On 20/02/15 01:00, Matthew Newton wrote:
Hi,
Just opening up for a bit of discussion on the best way to proceed with the ntlm_auth improvements I've been hacking around on.
I've just been testing using libwbclient from FreeRADIUS. One RADIUS server has held up our entire wireless infrastructure for a couple of days, over all student movements between lectures, without a single complaint from the Cisco controllers about RADIUS timeouts.
We normally hit problems when one RADIUS server gets to about 30 auths/second. This one has peaked at nearly 90 auths/second. This is nice - it seems execing ntlm_auth really is the problem
That makes "sense" (for some values of sense...) based on our experience. It's crazy that fork/exec of such a small binary, which is bound to be in-cache, is so slow, but I'm assuming it's actually some setup that ntlm_auth does.
Add ntlm_auth helper mode to 3.0.x now, which should be safe and run on anything that has ntlm_auth. And will be, IMO, nearly as fast as calling libwbclient directly. This should fix the AD auth
This sounds good.
issues for anyone with FR3. (I'm happy to provide patches as-is for Samba and FR2 for any that want, but they're not going to be merged.)
Finish and submit patch to Samba, then add libwbclient mode either later on in 3.0.x or more likely to 3.1.x, due to the timescales of the Samba release.
Sounds good.