Dynamiic update of client.conf..

Alan DeKok aland at deployingradius.com
Sat Apr 14 02:37:06 CEST 2007


Steve wrote:
> So, I'm currious is't possible to update clients.conf dynamicly?

  Yes.  See a recent email from Kostas on -users explaining why this is
hard.

>  But, reloading is not good idea, because of all previous running
> sessions will be stopped and context will be removed..

  This matters only for EAP, which has many round trips.  For other
kinds of authentication, and for accounting sessions, restarting the
server from scratch has minimal side effects.

> So, any idea to make the reload without removing the running context?

  It's a topic the developers have been trying to solve for a long time.

> Or, something
> else? As an idea I'm imaging the picture - to make some database support
> for freeradius server.. I mean in addition to clients.conf checks to
> try to implement database checks for NAS. So, may it be somebody knows,
> is't good idea? But, dynamic NAS update is the matter of fact..

  Dynamically querying the NAS on each RADIUS request is expensive, and
opens the server to DoS attacks.

  Alan DeKok.
--
  http://deployingradius.com       - The web site of the book
  http://deployingradius.com/blog/ - The blog



More information about the Freeradius-Devel mailing list