It looks to me if authenticate section passes it sets request->reply->code=2 (Access-Accept) and then we cannot force server not to respond as it compares with 0 How can we force it not to respond in post-auth if control is set to not_respond (PW_RESPONSE_PACKET_TYPE is 256)? event.c case PW_AUTHENTICATION_REQUEST: gettimeofday(&request->next_when, NULL); if (request->reply->code == 0) { /* * Check if the lack of response is intentional. */ vp = pairfind(request->config_items, PW_RESPONSE_PACKET_TYPE); if (!vp) { RDEBUG2("There was no response configured: rejecting request %d", request->number); request->reply->code = PW_AUTHENTICATION_REJECT; } else if (vp->vp_integer == 256) { RDEBUG2("Not responding to request %d", request->number); } else { request->reply->code = vp->vp_integer; } } I looked in the code and inside event.c Ivan Kalik wrote:
The documentation says that it was improved only for TTLS and PEAP, but not for TLS. EAPTLS module always returns "updated" in authorize section and only in the end it returns "ok" in authenticate section. We need to avoid calling SQL module in authorize section
So don't call it. Remove it from authorize and list sql.authorize in post-auth. That will add reply attributes from the database.
Ivan Kalik Kalik Informatika ISP
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-- View this message in context: http://www.nabble.com/EAP-TLS-performance-SQL-backend-bottleneck-tp25386668p... Sent from the FreeRadius - User mailing list archive at Nabble.com.