Generating timing stats for ntlm_auth

Phil Mayers p.mayers at imperial.ac.uk
Thu Oct 10 14:45:59 CEST 2013


On 10/10/13 12:56, A.L.M.Buxey at lboro.ac.uk wrote:
> Hi,
>
>> Thu Oct 10 11:52:16 2013 : Info: WARNING: Module rlm_eap became
>> unblocked for request 47516341
>>
>> ...since the return of our students this year.
>>
>> I am 99% sure this is ntlm_auth being slow, and I have a strong
>> suspicion this is related to some changes in our AD infrastructure
>> over the summer.
>
> I've contacted our AD guys about a couple of tweaks they can do for 'legacy'

Any chance you can point me in the direction of these?

> authentications (as microsoft call it) - but I'm also looking at
> samba4 - as it has a new option that will balance ntlm_auth against
> all known boxes rather than the first box it latches onto - to spread
> the load.

Hmm.

>
> I'm also now getting suspicious about a couple of tuesday patches
> that got deployed over summer...

Interesting - which ones?

> (we're also thinking about EAP-TLS again ;-) )

Semi-related, but to my annoyance we're seeing rather less SSL 
resumption than I would expect, given that iOS and Android both do it by 
default.


More information about the Freeradius-Users mailing list