Thanks Ludovic, I'm testing this config change. Meanwhile, I checked the radius log when the issue of auth occurred for us and I found below lines. As I mentioned earlier, I increased the max threads to a higher value in radius.conf file and the issue was resolved and auth started working. Does everybody have to increase this value in Production? I'm asking especially because we are planning to increase the number of devices (by another 250) and perhaps then I need to use a much higher value to avoid recurrence of this problem.
Apr 7 10:06:23 NAC1 auth[368888]: Ignoring request to auth address 192.168.197.90 port 1812 bound to server packetfence from unknown client 192.168.254.14 port 1645 proto udp Apr 7 10:06:25 NAC1 auth[368888]: rlm_sql (sql): No connections available and at max connection limit Apr 7 10:06:25 NAC1 auth[368888]: Ignoring request to auth address 192.168.197.90 port 1812 bound to server packetfence from unknown client 192.168.254.14 port 1645 proto udp Apr 7 10:06:26 NAC1 auth[368888]: rlm_sql (sql): No connections available and at max connection limit Apr 7 10:06:26 NAC1 auth[368888]: Ignoring request to auth address 192.168.197.90 port 1812 bound to server packetfence from unknown client 192.168.254.14 port 1645 proto udp Apr 7 10:06:28 NAC1 auth[368888]: rlm_sql (sql): No connections available and at max connection limit Apr 7 10:06:28 NAC1 auth[368888]: Ignoring request to auth address 192.168.197.90 port 1812 bound to server packetfence from unknown client 192.168.254.14 port 1645 proto udp Apr 7 10:06:30 NAC1 auth[368888]: rlm_sql (sql): No connections available and at max connection limit Apr 7 10:06:30 NAC1 auth[368888]: Ignoring request to auth address 192.168.197.90 port 1812 bound to server packetfence from unknown client 192.168.254.14 port 1645 proto udp Apr 7 10:06:37 NAC1 auth[368888]: rlm_sql (sql): No connections available and at max connection limit Apr 7 10:06:37 NAC1 auth[368888]: Ignoring request to auth address 192.168.197.90 port 1812 bound to server packetfence from unknown client 192.168.254.28 port 1645 proto udp Apr 7 10:06:42 NAC1 auth[368888]: rlm_sql (sql): No connections available and at max connection limit Apr 7 10:06:42 NAC1 auth[368888]: Ignoring request to auth address 192.168.197.90 port 1812 bound to server packetfence from unknown client 192.168.254.28 port 1645 proto udp Apr 7 10:06:57 NAC1 auth[368888]: rlm_sql (sql): No connections available and at max connection limit Apr 7 10:06:57 NAC1 auth[368888]: Ignoring request to auth address 192.168.197.90 port 1812 bound to server packetfence from unknown client 192.168.254.13 port 1645 proto udp Apr 7 10:07:02 NAC1 auth[368888]: rlm_sql (sql): No connections available and at max connection limit Apr 7 10:07:02 NAC1 auth[368888]: Ignoring request to auth address 192.168.197.90 port 1812 bound to server packetfence from unknown client 192.168.254.13 port 1645 proto udp Apr 7 10:07:04 NAC1 auth[368888]: rlm_sql (sql): No connections available and at max connection limit Apr 7 10:07:04 NAC1 auth[368888]: Ignoring request to auth address 192.168.197.90 port 1812 bound to server packetfence from unknown client 192.168.254.23 port 1645 proto udp Apr 7 10:07:07 NAC1 auth[368888]: rlm_sql (sql): No connections available and at max connection limit Apr 7 10:07:07 NAC1 auth[368888]: Ignoring request to auth address 192.168.197.90 port 1812 bound to server packetfence from unknown client 192.168.254.13 port 1645 proto udp Apr 7 10:07:09 NAC1 auth[368888]: rlm_sql (sql): No connections available and at max connection limit Apr 7 10:07:09 NAC1 auth[368888]: Ignoring request to auth address 192.168.197.90 port 1812 bound to server packetfence from unknown client 192.168.254.23 port 1645 proto udp Apr 7 10:07:12 NAC1 auth[368888]: rlm_sql (sql): No connections available and at max connection limit Apr 7 10:07:12 NAC1 auth[368888]: Ignoring request to auth address 192.168.197.90 port 1812 bound to server packetfence from unknown client 192.168.254.13 port 1645 proto udp Regards Misbah On Mon, 11 Apr 2022 at 17:19, Zammit, Ludovic <luza...