I appreciate the replies and suggestions to upgrade the SQL infrastructure. What I'm attempting to do is to basically limit a friendly DOS attack. I think throttling the offender is a better approach than adding more hardware in this case. Maybe inside freeradius isn't the answer, and maybe a firewall rule would be better suited for the task. Although this seems like it would be a common issue, especially with lots of new wirless ISPs which have their radios rebooted (thereby causing re-auth of all connected customers upon reboot) far more frequently than traditional wireline ISPs.
@Fajar - the intent in having them dropped is exactly that. I don't want the end-user trying to authenticate to fail authentication, I do want the NAS to retry. I just want to control how quickly it can retry from my end. If anyone else has experience solving the source of the problem, ideally at the proxy process level, I'm definitely open to suggestions and experience. Thanks, - N On Thu, Dec 15, 2011 at 12:58 AM, Alan Buxey <a.l.m.bu...@lboro.ac.uk> wrote: > Hi, > >> Error: rlm_sql (sql): There are no DB handles to use! > > improve your SQL performance - eg use InnoDB instead of myISAM , or postgresQL > instead of MySQL > > increase number of PERL and SQL instances > > use another 'non-inline' method to handle the accounting - so its buffered > and put into DB when daemon is free - eg use the 'buffered_sql' virtual > server > > alan > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html