ntlm_auth improvements

A.L.M.Buxey at lboro.ac.uk A.L.M.Buxey at lboro.ac.uk
Fri Feb 20 10:29:14 CET 2015


Hi,

> auths/second. This one has peaked at nearly 90 auths/second. This
> is nice - it seems execing ntlm_auth really is the problem (this
> is Samba 3.6.6, all running on HP DL380G6, 2-CPU Xen VMs ~1Gb RAM
> [mostly unused]).

oh its running ntlm_auth thats the bottleneck for sure - as the server
can do many x100's more PEAP when using users file, LDAP or SQL backends.

> Add ntlm_auth helper mode to 3.0.x now, which should be safe and
> run on anything that has ntlm_auth. And will be, IMO, nearly as
> fast as calling libwbclient directly. This should fix the AD auth
> issues for anyone with FR3. (I'm happy to provide patches as-is
> for Samba and FR2 for any that want, but they're not going to be
> merged.)
> 
> Finish and submit patch to Samba, then add libwbclient mode either
> later on in 3.0.x or more likely to 3.1.x, due to the timescales
> of the Samba release.

i thought we were going for all approaches andway - libwbclient method,
ntlm_auth helper mode etc etc.    I would just go for 3.0.x now anyway
(I think Alan would say theres no choice, 2.x has no new features....)
that MIGHT match the timescales for some distros anyway - and if there
can be a run-time check for libwbclient thread-safe then it can use the
feature.

the other small performance tweak is to get the privileged file off disk - use 
tmpfs/ramdisk for the file (particularly in VMs!!)

alan


More information about the Freeradius-Devel mailing list