 radiusd.conf: max_requests = 8000000 #about 30K wireless users at peak * 256 ~= 8million radiusd.conf: start_servers = 5 radiusd.conf: max_servers = 32 radiusd.conf: min_spare_servers = 3 radiusd.conf: max_spare_servers = 10 radiusd.conf: # max_queue_size = 65536 (unsure why this is commented out) mods-enabled/eap: timer_expire = 60 mods-enabled/eap: cache = disabled $ openssl speed rsa2048 Doing 2048 bit private rsa's for 10s: 5263 2048 bit private RSA's in 10.01s Doing 2048 bit public rsa's for 10s: 176233 2048 bit public RSA's in 10.00s OpenSSL 1.0.1e-fips 11 Feb 2013 built on: Mon May 2 06:13:20 EDT 2016 options:bn(64,64) md2(int) rc4(16x,int) des(idx,cisc,16,int) aes(partial) idea(int) blowfish(idx) compiler: gcc -fPIC -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DKRB5_MIT -m64 -DL_ENDIAN -DTERMIO -Wall -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic -Wa,--noexecstack -DPURIFY -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM sign verify sign/s verify/s rsa 2048 bits 0.001902s 0.000057s 525.8 17623.3 So, a couple questions: 1. Is there a way to get more info along with the message "rlm_eap: No EAP session matching the State variable." ? - eg. Which NAS it came from, calling-station-id, etc. 2. Are the aforementioned values OK? Any advice would be appreciated. Regards, Dave