Rui Ribeiro wrote:
Finally, do you find 160ms-200ms an acceptable time to authenticate, or do I need to dig it further on?
It should be fine. The "unresponsive child" message will occur only after "max_request_time". i.e. 30 seconds. If a request takes more than 30s to process, then something is *very* wrong. It may indicate that the ntlm_auth program has hung. I'll take a look at writing a "wrapper" program to deal with this issue. It should take an argument of time to wait, and then the other program to execute. Then if the second program takes too long, kill it, and return an error. e.g. wait_limit -t 5 /path/to/ntlm_auth ... args ... Where "wait_limit" is a small C program. It would wait 5 seconds, and if ntlm_auth didn't return, kill it, and return a failure to radiusd. That would work around the "unresponsive child" issue, but not solve it. The underlying issue is that *something* is blocking ntlm_auth for 30s at a time. That's bad. Alan DeKok.