Generating timing stats for ntlm_auth
Phil Mayers
p.mayers at imperial.ac.uk
Mon Oct 14 17:20:05 CEST 2013
On 14/10/13 16:01, Jonathan Gazeley wrote:
> On 10/10/13 15:03, A.L.M.Buxey at lboro.ac.uk wrote:
>>> >Samba 4 is lurvely... apparently 100% compatible with existing AD
>>> installations, although, as always, it's a bit finicky and info is a
>>> bit thin on the ground (and I've not written up a guide when I set my
>>> test environment up that uses an S4 server for EAP-MSCHAPv2). But at
>>> least it exists on RHEL/CentOS as a package.
>> it can also BE an AD master etc. anyway, you dont know how tempting
>> it was to "yum install samba4" on our production system;-)
>>
>> I'd certainly like to see some samba3.x versus samba4 benchmarks in
>> this sort of context
>
> This morning I upgraded a couple of our radius servers from samba 3.6.9
> to 4.0.0-rc4. It works, but it's not yet clear how much of an
> improvement it makes. Early indication is that it helps spread the load
> more evenly between domain controllers at peak times, but it is by no
> means the magic bullet.
I am wondering if using ntlm_auth in pipe mode, in the same way Squid
does, would improve this, as it would avoid fork&exec. I might try and
knock up a PoC patch.
More information about the Freeradius-Users
mailing list