Monitor the number of open EAP sessions
Alan DeKok
aland at deployingradius.com
Tue May 24 17:55:05 UTC 2022
On May 24, 2022, at 11:28 AM, Sergey Marochkin <umnik.ru at gmail.com> wrote:
>
> I am facing a problem when freeradius reports that the limit of open
> sessions has been reached. These are log entries, like "Too many open
> sessions. Try increasing "max_sessions" in the EAP module configuration".
>
> During the debugging, it was determined that some ios devices
> (ipad/iphone), for a reason unknown to me, cyclically cannot complete
> eap/tls authentication process. I found that these devices successfully
> start communicating with the NAS (send EAP-Response/Identity). But after
> receiving the (TLS Start)-message, they no longer send the (TLS
> client_hello)-message, and restart the association process with the access
> point and therefore open a new EAP session. If recreate a wifi connection
> on such a device, it will connect successfully.
Weird.
These sessions will automatically close after a period of time, as there's no point in leaving them open forever. You can lower this timeout by changing mods-enabled/eap, and looking for "timer_expire".
The default is 60 seconds, which is likely conservative. You can probably change it to 10, and be OK.
> Until I find the root cause of this behavior, I would like to monitor the
> number of open sessions of the radius server. But I couldn't find a
> suitable way to do it. Here is what I tried:
> - use the "status server" tool, but there is no suitable one among its
> counters
> - use tool "control-socket" and radmin but also i didn't find suitable
> counter
>
> Can you help me with this question?
There's no real way to get per-module statistics out of the server. However, we're looking into fixing that. It's not completely trivial, due to a host of issues such as threading, etc.
Alan DeKok.
More information about the Freeradius-Users
mailing list