Caching techniques with ntlm_auth usage? (EAP-PEAP-MSchapV2)
James J J Hooper
jjj.hooper at bristol.ac.uk
Sat Mar 5 02:17:54 CET 2011
--On 04 March 2011 12:34 -0500 John Douglass <john.douglass at oit.gatech.edu>
wrote:
> Group,
>
> Recently, my AD servers were patched by another support group and this
> caused a (small but noticeable) service outage for our WPA radius
> services (Radius 2.1.9)
I can think of two things to investigate:
* Recent Samba can do winbind credential caching IIRC - I haven't
experimented with this so I'm not sure if it will work for this application.
* Enable Fast Session Resumption:
<https://github.com/alandekok/freeradius-server/blob/master/raddb/modules/eap#L312>
... We dropped the hits on our DCs by > 40% by doing this. N.B Resumed
sessions will not touch your inner-tunnel config, so you have to make sure
that you pay attention when (re-)assigning VLANs / other returned
attributes based on username.
-James
--
James J J Hooper
Network Specialist, University of Bristol
http://www.wireless.bristol.ac.uk
--
More information about the Freeradius-Users
mailing list