FreeRadius 2.1.12 with winbind - performance issues

Alan DeKok aland at deployingradius.com
Fri Jan 23 01:21:36 CET 2015


On Jan 22, 2015, at 5:18 PM, John Douglass <john.douglass at oit.gatech.edu> wrote:
> Hehe, I've been doing EXTENSIVE tweaking on our end and I still haven't
> found any magic numbers. Currently on Samba 3.6 but moving to 4.1.14
> VERY soon to address some performance issues. Namely that the number of
> winbind processes only increases, only after 4.1.12 does the fix exist
> to kill off connections idle more the X (default 60s) time. When you hit
> the max number of DC connections winbind stops being able to
> authenticate and just crashes and burns. Restarting winbind when it gets
> near its threshold seems to help.

  That’s just sad.  We’ve done testing with FreeRADIUS and OpenLDAP.  We get 30K auths/s.  Using just an OpenLDAP client, 60K or more.

> We have been working very closely with Cisco and have a pre-alpha 8.x
> controller release we are testing that directly addresses this issue,
> but does not completely fix it. We have seen a definite decrease on the
> issues between controllers and radius servers but the back end seems to
> be the issue now (the Radius -> AD),

  It’s something which should have been fixed 10 years ago TBH.  But… that’s another story.

  Alan DeKok.



More information about the Freeradius-Users mailing list