Hi, I`m playing with rlm_cache. I want to cache auth request to speed up future processing of the same auth request. If I send second request (the same as first one), I got reject :(. Could you please help, me. Thx. mods-enabled/cache: ... update { request: := &request: control: := &control: reply: := &reply: } ... sites-enabled/default: authorize { verify_nas preprocess chap suffix update control { Cache-Status-Only := 'yes' } cache if (notfound) { files update control { Cache-Status-Only := 'no' } cache } pap } Debug output: radiusd: FreeRADIUS Version 3.0.3, for host i686-pc-linux-gnu, built on Sep 1 2014 at 21:59:53 Copyright (C) 1999-2014 The FreeRADIUS server project and contributors There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE You may redistribute copies of FreeRADIUS under the terms of the GNU General Public License For more information about these matters, see the file named COPYRIGHT Starting - reading configuration files ... including dictionary file /mnt/sdcard/software/freeradius-server-3.0.3/share/freeradius/dictionary including dictionary file /mnt/sdcard/software/freeradius-server-3.0.3/share/freeradius/dictionary.dhcp including dictionary file /mnt/sdcard/software/freeradius-server-3.0.3/share/freeradius/dictionary.vqp including dictionary file ./dictionary including configuration file ./radiusd.conf including configuration file ./proxy.conf including configuration file ./clients.conf including files in directory ./mods-enabled/ including configuration file ./mods-enabled/digest including configuration file ./mods-enabled/pap including configuration file ./mods-enabled/cache including configuration file ./mods-enabled/attr_filter including configuration file ./mods-enabled/chap including configuration file ./mods-enabled/linelog including configuration file ./mods-enabled/expr including configuration file ./mods-enabled/preprocess including configuration file ./mods-enabled/realm including configuration file ./mods-enabled/unpack including configuration file ./mods-enabled/files including configuration file ./mods-enabled/always including files in directory ./policy.d/ including configuration file ./policy.d/cui including configuration file ./policy.d/control including configuration file ./policy.d/filter including configuration file ./policy.d/eap including configuration file ./policy.d/nas including configuration file ./policy.d/accounting including configuration file ./policy.d/dhcp including configuration file ./policy.d/operator-name including configuration file ./policy.d/canonicalization including files in directory ./sites-enabled/ including configuration file ./sites-enabled/default main { name = "radiusd" prefix = "/mnt/sdcard/software/freeradius-server-3.0.3" localstatedir = "/mnt/sdcard/software/freeradius-server-3.0.3/var" sbindir = "/mnt/sdcard/software/freeradius-server-3.0.3/sbin" logdir = "/mnt/sdcard/software/freeradius-server-3.0.3/var/log/radius" run_dir = "/mnt/sdcard/software/freeradius-server-3.0.3/var/run/radiusd" libdir = "/mnt/sdcard/software/freeradius-server-3.0.3/lib" radacctdir = "/mnt/sdcard/software/freeradius-server-3.0.3/var/log/radius/radacct" hostname_lookups = no max_request_time = 30 cleanup_delay = 5 max_requests = 1024 pidfile = "/mnt/sdcard/software/freeradius-server-3.0.3/var/run/radiusd/radiusd.pid" checkrad = "/mnt/sdcard/software/freeradius-server-3.0.3/sbin/checkrad" debug_level = 0 proxy_requests = yes log { stripped_names = no auth = yes auth_badpass = yes auth_goodpass = yes colourise = yes msg_denied = "You are already logged in - access denied" } security { max_attributes = 200 reject_delay = 1 status_server = yes allow_vulnerable_openssl = "yes" } } radiusd: #### Loading Realms and Home Servers #### proxy server { retry_delay = 5 retry_count = 3 default_fallback = no dead_time = 120 wake_all_if_all_dead = no } home_server localhost { ipaddr = 127.0.0.1 port = 1812 type = "auth" secret = <<< secret >>> response_window = 20 max_outstanding = 65536 zombie_period = 40 status_check = "status-server" ping_interval = 30 check_interval = 30 num_answers_to_alive = 3 revive_interval = 120 status_check_timeout = 4 coa { irt = 2 mrt = 16 