Thank you for the hints and tipps. A single request is much faster now, since we are not using the huntgroups file any more but client xlat. We are waiting for our students coming back from holidays to check if the fix did it. We are also still talking to our vendor about changing the udp source port when doing more than 256 in-flight requests. Thank you all very much. Anja
Alan DeKok <aland@deployingradius.com> 14.02.2014 03:17 >>> Anja Ruckdaeschel wrote: Every nas has an entry in an include file for clients.conf like: client 172.31.134.10 { secret = *************** shortname = blafasel nastype = other }
That's fine.
and an entry per NAS in an include file for huntrgoups like:
ap Client-IP-Address == x.x.x.x ap NAS-IP-Address == x.x.x.x
That's terrible. Don't do that. Ever. Instead, put the client group information into the "client" section: client 172.31.134.10 { secret = *************** shortname = blafasel nastype = other group = ap } Then do policy checking via %{client:group} instead of Huntgroup-Name. It will do the same thing, and will be *enormously* faster. As a general rule, if you're doing tens of checks, it's OK to put them into a flat-text file. If you're doing thousands of checks, you should really put them into a database. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html