Setting up a Proxy Server as a load balancer to bypass winbind/samba bottleneck

Walter Reynolds waltr at
Fri Oct 16 17:53:12 CEST 2015

We are running to the same problems with winbind/samba bottlenecks as many
other universities.  While one of our servers does quite well we are
starting to get hung modules at peak hitting as many as 150 authentications
per second while averaging over 70/sec for several minutes.

Since wireless controllers are getting bigger and with Cisco we are limited
to sending radius auth request to one server at a time we need another way
to balance things out.  I thought setting up a freeradius proxy that
pointed to two separate servers might be a way to go about this.  Problem
is I thought I read somewhere in the freeradius lists that that would
create other problems, but now I can not find that.  I also am not sure I
followed this right, but in looking at proxy home_server_pool it looks like
my options for load balancing will still send all auth request from my one
large controller to a single server as the source IP will all be the same
under client-balance.

Walter Reynolds
Principal Systems Security Development Engineer
Information and Technology Services
University of Michigan
(734) 615-9438

More information about the Freeradius-Users mailing list