[RADIATOR] Unknown reply received in AuthRADIUS

Heikki Vatiainen hvn at open.com.au
Fri May 3 13:34:37 CDT 2013


On 05/03/2013 02:34 PM, Jim Tyrrell wrote:

> If I truncate the new MySQL tables then the RADIUS proxy is 
> happy, until the table builds up again and performance of the MySQL 
> AuthBy is degraded.

Maybe indexing could help here? Depends of course what the query
actually does.

> I need to fix the MySQL server performance, but it has identified I need 
> to allow for a slow MySQL server so it does not impact the RADIUS proxy 
> AuthBy.  I thought a Fork in the MySQL authby should do the trick?

Currently Fork is done only for Authentication requests for AuthBy SQL.
Accounting messages use a different code path and do not fork.

> <AuthBy SQL>
>          Identifier RadiusSessionUpdate
>          Fork

> This is running on a CentOS 6.4 box and also has 'MaxChildren = 100' 
> defined.  Can I tell if it is forking?  I dont see any more radiusd 
> processes..

You see this in the log when AuthBy SQL forks:
DEBUG: AuthBy SQL result: IGNORE, forked

and then there are multiple instances waiting for a response.

> I just need to ensure that any slowness to a MySQL update does not 
> impact any other authby's.  I'm not seeing any timeouts to MySQL so I'm 
> guessing that the updates are taking less than 2 seconds, but long 
> enough for a backlog to build up on a busy box.
> 
> Appreciate any ideas.

If fixing SQL takes a long time and you are willing to see if Fork
helps, you can force any authentication method to Fork like this:

<AuthBy GROUP>
  Fork
  <AuthBy SQL>
  # Your current AuthBY SQL contents
  </AuthBY>
</AuthBy>

That is, AuthBy GROUP will fork for any message type. When you wrap it
around your current AuthBy it will be executed by a child process.

Please see the reference manual for more about Fork and how it may not
work well with e.g., SQL. But the above will allow you to experiment
with Fork and SQL accounting.

Thanks,
Heikki

-- 
Heikki Vatiainen <hvn at open.com.au>

Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.


More information about the radiator mailing list