Antw: Re: How many NAS kann radius take?

Anja Ruckdaeschel Anja.Ruckdaeschel at rz.uni-regensburg.de
Mon Mar 3 10:07:29 CET 2014


Thank you for the hints and tipps. 
A single request is much faster now, since we are not using the
huntgroups file any more but client xlat.

We are waiting for our students coming back from holidays to check 
if the fix did it.

We are also still talking to our vendor about changing the udp source port
when doing more than 256 in-flight requests. 

Thank you all very much.

Anja

>>> Alan DeKok <aland at deployingradius.com> 14.02.2014 03:17 >>>
Anja Ruckdaeschel wrote:
> Every nas has an entry in an include file for clients.conf like:
> client 172.31.134.10 {
>         secret = ***************
>         shortname = blafasel
>         nastype = other
> }

  That's fine.

> and an entry per NAS in an include file for huntrgoups like:
> 
> ap Client-IP-Address == x.x.x.x
> ap NAS-IP-Address == x.x.x.x

  That's terrible.  Don't do that.  Ever.

  Instead, put the client group information into the "client" section:

client 172.31.134.10 {
        secret = ***************
        shortname = blafasel
        nastype = other
	group = ap
}

  Then do policy checking via %{client:group} instead of Huntgroup-Name.
 It will do the same thing, and will be *enormously* faster.

  As a general rule, if you're doing tens of checks, it's OK to put them
into a flat-text file.  If you're doing thousands of checks, you should
really put them into a database.

  Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html



More information about the Freeradius-Users mailing list