Running ntlm_auth as a connection pool
Alan DeKok
aland at deployingradius.com
Mon Sep 4 00:22:12 CEST 2017
On Sep 3, 2017, at 5:22 PM, Arnab Roy <arnabroy at mail.com> wrote:
> So I took things apart today. I switched to using direct winbind on a
> test machine ...what a difference in performance you can't even compare
> the two method's performance.
That's to be expected.
> To check where such high cost of performance comes from I replaced ntlm
> auth with a simple shell script which just echoed back the NT key and
> another one directly calling the NTLM_AUTH and the results where same.
> So it seems like the cost of calling an external binary from inside the
> server is extremely high.
It's always expensive to create sub-processes. Especially if the server is trying to do 1000's of authentications per second.
> So I went back to the friendly folks at samba and they kindly pointed
> me to the section of the code responsible for obtaining the winbindd
> path. I managed to recompile ntlm_auth and it works but it's pointless.
Why?
> The file in question in samba is under nsswitch/wb_common.c
> My question is does freeradius use the same code as samba for the
> client side communication.
FreeRADIUS uses the Samba libraries to talk to winbindd. If you recompile the Samba libraries, the server will use them.
> Can it be tweaked and compiled to behave
> similarly that would solve my problems for now.
Just have it use the recompiled Samba libraries.
Alan DeKok.
More information about the Freeradius-Users
mailing list