Can we do sql just once during eap-tls handshake

Phil Mayers p.mayers at imperial.ac.uk
Thu Mar 5 12:32:43 CET 2009


Johan F2 wrote:
> We are using eap-tls for authetication assisted with a database for filling
> in some attributes.
> 
> FreeRADIUS Version 2.1.3 with minimal configuration will do a sql lookup for
> each round.
> (Four selects: radcheck, radusergroup, radgroupcheck and radgroupreply).
> There are 6-9 rounds depending on certificate chain sizes.
> 
> Obviously performance would be better with only one database lookup.
> 
> Part of the (attempted) configuration:
> 	authorize {
> 		preprocess
> 
> 		eap
> 		if (I have tried some conditions here) {

The default FR 2.0 config has:

authorize {
   eap {
    ok = return
   }
}

...which will do what you want. As always, mangling the default config 
without understanding why it does what it does is a bad idea.



More information about the Freeradius-Users mailing list