Monitoring connectivity to authentication
Louis Munro
lmunro at inverse.ca
Wed Apr 20 17:25:40 CEST 2016
> On Apr 20, 2016, at 11:15 , Matthew Newton <mcn4 at leicester.ac.uk> wrote:
>
> On Wed, Apr 20, 2016 at 02:48:39PM +0000, Lovaas,Steven wrote:
>> Planning an upgrade from 2.2.x to 3.x this summer, but I wanted
>> to start tracking some statistics now so I have evidence of any
>> performance change when we make the move.
>
> That's good.
>
>> Is there a similar capability to monitor statistics (ideally
>> including response time) for FreeRADIUS interactions with an AD
>> back end?
>
> Your best bet is probably to put a wrapper around calls to
> ntlm_auth (e.g. as done in
> https://lists.samba.org/archive/samba/2014-September/184874.html).
> But this will add extra latency to the call because it's yet
> another fork.
The latest version of that wrapper can be found at
https://github.com/inverse-inc/packetfence/blob/devel/src/ntlm_auth_wrap.c <https://github.com/inverse-inc/packetfence/blob/devel/src/ntlm_auth_wrap.c>
It can now send metrics to statsd in addition to (or exclusively) logging.
As Matthew says, there is a cost to that.
But sometimes it’s worth paying.
I am considering patching winbind to send metrics to statsd too.
The ability to know how long it takes to authenticate, as well as comparing it to historical data is addictive.
Regards,
--
Louis Munro
lmunro at inverse.ca :: www.inverse.ca
+1.514.447.4918 x125 :: +1 (866) 353-6153 x125
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence (www.packetfence.org)
More information about the Freeradius-Users
mailing list