Arran Cudbard-Bell wrote: > Firstly is is possible to specify return codes for users files depending > on matched sections ? Or will the files module always return ok ?
You can't specify return codes from the "users" file. > Secondly, whats considered decent throughput in terms of (serial) > requests per second... > With none of the SQL or LDAP checking i'm getting around 300ish requests > per second ; That's a little low, to be honest. My tests on a dual core 1.8GHz intel show 25k PAP requests per second from localhost to localhost. That's rather different from what you're seeing. Unless you mean 300 full EAP-TLS/TTLS/PEAP authentications per second. That's pretty fast, considering that almost all of the CPU time is spent doing RSA key operations. And with 5-10 RADIUS packets per EAP authentication, that's 3k requests/s, not 300. > We have a user base of around 10,000 users with a absolute maximum of > 4,000 logged in at any one time, and two Dual Core 2.13ghz 64bit Apple > Xserves with basic load balancing. > > It's obvious that the SQL server is lagging behind, and the LDAP cluster > is on some ageing Xserves so probably isn't performing at it's peak... > > If you have any recommended figures that I could aim for, would be very > useful. For plain PAP: 10k+ requests/s would be expected. For EAP, substantially less than that. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
