About service down when the number of sessions exceeded
Alan DeKok
aland at deployingradius.com
Tue Aug 22 08:45:04 CEST 2017
On Aug 22, 2017, at 8:35 AM, Seiichirou Hiraoka <seiichirou.hiraoka at gmail.com> wrote:
> I use the following version with RHEL 7.
>
> # rpm -qa | grep freeradius
> freeradius-3.0.4-6.el7.x86_64
Use 3.0.15. It has a lot of fixes over 3.0.4.
> We set max_sessions to the default 1024, and when there are many users,
> radiusd forcibly shut down after outputting the following message.
>
> - /var/log/radius/radius.log
> Tue Jun 13 15:06:01 2017 : Error: rlm_eap (EAP): Too many open
> sessions. Try increasing "max_sessions" in the EAP moduleconfiguration
>
> Increasing the value of max_sessions now works without problems.
That's good, but there seems to be an underlying problem. i.e. where sessions aren't finished, and so are marked "live" for long periods of time.
> Here, I have a question.
> I think that an error message is output in the following part of the
> source code,
> Change not to accept requests, not forced shutdown
> Is there a way?
No. That's not how EAP works.
The server either continues the EAP conversation, or rejects it. There's no way to "not accept new requests".
Upgrade to 3.0.15. And check what your users are doing. It looks like lots of them start authentication... and then stop part-way through. That's a problem.
You can also change "timer_expire = 10". That will expire unfinished sessions in 10 seconds, instead of the default 60. That should also help.
Alan DeKok.
More information about the Freeradius-Users
mailing list