Hey guys,
Long time user, first time poster :)
We just purchased Clearpass and are looking to tie it to our MariaDB server for 1 source of authentication. Everything is working except when the MariaDB server decides to close its connection after the timeout value is exceeded. At that time, MariaDB sends a close connection acknowledgement that Clearpass ultimately ignores, then the next client that tries to auth against it on each Clearpass server (we have 6) Clearpass comes back with a message "Server has went away" and fails the authentication. During that transaction, it reestablishes the connection with MariaDB and is available for the following client. Ultimately, if our timeout value is set to 12 hours, we will have 6 false "rejects" every morning.
Default value and best practice for MariaDB is a connection timeout of 8 hours from what I am being told. TAC has come back at this point and said that since Clearpass is the client of the server, there is nothing they can do and that there is no setting to force Clearpass to reestablish a connection without a client requesting authentication.
I know there are people out there using MariaDB as an auth source for Clearpass, has anyone experienced this issue? Is there anything on the MariaDB side we can adjust? I am being told we cannot leave the connection open indefinitely, and I would have to agree that cleaning up a connection on a regular basis is probably a good thing.
Any thoughts would be helpful. Thanks!