Hello Ludovic,
Again we had an outage and this time it looks like DB had some sort of
locking issues. The temp fix was to restart the mariadb service. I'm
running PF 11.2 with 3 nodes cluster doing 802.1x and mac auth and I see
below messages in packetfence.log at the time when the problem began and
these messages continued till DB was restarted.
*Packetfence.log:*
*Apr 13 21:47:12 NAC1 pfqueue[3025858]: pfqueue(3025858) ERROR:
[mac:unknown] Database query failed with non retryable error: Lock wait
timeout exceeded; try restarting transaction (errno: 1205) [INSERT INTO
`node` ( `autoreg`, `bandwidth_balance`, `bypass_role_id`, `bypass_vlan`,
`category_id`, `computername`, `detect_date`, `device_class`,
`device_manufacturer`, `device_score`, `device_type`, `device_version`,
`dhcp6_enterprise`, `dhcp6_fingerprint`, `dhcp_fingerprint`, `dhcp_vendor`,
`last_arp`, `last_dhcp`, `last_seen`, `lastskip`, `mac`, `machine_account`,
`notes`, `pid`, `regdate`, `sessionid`, `status`, `tenant_id`,
`time_balance`, `unregdate`, `user_agent`, `voip`) VALUES ( ?, ?, ?, ?, ?,
?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?,
?, ? ) ON DUPLICATE KEY UPDATE `last_dhcp` = ?, `tenant_id` = ?]{no, NULL,
NULL, , NULL, SEPC4143C97B434, 2021-12-23 14:27:33, VoIP Device, Cisco
Systems, Inc, 76, Cisco IP Phone CP-7945G, , , , 1,66,6,3,15,150,35, Cisco
Systems, Inc. IP Phone CP-7945G, 0000-00-00 00:00:00, 2022-04-13 21:46:21,
2021-12-24 20:10:12, 0000-00-00 00:00:00, c4:14:3c:97:b4:34, NULL, ,
default, 0000-00-00 00:00:00, , unreg, 1, NULL, 0000-00-00 00:00:00, , no,
2022-04-13 21:46:21, 1} (pf::dal::db_execute)*
*Apr 13 21:47:12 NAC1 pfqueue[3025858]: pfqueue(3025858) ERROR:
[mac:unknown] Unable to modify node 'c4:14:3c:97:b4:34
(pf::node::node_modify)*
Apr 13 21:47:28 NAC1 pfqueue[3028686]: pfqueue(3028686) WARN:
[mac:00:11:22:33:44:55] Unable to pull accounting history for device
00:11:22:33:44:55. The history set doesn't exist yet.
(pf::accounting_events_history::latest_mac_history)
Apr 13 21:47:38 NAC1 pfqueue[3028686]: pfqueue(3028686) WARN:
[mac:00:11:22:33:44:55] Unable to pull accounting history for device
00:11:22:33:44:55. The history set doesn't exist yet.
(pf::accounting_events_history::latest_mac_history)
Apr 13 21:47:42 NAC1 pfqueue[3028686]: pfqueue(3028686) WARN:
[mac:00:11:22:33:44:55] Unable to pull accounting history for device
00:11:22:33:44:55. The history set doesn't exist yet.
(pf::accounting_events_history::latest_mac_history)
Apr 13 21:47:52 NAC1 pfqueue[3028686]: pfqueue(3028686) WARN:
[mac:00:11:22:33:44:55] Unable to pull accounting history for device
00:11:22:33:44:55. The history set doesn't exist yet.
(pf::accounting_events_history::latest_mac_history)
Apr 13 21:47:53 NAC1 packetfence[3029093]: pfperl-api(2533174) INFO: Using
300 resolution threshold (pf::pfcron::task::cluster_check::run)
Apr 13 21:47:53 NAC1 packetfence[3029094]: pfperl-api(2828317) INFO:
processed 0 security_events during security_event maintenance
(1649872073.11399 1649872073.12087)
(pf::security_event::security_event_maintenance)
Apr 13 21:47:53 NAC1 packetfence[3029094]: pfperl-api(2828317) INFO:
processed 0 security_events during security_event maintenance
(1649872073.12281 1649872073.12537)
(pf::security_event::security_event_maintenance)
Apr 13 21:47:53 NAC1 packetfence[3029095]: pfperl-api(2426219) INFO:
getting security_events triggers for accounting cleanup
(pf::accounting::acct_maintenance)
Apr 13 21:47:53 NAC1 packetfence[3029093]: pfperl-api(2533174) INFO: All
cluster members are running the same configuration version
(pf::pfcron::task::cluster_check::run)
*Apr 13 21:48:03 NAC1 pfqueue[3025858]: pfqueue(3025858) ERROR:
[mac:unknown] Database query failed with non retryable error: Lock wait
timeout exceeded; try restarting transaction (errno: 1205) [INSERT INTO
`node` *( `autoreg`, `bandwidth_balance`, `bypass_role_id`, `bypass_vlan`,
`category_id`, `computername`, `detect_date`, `device_class`,
`device_manufacturer`, `device_score`, `device_type`, `device_version`,
`dhcp6_enterprise`, `dhcp6_fingerprint`, `dhcp_fingerprint`, `dhcp_vendor`,
`last_arp`, `last_dhcp`, `last_seen`, `lastskip`, `mac`, `machine_account`,
`notes`, `pid`, `regdate`, `sessionid`, `status`, `tenant_id`,
`time_balance`, `unregdate`, `user_agent`, `voip`) VALUES ( ?, ?, ?, ?, ?,
?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?,
?, ? ) ON DUPLICATE KEY UPDATE `last_dhcp` = ?, `tenant_id` = ?]{no, NULL,
NULL, , NULL, Admin-PC, 2021-12-22 14:45:32, Windows OS, Dell Inc., 78,
Microsoft Windows Kernel 10.0, 10.0, , ,
1,3,6,15,31,33,43,44,46,47,119,121,249,252, MSFT 5.0, 0000-00-00 00:00:00,
2022-04-13 21:47:12, 2022-04-13 21:45:43, 0000-00-00 00:00:00,
98:90:96:cb:a3:02, NULL, , default, 0000-00-00 00:00:00, , unreg, 1, NULL,
0000-00-00 00:00:00, , no, 2022-04-13 21:47:12, 1} (pf::dal::db_execute)
*Apr 13 21:48:03 NAC1 pfqueue[3025858]: pfqueue(3025858) ERROR:
[mac:unknown] Unable to modify node '98:90:96:cb:a3:02
(pf::node::node_modify)*
Apr 13 21:48:08 NAC1 pfqueue[3028686]: pfqueue(3028686) WARN:
[mac:00:11:22:33:44:55] Unable to pull accounting history for device
00:11:22:33:44:55. The history set doesn't exist yet.
(pf::accounting_events_history::latest_mac_history)
Apr 13 21:48:19 NAC1 pfqueue[3028686]: pfqueue(3028686) WARN:
[mac:00:11:22:33:44:55] Unable to pull accounting history for device
00:11:22:33:44:55. The history set doesn't exist yet.
(pf::accounting_events_history::latest_mac_history)
Apr 13 21:48:22 NAC1 pfqueue[3028686]: pfqueue(3028686) WARN:
[mac:00:11:22:33:44:55] Unable to pull accounting history for device
00:11:22:33:44:55. The history set doesn't exist yet.
(pf::accounting_events_history::latest_mac_history)
These are the messages in *radius.log*:
Apr 13 21:44:24 NAC1 auth[2559747]: (49313) Login OK: [prntnacact] (from
client 192.168.254.12/32 port 50335 cli 9c:93:4e:6c:b0:61)
Apr 13 21:45:24 NAC1 auth[2559747]: Adding client 192.168.254.22/32
Apr 13 21:45:24 NAC1 auth[2559747]: [mac:18:9c:5d:ab:b1:ef] Accepted user:
and returned VLAN
Apr 13 21:45:24 NAC1 auth[2559747]: (49333) Login OK: [189c5dabb1ef] (from
client 192.168.254.22/32 port 50443 cli 18:9c:5d:ab:b1:ef)
Apr 13 21:48:44 NAC1 auth[2559747]: Adding client 192.168.254.11/32
*Apr 13 21:48:51 NAC1 auth[2559747]: (49406) rest: ERROR: Server returned
no data*
Apr 13 21:48:52 NAC1 auth[2559747]: (49406) Ignoring duplicate packet from
client 192.168.254.11/32 port 1645 - ID: 56 due to unfinished request in
component authenticate module eap_peap
Apr 13 21:48:57 NAC1 auth[2559747]: (49406) Ignoring duplicate packet from
client 192.168.254.11/32 port 1645 - ID: 56 due to unfinished request in
component authenticate module eap_peap
*Apr 13 21:48:58 NAC1 auth[2559747]: Unresponsive child for request 49406,
in component authenticate module eap_peap*
Apr 13 21:49:02 NAC1 auth[2559747]: (49411) eap: ERROR: rlm_eap (EAP): No
EAP session matching state 0xb15267b8b65b7e27
Apr 13 21:49:02 NAC1 auth[2559747]: (49411) eap: ERROR: rlm_eap (EAP): No
EAP session matching state 0xb15267b8b65b7e27
Apr 13 21:49:02 NAC1 auth[2559747]: [mac:90:1b:0e:45:4b:2e] Rejected user:
DOMAIN-A\USER-1
Apr 13 21:49:02 NAC1 auth[2559747]: (49411) Login incorrect (eap: rlm_eap
(EAP): No EAP session matching state 0xb15267b8b65b7e27): [DOMAIN-A\USER-1]
(from client 192.168.254.11/32 port 50408 cli 90:1b:0e:45:4b:2e)
Apr 13 21:49:16 NAC1 auth[2559747]: (49416) *rest: ERROR: Server returned
no data*
Apr 13 21:49:17 NAC1 auth[2559747]: (49416) Ignoring duplicate packet from
client 192.168.254.11/32 port 1645 - ID: 57 due to unfinished request in
component post-auth module sql_reject
Apr 13 21:49:22 NAC1 auth[2559747]: (49416) Ignoring duplicate packet from
client 192.168.254.11/32 port 1645 - ID: 57 due to unfinished request in
component post-auth module sql_reject
Apr 13 21:49:23 NAC1 auth[2559747]: *Unresponsive child for request 49416,
in component post-auth module sql_reject*
Apr 13 21:49:31 NAC1 auth[2559747]: (49422) rest: ERROR: Server returned no
data
Apr 13 21:49:38 NAC1 auth[2559747]: *Unresponsive child for request 49422,
in component post-auth module sql_reject*
Apr 13 21:52:19 NAC1 auth[2559747]: Adding client 192.168.254.23/32
Apr 13 21:52:23 NAC1 auth[2559747]: (49485) rest: ERROR: Server returned no
data
Apr 13 21:52:24 NAC1 auth[2559747]: (49485) Ignoring duplicate packet from
client 192.168.254.23/32 port 1645 - ID: 19 due to unfinished request in
component authenticate module eap_peap
Apr 13 21:52:29 NAC1 auth[2559747]: (49485) Ignoring duplicate packet from
client 192.168.254.23/32 port 1645 - ID: 19 due to unfinished request in
component authenticate module eap_peap
Apr 13 21:52:30 NAC1 auth[2559747]: *Unresponsive child for request 49485,
in component authenticate module eap_peap*
Apr 13 21:52:34 NAC1 auth[2559747]: (49491) eap: ERROR: rlm_eap (EAP): No
EAP session matching state 0x6b3884f06c319d1d
Apr 13 21:52:34 NAC1 auth[2559747]: (49491) eap: ERROR: rlm_eap (EAP): No
EAP session matching state 0x6b3884f06c319d1d
Apr 13 21:52:34 NAC1 auth[2559747]: [mac:9c:93:4e:64:05:03] Rejected user:
prntnacact
Apr 13 21:52:34 NAC1 auth[2559747]: (49491) Login incorrect (eap: rlm_eap
(EAP): No EAP session matching state 0x6b3884f06c319d1d): [prntnacact]
(from client 192.168.254.23/32 port 50420 cli 9c:93:4e:64:05:03)
Apr 13 21:52:43 NAC1 auth[2559747]: Adding client 192.168.254.14/32
Apr 13 21:52:49 NAC1 auth[2559747]: (49503) *rest: ERROR: Server returned
no data*
Upon googling I found this post (PacketFence / Re: [PacketFence-users]
ERROR: Server returned no data (sourceforge.net)
<https://sourceforge.net/p/packetfence/mailman/message/37624251/>) to fix
the "ERROR: Server returned no data" message and I have added the chunk =
'8192' parameter in rest.conf and now observing whether this message
reappears in the logs.
With regard to the "Unresponsive Child" message I found this post What does
“unresponsive child” error message mean? | NetworkRADIUS
<https://networkradius.com/articles/2021/02/10/what-does-unresponsive-child-error-mean.html>
and
it makes me nervous to troubleshoot the issue as it points to slowness in
the DB (which relates well to locking messages in packetfence.log seen
above). The problem is how I can identify the slow queries and fix them (is
it the same query shown in pf log?). Is it advisable to change the current
lock_wait_timeout value to something higher (currently set to 50 secs)? I'm
wondering what other measures can be put in place to avoid this from
recurring, does restarting the sql service daily help me?
Regards
Misbah
On Wed, 13 Apr 2022 at 17:17, Misbah Hussaini <misbhaud...@gmail.com> wrote:
> Hello Ludovic,
>
> Its already added as a switch and have been working fine for past 1 month
> but with few endpoints. When I googled this message, freeradius support
> list suggested to increase the max server count, which I did, and the issue
> was resolved. The concern I have is whether there are other such parameters
> which needs to be fine tuned for Production.
>
> Also, the config change you suggested for Fingerbank-collector doesnt
> seemsto have worked. Currently im unmonitoring fingerbank using below
> command but I know it wont survive service restart or server reboots.
>
> #monit unmonitor packetfence-fingerbank-collectod
>
> On Wed, 13 Apr 2022, 17:11 Zammit, Ludovic, <luza...@akamai.com> wrote:
>
>> Hello,
>>
>> It looks like 192.168.254.14 is trying to ask for an authentication. Add
>> it as the switch.
>>
>> Thanks,
>>
>> *Ludovic Zammit*
>> *Product Support Engineer Principal*
>> *Cell:* +1.613.670.8432
>> Akamai Technologies - Inverse
>> 145 Broadway
>> Cambridge, MA 02142
>> Connect with Us: <https://community.akamai.com> <http://blogs.akamai.com>
>> <https://twitter.com/akamai> <http://www.facebook.com/AkamaiTechnologies>
>> <http://www.linkedin.com/company/akamai-technologies>
>> <http://www.youtube.com/user/akamaitechnologies?feature=results_main>
>>
>> On Apr 12, 2022, at 3:02 AM, Misbah Hussaini <misbhaud...@gmail.com>
>> wrote:
>>
>> Thanks Ludovic, I'm testing this config change.
>>
>> Meanwhile, I checked the radius log when the issue of auth occurred for
>> us and I found below lines. As I mentioned earlier, I increased the max
>> threads to a higher value in radius.conf file and the issue was resolved
>> and auth started working. Does everybody have to increase this value in
>> Production? I'm asking especially because we are planning to increase the
>> number of devices (by another 250) and perhaps then I need to use a much
>> higher value to avoid recurrence of this problem.
>>
>> Apr 7 10:06:23 NAC1 auth[368888]: Ignoring request to auth address
>> 192.168.197.90 port 1812 bound to server packetfence from unknown client
>> 192.168.254.14 port 1645 proto udp
>> Apr 7 10:06:25 NAC1 auth[368888]: rlm_sql (sql): No connections
>> available and at max connection limit
>> Apr 7 10:06:25 NAC1 auth[368888]: Ignoring request to auth address
>> 192.168.197.90 port 1812 bound to server packetfence from unknown client
>> 192.168.254.14 port 1645 proto udp
>> Apr 7 10:06:26 NAC1 auth[368888]: rlm_sql (sql): No connections
>> available and at max connection limit
>> Apr 7 10:06:26 NAC1 auth[368888]: Ignoring request to auth address
>> 192.168.197.90 port 1812 bound to server packetfence from unknown client
>> 192.168.254.14 port 1645 proto udp
>> Apr 7 10:06:28 NAC1 auth[368888]: rlm_sql (sql): No connections
>> available and at max connection limit
>> Apr 7 10:06:28 NAC1 auth[368888]: Ignoring request to auth address
>> 192.168.197.90 port 1812 bound to server packetfence from unknown client
>> 192.168.254.14 port 1645 proto udp
>> Apr 7 10:06:30 NAC1 auth[368888]: rlm_sql (sql): No connections
>> available and at max connection limit
>> Apr 7 10:06:30 NAC1 auth[368888]: Ignoring request to auth address
>> 192.168.197.90 port 1812 bound to server packetfence from unknown client
>> 192.168.254.14 port 1645 proto udp
>> Apr 7 10:06:37 NAC1 auth[368888]: rlm_sql (sql): No connections
>> available and at max connection limit
>> Apr 7 10:06:37 NAC1 auth[368888]: Ignoring request to auth address
>> 192.168.197.90 port 1812 bound to server packetfence from unknown client
>> 192.168.254.28 port 1645 proto udp
>> Apr 7 10:06:42 NAC1 auth[368888]: rlm_sql (sql): No connections
>> available and at max connection limit
>> Apr 7 10:06:42 NAC1 auth[368888]: Ignoring request to auth address
>> 192.168.197.90 port 1812 bound to server packetfence from unknown client
>> 192.168.254.28 port 1645 proto udp
>> Apr 7 10:06:57 NAC1 auth[368888]: rlm_sql (sql): No connections
>> available and at max connection limit
>> Apr 7 10:06:57 NAC1 auth[368888]: Ignoring request to auth address
>> 192.168.197.90 port 1812 bound to server packetfence from unknown client
>> 192.168.254.13 port 1645 proto udp
>> Apr 7 10:07:02 NAC1 auth[368888]: rlm_sql (sql): No connections
>> available and at max connection limit
>> Apr 7 10:07:02 NAC1 auth[368888]: Ignoring request to auth address
>> 192.168.197.90 port 1812 bound to server packetfence from unknown client
>> 192.168.254.13 port 1645 proto udp
>> Apr 7 10:07:04 NAC1 auth[368888]: rlm_sql (sql): No connections
>> available and at max connection limit
>> Apr 7 10:07:04 NAC1 auth[368888]: Ignoring request to auth address
>> 192.168.197.90 port 1812 bound to server packetfence from unknown client
>> 192.168.254.23 port 1645 proto udp
>> Apr 7 10:07:07 NAC1 auth[368888]: rlm_sql (sql): No connections
>> available and at max connection limit
>> Apr 7 10:07:07 NAC1 auth[368888]: Ignoring request to auth address
>> 192.168.197.90 port 1812 bound to server packetfence from unknown client
>> 192.168.254.13 port 1645 proto udp
>> Apr 7 10:07:09 NAC1 auth[368888]: rlm_sql (sql): No connections
>> available and at max connection limit
>> Apr 7 10:07:09 NAC1 auth[368888]: Ignoring request to auth address
>> 192.168.197.90 port 1812 bound to server packetfence from unknown client
>> 192.168.254.23 port 1645 proto udp
>> Apr 7 10:07:12 NAC1 auth[368888]: rlm_sql (sql): No connections
>> available and at max connection limit
>> Apr 7 10:07:12 NAC1 auth[368888]: Ignoring request to auth address
>> 192.168.197.90 port 1812 bound to server packetfence from unknown client
>> 192.168.254.13 port 1645 proto udp
>>
>>
>>
>> Regards
>> Misbah
>>
>>
>> On Mon, 11 Apr 2022 at 17:19, Zammit, Ludovic <luza...@akamai.com> wrote:
>>
>>> Hello,
>>>
>>> You can disable the TCP FB Collector analyzing:
>>>
>>> You can disable the TCP fingerprinting by doing
>>>
>>>
>>> # systemctl edit packetfence-fingerbank-collector.service
>>>
>>>
>>> In the editor that opens, add:
>>>
>>>
>>> [Service]
>>>
>>> Environment=COLLECTOR_DISABLE_TCP_HANDLER=true
>>>
>>>
>>> Close the editor, then do:
>>>
>>>
>>> # systemctl daemon-reload
>>>
>>> # systemctl restart packetfence-fingerbank-collector
>>>
>>>
>>> Thanks,
>>>
>>> *Ludovic Zammit*
>>> *Product Support Engineer Principal*
>>> *Cell:* +1.613.670.8432
>>> Akamai Technologies - Inverse
>>> 145 Broadway
>>> Cambridge, MA 02142
>>> Connect with Us: <https://community.akamai.com/>
>>> <http://blogs.akamai.com/>
>>> <https://urldefense.com/v3/__https://twitter.com/akamai__;!!GjvTz_vk!SWp7hL-2PyHJAaiZfWDTkgAbemIa3M4LNPnjmB3JPvhxHR1E_qQlKru872B5eN-rzoWFo7aUcvRhkGXhfII$>
>>> <https://urldefense.com/v3/__http://www.facebook.com/AkamaiTechnologies__;!!GjvTz_vk!SWp7hL-2PyHJAaiZfWDTkgAbemIa3M4LNPnjmB3JPvhxHR1E_qQlKru872B5eN-rzoWFo7aUcvRhn3hmSw4$>
>>> <https://urldefense.com/v3/__http://www.linkedin.com/company/akamai-technologies__;!!GjvTz_vk!SWp7hL-2PyHJAaiZfWDTkgAbemIa3M4LNPnjmB3JPvhxHR1E_qQlKru872B5eN-rzoWFo7aUcvRhiw82adM$>
>>> <https://urldefense.com/v3/__http://www.youtube.com/user/akamaitechnologies?feature=results_main__;!!GjvTz_vk!SWp7hL-2PyHJAaiZfWDTkgAbemIa3M4LNPnjmB3JPvhxHR1E_qQlKru872B5eN-rzoWFo7aUcvRhY_n9_Qc$>
>>>
>>> On Apr 11, 2022, at 2:51 AM, Misbah Hussaini <misbhaud...@gmail.com>
>>> wrote:
>>>
>>> Hello,
>>>
>>> We are currently doing only wired 802.1x & MAC auth, the server config
>>> is
>>>
>>> Intel(R) Xeon(R) CPU E5-2407 v2 @ 2.40GHz
>>> 16GB RAM (Free RAM - 8GB)
>>> Running Debian X64.
>>>
>>> Also, I would like to disable the packetfence-fingerbank-collector from
>>> monit config as it is generating too many zombie processes alerts, I guess
>>> the monit config is managed by pfcmd geenratemonitconfig but I dunno how to
>>> disable specifically fingerbank-collector.
>>>
>>> Regards
>>> Misbah
>>>
>>>
>>> On Sat, 9 Apr 2022 at 00:23, Zammit, Ludovic <luza...@akamai.com> wrote:
>>>
>>>> Hello Misbah,
>>>>
>>>> I highly doubt that you would cap a cluster capacity with only 250
>>>> devices registered.
>>>>
>>>> You have an ongoing issue that need to be fixed.
>>>>
>>>> What’s the spec on the PF servers? Are you doing 802.1x or Mac
>>>> authentication ? Wired ? Wireless?
>>>>
>>>> We have cluster of 3 running 10 000 unique radius authentication
>>>> without choking.
>>>>
>>>> Thanks,
>>>>
>>>> *Ludovic Zammit*
>>>> *Product Support Engineer Principal*
>>>> *Cell:* +1.613.670.8432
>>>> Akamai Technologies - Inverse
>>>> 145 Broadway
>>>> Cambridge, MA 02142
>>>> Connect with Us: <https://community.akamai.com/>
>>>> <http://blogs.akamai.com/>
>>>> <https://urldefense.com/v3/__https://twitter.com/akamai__;!!GjvTz_vk!WpjZfRBMI0mVuUAS2zXkY5v4UuJaTKuuP0bM29s40nnrJwz_hjxk8aolOJkcFWvyf6EOzIffTyvneW7Z63Y$>
>>>> <https://urldefense.com/v3/__http://www.facebook.com/AkamaiTechnologies__;!!GjvTz_vk!WpjZfRBMI0mVuUAS2zXkY5v4UuJaTKuuP0bM29s40nnrJwz_hjxk8aolOJkcFWvyf6EOzIffTyvn00CMBGY$>
>>>> <https://urldefense.com/v3/__http://www.linkedin.com/company/akamai-technologies__;!!GjvTz_vk!WpjZfRBMI0mVuUAS2zXkY5v4UuJaTKuuP0bM29s40nnrJwz_hjxk8aolOJkcFWvyf6EOzIffTyvnAn0KVkA$>
>>>> <https://urldefense.com/v3/__http://www.youtube.com/user/akamaitechnologies?feature=results_main__;!!GjvTz_vk!WpjZfRBMI0mVuUAS2zXkY5v4UuJaTKuuP0bM29s40nnrJwz_hjxk8aolOJkcFWvyf6EOzIffTyvnCNH0oAI$>
>>>>
>>>> On Apr 7, 2022, at 4:18 AM, Misbah Hussaini via PacketFence-users <
>>>> packetfence-users@lists.sourceforge.net> wrote:
>>>>
>>>> Hello,
>>>>
>>>> Firstly, I'm happy with the way Packetfence is working in the
>>>> environment. A big thanks to the team for the project and awesome
>>>> documentation. I have configured Packetfence in a 3 node cluster and
>>>> registered 250+ devices so far.
>>>>
>>>> I faced a problem with the radius server reaching the max connections
>>>> limit and most of the users were disconnected while I fixed the problem
>>>> (had to increase the max spare servers to a high value in radius.conf). I
>>>> was optimistic with the cluster setup, thinking I should not be facing
>>>> downtime issues but didn't realize that a config issue could lead to a
>>>> blackout.
>>>>
>>>> Now, this leads me to wonder if there is a way in which I could have
>>>> decreased the downtime for the end users while we fixed the problem in the
>>>> config. Also, I would appreciate highlighting any other Production related
>>>> settings that need to be fine tuned to avoid such instances in future..
>>>>
>>>>
>>>> Regards
>>>> Misbah
>>>> _______________________________________________
>>>> PacketFence-users mailing list
>>>> PacketFence-users@lists.sourceforge.net
>>>>
>>>> https://urldefense.com/v3/__https://lists.sourceforge.net/lists/listinfo/packetfence-users__;!!GjvTz_vk!HgrKFaieZq5jctGQKZZFOfERw1Xxn-35gkE2_VNs6FiuvQnK4pMpdGzvoWG00YjT$
>>>>
>>>>
>>>>
>>>
>>
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users
