Currently, we are running a Merit RADIUS server with a DBM users file that
directs authentication for specific users to our UUCP machine or our 2nd
shell machine. The DEFAULT entry sends authentication for the rest of the
users to the first shell machine.
We set up this arrangement several months ago when we added the second
shell machine.
The Merit server runs on a Sparc 2 on the same segment as the 2 dozen
PM-2e-30's that it server. The Sparc 2 has no other function and is
never above a load of .2.
Today we had a problem where logins were delayed because of excessive
packet retransmissions. The Merit RADIUS logfile indicates that it was
retrying authentication to the other servers (which log dropping the
duplicate packets). The number of retries per login attempt was gradually
increasing to as many as 19 retries per login attempt. As the retires
increased, the responce time slowed down which increased the retries.
When I restarted the Merit RADIUS server the problem went away.
Is there a way to tune the retry rate so that this kind of snowballing
can't happen? We don't seem to loose packets, so I think the responce
time would be better with a 1 minute span between retries than it is when
it snowballs.... (Doubling the retry span would probably be better than 1
minute of course.)
I'm not sure if the excessive retries were generated by the portmasters or
the Merit server. If its the server I'm sure its easy enough to tune. I
didn't find a way to tune it on the portmasters, perhaps that's an RFE.
- ----------------------------------------------------------------------------
Steven P. Crain scrain@shore.net http://www.shore.net/~scrain
Shore.Net Unix Development and Administration
An ISP with Excellence in the Greater Boston Area.
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Finger me for a public key.
iQB1AwUBMqcdT40DAXSiDippAQHrAgL8CrLZlJxRchsGrTZ1Mqh45T6C8kN2O79X
F6VbUA4xPzk6JQ/Te+h/vDXEFPPXo13eo8Ge8hu0S84Kq9BeDk1nLiPVh4xpOGne
ta+DMTuvQLuzIbRZBfziutpgnFphJAgD
=h7Bp
-----END PGP SIGNATURE-----