ntlm_auth taking too much time

Winfield, Alister Alister.Winfield at bskyb.com
Tue Dec 16 12:03:11 CET 2014


No single thing is going to fix a resource issue. The answer depends in part to what the drivers of load are.

So the short answer is to fix the source of the problem..

Most likely it means adding more resources to AD. It might be a dumb default setting in AD limiting its authentication rate. Or just possibly its a network issue or just plain old ’not enough hardware' but the only way to tell is to test component by component.

Or in a different case…If the issue is a lot of bad clients failing to authenticate then such good things like caching rejects for a period can be really beneficial for the overall service at the expense of a slightly reduced successful authentication rate if you get a storm of probably good authentication requests.

Or its …..


Others on the list will have been here before with AD so may know what normally causes it to have poor performance.

Alister

From: Khapare Joshi <khapare77 at gmail.com<mailto:khapare77 at gmail.com>>
Reply-To: FreeRadius users mailing list <freeradius-users at lists.freeradius.org<mailto:freeradius-users at lists.freeradius.org>>
Date: Tuesday, 16 December 2014 10:30
To: FreeRadius users mailing list <freeradius-users at lists.freeradius.org<mailto:freeradius-users at lists.freeradius.org>>
Subject: ntlm_auth taking too much time

Hello all,

I am seeing ntlm_auth taking too much time in my couple of freeradius server lately, I am pretty much sure this is because of "BILL GATES" AD responding slow.

Dec 15 22:51:16 radserver1radiusd[1884]: Child PID 3300 (/usr/bin/ntlm_auth) is taking too much time: forcing failure and killing child.
Dec 15 22:51:20 radserver1 radiusd[1884]: Child PID 3302 (/usr/bin/ntlm_auth) is taking too much time: forcing failure and killing child.
Dec 15 22:51:21 radserver1 radiusd[1884]: Child PID 3303 (/usr/bin/ntlm_auth) is taking too much time: forcing failure and killing child.

Here are my Versions:
samba-winbind-3.6.23-12.el6.x86_64
freeradius-2.1.12-6.el6.x86_64
Win$ows AD 2012

Can you point me for some help how to get rid off these message or configuration, parameter that i can add ?



Happy Xmas

K

Information in this email including any attachments may be privileged, confidential and is intended exclusively for the addressee. The views expressed may not be official policy, but the personal views of the originator. If you have received it in error, please notify the sender by return e-mail and delete it from your system. You should not reproduce, distribute, store, retransmit, use or disclose its contents to anyone. Please note we reserve the right to monitor all e-mail communication through our internal and external networks. SKY and the SKY marks are trademarks of British Sky Broadcasting Group plc and Sky International AG and are used under licence. British Sky Broadcasting Limited (Registration No. 2906991), Sky-In-Home Service Limited (Registration No. 2067075) and Sky Subscribers Services Limited (Registration No. 2340150) are direct or indirect subsidiaries of British Sky Broadcasting Group plc (Registration No. 2247735). All of the companies mentioned in this paragraph are incorporated in England and Wales and share the same registered office at Grant Way, Isleworth, Middlesex TW7 5QD.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20141216/ca3555cb/attachment.html>


More information about the Freeradius-Users mailing list