Hello, all. I am running freeradius-2.1.6 with all AAA logick hidden in perl module, thus using rlm_perl.
Having about 1000-10000 client connections per day radiusd consumes about 1Gb of memory per day (I restart it daily). The only (possibly) important thing - I am using several external modules in my main perl module. I can supply code of perl modules, if necessary. radiusd config (with stripped off comments): prefix = /usr/local exec_prefix = /usr/local sysconfdir = /usr/local/etc localstatedir = /var sbindir = /usr/sbin logdir = ${localstatedir}/log/radius raddbdir = ${sysconfdir}/raddb radacctdir = ${logdir}/radacct confdir = ${raddbdir} run_dir = ${localstatedir}/run/radiusd db_dir = ${localstatedir}/lib/radiusd log_file = ${logdir}/radius.log libdir = /usr/local/lib pidfile = ${run_dir}/radiusd.pid user = radiusd group = radiusd max_request_time = 30 delete_blocked_requests = no cleanup_delay = 5 max_requests = 1024 listen { ipaddr = me.radius port = 1645 type = auth } listen { ipaddr = me.radius port = 1646 type = acct } log { destination = files file = ${logdir}/radius.log syslog_facility = daemon stripped_names = no auth = no auth_badpass = no auth_goodpass = no } hostname_lookups = no allow_core_dumps = yes regular_expressions = yes extended_expressions = yes log_stripped_names = no log_auth = yes log_auth_badpass = yes log_auth_goodpass = yes usercollide = no lower_user = no lower_pass = no nospace_user = no nospace_pass = no checkrad = ${sbindir}/checkrad security { max_attributes = 200 reject_delay = 1 status_server = no } proxy_requests = yes $INCLUDE ${confdir}/proxy.conf $INCLUDE ${confdir}/clients.conf snmp = no $INCLUDE ${confdir}/snmp.conf thread pool { start_servers = 5 max_servers = 32 min_spare_servers = 3 max_spare_servers = 10 max_requests_per_server = 300 } modules { chap { authtype = CHAP } unix { cache = no shadow = /etc/shadow } mschap { use_mppe = no } realm suffix { } preprocess { } files { usersfile = ${confdir}/users acctusersfile = ${confdir}/acct_users preproxy_usersfile = ${confdir}/preproxy_users compat = no } detail { detailfile = ${radacctdir}/%{Client-IP-Address}/detail-%Y%m%d detailperm = 0600 } detail auth_log { detailfile = ${radacctdir}/%{Client-IP-Address}/auth-detail-%Y%m%d detailperm = 0600 } detail reply_log { detailfile = ${radacctdir}/%{Client-IP-Address}/reply-detail-%Y%m%d detailperm = 0600 } acct_unique { key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port" } radutmp { filename = ${logdir}/radutmp username = %{User-Name} case_sensitive = yes check_with_nas = yes perm = 0600 callerid = "yes" } radutmp sradutmp { filename = ${logdir}/sradutmp perm = 0644 callerid = "no" } attr_filter { attrsfile = ${confdir}/attrs } counter daily { filename = ${db_dir}/db.daily key = User-Name count-attribute = Acct-Session-Time reset = daily counter-name = Daily-Session-Time check-name = Max-Daily-Session allowed-servicetype = Framed-User cache-size = 5000 } always fail { rcode = fail } always reject { rcode = reject } always ok { rcode = ok simulcount = 0 mpp = no } expr { } digest { } exec { wait = yes input_pairs = request } perl { module = /etc/raddb/esdfreeradius.pm func_authenticate = esd_authenticate func_authorize = esd_authorize func_preacct = esd_preacct func_accounting = esd_accounting func_checksimul = esd_checksimul func_post_auth = esd_post_auth func_detach = esd_detach } exec echo { wait = yes program = "/bin/echo %{User-Name}" input_pairs = request output_pairs = reply } ippool main_pool { range-start = 10.0.1.1 range-stop = 10.0.254.254 netmask = 255.255.255.255 cache-size = 800 session-db = ${db_dir}/db.ippool ip-index = ${db_dir}/db.ipindex override = no maximum-timeout = 0 } } instantiate { exec expr } authorize { preprocess perl chap suffix } authenticate { Auth-Type CHAP { chap } Auth-Type perl { perl } } preacct { preprocess acct_unique } accounting { perl } session { perl } post-auth { } pre-proxy { } post-proxy { } - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html