On Wed, Sep 05, 2012 at 10:43:25AM -0400, Walter Reynolds wrote:
Ok, we all have different usage patters and number of users. So can we do
a quick check of what sort of authentications our servers are doing per
second. Yes this does not filter out failures and logs and. But at
least it
@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] FreeRADIUS performance question
On Wed, Sep 05, 2012 at 10:43:25AM -0400, Walter Reynolds wrote:
Ok, we all have different usage patters and number of users. So can
we do a quick check of what sort of authentications our servers
On Wed, Sep 05, 2012 at 02:34:35PM +0100, Arran Cudbard-Bell wrote:
The easiest way to disable the cache is to set the environment
variable KRB5RCACHETYPE to none before starting freeradius.
The MIT Kerberos software on our RADIUS servers though is so
old (v1.3.x) that it didn't support
The easiest way to disable the cache is to set the environment
variable KRB5RCACHETYPE to none before starting freeradius.
The MIT Kerberos software on our RADIUS servers though is so
old (v1.3.x) that it didn't support this, so I had to disable
it by writing a patch to the source code (in
Ok, we all have different usage patters and number of users. So can we do
a quick check of what sort of authentications our servers are doing per
second. Yes this does not filter out failures and logs and. But at
least it is an idea of how we stand to compared to others.
cat
16 19:11:44
18 04:36:17
18 04:43:12
18 05:45:12
18 06:26:13
18 07:22:07
18 08:18:46
20 01:58:49
20 03:28:29
23 03:46:02
On 9/5/12, Walter Reynolds wa...@umich.edu wrote:
Ok, we all have different usage patters and number of users. So can we do
Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of John Rodkey
Sent: Wednesday, September 05, 2012 10:49 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] FreeRADIUS performance question
16 19:11:44
18 04:36:17
18 04:43:12
18 05:45:12
- Original Message -
From: Danny Eaton dannyea...@rice.edu
To: WIRELESS-LAN@listserv.educause.edu
Sent: Wednesday, 5 September, 2012 09:09:47
Subject: Re: [WIRELESS-LAN] FreeRADIUS performance question
Here at Rice
-bash-3.00$ cat today | tr -s | cut -d -f 4 | uniq -c | sort -n |
tail -10
Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of John Rodkey
Sent: Wednesday, September 05, 2012 10:49 AM
To:
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] FreeRADIUS performance question
16
From:
"Danny Eaton" dannyea...@rice.edu
To: WIRELESS-LAN@listserv.educause.edu
Sent: Wednesday, 5 September, 2012 09:09:47
Subject: Re: [WIRELESS-LAN] FreeRADIUS performance
That is a fun exercise. Here we are for yesterday September 4th. We had
load issues last semester with the addition of tons of wireless, but we scaled
up to get ahead of it (all vmware). We seem to be purring along this semester
(at least AAA, NAC, wireless-wise). I have been wanting to
On Aug 22, 2012, at 6:31 PM, Gogan, James P wrote:
A question for folks with relatively large 802.1x (greater than 15,000 unique
clients) wi-fi deployment (EAP-TTLS) with a FreeRADIUS infrastructure using
Kerberos as the backend authentication …..
- how many FreeRADIUS servers do you
On 23 Aug 2012, at 01:30, Shumon Huque shu...@upenn.edu wrote:
Jim,
We've been through this, and I'll describe what we did to
address it.
There are two problems with the freeradius code that cause
performance problems with a Kerberos backend:
1) It doesn't disable the replay cache,
We used to have a setup where most all of our authentication went against 1
or two servers. We did make some changes in radiusd.conf and did not have
a problem with any of this. We have since also allowed PEAP but still do
not see problems. I found that when we did have problems it was never
On Thu, Aug 23, 2012 at 08:18:18AM +0100, Arran Cudbard-Bell wrote:
So an interesting question would be - is anyone actually using
EAP-Kerberos? If not, i'll disable caching by default and add a note
to the configuration. AFAIK no supplicant has actually implemented
any of the client side
Disabling the cache by default would be great. Thanks!
EAP-Kerberos doesn't actually exist today as a documented spec -
Ah I guess I guess what I read wasn't an official IETF draft (it was years ago
and I figured someone might have done something by now).
I'm sure that's why there's no
Jim,
We've been through this, and I'll describe what we did to
address it.
There are two problems with the freeradius code that cause
performance problems with a Kerberos backend:
1) It doesn't disable the replay cache, which isn't needed
for password verification operations (as opposed to
17 matches
Mail list logo
