[prev in list] [next in list] [prev in thread] [next in thread]
List: freeradius-users
Subject: Re: Crashes with 1.0.4/1.0.5, perhaps connected with slow LDAP
From: Martin Pauly <pauly () hrz ! uni-marburg ! de>
Date: 2005-09-29 9:16:58
Message-ID: 200509291116.58704.pauly () hrz ! uni-marburg ! de
[Download RAW message or body]
> Yes. If all of the threads are blocked forever, waiting for the DB
> to return data, then the queue of requests grows without bounds. At
> some point, the server says "I'm not making progress, and I can't
> recover from this", and kills itself.
hm, I thought the timeout values were for this, but I now understand
that an LDAP communication might get stuck halfway, thus _not_
triggering a timeout event.
> Since the server is *already* effectively dead at that point, it
> makes no difference to your network.
>
> The solution is to fix the database so that it doesn't kill the
> server.
well, we should perhaps be able to wait for a database going and
come back again after a minute without crashing the daemon.
Anyway, I'm now going with an increased ldap_connections_number (100 instead of 5),
and increased LDAP timeouts as well.
What about max_request_time and delete_blocked_requests -- isn't this
exactly what is needed to protect the server from being blocked?
Cheers, Martin
--
Dr. Martin Pauly Fax: 49-6421-28-26994
HRZ Univ. Marburg Phone: 49-6421-28-23527
Hans-Meerwein-Str. E-Mail: pauly@HRZ.Uni-Marburg.DE
D-35032 Marburg
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic