Running ntlm_auth as a connection pool

Alan Buxey alan.buxey at gmail.com
Thu Aug 31 12:18:06 CEST 2017


Easy. Use the native winbind module in latest 3.0.x series. That runs as a
connection pool and is orders of magnitudes faster.

Secondly, bash script, calling LD and p and doing things? Terrible for
performance. Use the native ldap functionality in FR to get that value out
of ldap (create a new LDAP module if needed to separate functions). Use
unlang to collect the value and assign it to temporary internal attribute
value. Then use that value in your winbind call. All native, all threaded,
all fast!

alan

On 31 Aug 2017 11:11 am, "Arnab Roy" <arnabroy at mail.com> wrote:

>    Hi All,
>
>    I am seeing some performance challenges with ntlm_auth (Currently
>    running 3.0.15). My setup is pretty non-standard so I will apologise
>    for this beforehand. But my hands are tied.
>
>    Our mschap module actually calls a shell script which than calls
>    ntlm_auth (we actually need to perform an ldap lookup before obtaining
>    the samaccount name to pass to ntlm_auth), as expected this throws up
>    some challenges under load.
>
>    What I would like to know if its possible to do anything to improve
>    performance under this circumstances. I know the direct winbind
>    mode would have been great but the ldap lookup is critical for things
>    to work our end.
>
>    Mr Google returned some suggestions that their was an option to run
>    ntlm_auth as a connection pool , is it still there / was it dropped in
>    favour of direct winbind connectivity.
>
>    Any suggestions welcome.
>
>    Many Thanks
>    Arnab
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/
> list/users.html


More information about the Freeradius-Users mailing list