Stephen Fulton wrote:
The second is that the NAS'es which will communicate with this RADIUS cluster are known to drop auth requests and issue a denial if the response is not "quick" enough. Unfortunately this is a 3rd party managed set of NAS'es, and therefore limited in what I can do.
Refer them to RFC 5080, which has a recommended retransmit policy. i.e. ask them to implement RADIUS. :) If you want to share one MySQL instance across multiple virtual servers, it's relatively easy. The MySQL queries are editable for a reason. Change the ${authcheck_table} references to %{SQL-Auth-Check-Table} and similarly for the rest of the table names. Go to raddb/dictionary, and define SQL-Auth-Check-Table as a "string" attribute. Then for each virtual server "authorize" and "preacct" sections, do: update request { SQL-Auth-Check-Table := "table-for-this-vs" ... } i.e. add a layer of indirection for the table names, and update them in each virtual server. Alan DeKok.