(RADIATOR) Performance on SUN Solaris 2.6 with two CPUs
Hi all, I have a question about the performance of radiator running on a Sun Solaris 2.6 system with two CPUs. We are using radiator 2.19 as a proxy server. Within this configuration we do not use any Sessiondatabase or SQL functionality. We just proxy the accounting en authentication requests to other radius servers. The accounting and authentication requests are handled with seperate processes. (two radiusd processes on the proxy server) The proxy server has a maximum cpu usage of 56% during the day. (including IO-wait, user and system time). Now we are experiencing UdpInOverflows every day. It seems that radiator can not take the full usage of the capacity of the SUN server. Can anyone explain this behavior ? How can we configure Radiator or Solaris to use the full capacity of the two CPUs ? Are there more people experiencing this probleem ? Thanks. Ronald === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Performance on SUN Solaris 2.6 with two CPUs
Hello Ronald - I will need to understand much more about else is going on in your configuration file, and what else is going on with your system. A configuration such as you describe should be able to process at least several hundred radius requests per second. The most obvious thing to check is the logging that Radiator is doing for both event logging and for accounting logging. How many requests per second is the system doing overall? Please send me some copies of vmstat, iostat, etc. so I can see what is happening. BTW - the latest version of Radiator is 3.4. regards Hugh On Monday, Dec 2, 2002, at 20:36 Australia/Melbourne, Looijestijn, Ronald wrote: Hi all, I have a question about the performance of radiator running on a Sun Solaris 2.6 system with two CPUs. We are using radiator 2.19 as a proxy server. Within this configuration we do not use any Sessiondatabase or SQL functionality. We just proxy the accounting en authentication requests to other radius servers. The accounting and authentication requests are handled with seperate processes. (two radiusd processes on the proxy server) The proxy server has a maximum cpu usage of 56% during the day. (including IO-wait, user and system time). Now we are experiencing UdpInOverflows every day. It seems that radiator can not take the full usage of the capacity of the SUN server. Can anyone explain this behavior ? How can we configure Radiator or Solaris to use the full capacity of the two CPUs ? Are there more people experiencing this probleem ? Thanks. Ronald === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) ipass problem
Hi Hugh, Finally getting near UHURU! I found out from IPASS that they don't support chap and all the while my test NAS (a patton) was set to use text or pap or chap! So, the test worked after changing the NAS to textORchap OK. New problem. Given my radius config file which I sent to you in my last mail. HOW DO I, get IPs to be allocated based on the NAS to which say an IPASS roaming client dials into? At the moment, radiator is allocating IPs to my Windows NASes and the patton boxes are configured to allocate IPs from pools defined on them. How can I get the pattons to still allocate IPs (not minding whether the client is local or a IPASS client) and still allow radiator to allocate IPs if the IPASS client dials into one of my Windows servers? Regards, Tunde I. - Original Message - From: Hugh Irvine [EMAIL PROTECTED] To: Ayotunde Itayemi [EMAIL PROTECTED] Sent: Saturday, November 30, 2002 12:16 AM Subject: Re: (RADIATOR) ipass problem Hello Tunde - Thanks for sending the files. The Radiator log file shows that you are sending the access request to IPASS, but that you are getting an access reject back from them. You will need to check with IPASS to see what is happening at their end. regards Hugh On Saturday, Nov 30, 2002, at 05:47 Australia/Melbourne, Ayotunde Itayemi wrote: Hi Hugh, Please find attached the following files: radius.cfg (my full config file with no passwords) cmdtest.txt (test carried out with test credentials from ipass using the command line tester that comes with ipass netserver) logfile.txt (radius logfile after attempting access twice via the NAS 80.247.140.30) Hope to hear from you soon. Regards, Tunde I. - Original Message - From: Hugh Irvine [EMAIL PROTECTED] To: Ayotunde Itayemi [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Thursday, November 28, 2002 11:28 PM Subject: Re: (RADIATOR) ipass problem Hello Tunde - I will need to see a trace 4 debug from Radiator showing what happens in both cases. regards Hugh On Friday, Nov 29, 2002, at 07:08 Australia/Melbourne, Ayotunde Itayemi wrote: Hi Hugh, Hi All, I am testing my config for ipass. I have used ipass' own config checker from the prompt of my radiator server, and I was able to authenticate the username/password given to me by ipass. But dialing into one of the NASes on my network with the same credentials results in a request denied . Any help would be appreciated. My config: ===Client 80.4.4.30 Secret asecret DupInterval 0 NasType Patton SNMPCommunity patt222 Identifier viruse1 IdenticalClients 80.4.4.61 80.4.4.92 RewriteUsername s/^IPASS\/([^@]+)\@([^@]+)$/IPASS\/$1#$2\@myipass/ /Client Client localhost # ipass client for VNAS (incoming roamers) Secret asecret Identifier ipassclient IdenticalClients 63.4.4.212 RewriteUsername s/^IPASS\/([^@]+)\@([^@]+)$/IPASS\/$1#$2\@myipass/ /Client # === AUTH BYs = ## proxy radius for IPASS AuthBy RADIUS Identifier ipassNetserver Host 63.4.4.212 Secret asecret AuthPort 11812 AcctPort 11813 # AddToRequest NAS-IP-Address=%N AddToRequest Called-Station-Id=%{Called-Station-Id}, NAS-IP-Address=%N /AuthBy #=== HANDLERs Handler Realm=myipass AcctLogFileName %L/ipass/detail RewriteUsername s/^IPASS\/([^#]+)\#([^@]+)\@myipass$/IPASS\/$1\@$2/ # MaxSessions 1 AuthBy ipassNetserver /Handler Handler Client-Identifier=ipassclient AuthByPolicy ContinueWhileAccept RewriteUsername s/^([^@]+).*/$1/ RewriteUsername tr/A-Z/a-z/ UsernameCharset a-zA-Z0-9\._@- AcctLogFileName %L/account.log PasswordLogFileName %L/password.log SessionDatabase SDB1 AuthBy SQLClientauth StripFromReply Framed-IP-Address /Handler Handler Client-Identifier=viruse1 AuthByPolicy ContinueWhileAccept RewriteUsername s/^([^@]+).*/$1/ RewriteUsername tr/A-Z/a-z/ UsernameCharset a-zA-Z0-9\._@- # MaxSessions 1 # Show rejection reason to users RejectHasReason AcctLogFileName %L/account.log PasswordLogFileName %L/password.log SessionDatabase SDB1 AuthBy SQLClientauth # AuthBy pattonIPADDRESSauth /Handler -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. radius.cfgcmdtest.txtlogfile.txt -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX,
Re: (RADIATOR) ipass problem
Hello Tunde - If you want Radiator to allocate IP addresses for IPASS requests, you will need to use a ReplyHook in the AuthBy RADIUS clause. There is an example showing how to do this in the file goodies/hooks.txt. regards Hugh On Tuesday, Dec 3, 2002, at 04:39 Australia/Melbourne, Ayotunde Itayemi wrote: Hi Hugh, Finally getting near UHURU! I found out from IPASS that they don't support chap and all the while my test NAS (a patton) was set to use text or pap or chap! So, the test worked after changing the NAS to textORchap OK. New problem. Given my radius config file which I sent to you in my last mail. HOW DO I, get IPs to be allocated based on the NAS to which say an IPASS roaming client dials into? At the moment, radiator is allocating IPs to my Windows NASes and the patton boxes are configured to allocate IPs from pools defined on them. How can I get the pattons to still allocate IPs (not minding whether the client is local or a IPASS client) and still allow radiator to allocate IPs if the IPASS client dials into one of my Windows servers? Regards, Tunde I. - Original Message - From: Hugh Irvine [EMAIL PROTECTED] To: Ayotunde Itayemi [EMAIL PROTECTED] Sent: Saturday, November 30, 2002 12:16 AM Subject: Re: (RADIATOR) ipass problem Hello Tunde - Thanks for sending the files. The Radiator log file shows that you are sending the access request to IPASS, but that you are getting an access reject back from them. You will need to check with IPASS to see what is happening at their end. regards Hugh On Saturday, Nov 30, 2002, at 05:47 Australia/Melbourne, Ayotunde Itayemi wrote: Hi Hugh, Please find attached the following files: radius.cfg (my full config file with no passwords) cmdtest.txt (test carried out with test credentials from ipass using the command line tester that comes with ipass netserver) logfile.txt (radius logfile after attempting access twice via the NAS 80.247.140.30) Hope to hear from you soon. Regards, Tunde I. - Original Message - From: Hugh Irvine [EMAIL PROTECTED] To: Ayotunde Itayemi [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Thursday, November 28, 2002 11:28 PM Subject: Re: (RADIATOR) ipass problem Hello Tunde - I will need to see a trace 4 debug from Radiator showing what happens in both cases. regards Hugh On Friday, Nov 29, 2002, at 07:08 Australia/Melbourne, Ayotunde Itayemi wrote: Hi Hugh, Hi All, I am testing my config for ipass. I have used ipass' own config checker from the prompt of my radiator server, and I was able to authenticate the username/password given to me by ipass. But dialing into one of the NASes on my network with the same credentials results in a request denied . Any help would be appreciated. My config: ===Client 80.4.4.30 Secret asecret DupInterval 0 NasType Patton SNMPCommunity patt222 Identifier viruse1 IdenticalClients 80.4.4.61 80.4.4.92 RewriteUsername s/^IPASS\/([^@]+)\@([^@]+)$/IPASS\/$1#$2\@myipass/ /Client Client localhost # ipass client for VNAS (incoming roamers) Secret asecret Identifier ipassclient IdenticalClients 63.4.4.212 RewriteUsername s/^IPASS\/([^@]+)\@([^@]+)$/IPASS\/$1#$2\@myipass/ /Client # === AUTH BYs = ## proxy radius for IPASS AuthBy RADIUS Identifier ipassNetserver Host 63.4.4.212 Secret asecret AuthPort 11812 AcctPort 11813 # AddToRequest NAS-IP-Address=%N AddToRequest Called-Station-Id=%{Called-Station-Id}, NAS-IP-Address=%N /AuthBy #=== HANDLERs Handler Realm=myipass AcctLogFileName %L/ipass/detail RewriteUsername s/^IPASS\/([^#]+)\#([^@]+)\@myipass$/IPASS\/$1\@$2/ # MaxSessions 1 AuthBy ipassNetserver /Handler Handler Client-Identifier=ipassclient AuthByPolicy ContinueWhileAccept RewriteUsername s/^([^@]+).*/$1/ RewriteUsername tr/A-Z/a-z/ UsernameCharset a-zA-Z0-9\._@- AcctLogFileName %L/account.log PasswordLogFileName %L/password.log SessionDatabase SDB1 AuthBy SQLClientauth StripFromReply Framed-IP-Address /Handler Handler Client-Identifier=viruse1 AuthByPolicy ContinueWhileAccept RewriteUsername s/^([^@]+).*/$1/ RewriteUsername tr/A-Z/a-z/ UsernameCharset a-zA-Z0-9\._@- # MaxSessions 1 # Show rejection reason to users RejectHasReason AcctLogFileName %L/account.log PasswordLogFileName %L/password.log SessionDatabase SDB1 AuthBy SQLClientauth # AuthBy pattonIPADDRESSauth /Handler -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. radius.cfgcmdtest.txtlogfile.txt -- Radiator: the most
(RADIATOR) RADIUS authenticating NAS with dynamic IP
Hi Hugh and others, Is there a way to have radiator to work with NAS client that uses dynamic IP? This turns out NOT as unusual as I thought in wireless environment. Thanks in advance! Bon === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) RADIUS authenticating NAS with dynamic IP
Hello Bon - Can you give me an example of what you mean? thanks Hugh On Tuesday, Dec 3, 2002, at 07:49 Australia/Melbourne, Bon sy wrote: Hi Hugh and others, Is there a way to have radiator to work with NAS client that uses dynamic IP? This turns out NOT as unusual as I thought in wireless environment. Thanks in advance! Bon === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.