(RADIATOR) Problems with RADIUS accounting

Hugh Irvine hugh at open.com.au
Thu Apr 17 20:02:15 CDT 2008


Hello Alex -

The best way to see what is happening is to set up a Log FILE clause  
in your Radiator configuration with LogMicroseconds (requires Time- 
Hires from CPAN).

This will show you exactly how long each processing step is taking,  
and you will likely find that the problem is slow response from the  
database.

Here is an example Log FILE clause:


# log with microseconds
# requires Time-Hires from CPAN

<Log FILE>
	LogMicroseconds
	Filename %L/microseconds-log-%Y-%m-%d
</Log>


hope that helps

regards

Hugh


On 18 Apr 2008, at 02:36, Alex Sharaz wrote:
> Chaps,
> I’ve got a problem here that seems to be associated with Accounting  
> when using a database to store accounting information
>
> Production system
>
> 3 real servers each server running 2 instances of radiator – one  
> for authentication and one for accounting
>
> These serves are front ended by a Foundry ServerironXL device that  
> load balances radius  acct and auth requests over
>
> Authentication is performed by proxying of auth requests to a pair  
> of legacy steel belted radius servers.
>
> I’ve got a couple of perl hooks that access the back end database  
> when authenticating.
>
> My radius config has a number of session log definitions for  
> various types of RAS e.g. HP switches doing 802.1x, Trapeze  
> networks Wireless kit. In addition to this I’ve split how I process  
> the accounting records by having a handler statement for Accounting  
> start records, accounting Alive records and accounting stop records
>  so for our HP wired network I have the  following sessionlog  
> definitions.
>
> Hull_Wired_Start_mysql creates a record in the radonline table
> Hull_wired_alive_mysql updates the above record with session time  
> and gata transmitted info
> Hull_Wired_Stop_mysql deletes the radonline record.
>
> The above are replicated for the various other systems.
>
> I’m also using ClientListSQL to keep track of my RAS clients
>
> Test system
>
> Dell 2850 server 8Gbytes of ram radiator 4.2
>
>
> The database for both setups sits on a redhat 5.1 64 bit system –  
> dual 3Ghz processors with 12Gbytes of ram that also provides  
> support for my db2 V9.5 system. At the moment the box is hardly  
> being used.
>
> The mysql database uses InnoDB tables and I’m using the sample  
> radSupport DB definitions.
>
> The problem I’m having is that with only about 20 switches I’m  
> seeing loads of “failure to connect to Radius server” messages at  
> the switch end.. Its not the authentication its the accounting side  
> of things that are causing the problem.
>
> Initially I thought it might have been the load balancer but it  
> doens’t look as if it is. I’ve got an HP switch in my office that I  
> use to test dot1x authentication so I pointed it at my development  
> Radiator server for acct and auth. The only common point was the  
> back end mysql database. This switch did the same thing as the  
> others and there are only 2 clients authenticating to it a Mac OSX  
> machine and a Vista machine and they’re both mine.
>
> I then rewrote the Sessionlog statements to use the DB2 database  
> running on the same machine ... Which looked as if things might  
> have worked. However, I then pointed the Trapexe accounting at the  
> devel server and almost immediately started getting failure to  
> connect to radius server messages on the trapeze console. As it  
> happened there was an error in an sql statement for the sessionlog  
> that dealt with updates. After I fixed this it looked as if things  
> were working o.k. The problem is that its now 5:32 on a Thursday  
> and there’s not a lot of traffic around.
>
> I really can’t see anything wrong anywhere or why I’m getting these  
> errors. Eventually we’ll have 2 or 3 hundred switches passing  
> accounting info to this setup and at the moment it looks as if its  
> not going to cope which is silly.
>
> I understand that FreeRadius 2.0 has some form of buffering  
> facility whereby if the server loses connection with the back end  
> database it queues up accounting info on disk until connection to  
> the database is restored.
>
>
> Any help/thoughts/suggestions appreciated.
>
> Alex
> ********************************************************************** 
> *******************
> To view the terms under which this email is distributed, please go  
> to http://www.hull.ac.uk/legal/email_disclaimer.html
> ********************************************************************** 
> *******************



NB:

Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/ 
radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
Have you checked the RadiusExpert wiki:
http://www.open.com.au/wiki/index.php/Main_Page

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
Includes support for reliable RADIUS transport (RadSec),
and DIAMETER translation agent.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.



--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list