(RADIATOR) Radius client timeout
Hugh Irvine
hugh at open.com.au
Sun Jan 29 17:28:11 CST 2006
Hello Muhammad -
Thanks for your mail.
These sorts of problems are almost always the result of performance
limitations of the backend database.
You should check your database logs to see how long the various
queries are taking.
You should also spend some time tuning your database - a good Oracle
DBA will be extremely valuable for this exercise.
BTW - the latest version of Radiator is 3.14, and with later versions
(after Radiator 2.18) you can set up a LogMicroseconds logger so you
can see exactly how long the SQL queries are taking in a trace 4
debug (requires Time-Hires from CPAN).
See section 5.11 in the Radiator 3.14 reference manual ("doc/
ref.html") for details.
regards
Hugh
On 30 Jan 2006, at 02:08, Muhammad Danish Moosa wrote:
> Hi
>
> I am using Radiator-2.17.1 on three machines with databe Oracle 9i.
>
>> From last few days, I am facting Radius client timeout problem on
>> rush
> hours.
>
> When too many queries start, Radius suddently start responding to
> most of
> the queries,
> hence give Radius client timeout.Situation usually comes under
> control when
> Radius are restarted ,
> in some worst cases database is restarted to regulate the situation.
>
> Any quick sujjestion would be highly apprciated
>
> my Radius.cfg file is as
>
>
> #-------------------------------------------------------------------
>
> Foreground
> #LogStdout
> AuthPort 1645
> AcctPort 1646
> LogDir /usr/Radiator-2.17.1/logs
> LogFile /usr/Radiator-2.17.1/logs/%Y%m%d
> DbDir .
>
> ######################################################################
> ##
> #Optional Parameters used from default
>
> SnmpgetProg /usr/local/bin/snmpget
>
> ######################################################################
> ##
>
>
>
> <Client DEFAULT>
> DefaultRealm max
> Secret mypassword
> DupInterval 0
> IgnoreAcctSignature
> SNMPCommunity a1b2c3
> </Client>
>
> <Realm max>
> RewriteUsername s/^([^@]+).*/$1/
> RejectHasReason
> <AuthBy SQL>
>
> # FramedGroup 0
>
> # Adjust DBSource, DBUsername, DBAuth to suit your DB
> DBSource
> dbi:Oracle:(DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=myhostIP)
> (PORT=myPOrt))
> (CONNECT_DATA=(SID=mySID)))
> DBUsername User
> DBAuth Password
>
> # For Authenication from Solaris encrypted password
> # AuthByPolicy ContinueWhileAccept
> AuthSelect select
> Password,CallingStationId1,ServiceType,FramedProtocol,FramedIPNetmask,
> NASPor
> tType,SimultaneousUse,FramedIPAddress,SessionTimeout,TimeDuration,NasI
> pAddre
> ss from UserLogin where Active=1 and LoginName='%n' and
> '%{Calling-Station-Id}' not in (select callingstationid1 from cli)
> AuthColumnDef 0, Encrypted-Password, check
> AuthColumnDef 1, GENERIC, check
> AuthColumnDef 2, Service-Type, check
> AuthColumnDef 3, Framed-Protocol, reply
> #AuthColumnDef 4, Framed-IP-Netmask, reply
> AuthColumnDef 5, NAS-Port-Type, check
> AuthColumnDef 6, Simultaneous-Use, check
> AuthColumnDef 7, GENERIC, reply
> AuthColumnDef 8, GENERIC, reply
> AuthColumnDef 9, GENERIC, check
> AuthColumnDef 10, GENERIC, check
>
> # You may want to tailor these for your ACCOUNTING table
> AccountingTable Transaction
> AccountingStopsOnly
> AcctColumnDef LoginName,User-Name
> AcctColumnDef TimeClose,Timestamp,formatted-date,to_date('%e %m %Y
> %H:%M:%S', 'DD MM YYYY HH24:MI:SS')
> AcctColumnDef RecordType,Acct-Status-Type
> #AcctColumnDef AcctDelayTime,Acct-Delay-Time,integer
> AcctColumnDef BytesIn,Acct-Input-Octets
> AcctColumnDef BytesOut,Acct-Output-Octets
> AcctColumnDef SessionId,Acct-Session-Id
> AcctColumnDef Duration,Acct-Session-Time,integer
> AcctColumnDef TerminationCause,Acct-Terminate-Cause
> AcctColumnDef TerminationCause,Ascend-Disconnect-Cause
> AcctColumnDef NASIdentifier,NAS-Identifier
> AcctColumnDef NASIPAddress,NAS-IP-Address
> AcctColumnDef PortNo,NAS-Port,integer
> AcctColumnDef FramedIPAddress,Framed-IP-Address
