Monitor the number of open EAP sessions

Alan DeKok aland at deployingradius.com
Tue May 24 17:55:05 UTC 2022


On May 24, 2022, at 11:28 AM, Sergey Marochkin <umnik.ru at gmail.com> wrote:
> 
> I am facing a problem when freeradius reports that the limit of open
> sessions has been reached. These are log entries, like "Too many open
> sessions. Try increasing "max_sessions" in the EAP module configuration".
> 
> During the debugging, it was determined that some ios devices
> (ipad/iphone), for a reason unknown to me, cyclically cannot complete
> eap/tls authentication process. I found that these devices successfully
> start communicating with the NAS (send EAP-Response/Identity). But after
> receiving the (TLS Start)-message, they no longer send the (TLS
> client_hello)-message, and restart the association process with the access
> point and therefore open a new EAP session. If recreate a wifi connection
> on such a device, it will connect successfully.

  Weird.

  These sessions will automatically close after a period of time, as there's no point in leaving them open forever.  You can lower this timeout by changing mods-enabled/eap, and looking for "timer_expire".

  The default is 60 seconds, which is likely conservative.  You can probably change it to 10, and be OK.

> Until I find the root cause of this behavior, I would like to monitor the
> number of open sessions of the radius server. But I couldn't find a
> suitable way to do it. Here is what I tried:
> - use the "status server" tool, but there is no suitable one among its
> counters
> - use tool "control-socket" and radmin but also i didn't find suitable
> counter
> 
> Can you help me with this question?

  There's no real way to get per-module statistics out of the server.  However, we're looking into fixing that.  It's not completely trivial, due to a host of issues such as threading, etc.

  Alan DeKok.



More information about the Freeradius-Users mailing list