Hello Ludovic, Its already added as a switch and have been working fine for past 1 month but with few endpoints. When I googled this message, freeradius support list suggested to increase the max server count, which I did, and the issue was resolved. The concern I have is whether there are other such parameters which needs to be fine tuned for Production.
Also, the config change you suggested for Fingerbank-collector doesnt seemsto have worked. Currently im unmonitoring fingerbank using below command but I know it wont survive service restart or server reboots. #monit unmonitor packetfence-fingerbank-collectod On Wed, 13 Apr 2022, 17:11 Zammit, Ludovic, <luza...@akamai.com> wrote: > Hello, > > It looks like 192.168.254.14 is trying to ask for an authentication. Add > it as the switch. > > Thanks, > > *Ludovic Zammit* > *Product Support Engineer Principal* > *Cell:* +1.613.670.8432 > Akamai Technologies - Inverse > 145 Broadway > Cambridge, MA 02142 > Connect with Us: <https://community.akamai.com> <http://blogs.akamai.com> > <https://twitter.com/akamai> <http://www.facebook.com/AkamaiTechnologies> > <http://www.linkedin.com/company/akamai-technologies> > <http://www.youtube.com/user/akamaitechnologies?feature=results_main> > > On Apr 12, 2022, at 3:02 AM, Misbah Hussaini <misbhaud...@gmail.com> > wrote: > > Thanks Ludovic, I'm testing this config change. > > Meanwhile, I checked the radius log when the issue of auth occurred for us > and I found below lines. As I mentioned earlier, I increased the max > threads to a higher value in radius.conf file and the issue was resolved > and auth started working. Does everybody have to increase this value in > Production? I'm asking especially because we are planning to increase the > number of devices (by another 250) and perhaps then I need to use a much > higher value to avoid recurrence of this problem. > > Apr 7 10:06:23 NAC1 auth[368888]: Ignoring request to auth address > 192.168.197.90 port 1812 bound to server packetfence from unknown client > 192.168.254.14 port 1645 proto udp > Apr 7 10:06:25 NAC1 auth[368888]: rlm_sql (sql): No connections available > and at max connection limit > Apr 7 10:06:25 NAC1 auth[368888]: Ignoring request to auth address > 192.168.197.90 port 1812 bound to server packetfence from unknown client > 192.168.254.14 port 1645 proto udp > Apr 7 10:06:26 NAC1 auth[368888]: rlm_sql (sql): No connections available > and at max connection limit > Apr 7 10:06:26 NAC1 auth[368888]: Ignoring request to auth address > 192.168.197.90 port 1812 bound to server packetfence from unknown client > 192.168.254.14 port 1645 proto udp > Apr 7 10:06:28 NAC1 auth[368888]: rlm_sql (sql): No connections available > and at max connection limit > Apr 7 10:06:28 NAC1 auth[368888]: Ignoring request to auth address > 192.168.197.90 port 1812 bound to server packetfence from unknown client > 192.168.254.14 port 1645 proto udp > Apr 7 10:06:30 NAC1 auth[368888]: rlm_sql (sql): No connections available > and at max connection limit > Apr 7 10:06:30 NAC1 auth[368888]: Ignoring request to auth address > 192.168.197.90 port 1812 bound to server packetfence from unknown client > 192.168.254.14 port 1645 proto udp > Apr 7 10:06:37 NAC1 auth[368888]: rlm_sql (sql): No connections available > and at max connection limit > Apr 7 10:06:37 NAC1 auth[368888]: Ignoring request to auth address > 192.168.197.90 port 1812 bound to server packetfence from unknown client > 192.168.254.28 port 1645 proto udp > Apr 7 10:06:42 NAC1 