mrc = 5 mrd = 30 } limit { max_connections = 16 max_requests = 0 lifetime = 0 idle_timeout = 0 } } home_server_pool my_auth_failover { type = fail-over home_server = localhost } realm example.com { auth_pool = my_auth_failover } realm LOCAL { } radiusd: #### Loading Clients #### client localhost { ipaddr = 127.0.0.1 require_message_authenticator = no secret = <<< secret >>> nas_type = "other" proto = "*" limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } radiusd: #### Instantiating modules #### instantiate { } modules { # Loaded module rlm_digest # Instantiating module "digest" from file ./mods-enabled/digest # Loaded module rlm_pap # Instantiating module "pap" from file ./mods-enabled/pap pap { normalise = yes } # Loaded module rlm_cache # Instantiating module "cache" from file ./mods-enabled/cache cache { key = "%{User-Name}" ttl = 86400 max_entries = 16384 epoch = 0 add_stats = yes } # Loaded module rlm_attr_filter # Instantiating module "attr_filter.post-proxy" from file ./mods-enabled/attr_filter attr_filter attr_filter.post-proxy { filename = "./mods-config/attr_filter/post-proxy" key = "%{Realm}" relaxed = no } reading pairlist file ./mods-config/attr_filter/post-proxy # Instantiating module "attr_filter.pre-proxy" from file ./mods-enabled/attr_filter attr_filter attr_filter.pre-proxy { filename = "./mods-config/attr_filter/pre-proxy" key = "%{Realm}" relaxed = no } reading pairlist file ./mods-config/attr_filter/pre-proxy # Instantiating module "attr_filter.access_reject" from file ./mods-enabled/attr_filter attr_filter attr_filter.access_reject { filename = "./mods-config/attr_filter/access_reject" key = "%{User-Name}" relaxed = no } reading pairlist file ./mods-config/attr_filter/access_reject # Instantiating module "attr_filter.access_challenge" from file ./mods-enabled/attr_filter attr_filter attr_filter.access_challenge { filename = "./mods-config/attr_filter/access_challenge" key = "%{User-Name}" relaxed = no } reading pairlist file ./mods-config/attr_filter/access_challenge # Instantiating module "attr_filter.accounting_response" from file ./mods-enabled/attr_filter attr_filter attr_filter.accounting_response { filename = "./mods-config/attr_filter/accounting_response" key = "%{User-Name}" relaxed = no } reading pairlist file ./mods-config/attr_filter/accounting_response # Loaded module rlm_chap # Instantiating module "chap" from file ./mods-enabled/chap # Loaded module rlm_linelog # Instantiating module "linelog" from file ./mods-enabled/linelog linelog { filename = "/mnt/sdcard/software/freeradius-server-3.0.3/var/log/radius/linelog" permissions = 384 format = "This is a log message for %{User-Name}" reference = "messages.%{%{Packet-Type}:-default}" } # Instantiating module "log_accounting" from file ./mods-enabled/linelog linelog log_accounting { filename = "/mnt/sdcard/software/freeradius-server-3.0.3/var/log/radius/linelog-accounting" permissions = 384 format = "" reference = "Accounting-Request.%{%{Acct-Status-Type}:-unknown}" } # Loaded module rlm_expr # Instantiating module "expr" from file ./mods-enabled/expr expr { safe_characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /" } # Loaded module rlm_preprocess # Instantiating module "preprocess" from file ./mods-enabled/preprocess preprocess { huntgroups = "./mods-config/preprocess/huntgroups" hints = "./mods-config/preprocess/hints" with_ascend_hack = no ascend_channels_per_line = 23 with_ntdomain_hack = no with_specialix_jetstream_hack = no with_cisco_vsa_hack = no with_alvarion_vsa_hack = no } reading pairlist file ./mods-config/preprocess/huntgroups reading pairlist file ./mods-config/preprocess/hints # Loaded module rlm_realm # Instantiating module "IPASS" from file ./mods-enabled/realm realm IPASS { format = "prefix" delimiter = "/" ignore_default = no ignore_null = no } # Instantiating module "suffix" from file ./mods-enabled/realm realm suffix { format = "suffix" delimiter = "@" ignore_default = no ignore_null = no } # Instantiating module "realmpercent" from file ./mods-enabled/realm realm realmpercent { format = "suffix" delimiter = "%" ignore_default = no ignore_null = no } # Instantiating module "ntdomain" from