FreeRadius 2.1.12 with winbind - performance issues

Louis Munro lmunro at inverse.ca
Thu Jan 22 19:35:52 CET 2015


On Jan 22, 2015, at 12:59 , Diggins Mike <diggins at mcmaster.ca> wrote:

> Hi,
> 
> Questions:
> 
> 1. How could I tell if winbind is slowing the system down? 

Try not to guess. I spent way too much time guessing and then decided to write a wrapper for ntlm_auth to log how long it actually took to authenticate.
That can tell you whether that’s really what is slowing you down or whether your time would be better spent optimizing something else.

You can find my ham fisted code at https://github.com/louismunro/packetfence/blob/feature/ntlm_auth_wrapper/src/ntlm_auth_wrap.c 

> 
> 3. Would upgrading to the latest versions of FreeRadius and Winbind likely help (i.e. are there known improvements that would make a difference)?

Yes. Others may be better placed to give you the details but there are improvements related to ntlm_auth in 2.2.6 that I know of.

> 4. Can anyone suggest other improvements I could make?
> 

Consider tuning the DC side of the equation too.
See the article for some background : http://support.microsoft.com/kb/2688798

Once done, don’t be afraid to raise winbind max domain connections much higher than 10, although that may require upgrading samba.

Premature optimization, root of all evil, you know what they say.

Regards,
--
Louis Munro
lmunro at inverse.ca  ::  www.inverse.ca 
+1.514.447.4918 x125  :: +1 (866) 353-6153 x125
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence (www.packetfence.org)






More information about the Freeradius-Users mailing list