[RADIATOR] Proxy'ing Client-Identifier to "slave" RADIUS processes

Hugh Irvine hugh at open.com.au
Mon Jan 28 15:54:01 CST 2013


Hello Neil -

The first thing to do is run Radiator at trace 4 with LogMicroseconds enabled so you can see exactly how long each processing step is taking.

The most usual suspects are slow responses to LDAP (aka Active Directory) and/or SQL queries.

Once you have a clear understanding of where the slowdowns occur, you can take steps to improve things.

In other words, it doesn't matter how many processes you run if the slowest element is outside Radiator.

That said, I designed and built a system for a large University here in Australia that used 10 Radiator hosts, each with FarmSize 9 and 40 backend processes (ie. 50 Radiator processes in total on each Radiator host).

This was specifically designed to cope with slow responses from an LDAP backend, that could paradoxically process *many* LDAP requests in parallel.

As the old adage goes "your mileage may vary"…..

regards

Hugh


On 29 Jan 2013, at 07:43, "Johnson, Neil M" <neil-johnson at uiowa.edu> wrote:

> 
> For those of you that can use the FarmSize option, what do you recommend
> for a number of child processes ?
> 
> The hardware I have is Dual Processor (Xeon L5630) at 2.13GHz box with
> 16GB of RAM, running Windows Server 2008 R2 (64-bit) with a RAID array.
> 
> Thanks.
> 
> -Neil
> 
> -- 
> Neil Johnson
> Network Engineer
> The University of Iowa
> Phone: 319 384-0938
> Fax: 319 335-2951
> Mobile: 319 540-2081
> E-Mail: neil-johnson at uiowa.edu
> 
> 
> 
> 
> 
> 
> On 1/28/13 2:11 PM, "Heikki Vatiainen" <hvn at open.com.au> wrote:
> 
>> On 01/28/2013 09:36 PM, Johnson, Neil M wrote:
>> 
>>> It appears that when the Outer handler re-dispatches the request for
>>> processing by the PEAP and TLS inner Handlers that the
>>> OSC-Client-Identifier attribute is not also sent.
>> 
>> That's true. Only some attributes are copied automatically. For the rest
>> you can do something like this in the outer Handler's AuthBy:
>> 
>> PreHandlerHook sub { \
>> my $tp = ${$_[0]}; \
>> $tp->add_attr('OSC-Client-Identifier',
>> $tp->{outerRequest}->get_attr('OSC-Client-Identifier')); \
>> }
>> 
>> This should copy OSC-Client-Identifier from outer request into tunneled
>> request.
>> 
>> You should also see it in Trace 4 output which does not show it now, as
>> you had noticed.
>> 
>> Thanks,
>> Heikki
>> 
>> 
>> -- 
>> Heikki Vatiainen <hvn at open.com.au>
>> 
>> Radiator: the most portable, flexible and configurable RADIUS server
>> anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
>> Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
>> TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
>> DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
>> NetWare etc.
> 
> _______________________________________________
> radiator mailing list
> radiator at open.com.au
> http://www.open.com.au/mailman/listinfo/radiator


--

Hugh Irvine
hugh at open.com.au

Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, 
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, 
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. 
Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc.



More information about the radiator mailing list