Tweaking LDAP parameters

Alan DeKok aland at deployingradius.com
Wed Apr 13 15:17:51 CEST 2016


On Apr 13, 2016, at 9:10 AM, David Hartburn <D.J.Hartburn at kent.ac.uk> wrote:
> Sorry to waste time, but do you mean the full log from doing a 'radius -X'?

  That's what all the documentation says.  Including the email you get when you subscribe to the list.

> I want to clarify because on a production server that will be a huge log. I am happy to produce it though.

  The point is less for us to read it than for YOU to read it.

  You have a choice:

a) look at a log file containing one line of "user X was rejected"

b) look at the debug output which contains hundreds of lines of output for that user, explaining EXACTLY what is going on, and why

  Pick one.

  The documentation EVERYWHERE says to use (b).  Yet we still get tons of people using (a), and wondering if (b) is useful.  For the life of me, I can't figure out why.

> >    Set them the same as the thread pools.
> 
> Do you mean make 'spare = ${thread[pool].max_servers}'?

  No.

> Does the default of 32 sound like a reasonable number of max_servers in radius.conf on a busy site or do a lot of people go higher?

  It's set to ${thread[pool].max_servers} for a reason.

  The thread pool and connection pools should generally contain similar information.  Even the keywords they use for configuration are similar.  That should be a hint.

  Alan DeKok.




More information about the Freeradius-Users mailing list