O/H Alan DeKok έγραψε:
Arran Cudbard-Bell wrote:
So you've halved the load on the db for EAP-PEAP :)
More than that, probably. If you configure it as:
authorize { ... eap { handled = return ok = return } ... }
Then the EAP Identity packet won't cause it to hit the DB, either.
And now theres no need to mess about with Authz-Types ...
So no need to put the original source ip in internally forwarded packets.
It's still a useful feature.
Ok well, thats fixed just about all the issues I had with freeRADIUS.
The two things left for 2.0 are:
- HUP handling - integration of detail file reading into the server core (partially done)
And removing the xlat input string limit, probably by using preallocated buffers which will increase performance...
The detail logic will allow some cool features:
NAS ----+--> proxy ------> home server | | | | if home server is down | v \--- detail file
i.e. "proxy requests to the home server. If it's down, log them to the detail file. If there's stuff in the detail file, read it back, and handle it again, just like it was a new request."
Hows that book coming ? :)
Slowly, unfortunately.
Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/devel.html
-- Kostas Kalevras - Network Operations Center National Technical University of Athens http://kkalev.wordpress.com