Anja Ruckdaeschel wrote:
Every nas has an entry in an include file for clients.conf like: client 172.31.134.10 { secret = *************** shortname = blafasel nastype = other }
That's fine.
and an entry per NAS in an include file for huntrgoups like:
ap Client-IP-Address == x.x.x.x ap NAS-IP-Address == x.x.x.x
That's terrible. Don't do that. Ever. Instead, put the client group information into the "client" section: client 172.31.134.10 { secret = *************** shortname = blafasel nastype = other group = ap } Then do policy checking via %{client:group} instead of Huntgroup-Name. It will do the same thing, and will be *enormously* faster. As a general rule, if you're doing tens of checks, it's OK to put them into a flat-text file. If you're doing thousands of checks, you should really put them into a database. Alan DeKok.