redundant load balancing and mschap
Phil Mayers
p.mayers at imperial.ac.uk
Sat Aug 25 11:22:51 CEST 2012
On 08/24/2012 11:53 PM, McNutt, Justin M. wrote:
> The underlying problem is that I have four production RADIUS servers
> that all seem to choose the same domain controller, which is not only
> a lot of load, but it's a bad idea in terms of fault tolerance.
I agree about the fault tolerance. In my experience, winbind actually
has pretty poor failure-mode characteristics. If the DC it has a
connection to goes down, it can take a noticeable amount of time (in
excess of a minute; I've seen over three) to detect and fail over to
another DC.
Re: load - well, that's site dependent I guess. FWIW the load from our
FR servers is a tiny, tiny fraction of the total even at the very
busiest times.
> Anyway, thanks for the insight. I'll keep banging on it. If I get
> an elegant - or at least *stable* - configuration, I'll post
> something about it here.
To be honest, without some pretty major surgery to winbind, I think
per-server "password_server" config is going to be the best you can do :o(
I occasionally wonder about getting the Samba guys interested in
improving this, but it's not something I really have the time to take up.
More information about the Freeradius-Users
mailing list