Walter Gould wrote: > Here's where my concerns lie - I am concerned about how many > simultaneous authentication requests that a single Freeradius server can > handle. I have read the "Testimonials" and the "Why we're #1" pages on > the freeradius site - which says there are numerous sites using > freeradius to support more than 10,000 or 20,000 users.
And, sites with 15,000,000 users. > Our school > currently has around 21,000 students on our campus. Of that 21,000 - > there is usually around 1000 users logged into our wireless network at > any given time, however, that number continually increases. The authentication load on the server is relatively easy to calculate. If you have N users on, each with an average session time of S seconds, the load on the system will be N/S. e.g. 1K users, 20 minute session time (1200s) is about 1 auth/s. That is very little load... With EAP, there are multiple packet per user authentication, and SSL setup overhead. See raddb/certs/README. Interaction with Active Directory adds even more overhead. But a 2Gh machine should be fine. As was pointed out, you'll need a second machine for failover before the first one is at all busy. > Questions: > 1. Do any of you have feedback/thoughts/experience on how our freeradius > server may handle the auth. request load given our situation? > > 2. Do you think that we may need to tweak any of the settings in the > radiusd.conf file (max_requests, max_request_time, etc)? The default configuration should be pretty much fine. > 3. Any other advice/suggestions you have or think of would be welcome > and appreciated. Test the system to prove for yourself that the above numbers are true. Use "eapol_test" from "wpa_supplicant" on client machines to hammer the server with test authentications. That will give you a *measured* number for server performance. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html