1

We are using FreeRADIUS with a MySQL database, authenticating users. We ran into an issue where are MySQL database was slow causing the max number of threads to be reached. The issue with this is, when the server couldn't answer the requests as there were no threads avaiable, it sent the response of Access-Reject to the clients.

Our devices cache client connections and periodically checks with the server to see if they should still be allowed or to remove them. The equipment is designed that if there is no response from the server and a client is connected it will remain connected. The issue is, when the radius server is at its max threads, its default answer is to send access-reject (verified via packet capture), however we would like to change the default behavior to just ignore the request (keeping the clients connected).

We have fixed the MySQL database issue for now, but I would like to change the default from Access-Reject, to just ignore the client altogeather. I have done research, but not able to find an answer to the question.

Thanks in Advance.

jinanwow
  • 443
  • 6
  • 15

1 Answers1

0

Check that your MySQL server is answering fast enough, check server load, memory usage, disk access (top, free, vmstat, iostat).

How many rows do you have in your users table ? Which type of storage (MyISAM, InnoDB) ?

You can tune MySQL server to close unused connections:

# /etc/my.cnf
...
# close unused connections after timeout
set-variable = wait_timeout=300

# keep 50 threads in cache
set-variable = thread_cache_size=50
vitalie
  • 502
  • 2
  • 5