auth[368888]: rlm_sql (sql): No connections available > and at max connection limit > Apr 7 10:06:42 NAC1 auth[368888]: Ignoring request to auth address > 192.168.197.90 port 1812 bound to server packetfence from unknown client > 192.168.254.28 port 1645 proto udp > Apr 7 10:06:57 NAC1 auth[368888]: rlm_sql (sql): No connections available > and at max connection limit > Apr 7 10:06:57 NAC1 auth[368888]: Ignoring request to auth address > 192.168.197.90 port 1812 bound to server packetfence from unknown client > 192.168.254.13 port 1645 proto udp > Apr 7 10:07:02 NAC1 auth[368888]: rlm_sql (sql): No connections available > and at max connection limit > Apr 7 10:07:02 NAC1 auth[368888]: Ignoring request to auth address > 192.168.197.90 port 1812 bound to server packetfence from unknown client > 192.168.254.13 port 1645 proto udp > Apr 7 10:07:04 NAC1 auth[368888]: rlm_sql (sql): No connections available > and at max connection limit > Apr 7 10:07:04 NAC1 auth[368888]: Ignoring request to auth address > 192.168.197.90 port 1812 bound to server packetfence from unknown client > 192.168.254.23 port 1645 proto udp > Apr 7 10:07:07 NAC1 auth[368888]: rlm_sql (sql): No connections available > and at max connection limit > Apr 7 10:07:07 NAC1 auth[368888]: Ignoring request to auth address > 192.168.197.90 port 1812 bound to server packetfence from unknown client > 192.168.254.13 port 1645 proto udp > Apr 7 10:07:09 NAC1 auth[368888]: rlm_sql (sql): No connections available > and at max connection limit > Apr 7 10:07:09 NAC1 auth[368888]: Ignoring request to auth address > 192.168.197.90 port 1812 bound to server packetfence from unknown client > 192.168.254.23 port 1645 proto udp > Apr 7 10:07:12 NAC1 auth[368888]: rlm_sql (sql): No connections available > and at max connection limit > Apr 7 10:07:12 NAC1 auth[368888]: Ignoring request to auth address > 192.168.197.90 port 1812 bound to server packetfence from unknown client > 192.168.254.13 port 1645 proto udp > > > > Regards > Misbah > > > On Mon, 11 Apr 2022 at 17:19, Zammit, Ludovic <luza...@akamai.com> wrote: > >> Hello, >> >> You can disable the TCP FB Collector analyzing: >> >> You can disable the TCP fingerprinting by doing >> >> >> # systemctl edit packetfence-fingerbank-collector.service >> >> >> In the editor that opens, add: >> >> >> [Service] >> >> Environment=COLLECTOR_DISABLE_TCP_HANDLER=true >> >> >> Close the editor, then do: >> >> >> # systemctl daemon-reload >> >> # systemctl restart packetfence-fingerbank-collector >> >> >> Thanks, >> >> *Ludovic Zammit* >> *Product Support Engineer Principal* >> *Cell:* +1.613.670.8432 >> Akamai Technologies - Inverse >> 145 Broadway >> Cambridge, MA 02142 >> Connect with Us: <https://community.akamai.com/> >> <http://blogs.akamai.com/> >> <https://urldefense.com/v3/__https://twitter.com/akamai__;!!GjvTz_vk!SWp7hL-2PyHJAaiZfWDTkgAbemIa3M4LNPnjmB3JPvhxHR1E_qQlKru872B5eN-rzoWFo7aUcvRhkGXhfII$> >> <https://urldefense.com/v3/__http://www.facebook.com/AkamaiTechnologies__;!!GjvTz_vk!SWp7hL-2PyHJAaiZfWDTkgAbemIa3M4LNPnjmB3JPvhxHR1E_qQlKru872B5eN-rzoWFo7aUcvRhn3hmSw4$> >> <https://urldefense.com/v3/__http://www.linkedin.com/company/akamai-technologies__;!!GjvTz_vk!SWp7hL-2PyHJAaiZfWDTkgAbemIa3M4LNPnjmB3JPvhxHR1E_qQlKru872B5eN-rzoWFo7aUcvRhiw82adM$> >> <https://urldefense.com/v3/__http://www.youtube.com/user/akamaitechnologies?feature=results_main__;!!GjvTz_vk!SWp7hL-2PyHJAaiZfWDTkgAbemIa3M4LNPnjmB3JPvhxHR1E_qQlKru872B5eN-rzoWFo7aUcvRhY_n9_Qc$> >> >> On Apr 11, 2022, at 2:51 AM, Misbah Hussaini <misbhaud...@gmail.com> >> wrote: >> >> Hello, >> >> We are currently doing only wired 802.1x & MAC auth, the server config >> is >> >> Intel(R) Xeon(R) CPU E5-2407 v2 @ 2.40GHz >> 16GB RAM (Free RAM - 8GB) >> Running Debian X64. >> >> Also, I would like to disable the packetfence-fingerbank-collector from >> monit config as it is generating too many zombie processes alerts, I guess >> the monit config is managed by pfcmd geenratemonitconfig but I dunno how to >> disable specifically fingerbank-collector. >> >> Regards >> Misbah >> >> >> On Sat, 9 Apr 2022 at 00:23, Zammit, Ludovic <luza...@akamai.com> wrote: >> >>> Hello Misbah, >>> >>> I highly doubt that you would cap a cluster capacity with only 250 >>> devices registered. >>> >>> You have an ongoing issue that need to be fixed. >>> >>> What’s the spec on the PF servers? Are you doing 802.1x or Mac >>> authentication ? Wired ? Wireless? >>> >>> We have cluster of 3 running 10 000 unique radius authentication without >>> choking. >>> >>> Thanks, >>> >>> *Ludovic Zammit* >>> *Product Support Engineer Principal* >>> *Cell:* +1.613.670.8432 >>> Akamai Technologies - Inverse >>> 145 Broadway >>> Cambridge, MA 02142 >>> Connect with Us: <https://community.akamai.com/> >>> <http://blogs.akamai.com/> >>> <https://urldefense.com/v3/__https://twitter.com/akamai__;!!GjvTz_vk!WpjZfRBMI0mVuUAS2zXkY5v4UuJaTKuuP0bM29s40nnrJwz_hjxk8aolOJkcFWvyf6EOzIffTyvneW7Z63Y$> >>> <https://urldefense.com/v3/__http://www.facebook.com/AkamaiTechnologies__;!!GjvTz_vk!WpjZfRBMI0mVuUAS2zXkY5v4UuJaTKuuP0bM29s40nnrJwz_hjxk8aolOJkcFWvyf6EOzIffTyvn00CMBGY$> >>> <https://urldefense.com/v3/__http://www.linkedin.com/company/akamai-technologies__;!!GjvTz_vk!WpjZfRBMI0mVuUAS2zXkY5v4UuJaTKuuP0bM29s40nnrJwz_hjxk8aolOJkcFWvyf6EOzIffTyvnAn0KVkA$> >>> <https://urldefense.com/v3/__http://www.youtube.com/user/akamaitechnologies?feature=results_main__;!!GjvTz_vk!WpjZfRBMI0mVuUAS2zXkY5v4UuJaTKuuP0bM29s40nnrJwz_hjxk8aolOJkcFWvyf6EOzIffTyvnCNH0oAI$> >>> >>> On Apr 7, 2022, at 4:18 AM, Misbah Hussaini via PacketFence-users < >>> packetfence-users@lists.sourceforge.net> wrote: >>> >>> Hello, >>> >>> Firstly, I'm happy with the way Packetfence is working in the >>> environment. A big thanks to the team for the project and awesome >>> documentation. I have configured Packetfence in a 3 node cluster and >>> registered 250+ devices so far. >>> >>> I faced a problem with the radius server reaching the max connections >>> limit and most of the users were disconnected while I fixed the problem >>> (had to increase the max spare servers to a high value in radius.conf). I >>> was optimistic with the cluster setup, thinking I should not be facing >>> downtime issues but didn't realize that a config issue could lead to a >>> blackout. >>> >>> Now, this leads me to wonder if there is a way in which I could have >>> decreased the downtime for the end users while we fixed the problem in the >>> config. Also, I would appreciate highlighting any other Production related >>> settings that need to be fine tuned to avoid such instances in future.. >>> >>> >>> Regards >>> Misbah >>> _______________________________________________ >>> PacketFence-users mailing list >>> PacketFence-users@lists.sourceforge.net >>> >>> https://urldefense.com/v3/__https://lists.sourceforge.net/lists/listinfo/packetfence-users__;!!GjvTz_vk!HgrKFaieZq5jctGQKZZFOfERw1Xxn-35gkE2_VNs6FiuvQnK4pMpdGzvoWG00YjT$ >>> >>> >>> >> >
_______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users