recommendations for max_servers
Alan DeKok
aland at deployingradius.com
Tue Sep 23 20:32:52 CEST 2014
John Douglass wrote:
> The flaws in the controller software cause an "overrun" of radiusIDs if
> you have too many authentications/second which will manifest as
> "duplicate" and "discards" in the logs. No amount of tweaking on the
> radius side will fix this. You can however, improve performance to try
> and improve the client experience.
That should sometimes be tolerable... if the RADIUS server is fast
enough. But when you tie FreeRADIUS to Active Directory, performance
drops by a factor of 100 or more.
I've done 40K authentications per second with a simple FreeRADIUS
configuration, on commodity hardware. Using AD... is a lot slower.
Personally, I advise people to avoid Active Directory if at all
possible. It's just not set up for enterprise authentication.
Alan DeKok.
More information about the Freeradius-Users
mailing list