(RADIATOR) Performance on SUN Solaris 2.6 with two CPUs
Hi all, I have a question about the performance of radiator running on a Sun Solaris 2.6 system with two CPUs. We are using radiator 2.19 as a proxy server. Within this configuration we do not use any Sessiondatabase or SQL functionality. We just proxy the accounting en authentication requests to other radius servers. The accounting and authentication requests are handled with seperate processes. (two radiusd processes on the proxy server) The proxy server has a maximum cpu usage of 56% during the day. (including IO-wait, user and system time). Now we are experiencing UdpInOverflows every day. It seems that radiator can not take the full usage of the capacity of the SUN server. Can anyone explain this behavior ? How can we configure Radiator or Solaris to use the full capacity of the two CPUs ? Are there more people experiencing this probleem ? Thanks. Ronald === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Performance on SUN Solaris 2.6 with two CPUs
Hello Ronald - I will need to understand much more about else is going on in your configuration file, and what else is going on with your system. A configuration such as you describe should be able to process at least several hundred radius requests per second. The most obvious thing to check is the logging that Radiator is doing for both event logging and for accounting logging. How many requests per second is the system doing overall? Please send me some copies of vmstat, iostat, etc. so I can see what is happening. BTW - the latest version of Radiator is 3.4. regards Hugh On Monday, Dec 2, 2002, at 20:36 Australia/Melbourne, Looijestijn, Ronald wrote: Hi all, I have a question about the performance of radiator running on a Sun Solaris 2.6 system with two CPUs. We are using radiator 2.19 as a proxy server. Within this configuration we do not use any Sessiondatabase or SQL functionality. We just proxy the accounting en authentication requests to other radius servers. The accounting and authentication requests are handled with seperate processes. (two radiusd processes on the proxy server) The proxy server has a maximum cpu usage of 56% during the day. (including IO-wait, user and system time). Now we are experiencing UdpInOverflows every day. It seems that radiator can not take the full usage of the capacity of the SUN server. Can anyone explain this behavior ? How can we configure Radiator or Solaris to use the full capacity of the two CPUs ? Are there more people experiencing this probleem ? Thanks. Ronald === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) ipass problem
Hi Hugh,
Finally getting near UHURU!
I found out from IPASS that they don't support chap and all the while my
test NAS (a patton) was set to use text or pap or chap!
So, the test worked after changing the NAS to textORchap
OK. New problem. Given my radius config file which I sent to you in
my last mail.
HOW DO I, get IPs to be allocated based on the NAS to which say an IPASS
roaming client dials into?
At the moment, radiator is allocating IPs to my Windows NASes and the
patton boxes are configured to allocate IPs from pools defined on them.
How can I get the pattons to still allocate IPs (not minding whether the
client is
local or a IPASS client) and still allow radiator to allocate IPs if the
IPASS client
dials into one of my Windows servers?
Regards,
Tunde I.
- Original Message -
From: Hugh Irvine [EMAIL PROTECTED]
To: Ayotunde Itayemi [EMAIL PROTECTED]
Sent: Saturday, November 30, 2002 12:16 AM
Subject: Re: (RADIATOR) ipass problem
Hello Tunde -
Thanks for sending the files.
The Radiator log file shows that you are sending the access request to
IPASS, but that you are getting an access reject back from them. You
will need to check with IPASS to see what is happening at their end.
regards
Hugh
On Saturday, Nov 30, 2002, at 05:47 Australia/Melbourne, Ayotunde
Itayemi wrote:
Hi Hugh,
Please find attached the following files:
radius.cfg (my full config file with no passwords)
cmdtest.txt (test carried out with test credentials from ipass using
the
command line tester that comes with ipass
netserver)
logfile.txt (radius logfile after attempting access twice via the NAS
80.247.140.30)
Hope to hear from you soon.
Regards,
Tunde I.
- Original Message -
From: Hugh Irvine [EMAIL PROTECTED]
To: Ayotunde Itayemi [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Sent: Thursday, November 28, 2002 11:28 PM
Subject: Re: (RADIATOR) ipass problem
Hello Tunde -
I will need to see a trace 4 debug from Radiator showing what happens
in both cases.
regards
Hugh
On Friday, Nov 29, 2002, at 07:08 Australia/Melbourne, Ayotunde Itayemi
wrote:
Hi Hugh, Hi All,
I am testing my config for ipass. I have used ipass' own config
checker
from the prompt of my radiator server, and I was able to authenticate
the
username/password given to me by ipass.
