recommendations for max_servers

A.L.M.Buxey at A.L.M.Buxey at
Wed Sep 24 21:56:46 CEST 2014


> I imagine if there were a better option with similar properties and
> ties to central authentication, then we would all flock to it.

yep. we would. the best is stil EAP-TLS - as you say, thats got big setup overheads...
not as nice and easy as PEAP for quick get up and going.

however, there are other ways of doing this

you COULD proxy the request to a farm of NPS servers - they talk native LSA
(none of the nasty samba stuff) - the hit then is purely on the NPS box...but
that could blow up if too many requests are in proxy-land

you could investigate using SAMBA 4 locally on the FreeRADIUS box - with a
local AD clone you dont have the nasty inter-process rubbish....ntlm_auth
etc is all local

you could investigate using SAMBA 4 tools locally - ntlm_auth has the ability
(latest versions) to use all servers in the AD farm rather than just sticking to
the current one its chosen (and overloading it!)


More information about the Freeradius-Users mailing list