[prev in list] [next in list] [prev in thread] [next in thread]
List: freeradius-users
Subject: Re: rlm_cache and ntlm_auth
From: John Douglass <john.douglass () oit ! gatech ! edu>
Date: 2013-11-25 14:46:35
Message-ID: 529362CB.7020301 () oit ! gatech ! edu
[Download RAW message or body]
Jonathan,
I have had some success on our servers with the EAP caching available in
the eap.conf file within the tls {} block. It does take some additional
work to save/restore attributes from the cache, but it's been successful
for me for _some_ subset of authentications in not having to go all the
way to AD during the cache time.
It's going to totally depend upon client behavior/capabilities.
- JohnD
On 11/25/2013 08:15 AM, Arran Cudbard-Bell wrote:
> On 25 Nov 2013, at 12:26, Jonathan Gazeley <jonathan.gazeley@bristol.ac.uk> wrote:
>
> > Probably a simple question, but I've Googled it and I can't find the answer.
> >
> > Is it possible to wrap an ntlm_auth backend in rlm_cache? Our active directory is \
> > frequently quite slow. If we were able to grab at least some of these \
> > authentications from the cache I think it would help a lot.
> > I don't know exactly what data is returned from NTLM, is it cacheable or does it \
> > have to be fresh each time? By the fact that I haven't found any mention of \
> > anyone doing this, I suspect it's probably not possible.
> For PAP yes, for MSCHAPv2 no (challenge/response).
>
> -Arran
>
> Arran Cudbard-Bell <a.cudbardb@freeradius.org>
> FreeRADIUS Development Team
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic