Monitor the number of open EAP sessions

Sergey Marochkin umnik.ru at gmail.com
Thu Nov 23 15:01:23 UTC 2023 

Hi Alan!

> There's no real way to get per-module statistics out of the server.
However, we're looking into fixing that.  It's not completely trivial, due
to a host of issues such as threading, etc.

I would like to ask if you have found a way to fix this? Unfortunately, I
periodically catch the previously described problem of overflow of open
connections on the radius server, so I would like to be able to get
statistics on them.

Thanks

вт, 24 мая 2022 г. в 20:55, Alan DeKok <aland at deployingradius.com>:

> On May 24, 2022, at 11:28 AM, Sergey Marochkin <umnik.ru at gmail.com> wrote:
> >
> > I am facing a problem when freeradius reports that the limit of open
> > sessions has been reached. These are log entries, like "Too many open
> > sessions. Try increasing "max_sessions" in the EAP module configuration".
> >
> > During the debugging, it was determined that some ios devices
> > (ipad/iphone), for a reason unknown to me, cyclically cannot complete
> > eap/tls authentication process. I found that these devices successfully
> > start communicating with the NAS (send EAP-Response/Identity). But after
> > receiving the (TLS Start)-message, they no longer send the (TLS
> > client_hello)-message, and restart the association process with the
> access
> > point and therefore open a new EAP session. If recreate a wifi connection
> > on such a device, it will connect successfully.
>
>   Weird.
>
>   These sessions will automatically close after a period of time, as
> there's no point in leaving them open forever.  You can lower this timeout
> by changing mods-enabled/eap, and looking for "timer_expire".
>
>   The default is 60 seconds, which is likely conservative.  You can
> probably change it to 10, and be OK.
>
> > Until I find the root cause of this behavior, I would like to monitor the
> > number of open sessions of the radius server. But I couldn't find a
> > suitable way to do it. Here is what I tried:
> > - use the "status server" tool, but there is no suitable one among its
> > counters
> > - use tool "control-socket" and radmin but also i didn't find suitable
> > counter
> >
> > Can you help me with this question?
>
>   There's no real way to get per-module statistics out of the server.
> However, we're looking into fixing that.  It's not completely trivial, due
> to a host of issues such as threading, etc.
>
>   Alan DeKok.
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>

More information about the Freeradius-Users mailing list