recommendations for max_servers

Alan DeKok aland at
Tue Sep 23 20:32:52 CEST 2014

John Douglass wrote:
> The flaws in the controller software cause an "overrun" of radiusIDs if
> you have too many authentications/second which will manifest as
> "duplicate" and "discards" in the logs. No amount of tweaking on the
> radius side will fix this. You can however, improve performance to try
> and improve the client experience.

  That should sometimes be tolerable... if the RADIUS server is fast
enough.  But when you tie FreeRADIUS to Active Directory, performance
drops by a factor of 100 or more.

  I've done 40K authentications per second with a simple FreeRADIUS
configuration, on commodity hardware.  Using AD... is a lot slower.

  Personally, I advise people to avoid Active Directory if at all
possible.  It's just not set up for enterprise authentication.

  Alan DeKok.

More information about the Freeradius-Users mailing list