> AcctColumnDef CLI,Calling-Station-Id
> </AuthBy>
>
> </Realm>
>
> <Realm DEFAULT>
> RewriteUsername s/^([^@]+).*/$1/
> RejectHasReason
> <AuthBy SQL>
>
> # FramedGroup 0
>
> # Adjust DBSource, DBUsername, DBAuth to suit your DB
> DBSource
> dbi:Oracle:(DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=myhostIP)
> (PORT=myPOrt))
> (CONNECT_DATA=(SID=mySID)))
> DBUsername User
> DBAuth Password
>
> # For Authenication from Solaris encrypted password
> # AuthByPolicy ContinueWhileAccept
> AuthSelect select
> Password,CallingStationId,ServiceType,FramedProtocol,FramedIPNetmask,N
> ASPort
> Type,SimultaneousUse,FramedIPAddress,SessionTimeout,TimeDuration,NasIp
> Addres
> s from UserLogin where Active=1 and LoginName='%n'
> AuthColumnDef 0, Encrypted-Password, check
> AuthColumnDef 1, GENERIC, check
> AuthColumnDef 2, Service-Type, check
> AuthColumnDef 3, Framed-Protocol, reply
> #AuthColumnDef 4, Framed-IP-Netmask, reply
> AuthColumnDef 5, NAS-Port-Type, check
> AuthColumnDef 6, Simultaneous-Use, check
> AuthColumnDef 7, GENERIC, reply
> AuthColumnDef 8, GENERIC, reply
> AuthColumnDef 9, GENERIC, check
> AuthColumnDef 10, GENERIC, check
>
> # You may want to tailor these for your ACCOUNTING table
> AccountingTable Transaction
> AccountingStopsOnly
> AcctColumnDef LoginName,User-Name
> AcctColumnDef TimeClose,Timestamp,formatted-date,to_date('%e %m %Y
> %H:%M:%S', 'DD MM YYYY HH24:MI:SS')
> AcctColumnDef RecordType,Acct-Status-Type
> #AcctColumnDef AcctDelayTime,Acct-Delay-Time,integer
> AcctColumnDef BytesIn,Acct-Input-Octets
> AcctColumnDef BytesOut,Acct-Output-Octets
> AcctColumnDef SessionId,Acct-Session-Id
> AcctColumnDef Duration,Acct-Session-Time,integer
> AcctColumnDef TerminationCause,Acct-Terminate-Cause
> AcctColumnDef NASIdentifier,NAS-Identifier
> AcctColumnDef NASIPAddress,NAS-IP-Address
> AcctColumnDef PortNo,NAS-Port,integer
> AcctColumnDef FramedIPAddress,Framed-IP-Address
> AcctColumnDef CLI,Calling-Station-Id
>
> </AuthBy>
> </Realm>
>
> <SessionDatabase SQL>
> # Specify the SQL database to connect to is similar to AuthSQL
> # You can specify multiple databases as fallbacks etc. See
> # the reference manual for more details
> DBSource
> dbi:Oracle:(DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=myhostIP)
> (PORT=myPOrt))
> (CONNECT_DATA=(SID=mySID)))
> DBUsername User
> DBAuth Password
>
> # You can alter the SQL statements used to add, delete and count
> # sessions with AddQuery, DeleteQuery, ClearNasQuery and
> # CountQuery. That means you can accomodate many different
> # SQL Session Database schemas. The defaults for these parameters
> # are suitable for the example RADONLINE table in the example SQL
> # scripts in the goodies directory.
> # See the reference manual for more details
>
> AddQuery insert into ActiveSessions (LoginName,
> SessionId,TimeStart,NASIPAddress,FramedIPAddress,PortNo,NASPortType,CL
> I,NASI
> dentifier) values \
> ('%n','%{Acct-Session-Id}',sysdate,'%{NAS-IP-Address}','%{Framed-
> IP-Address
> }','%{NAS-Port}','%{NAS-Port-Type}','%{Calling-Station-Id}','%N')
>
> DeleteQuery delete from ActiveSessions where \
> LoginName='%n'
>
> ClearNasQuery delete from ActiveSessions where 1=2 and
> NASIdentifier='%N'
> CountQuery select NASIdentifier, PortNo, SessionId from
> ActiveSessions
> where LoginName='%n'
>
>
> # Optional identifier. Its just a name
> # Identifier SDB1
>
> </SessionDatabase>
>
>
> <Log SQL>
> DBSource
> dbi:Oracle:(DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=myhostIP)
> (PORT=myPOrt))
> (CONNECT_DATA=(SID=mySID)))
> DBUsername User
> DBAuth Password
> Table RadiusLogs
> </Log>
>
> ------------------------------
> -Muhammad Danish Moosa-
> Software Engineer
> Gerrys Information Technology
>
>
> --
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
NB:
Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/
radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.
--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list