But dialing into one of the NASes on my network with the same
credentials
results in a request denied . Any help would be appreciated.
My config:
===Client 80.4.4.30
Secret asecret
DupInterval 0
NasType Patton
SNMPCommunity patt222
Identifier viruse1
IdenticalClients 80.4.4.61 80.4.4.92
RewriteUsername s/^IPASS\/([^@]+)\@([^@]+)$/IPASS\/$1#$2\@myipass/
/Client
Client localhost
# ipass client for VNAS (incoming roamers)
Secret asecret
Identifier ipassclient
IdenticalClients 63.4.4.212
RewriteUsername s/^IPASS\/([^@]+)\@([^@]+)$/IPASS\/$1#$2\@myipass/
/Client
# === AUTH BYs =
## proxy radius for IPASS
AuthBy RADIUS
Identifier ipassNetserver
Host 63.4.4.212
Secret asecret
AuthPort 11812
AcctPort 11813
# AddToRequest NAS-IP-Address=%N
AddToRequest Called-Station-Id=%{Called-Station-Id}, NAS-IP-Address=%N
/AuthBy
#=== HANDLERs
Handler Realm=myipass
AcctLogFileName %L/ipass/detail
RewriteUsername s/^IPASS\/([^#]+)\#([^@]+)\@myipass$/IPASS\/$1\@$2/
# MaxSessions 1
AuthBy ipassNetserver
/Handler
Handler Client-Identifier=ipassclient
AuthByPolicy ContinueWhileAccept
RewriteUsername s/^([^@]+).*/$1/
RewriteUsername tr/A-Z/a-z/
UsernameCharset a-zA-Z0-9\._@-
AcctLogFileName %L/account.log
PasswordLogFileName %L/password.log
SessionDatabase SDB1
AuthBy SQLClientauth
StripFromReply Framed-IP-Address
/Handler
Handler Client-Identifier=viruse1
AuthByPolicy ContinueWhileAccept
RewriteUsername s/^([^@]+).*/$1/
RewriteUsername tr/A-Z/a-z/
UsernameCharset a-zA-Z0-9\._@-
# MaxSessions 1
# Show rejection reason to users
RejectHasReason
AcctLogFileName %L/account.log
PasswordLogFileName %L/password.log
SessionDatabase SDB1
AuthBy SQLClientauth
# AuthBy pattonIPADDRESSauth
/Handler
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
radius.cfgcmdtest.txtlogfile.txt
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX,
Re: (RADIATOR) ipass problem
Hello Tunde -
If you want Radiator to allocate IP addresses for IPASS requests, you
will need to use a ReplyHook in the AuthBy RADIUS clause. There is an
example showing how to do this in the file goodies/hooks.txt.
regards
Hugh
On Tuesday, Dec 3, 2002, at 04:39 Australia/Melbourne, Ayotunde Itayemi
wrote:
Hi Hugh,
Finally getting near UHURU!
I found out from IPASS that they don't support chap and all the while
my
test NAS (a patton) was set to use text or pap or chap!
So, the test worked after changing the NAS to textORchap
OK. New problem. Given my radius config file which I sent to you in
my last mail.
HOW DO I, get IPs to be allocated based on the NAS to which say an
IPASS
roaming client dials into?
At the moment, radiator is allocating IPs to my Windows NASes and the
patton boxes are configured to allocate IPs from pools defined on them.
How can I get the pattons to still allocate IPs (not minding whether
the
client is
local or a IPASS client) and still allow radiator to allocate IPs if
the
IPASS client
dials into one of my Windows servers?
Regards,
Tunde I.
- Original Message -
From: Hugh Irvine [EMAIL PROTECTED]
To: Ayotunde Itayemi [EMAIL PROTECTED]
Sent: Saturday, November 30, 2002 12:16 AM
Subject: Re: (RADIATOR) ipass problem
Hello Tunde -
Thanks for sending the files.
