Monitoring connectivity to authentication

Louis Munro lmunro at inverse.ca
Wed Apr 20 17:25:40 CEST 2016


> On Apr 20, 2016, at 11:15 , Matthew Newton <mcn4 at leicester.ac.uk> wrote:
> 
> On Wed, Apr 20, 2016 at 02:48:39PM +0000, Lovaas,Steven wrote:
>> Planning an upgrade from 2.2.x to 3.x this summer, but I wanted
>> to start tracking some statistics now so I have evidence of any
>> performance change when we make the move.
> 
> That's good.
> 
>> Is there a similar capability to monitor statistics (ideally
>> including response time) for FreeRADIUS interactions with an AD
>> back end?
> 
> Your best bet is probably to put a wrapper around calls to
> ntlm_auth (e.g. as done in
> https://lists.samba.org/archive/samba/2014-September/184874.html).
> But this will add extra latency to the call because it's yet
> another fork.


The latest version of that wrapper can be found at 

https://github.com/inverse-inc/packetfence/blob/devel/src/ntlm_auth_wrap.c <https://github.com/inverse-inc/packetfence/blob/devel/src/ntlm_auth_wrap.c>

It can now send metrics to statsd in addition to (or exclusively) logging.

As Matthew says, there is a cost to that.
But sometimes it’s worth paying.

I am considering patching winbind to send metrics to statsd too.
The ability to know how long it takes to authenticate, as well as comparing it to historical data is addictive.

Regards,
--
Louis Munro
lmunro at inverse.ca  ::  www.inverse.ca 
+1.514.447.4918 x125  :: +1 (866) 353-6153 x125
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence (www.packetfence.org)



More information about the Freeradius-Users mailing list