Re: [WIRELESS-LAN] FreeRADIUS performance question

On Wed, Sep 05, 2012 at 02:34:35PM +0100, Arran Cudbard-Bell wrote: > > The easiest way to disable the cache is to set the environment > > variable KRB5RCACHETYPE to "none" before starting freeradius. > > The MIT Kerberos software on our RADIUS servers though is so > > old (v1.3.x) that it didn't s

Re: [WIRELESS-LAN] FreeRADIUS performance question

06, 2012 12:55 PM > > To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU > > Subject: Re: [WIRELESS-LAN] FreeRADIUS performance question > > > > On Wed, Sep 05, 2012 at 10:43:25AM -0400, Walter Reynolds wrote: > > > Ok, we all have different usage patters and number of

Re: [WIRELESS-LAN] FreeRADIUS performance question

On Wed, Sep 05, 2012 at 10:43:25AM -0400, Walter Reynolds wrote: > Ok, we all have different usage patters and number of users. So can we do > a quick check of what sort of authentications our servers are doing per > second. Yes this does not filter out failures and logs and. But at > least

RE: [WIRELESS-LAN] FreeRADIUS performance question

That is a fun exercise. Here we are for yesterday September 4th. We had load issues last semester with the addition of tons of wireless, but we scaled up to get ahead of it (all vmware). We seem to be purring along this semester (at least AAA, NAC, wireless-wise). I have been wanting to g

Re: [WIRELESS-LAN] FreeRADIUS performance question

craig From: "Danny Eaton" To: WIRELESS-LAN@listserv.educause.edu Sent: Wednesday, 5 September, 2012 09:09:47 Subject: Re: [WIRELESS-LAN] FreeRADIUS performance

Re: [WIRELESS-LAN] FreeRADIUS performance question

Craig Simons mailto:craigsim...@sfu.ca>> Date: Wednesday, September 5, 2012 11:45 AM To: "WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>" mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> Subject: Re: [WIRELESS-LAN] FreeRADIUS performance ques

Re: [WIRELESS-LAN] FreeRADIUS performance question

- Original Message - From: "Danny Eaton" To: WIRELESS-LAN@listserv.educause.edu Sent: Wednesday, 5 September, 2012 09:09:47 Subject: Re: [WIRELESS-LAN] FreeRADIUS performance question Here at Rice -bash-3.00$ cat today | tr -s " " | cut -d " " -f 4 | uniq -c | so

RE: [WIRELESS-LAN] FreeRADIUS performance question

AUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of John Rodkey Sent: Wednesday, September 05, 2012 10:49 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] FreeRADIUS performance question 16 19:11:44 18 04:36:17 18 04

Re: [WIRELESS-LAN] FreeRADIUS performance question

16 19:11:44 18 04:36:17 18 04:43:12 18 05:45:12 18 06:26:13 18 07:22:07 18 08:18:46 20 01:58:49 20 03:28:29 23 03:46:02 On 9/5/12, Walter Reynolds wrote: > Ok, we all have different usage patters and number of users. So can we do > a quick check

Re: [WIRELESS-LAN] FreeRADIUS performance question

Ok, we all have different usage patters and number of users. So can we do a quick check of what sort of authentications our servers are doing per second. Yes this does not filter out failures and logs and. But at least it is an idea of how we stand to compared to others. cat radius.log-[DAT

Re: [WIRELESS-LAN] FreeRADIUS performance question

> The easiest way to disable the cache is to set the environment > variable KRB5RCACHETYPE to "none" before starting freeradius. > The MIT Kerberos software on our RADIUS servers though is so > old (v1.3.x) that it didn't support this, so I had to disable > it by writing a patch to the source code

Re: [WIRELESS-LAN] FreeRADIUS performance question

On Aug 22, 2012, at 6:31 PM, Gogan, James P wrote: > A question for folks with relatively large 802.1x (greater than 15,000 unique > clients) wi-fi deployment (EAP-TTLS) with a FreeRADIUS infrastructure using > Kerberos as the backend authentication ….. > > - how many FreeRADIUS servers do you

Re: [WIRELESS-LAN] FreeRADIUS performance question

> Disabling the cache by default would be great. Thanks! > > EAP-Kerberos doesn't actually exist today as a documented spec - Ah I guess I guess what I read wasn't an official IETF draft (it was years ago and I figured someone might have done something by now). > I'm sure that's why there's no

Re: [WIRELESS-LAN] FreeRADIUS performance question

On Thu, Aug 23, 2012 at 08:18:18AM +0100, Arran Cudbard-Bell wrote: > So an interesting question would be - is anyone actually using > EAP-Kerberos? If not, i'll disable caching by default and add a note > to the configuration. AFAIK no supplicant has actually implemented > any of the client side

Re: [WIRELESS-LAN] FreeRADIUS performance question

We used to have a setup where most all of our authentication went against 1 or two servers. We did make some changes in radiusd.conf and did not have a problem with any of this. We have since also allowed PEAP but still do not see problems. I found that when we did have problems it was never Kerb

Re: [WIRELESS-LAN] FreeRADIUS performance question

On 23 Aug 2012, at 01:30, Shumon Huque wrote: > Jim, > > We've been through this, and I'll describe what we did to > address it. > > There are two problems with the freeradius code that cause > performance problems with a Kerberos backend: > > 1) It doesn't disable the replay cache, which isn'

Re: [WIRELESS-LAN] FreeRADIUS performance question

Jim, We've been through this, and I'll describe what we did to address it. There are two problems with the freeradius code that cause performance problems with a Kerberos backend: 1) It doesn't disable the replay cache, which isn't needed for password verification operations (as opposed to nativ