You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We have two Tacacs servers (active/passive) with tacplusng (commit version: a64efee) and the mavis_tacplus-ng_ldap.pl Perl plugin running.
The active Tacacs server gets a few queries per second which seems to be too much since I can see in the logs that the LDAP plugin terminates before finishing the request and the spawning of the plugin also gets throttled:
Oct 3 12:51:08 tacacs1-u22 tacplus[2973023]: 192.168.61.33 looking for user gnmic in MAVIS backend
Oct 3 12:51:08 tacacs1-u22 tacplus[2973023]: 192.168.61.33 result for user gnmic is ACK
Oct 3 12:51:08 tacacs1-u22 tacplus[2973023]: 192.168.61.33 shell login for 'gnmic' (realm: port1610) on unknown succeeded (profile=admin-ro)
Oct 3 12:51:08 tacacs1-u22 tacplus[2973023]: authen|192.168.61.33|gnmic|unknown||shell login succeeded
Oct 3 12:51:08 tacacs1-u22 tacplus[2953118]: /usr/local/lib/mavis/mavis_tacplus-ng_ldap.pl: 3024541: terminated before finishing first request
Oct 3 12:51:08 tacacs1-u22 tac_plus-ng[3024543]: munmap_chunk(): invalid pointer
Oct 3 12:51:08 tacacs1-u22 tacplus[2953118]: /usr/local/lib/mavis/mavis_tacplus-ng_ldap.pl: 3024543: terminated before finishing first request
Oct 3 12:51:08 tacacs1-u22 tacplus[2953118]: external: /usr/local/lib/mavis/mavis_tacplus-ng_ldap.pl respawning too fast; throttling for 26 seconds.
Apart from running the Tacacs servers in active/active, what else could I do and what are the limitations of the LDAP plugin as in queries per second?
thanks for reporting. Alas, the version you're using is close to 12 month old, please retry with the current code. The issue you're seeing might already be fixed there.
About the Python script: This is more of a proof-of-concept that backend modules can be written in Python, too. I believe it's feature compatible to the Perl script and uses the same environment variables (AFAIR). Also, there's a multi-threaded variant (ldapmavis-mt, same environment variables) for the external-mt module, written in C, that should cope better with multiple parallel authentications (e.g. caused by MFA).
We have two Tacacs servers (active/passive) with tacplusng (commit version: a64efee) and the mavis_tacplus-ng_ldap.pl Perl plugin running.
The active Tacacs server gets a few queries per second which seems to be too much since I can see in the logs that the LDAP plugin terminates before finishing the request and the spawning of the plugin also gets throttled:
Oct 3 12:51:08 tacacs1-u22 tacplus[2973023]: 192.168.61.33 looking for user gnmic in MAVIS backend
Oct 3 12:51:08 tacacs1-u22 tacplus[2973023]: 192.168.61.33 result for user gnmic is ACK
Oct 3 12:51:08 tacacs1-u22 tacplus[2973023]: 192.168.61.33 shell login for 'gnmic' (realm: port1610) on unknown succeeded (profile=admin-ro)
Oct 3 12:51:08 tacacs1-u22 tacplus[2973023]: authen|192.168.61.33|gnmic|unknown||shell login succeeded
Oct 3 12:51:08 tacacs1-u22 tacplus[2953118]: /usr/local/lib/mavis/mavis_tacplus-ng_ldap.pl: 3024541: terminated before finishing first request
Oct 3 12:51:08 tacacs1-u22 tac_plus-ng[3024543]: munmap_chunk(): invalid pointer
Oct 3 12:51:08 tacacs1-u22 tacplus[2953118]: /usr/local/lib/mavis/mavis_tacplus-ng_ldap.pl: 3024543: terminated before finishing first request
Oct 3 12:51:08 tacacs1-u22 tacplus[2953118]: external: /usr/local/lib/mavis/mavis_tacplus-ng_ldap.pl respawning too fast; throttling for 26 seconds.
Apart from running the Tacacs servers in active/active, what else could I do and what are the limitations of the LDAP plugin as in queries per second?
There also seems to be a new (undocumented) Python version of the LDAP plugin (https://github.com/MarcJHuber/event-driven-servers/tree/master/mavis/python) since last year. Does this provide any advantages performance-wise and does it support the same features and environment variables as the Perl version?
The text was updated successfully, but these errors were encountered: