Alan DeKok wrote:
B Thompson <bt4@york.ac.uk> wrote:http://lists.freeradius.org/mailman/htdig/freeradius-users/2006-March/051856.htmlA short work-around (i.e. hack) may be to not reload everything on HUP. Why are you HUPing it so often?
I realise this question wasn't directed to me, but the reason we HUP it so often is to reload a *large* rlm_passwd map in response to users registering and de-registering for things, and users being blocked and unblocked.
I realise in theory an SQL lookup might make more sense, but frankly we've found SQL in FreeRadius to be less-than reliable in the past, and it's certainly never going to be anything like as fast as rlm_passwd. Largely these issues were to do with peak load scaling and MVCC issues in Postgres (MySQL not being an option).
It's my intention to write and contribute an rlm_tdb module at some point when I have the free time (ha!) which would allow update processes to write to the binary map file whilst FR is running e.g.
modules
tdb mac2zone {
file = %{confdir}/mac2zone.tdb
key = "Calling-Station-Id"
result = "~MyZone ~MyHostId"
}
tdb nas2vlanset {
file = %{confdir}/nas2vlanset.tdb
key = "NAS-IP-Address"
result = "~MyVlanset ~MyNasId"
}
tdb zonevlan2vlan {
file = %{confdir}/zonevlan2vlan
key = "MyZone MyVlanset"
result = "Tunnel-Private-Group-Id"
}
}
authorize {
preprocess
files
Autz-Type MACBASEVLANS {
mac2zone
nas2vlanset
zonevlan2vlan
}
}
...and one could update the .tdb live