@akamai.com> wrote: > Hello, > > You can disable the TCP FB Collector analyzing: > > You can disable the TCP fingerprinting by doing > > > # systemctl edit packetfence-fingerbank-collector.service > > > In the editor that opens, add: > > > [Service] > > Environment=COLLECTOR_DISABLE_TCP_HANDLER=true > > > Close the editor, then do: > > > # systemctl daemon-reload > > # systemctl restart packetfence-fingerbank-collector > > > Thanks, > > *Ludovic Zammit* > *Product Support Engineer Principal* > *Cell:* +1.613.670.8432 > Akamai Technologies - Inverse > 145 Broadway > Cambridge, MA 02142 > Connect with Us: <https://community.akamai.com> <http://blogs.akamai.com> > <https://twitter.com/akamai> <http://www.facebook.com/AkamaiTechnologies> > <http://www.linkedin.com/company/akamai-technologies> > <http://www.youtube.com/user/akamaitechnologies?feature=results_main> > > On Apr 11, 2022, at 2:51 AM, Misbah Hussaini <misbhaud...@gmail.com> > wrote: > > Hello, > > We are currently doing only wired 802.1x & MAC auth, the server config is > > Intel(R) Xeon(R) CPU E5-2407 v2 @ 2.40GHz > 16GB RAM (Free RAM - 8GB) > Running Debian X64. > > Also, I would like to disable the packetfence-fingerbank-collector from > monit config as it is generating too many zombie processes alerts, I guess > the monit config is managed by pfcmd geenratemonitconfig but I dunno how to > disable specifically fingerbank-collector. > > Regards > Misbah > > > On Sat, 9 Apr 2022 at 00:23, Zammit, Ludovic <luza...@akamai.com> wrote: > >> Hello Misbah, >> >> I highly doubt that you would cap a cluster capacity with only 250 >> devices registered. >> >> You have an ongoing issue that need to be fixed. >> >> What’s the spec on the PF servers? Are you doing 802.1x or Mac >> authentication ? Wired ? Wireless? >> >> We have cluster of 3 running 10 000 unique radius authentication without >> choking. >> >> Thanks, >> >> *Ludovic Zammit* >> *Product Support Engineer Principal* >> *Cell:* +1.613.670.8432 >> Akamai Technologies - Inverse >> 145 Broadway >> Cambridge, MA 02142 >> Connect with Us: <https://community.akamai.com/> >> <http://blogs.akamai.com/> >> <https://urldefense.com/v3/__https://twitter.com/akamai__;!!GjvTz_vk!WpjZfRBMI0mVuUAS2zXkY5v4UuJaTKuuP0bM29s40nnrJwz_hjxk8aolOJkcFWvyf6EOzIffTyvneW7Z63Y$> >> <https://urldefense.com/v3/__http://www.facebook.com/AkamaiTechnologies__;!!GjvTz_vk!WpjZfRBMI0mVuUAS2zXkY5v4UuJaTKuuP0bM29s40nnrJwz_hjxk8aolOJkcFWvyf6EOzIffTyvn00CMBGY$> >> <https://urldefense.com/v3/__http://www.linkedin.com/company/akamai-technologies__;!!GjvTz_vk!WpjZfRBMI0mVuUAS2zXkY5v4UuJaTKuuP0bM29s40nnrJwz_hjxk8aolOJkcFWvyf6EOzIffTyvnAn0KVkA$> >> <https://urldefense.com/v3/__http://www.youtube.com/user/akamaitechnologies?feature=results_main__;!!GjvTz_vk!WpjZfRBMI0mVuUAS2zXkY5v4UuJaTKuuP0bM29s40nnrJwz_hjxk8aolOJkcFWvyf6EOzIffTyvnCNH0oAI$> >> >> On Apr 7, 2022, at 4:18 AM, Misbah Hussaini via PacketFence-users < >> packetfence-users@lists.sourceforge.net> wrote: >> >> Hello, >> >> Firstly, I'm happy with the way Packetfence is working in the >> environment. A big thanks to the team for the project and awesome >> documentation. I have configured Packetfence in a 3 node cluster and >> registered 250+ devices so far. >> >> I faced a problem with the radius server reaching the max connections >> limit and most of the users were disconnected while I fixed the problem >> (had to increase the max spare servers to a high value in radius.conf). I >> was optimistic with the cluster setup, thinking I should not be facing >> downtime issues but didn't realize that a config issue could lead to a >> blackout. >> >> Now, this leads me to wonder if there is a way in which I could have >> decreased the downtime for the end users while we fixed the problem in the >> config. Also, I would appreciate highlighting any other Production related >> settings that need to be fine tuned to avoid such instances in future.. >> >> >> Regards >> Misbah >> _______________________________________________ >> PacketFence-users mailing list >> PacketFence-users@lists.sourceforge.net >> >> https://urldefense.com/v3/__https://lists.sourceforge.net/lists/listinfo/packetfence-users__;!!GjvTz_vk!HgrKFaieZq5jctGQKZZFOfERw1Xxn-35gkE2_VNs6FiuvQnK4pMpdGzvoWG00YjT$ >> >> >> >
_______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
