Adding a NAS via SQL
Peter Nixon
listuser at peternixon.net
Mon Jul 30 16:32:15 CEST 2007
On Mon 30 Jul 2007, Stefan Winter wrote:
> Hi,
>
> > It is an issue that has been discussed previously and FreeRADIUS is
> > unlikely to ever do an SQL SELECT of the nas table for every inbound
> > packet. What may be possible is to reload the nas list at certain
> > intervals (from cron is the easiest) but until/unless HUP handling is
> > improved that is problematic for deployments that need to keep session
> > state (ie. EAP users). If you dont use EAP, then there is no problem
> > doing a full restart on a regular basis..
>
> regular checks still would be a waste of resources most of the time (how
> often do you add a NAS?). How about:
>
> - doing the SQL query when it encounters a request from a new, unknown IP
> address,
> - RATE-LIMITED to once per minute or so.
>
> That would make re-reading event-driven, and not make the server be DoS'ed
> when a wave of fake requests comes in.
> Not sure how difficult to implement this though...
Yes. I think this would be a reasonable option, which should default to off.
This should of course be rate limitted to one re-read per minute for the
whole server, not per source IP as spoofing UDP packets it obviously not
terribly difficult..
--
Peter Nixon
http://peternixon.net/
More information about the Freeradius-Users
mailing list