[RADIATOR] Slow response from Radiator

Arya, Manish Kumar m.arya at yahoo.com
Tue Mar 12 07:00:18 CDT 2013


Hi I tried to run Radius in foreground with trace level 4, this shows that the

time taken from LDAP connection to return attr is about 4 sec and then radius further takes 3 sec to confirm accept

*** Received from 10.174.2.2 port 50841 ....
Code:       Access-Request
Identifier: 68
Authentic:  4<151>#hPhj<187>I<16><26>F<25><169>\<4>
Attributes:
        User-Name = "mlavende at alu"
        User-Password = "xxxxxxxxxxxxxxxxxx"
        NAS-IP-Address = 10.174.2.2
        Calling-Station-Id = "10.5.1.196"
        NAS-Port-Type = Virtual

Tue Mar 12 11:55:19 2013: DEBUG: Handling request with Handler 'Realm = alu,NAS-IP-Address=/10\.174\..*/', Identifier ''
Tue Mar 12 11:55:20 2013: DEBUG: Rewrote user name to mlavende
Tue Mar 12 11:55:20 2013: DEBUG:  Deleting session for mlavende at alu, 10.174.2.2,
Tue Mar 12 11:55:21 2013: DEBUG: Handling with Radius::AuthLDAP2: alu_msp_user_auth-7750
Tue Mar 12 11:55:21 2013: INFO: Connecting to 127.0.0.1:389
Tue Mar 12 11:55:22 2013: INFO: Attempting to bind to LDAP server 127.0.0.1:389
Tue Mar 12 11:55:23 2013: DEBUG: LDAP got result for uid=mlavende,ou=people,o=COLT,ou=customers,dc=colt,dc=net
Tue Mar 12 11:55:23 2013: DEBUG: LDAP got userPassword: {crypt}0AZ8zj5xYpLak
Tue Mar 12 11:55:24 2013: DEBUG: LDAP got radius-sam-sec-grp-name: TAC_SUPPORT2
Tue Mar 12 11:55:24 2013: DEBUG: LDAP got radius-7750-Timetra-Access: 3
Tue Mar 12 11:55:25 2013: DEBUG: LDAP got radius-7750-Timetra-Profile: administrative
Tue Mar 12 11:55:25 2013: DEBUG: LDAP got radius-7750-Timetra-Default-Action: 1
Tue Mar 12 11:55:26 2013: DEBUG: Radius::AuthLDAP2 looks for match with mlavende [mlavende at alu]
Tue Mar 12 11:55:26 2013: DEBUG: Radius::AuthLDAP2 ACCEPT: : mlavende [mlavende at alu]
Tue Mar 12 11:55:27 2013: DEBUG: AuthBy LDAP2 result: ACCEPT,
Tue Mar 12 11:55:27 2013: DEBUG: Access accepted for mlavende
Tue Mar 12 11:55:28 2013: DEBUG: Packet dump:
*** Sending to 10.174.2.2 port 50841 ....
Code:       Access-Accept
Identifier: 68
Authentic:  Y<207><170><28><139><18>j<244><193><159><179>r$<142><207><202>
Attributes:
        Sam-security-group-name = "TAC_SUPPORT2"
        Timetra-Access = 3
        Timetra-Profile = "administrative"
        Timetra-Default-Action = 1
        Service-Type = Login-User


Regards,
-Manish




________________________________
 From: Hugh Irvine <hugh at open.com.au>
To: "Arya, Manish Kumar" <m.arya at yahoo.com> 
Cc: Radiator <radiator at open.com.au> 
Sent: Monday, March 11, 2013 3:00 PM
Subject: Re: [RADIATOR] Slow response from Radiator
 

Hello Manish -

I suggest you add "LogMicroseconds" (requires Time-Hires from CPAN) to your Radiator global configuration options, and "Debug 255" to your AuthBy LDAP 2 clause.

Then you should run radiusd by hand from the command line like this so you can see the LDAP debug messages (using your local Radiator directory):


    cd /your/Radiator/distribution/directory

    perl radiusd -foreground -log_stdout -trace 4 -config_file /your/Radiator/configuration/file


From the debug you show below it looks like your LDAP server response is very slow.

BTW - the most recent version is Radiator-4.11.

regards

Hugh


On 11 Mar 2013, at 19:16, "Arya, Manish Kumar" <m.arya at yahoo.com> wrote:

> Hi,
> 
>   Can anyone help please. I am using Radiator version 4.9 on Solaris 10
> 
> [xxxx at rxxxxx:/var/log/radiator]$ cat /etc/release
>                        Solaris 10 11/06 s10s_u3wos_10 SPARC
>            Copyright 2006 Sun Microsystems, Inc.  All Rights Reserved.
>                         Use is subject to license terms.
>                            Assembled 14 November 2006
> 
> 
> Regards,
> -Manish
> 
> From: "Arya, Manish Kumar" <m.arya at yahoo.com>
> To: Radiator <radiator at open.com.au>; "manishkumar.arya at colt.net" <manishkumar.arya at colt.net> 
> Sent: Friday, March 8, 2013 2:59 PM
> Subject: Slow response from Radiator
> 
> Hi,
> 
> Radius server takes approx 7-10 seconds to handle one request, there not much load on this radius server.
> 
> Radius Packet dump
> 
> *** Received from 127.0.0.1 port 32812 ....
> Code:       Access-Request
> Identifier: 102
> 
> Fri Mar  8 09:08:11 2013: DEBUG: Rewrote user name to xxxxxx
> Fri Mar  8 09:08:12 2013: DEBUG:  Deleting session for xxxxxxx at alu, 10.174.2.2,
> Fri Mar  8 09:08:12 2013: DEBUG: Handling with Radius::AuthLDAP2: alu_msp_user_auth-7750
> Fri Mar  8 09:08:13 2013: INFO: Connecting to 127.0.0.1:389
> Fri Mar  8 09:08:13 2013: INFO: Attempting to bind to LDAP server 127.0.0.1:389
> Fri Mar  8 09:08:14 2013: DEBUG: LDAP got result for uid=xxxxx,ou=people,o=COLT,ou=customers,dc=colt,dc=net
> Fri Mar  8 09:08:14 2013: DEBUG: LDAP got userPassword: xxxxxx
> Fri Mar  8 09:08:15 2013: DEBUG: LDAP got radius-sam-sec-grp-name: TAC_SUPPORT2
> Fri Mar  8 09:08:15 2013: DEBUG: LDAP got radius-7750-Timetra-Access: 3
> Fri Mar  8 09:08:16 2013: DEBUG: LDAP got radius-7750-Timetra-Profile: administrative
> Fri Mar  8 09:08:16 2013: DEBUG: LDAP got radius-7750-Timetra-Default-Action: 1
> Fri Mar  8 09:08:17 2013: DEBUG: Radius::AuthLDAP2 looks for match with xxxxxx [xxxxxx at alu]
> Fri Mar  8 09:08:17 2013: DEBUG: Radius::AuthLDAP2 ACCEPT: : xxxxxx [xxxxxx at alu]
> Fri Mar  8 09:08:18 2013: DEBUG: AuthBy LDAP2 result: ACCEPT,
> Fri Mar  8 09:08:18 2013: DEBUG: Access accepted for xxxxxx
> Fri Mar  8 09:08:19 2013: DEBUG: Packet dump:
> *** Sending to 10.174.2.2 port 50838 ....
> Code:       Access-Accept
> Identifier: 167
> Authentic:  <245><217>Un<184>Ge<144>.<213>QE<1>u4.
> Attributes:
>         Sam-security-group-name = "TAC_SUPPORT2"
>         Timetra-Access = 3
>         Timetra-Profile = "administrative"
>         Timetra-Default-Action = 1
>         Service-Type = Login-User
> 
> 
> ldapsearch for uid with above attributes is also very quick, no complaints of indexes too
> 
> real    0m0.020s
> user    0m0.006s
> sys     0m0.010s
> 
> hardware config
> 
> [root at rad-lon1:/var/log/radiator]# prtdiag
> System Configuration: Sun Microsystems  sun4u Sun Fire V245
> System clock frequency: 188 MHZ
> Memory size: 4GB
> 
> ==================================== CPUs ====================================
>                E$          CPU                    CPU
> CPU  Freq      Size        Implementation         Mask    Status      Location
> ---  --------  ----------  ---------------------  -----   ------      --------
> 0    1504 MHz  1MB         SUNW,UltraSPARC-IIIi    3.4    on-line     MB/P0
> 1    1504 MHz  1MB         SUNW,UltraSPARC-IIIi    3.4    on-line     MB/P1
> 
> 
> CPU usage (uptime)
> 
> [root at rad-lon1:/var/log/radiator]# uptime
>   9:21am  up 262 day(s), 20:18,  5 users,  load average: 0.04, 0.04, 0.04
> 
> 
> CPU/Memory usage with top states no processes are using very minimal CPU and memory. 
> 
> last pid: 11066;  load avg:  0.04,  0.04,  0.04;       up 262+20:19:30     09:22:51
> 68 processes: 67 sleeping, 1 on cpu
> CPU states: 98.7% idle,  0.6% user,  0.7% kernel,  0.0% iowait,  0.0% swap
> Memory: 4096M phys mem, 1718M free mem, 8005M total swap, 8005M free swap
> 
>    PID USERNAME LWP PRI NICE  SIZE   RES STATE    TIME    CPU COMMAND
>  22797 dsadmin   41  59    0  297M  261M sleep  468:00  0.44% ns-slapd
>  23543 root       1  59    0  355M  353M sleep  174:26  0.29% perl
>  10858 root       1  59    0 2888K 1784K cpu/0    0:00  0.09% top
>  23137 root      41  59    0  196M  162M sleep  329:16  0.05% ns-slapd
>  22899 root      30  59    0  134M   92M sleep  167:34  0.02% java
>    691 noaccess  25  59    0  177M   96M sleep  231:51  0.02% java
>  10823 root       1  59    0 3008K 2488K sleep    0:00  0.02% bash
>  10821 root       1  59    0 8304K 2728K sleep    0:00  0.01% sshd
>  26407 daemon     4  59    0  620M  559M sleep   19:44  0.01% nfsmapid
>    331 root       1 100  -20 2312K 1512K sleep   31:05  0.01% xntpd
>   5013 root      25  59    0 6544K 4576K sleep    1:01  0.01% nscd
>    114 root       6  59    0 4128K 3248K sleep  341:09  0.01% picld
>   7312 root       1  59    0 1984K 1576K sleep    0:00  0.00% tail
>   1148 root       1  59    0 9000K 3352K sleep    0:00  0.00% sshd
>      7 root      13  59    0 9784K 7728K sleep    4:47  0.00% svc.startd
> 
> Regards,
> -Manish
> 
> 
> _______________________________________________
> radiator mailing list
> radiator at open.com.au
> http://www.open.com.au/mailman/listinfo/radiator


--

Hugh Irvine
hugh at open.com.au

Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, 
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, 
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. 
Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.open.com.au/pipermail/radiator/attachments/20130312/5d268a6b/attachment.html 


More information about the radiator mailing list