EAP-TLS performance SQL backend bottleneck

Alan DeKok aland at deployingradius.com
Fri Sep 11 11:32:31 CEST 2009


leopold wrote:
> OK thanks Alan. I moved sql module call from "authorize" to "post-auth", this
> improves performance, but the behavior is different.

  List "sql.authorize" in the post-auth section.  Not "sql".

> Inside policy.conf we have "do_not_respond" policy and if SQL server is down
> we need to force server not to respond in "post-auth"

  The code currently sets the response packet type (accept / reject),
and THEN calls the post-auth methods.

> Is there any limit where do_not_respond can be used?

  Yes.  It cannot be used in the post-auth section.

  It sounds like your requirements are somewhat contradictory.  You
DON'T want it to query SQL for the EAP-TLS traffic, but you DO want it
to ignore EAP-TLS  if the SQL database is down.

  If the SQL database is down, and you don't want the server to respond,
then just bring the server down.  Write a simple shell script to poke
the SQL server, and to re-start FreeRADIUS once the SQL server comes
back up.

  Alan DeKok.



More information about the Freeradius-Users mailing list