Hi, On Fri, Oct 16, 2015 at 11:11:21AM -0400, Walter Reynolds wrote: > Since you mention in the thread that you have Cisco with Freeradius > backend, I thought I would point out that if you are doing PEAP/MSChapv2 > that the bottleneck is winbind/samba and that it is based on auth's per > second, not purely auth request that show up in total request.
If you're running FreeRADIUS 3.0.8 or later compiled against Samba 4.2.1 or later you can try code I wrote that skips ntlm_auth entirely and talks to Samba directly from FreeRADIUS with one of their libraries. It should help with this issue. Fast SSD backed servers can also help. Memory doesn't matter much in my experience, but ntlm_auth has a large startup cost and winbind writes cache to disk for every auth. Matthew -- Matthew Newton, Ph.D. <[email protected]> Systems Specialist, Infrastructure Services, I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom For IT help contact helpdesk extn. 2253, <[email protected]> ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
