Monitoring connectivity to authentication
Matthew Newton
mcn4 at leicester.ac.uk
Wed Apr 20 17:15:46 CEST 2016
On Wed, Apr 20, 2016 at 02:48:39PM +0000, Lovaas,Steven wrote:
> Planning an upgrade from 2.2.x to 3.x this summer, but I wanted
> to start tracking some statistics now so I have evidence of any
> performance change when we make the move.
That's good.
> Is there a similar capability to monitor statistics (ideally
> including response time) for FreeRADIUS interactions with an AD
> back end?
Your best bet is probably to put a wrapper around calls to
ntlm_auth (e.g. as done in
https://lists.samba.org/archive/samba/2014-September/184874.html).
But this will add extra latency to the call because it's yet
another fork.
I also seem to remember that if you bump the debug logs up on
winbind it will log response time. But the logs grow very fast.
Really you probably just want the time the request came in to
FreeRADIUS and the time the Accept or Reject was sent back.
Unless you change from ntlm_auth to libwbclient then that
component of the system shouldn't change so will be the same for
v2 and v3.
Other monitoring I'd also look at would be pushing your radius
logs into something like elasticsearch so you can visualise the
number of successful/failed connections (rather than just see the
stats). That's pretty easy to do now with the config in
https://github.com/FreeRADIUS/freeradius-server/tree/v3.0.x/doc/schemas/logstash
Matthew
--
Matthew Newton, Ph.D. <mcn4 at le.ac.uk>
Systems Specialist, Infrastructure Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
For IT help contact helpdesk extn. 2253, <ithelp at le.ac.uk>
More information about the Freeradius-Users
mailing list