Running ntlm_auth as a connection pool

Arnab Roy arnabroy at mail.com
Thu Aug 31 16:39:40 CEST 2017


   Hi Alan,

   That sounds really good re-v4. to be honest everything looks really
   good on v4.

   You are spot with the winbind comment, I did some tracing this morning
   with the ldap lookup turned off it's taking a fair amount of time for
   ntlm auth to connect to winbind and getting the auth hash. I have no
   idea why smb.conf allows you to specify different paths for things and
   all works. But the same support is missing on client utilities. I had
   to hack nss-switch/wb_common.c in samba to get the path loaded from a
   custom parameter.

   Thanks again.

   Arnab

   Sent: Thursday, August 31, 2017 at 3:10 PM
   From: "Alan DeKok" <aland at deployingradius.com>
   To: "FreeRadius users mailing list"
   <freeradius-users at lists.freeradius.org>
   Subject: Re: Running ntlm_auth as a connection pool
   On Aug 31, 2017, at 9:56 AM, Arnab Roy <arnabroy at mail.com> wrote:
   >
   > Just a small additional question, so as it stands unless I completely
   > re-do this whole piece , I am highly unlikely to get out of this
   hole.
   > So as a temporary suggestion I have got plenty of CPU , DISK IO and
   > Memory resources. Fr is barely using anything , any parameters I can
   > change so FR uses the spare hardware resources to process the
   > concurrent mschap requests ?
   Do LDAP lookups in FreeRADIUS. That will help a bit.
   The real limitation is Samba / Winbind. If their libraries allowed for
   ntlm_auth / rlm_winbind to set the winbind path, it would be simple.
   Since that path is hard-coded into their libraries, it's much more
   difficult.
   For v4, we're working on making it asynchronous. So you should be able
   to run many, many, instances of ntlm_auth without having the server
   wait for each one.
   Alan DeKok.
   -
   List info/subscribe/unsubscribe? See
   [1]http://www.freeradius.org/list/users.html

References

   1. http://www.freeradius.org/list/users.html


More information about the Freeradius-Users mailing list