recommendations for max_servers
A.L.M.Buxey at lboro.ac.uk
A.L.M.Buxey at lboro.ac.uk
Wed Sep 24 21:56:46 CEST 2014
Hi,
> I imagine if there were a better option with similar properties and
> ties to central authentication, then we would all flock to it.
yep. we would. the best is stil EAP-TLS - as you say, thats got big setup overheads...
not as nice and easy as PEAP for quick get up and going.
however, there are other ways of doing this
you COULD proxy the request to a farm of NPS servers - they talk native LSA
(none of the nasty samba stuff) - the hit then is purely on the NPS box...but
that could blow up if too many requests are in proxy-land
you could investigate using SAMBA 4 locally on the FreeRADIUS box - with a
local AD clone you dont have the nasty inter-process rubbish....ntlm_auth
etc is all local
you could investigate using SAMBA 4 tools locally - ntlm_auth has the ability
(latest versions) to use all servers in the AD farm rather than just sticking to
the current one its chosen (and overloading it!)
alan
More information about the Freeradius-Users
mailing list