Antw: Re: How many NAS kann radius take?
Anja Ruckdaeschel
Anja.Ruckdaeschel at rz.uni-regensburg.de
Thu Feb 20 14:05:49 CET 2014
Did the change with policies and default and inner-tunnel with "%{client:group}" instead of Huntgroup-Name.
But what is the equivalent Variable to check that in the users file / files module?
Thanks for your help.
>>> Alan DeKok <aland at deployingradius.com> 14.02.2014 03:17 >>>
Anja Ruckdaeschel wrote:
> Every nas has an entry in an include file for clients.conf like:
> client 172.31.134.10 {
> secret = ***************
> shortname = blafasel
> nastype = other
> }
That's fine.
> and an entry per NAS in an include file for huntrgoups like:
>
> ap Client-IP-Address == x.x.x.x
> ap NAS-IP-Address == x.x.x.x
That's terrible. Don't do that. Ever.
Instead, put the client group information into the "client" section:
client 172.31.134.10 {
secret = ***************
shortname = blafasel
nastype = other
group = ap
}
Then do policy checking via %{client:group} instead of Huntgroup-Name.
It will do the same thing, and will be *enormously* faster.
As a general rule, if you're doing tens of checks, it's OK to put them
into a flat-text file. If you're doing thousands of checks, you should
really put them into a database.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list