MySQL performance

Fajar A. Nugraha list at fajar.net
Tue Sep 20 17:38:35 CEST 2011


On Tue, Sep 20, 2011 at 10:22 PM, Lorenzo Milesi
<lorenzo.milesi at yetopen.it> wrote:
>> For one, it can show you which part is slow (is it really the db, or
>> is it something else). Another one is it can show relevant parts of
>> the config which can help others pinpoint the problem. Pasting only
>> PART of the debug log will only get you (at best) partial guesses.
>
> Ok, I missed this, I thought was a suggestion to me :-)
> http://paste.ubuntu.com/693812/

What did you use for debug, and what FR version is this?
Again, as mentioned in wiki.freeradius.org: "Always use radiusd -X
when debugging!"

Your output does not look llike it comes from FR2's debug log.

> this is the startup log, with the first authentication requests. as you can see from the same nas (.67) the first request is with the wrong pw, while the second is fine and Access-Accept is sent back.
> I obfuscated pw and ips, let me know if there is anything useful you can see.
>
> Another weird thing I noticed is that as you can see at line 155 in the middle of an Access-Accept report there's another rad_recv, like it's mixing up output.
> I don't know if this is a problem, or if it was doing it already, but still looks strange.
>
>
> Now I'm running -XX, I will post later something from that.
>
>> Maybe. The debug log will also say something like "warning, unreadable
>> password, check shared secret" (or something like that). Did you find
>> it? Did you simply ignore it, or do what it suggested?
>
> I grepped for "warn" and "err" and found nothing in the debug log. Just a warning for a proxied request, but nothing else.
>
>> Some things to check:
>> - did the different case (readable vs unreadable password) comes from
>> the same NAS?
>
> Yes.
> Let's say most of the problems come from a newly deployed nas.

Then start from there.

If the db is slow and FR is late to respond, the NAS will usually
resend the request and FR will complain when receiving duplicate
request. Your log shows no such event, so my guess is it's not slow or
db issue.

One simple test is try using the same user/password to logon from a
"new", problematic NAS and from a "working" NAS. Compare debug output
from both, and compare both NAS config. It should help you find out
what's wrong.


> I raised even more the number of SQL threads and seems I see less radius errors on the client.

If FR doesn't complain about duplicate request or "no free DB handle"
(or something like that), then it shouldn't make a difference.

-- 
Fajar



More information about the Freeradius-Users mailing list