The Radiator log file shows that you are sending the access request to
IPASS, but that you are getting an access reject back from them. You
will need to check with IPASS to see what is happening at their end.
regards
Hugh
On Saturday, Nov 30, 2002, at 05:47 Australia/Melbourne, Ayotunde
Itayemi wrote:
Hi Hugh,
Please find attached the following files:
radius.cfg (my full config file with no passwords)
cmdtest.txt (test carried out with test credentials from ipass using
the
command line tester that comes with ipass
netserver)
logfile.txt (radius logfile after attempting access twice via the NAS
80.247.140.30)
Hope to hear from you soon.
Regards,
Tunde I.
- Original Message -
From: Hugh Irvine [EMAIL PROTECTED]
To: Ayotunde Itayemi [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Sent: Thursday, November 28, 2002 11:28 PM
Subject: Re: (RADIATOR) ipass problem
Hello Tunde -
I will need to see a trace 4 debug from Radiator showing what happens
in both cases.
regards
Hugh
On Friday, Nov 29, 2002, at 07:08 Australia/Melbourne, Ayotunde
Itayemi
wrote:
Hi Hugh, Hi All,
I am testing my config for ipass. I have used ipass' own config
checker
from the prompt of my radiator server, and I was able to
authenticate
the
username/password given to me by ipass.
But dialing into one of the NASes on my network with the same
credentials
results in a request denied . Any help would be appreciated.
My config:
===Client 80.4.4.30
Secret asecret
DupInterval 0
NasType Patton
SNMPCommunity patt222
Identifier viruse1
IdenticalClients 80.4.4.61 80.4.4.92
RewriteUsername s/^IPASS\/([^@]+)\@([^@]+)$/IPASS\/$1#$2\@myipass/
/Client
Client localhost
# ipass client for VNAS (incoming roamers)
Secret asecret
Identifier ipassclient
IdenticalClients 63.4.4.212
RewriteUsername s/^IPASS\/([^@]+)\@([^@]+)$/IPASS\/$1#$2\@myipass/
/Client
# === AUTH BYs =
## proxy radius for IPASS
AuthBy RADIUS
Identifier ipassNetserver
Host 63.4.4.212
Secret asecret
AuthPort 11812
AcctPort 11813
# AddToRequest NAS-IP-Address=%N
AddToRequest Called-Station-Id=%{Called-Station-Id},
NAS-IP-Address=%N
/AuthBy
#=== HANDLERs
Handler Realm=myipass
AcctLogFileName %L/ipass/detail
RewriteUsername s/^IPASS\/([^#]+)\#([^@]+)\@myipass$/IPASS\/$1\@$2/
# MaxSessions 1
AuthBy ipassNetserver
/Handler
Handler Client-Identifier=ipassclient
AuthByPolicy ContinueWhileAccept
RewriteUsername s/^([^@]+).*/$1/
RewriteUsername tr/A-Z/a-z/
UsernameCharset a-zA-Z0-9\._@-
AcctLogFileName %L/account.log
PasswordLogFileName %L/password.log
SessionDatabase SDB1
AuthBy SQLClientauth
StripFromReply Framed-IP-Address
/Handler
Handler Client-Identifier=viruse1
AuthByPolicy ContinueWhileAccept
RewriteUsername s/^([^@]+).*/$1/
RewriteUsername tr/A-Z/a-z/
UsernameCharset a-zA-Z0-9\._@-
# MaxSessions 1
# Show rejection reason to users
RejectHasReason
AcctLogFileName %L/account.log
PasswordLogFileName %L/password.log
SessionDatabase SDB1
AuthBy SQLClientauth
# AuthBy pattonIPADDRESSauth
/Handler
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
radius.cfgcmdtest.txtlogfile.txt
--
Radiator: the most
(RADIATOR) RADIUS authenticating NAS with dynamic IP
Hi Hugh and others, Is there a way to have radiator to work with NAS client that uses dynamic IP? This turns out NOT as unusual as I thought in wireless environment. Thanks in advance! Bon === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) RADIUS authenticating NAS with dynamic IP
Hello Bon - Can you give me an example of what you mean? thanks Hugh On Tuesday, Dec 3, 2002, at 07:49 Australia/Melbourne, Bon sy wrote: Hi Hugh and others, Is there a way to have radiator to work with NAS client that uses dynamic IP? This turns out NOT as unusual as I thought in wireless environment. Thanks in advance! Bon === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
