help-gnu-radius
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Help-gnu-radius] Maximum Loggen in Users


From: Sergey Poznyakoff
Subject: Re: [Help-gnu-radius] Maximum Loggen in Users
Date: Sat, 10 Jan 2004 10:04:02 +0200

Hello Kurt,

> I observed that sometimes I had 127 users in the system (every minute I ask
> our routers via SNMP and store the result in a database). More than 127
> users weren't ever seen. Lately the max number 127 I have seen very
> often.

Were there any rejected authentications in the radius.log by that time?
If there were, what diagnostics did radiusd display in the log?

> So I thought, maybe radius does not let in more than 127 users
> simultaneously. Then I looked into my configuration and saw, that in
> raddb/config max-requests were switched to 254 (for auth and acct). I
> changed the max-requests to 2048 for auth and to 4096 for acct.

Max-requests is not in any way related to the number of parallel
authentications. GNU Radius does not impose any limit on the number of
users that can connect simultaneously. You may configure it to
restrict simultaneous logging *under the same user name*, or to
restrict the number of simultaneously active sessions *from a given
realm*, but the overall number of authentications is not controlled
in any way.

Max-requests limits the overall number of the incoming requests radiusd
keeps in its queue. It affects only the checking for duplicate requests.
Please refer to

http://www.gnu.org/software/radius/manual/html_node/radius_11.html#SEC14

for the detailed information about the subject.

I suspect that the observed effect was actually due to some
special functioning of your NASes, rather than to any changes in
the radius configuration.

Anyway, for the detailed analysis I will need the complete information,
i.e.:

1) Contents of your raddb/users,hints,huntgroups,naslist 
2) Logging messages displayed in your radius.log

Feel free to send me this info in private. Should you wish to
encrypt it, please use my public key available at

  http://wwwkeys.pgp.net:11371/pks/lookup?op=index&search=0x55D0C732

Regards,
Sergey




reply via email to

[Prev in Thread] Current Thread [Next in Thread]