Running ntlm_auth as a connection pool
Arnab Roy
arnabroy at mail.com
Thu Aug 31 16:39:40 CEST 2017
Hi Alan,
That sounds really good re-v4. to be honest everything looks really
good on v4.
You are spot with the winbind comment, I did some tracing this morning
with the ldap lookup turned off it's taking a fair amount of time for
ntlm auth to connect to winbind and getting the auth hash. I have no
idea why smb.conf allows you to specify different paths for things and
all works. But the same support is missing on client utilities. I had
to hack nss-switch/wb_common.c in samba to get the path loaded from a
custom parameter.
Thanks again.
Arnab
Sent: Thursday, August 31, 2017 at 3:10 PM
From: "Alan DeKok" <aland at deployingradius.com>
To: "FreeRadius users mailing list"
<freeradius-users at lists.freeradius.org>
Subject: Re: Running ntlm_auth as a connection pool
On Aug 31, 2017, at 9:56 AM, Arnab Roy <arnabroy at mail.com> wrote:
>
> Just a small additional question, so as it stands unless I completely
> re-do this whole piece , I am highly unlikely to get out of this
hole.
> So as a temporary suggestion I have got plenty of CPU , DISK IO and
> Memory resources. Fr is barely using anything , any parameters I can
> change so FR uses the spare hardware resources to process the
> concurrent mschap requests ?
Do LDAP lookups in FreeRADIUS. That will help a bit.
The real limitation is Samba / Winbind. If their libraries allowed for
ntlm_auth / rlm_winbind to set the winbind path, it would be simple.
Since that path is hard-coded into their libraries, it's much more
difficult.
For v4, we're working on making it asynchronous. So you should be able
to run many, many, instances of ntlm_auth without having the server
wait for each one.
Alan DeKok.
-
List info/subscribe/unsubscribe? See
[1]http://www.freeradius.org/list/users.html
References
1. http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list