Kostas Kalevras wrote:
Hmm that would mean stil having to add client entris in the clients.conf. We 'd like to avoid that when using sql.
Yes. The reason is DoS attacks. My idea was to limit the number of IP's looked up in SQL by network. So if a particular network is getting lots of "new" clients, it may be a DoS attack, and the server can just start dropping the requests. In other words, it's OK for known clients to cause the server to do lots of SQL lookups. It's not OK for random people on the net to cause the server to do lots of SQL lookups. If there's a way to restrict the lookups to avoid DoS attacks, I'm all for it. Maybe something like doing lookups of new clients only once a second. That should rate-limit DoS attacks to something manageable, and still allow new clients to be discovered quickly. So adding 30 new clients would require at minimum 30s of time, but I that shouldn't be much of a problem... Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog