On 08/24/2012 11:53 PM, McNutt, Justin M. wrote:
The underlying problem is that I have four production RADIUS servers that all seem to choose the same domain controller, which is not only a lot of load, but it's a bad idea in terms of fault tolerance.
I agree about the fault tolerance. In my experience, winbind actually has pretty poor failure-mode characteristics. If the DC it has a connection to goes down, it can take a noticeable amount of time (in excess of a minute; I've seen over three) to detect and fail over to another DC.
Re: load - well, that's site dependent I guess. FWIW the load from our FR servers is a tiny, tiny fraction of the total even at the very busiest times.
Anyway, thanks for the insight. I'll keep banging on it. If I get an elegant - or at least *stable* - configuration, I'll post something about it here.
To be honest, without some pretty major surgery to winbind, I think per-server "password_server" config is going to be the best you can do :o(
I occasionally wonder about getting the Samba guys interested in improving this, but it's not something I really have the time to take up.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