file ./mods-enabled/realm realm ntdomain { format = "prefix" delimiter = "\" ignore_default = no ignore_null = no } # Loaded module rlm_unpack # Instantiating module "unpack" from file ./mods-enabled/unpack # Loaded module rlm_files # Instantiating module "files" from file ./mods-enabled/files files { filename = "./mods-config/files/authorize" usersfile = "./mods-config/files/authorize" acctusersfile = "./mods-config/files/accounting" preproxy_usersfile = "./mods-config/files/pre-proxy" compat = "cistron" } reading pairlist file ./mods-config/files/authorize [./mods-config/files/authorize]:83 Cistron compatibility checks for entry dummy ... [./mods-config/files/authorize]:191 Cistron compatibility checks for entry DEFAULT ... [./mods-config/files/authorize]:198 Cistron compatibility checks for entry DEFAULT ... [./mods-config/files/authorize]:205 Cistron compatibility checks for entry DEFAULT ... reading pairlist file ./mods-config/files/authorize [./mods-config/files/authorize]:83 Cistron compatibility checks for entry dummy ... [./mods-config/files/authorize]:191 Cistron compatibility checks for entry DEFAULT ... [./mods-config/files/authorize]:198 Cistron compatibility checks for entry DEFAULT ... [./mods-config/files/authorize]:205 Cistron compatibility checks for entry DEFAULT ... reading pairlist file ./mods-config/files/accounting reading pairlist file ./mods-config/files/pre-proxy # Loaded module rlm_always # Instantiating module "reject" from file ./mods-enabled/always always reject { rcode = "reject" simulcount = 0 mpp = no } # Instantiating module "fail" from file ./mods-enabled/always always fail { rcode = "fail" simulcount = 0 mpp = no } # Instantiating module "ok" from file ./mods-enabled/always always ok { rcode = "ok" simulcount = 0 mpp = no } # Instantiating module "handled" from file ./mods-enabled/always always handled { rcode = "handled" simulcount = 0 mpp = no } # Instantiating module "invalid" from file ./mods-enabled/always always invalid { rcode = "invalid" simulcount = 0 mpp = no } # Instantiating module "userlock" from file ./mods-enabled/always always userlock { rcode = "userlock" simulcount = 0 mpp = no } # Instantiating module "notfound" from file ./mods-enabled/always always notfound { rcode = "notfound" simulcount = 0 mpp = no } # Instantiating module "noop" from file ./mods-enabled/always always noop { rcode = "noop" simulcount = 0 mpp = no } # Instantiating module "updated" from file ./mods-enabled/always always updated { rcode = "updated" simulcount = 0 mpp = no } } # modules radiusd: #### Loading Virtual Servers #### server { # from file ./radiusd.conf } # server server default { # from file ./sites-enabled/default # Loading authenticate {...} # Loading authorize {...} Ignoring "sql" (see raddb/mods-available/README.rst) Ignoring "ldap" (see raddb/mods-available/README.rst) # Loading preacct {...} # Loading accounting {...} # Loading post-auth {...} } # server default radiusd: #### Opening IP addresses and Ports #### listen { type = "auth" ipaddr = * port = 0 limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } listen { type = "acct" ipaddr = * port = 0 limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } Listening on auth address * port 1812 as server default Listening on acct address * port 1813 as server default Opening new proxy socket 'proxy address * port 0' Listening on proxy address * port 53265 Ready to process requests. Received Access-Request Id 34 from 127.0.0.1:51488 to 127.0.0.1:1812 length 95 NAS-Port-Type = Virtual Service-Type = Framed-User Framed-Protocol = PPP User-Name = 'dummy' User-Password = 'dummy' Connect-Info = '8640000' NAS-Port = 411 NAS-Port-Id = 'Uniq-Sess-ID411' (0) # Executing section authorize from file ./sites-enabled/default (0) authorize { (0) verify_nas verify_nas { (0) if ( ! NAS-IP-Address ) (0) if ( ! NAS-IP-Address ) -> TRUE (0) if ( ! NAS-IP-Address ) { (0) update { (0) EXPAND %{Packet-Src-IP-Address} (0) --> 127.0.0.1 (0) NAS-IP-Address := 127.0.0.1 (0) } # update = noop (0) } # if ( ! NAS-IP-Address ) = noop (0) } # verify_nas verify_nas = noop (0) [preprocess] = ok (0) [chap] = noop (0) suffix : No '@' in User-Name = "dummy", looking up realm NULL (0) suffix : No such realm "NULL" (0) [suffix] = noop (0) update control { (0) Cache-Status-Only := yes (0) } # update control = noop (0) cache : EXPAND %{User-Name} (0) cache : --> dummy (0) [cache] = notfound (0) if (notfound) (0) if (notfound) -> TRUE (0) if (notfound) { (0) files : users: Matched entry dummy at line 83 (0) [files] = ok (0) update control { (0) Cache-Status-Only := no (0) } # update control = noop (0) cache : EXPAND %{User-Name} (0) cache : --> dummy (0) cache : Creating entry for "dummy" (0) cache : request: := &request:NAS-Port-Type (0) cache : request: := &request:Service-Type (0) cache : request: := &request:Framed-Protocol (0) cache : request: := &request:User-Name (0) cache : request: := &request:User-Password (0) cache : request: := &request:Connect-Info (0) cache : request: := &request:NAS-Port (0) cache : request: := &request:NAS-Port-Id (0) cache : request: := &request:NAS-IP-Address (0) cache : request: := &request:Huntgroup-Name (0) cache : control: := &config:Cleartext-Password (0) cache : skipping Cache-Status-Only (0) cache : reply: := &reply:Service-Type (0) cache : reply: := &reply:Framed-Protocol (0) cache : reply: := &reply:Framed-IP-Address (0) cache : reply: := &reply:Framed-IP-Netmask (0) cache : reply: := &reply:Framed-Routing (0) cache : reply: := &reply:Framed-Filter-Id (0) cache : reply: := &reply:Framed-MTU (0) cache : reply: := &reply:Framed-Compression (0) cache : Inserted entry, TTL 86400 seconds (0) [cache] = updated (0) } # if (notfound) = updated (0) [pap] = updated (0) } # authorize = updated (0) Found Auth-Type = PAP (0) # Executing group from file ./sites-enabled/default (0) Auth-Type PAP { (0) pap : Login attempt with password (0) pap : User authenticated successfully (0) [pap] = ok (0) } # Auth-Type PAP = ok (0) Login OK: [dummy/dummy] (from client localhost port 411) (0) # Executing section post-auth from file ./sites-enabled/default (0) post-auth { (0) remove_reply_message_if_eap remove_reply_message_if_eap { (0) if (reply:EAP-Message && reply:Reply-Message) (0) if (reply:EAP-Message && reply:Reply-Message) -> FALSE (0) else else { (0) [noop] = noop (0) } # else else = noop (0) } # remove_reply_message_if_eap remove_reply_message_if_eap = noop (0) } # post-auth = noop Sending Access-Accept Id 34 from 127.0.0.1:1812 to 127.0.0.1:51488 Service-Type = Framed-User Framed-Protocol = PPP Framed-IP-Address = 172.16.3.33 Framed-IP-Netmask = 255.255.255.0 Framed-Routing = Broadcast-Listen Framed-Filter-Id = 'std.ppp' Framed-MTU = 1500 Framed-Compression = Van-Jacobson-TCP-IP (0) Finished request Waking up in 0.3 seconds. Waking up in 4.6 seconds. (0) Cleaning up request packet ID 34 with timestamp +3 Ready to process requests. Received Access-Request Id 243 from 127.0.0.1:59013 to 127.0.0.1:1812 length 95 NAS-Port-Type = Virtual Service-Type = Framed-User Framed-Protocol = PPP User-Name = 'dummy' User-Password = 'dummy' Connect-Info = '8640000' NAS-Port = 411 NAS-Port-Id = 'Uniq-Sess-ID411' (1) # Executing section authorize from file ./sites-enabled/default (1) authorize { (1) verify_nas verify_nas { (1) if ( ! NAS-IP-Address ) (1) if ( ! NAS-IP-Address ) -> TRUE (1) if ( ! NAS-IP-Address ) { (1) update { (1) EXPAND %{Packet-Src-IP-Address} (1) --> 127.0.0.1 (1) NAS-IP-Address := 127.0.0.1 (1) } # update = noop (1) } # if ( ! NAS-IP-Address ) = noop (1) } # verify_nas verify_nas = noop (1) [preprocess] = ok (1) [chap] = noop (1) suffix : No '@' in User-Name = "dummy", looking up realm NULL (1) suffix : No such realm "NULL" (1) [suffix] = noop (1) update control { (1) Cache-Status-Only := yes (1) } # update control = noop (1) cache : EXPAND %{User-Name} (1) cache : --> dummy (1) cache : Found entry for "dummy" (1) [cache] = ok (1) if (notfound) (1) if (notfound) -> FALSE (1) WARNING: pap : No "known good" password found for the user. Not setting Auth-Type. (1) WARNING: pap : Authentication will fail unless a "known good" password is available. (1) [pap] = noop (1) } # authorize = ok (1) ERROR: No Auth-Type found: rejecting the user via Post-Auth-Type = Reject (1) Failed to authenticate the user. (1) Login incorrect (No Auth-Type found: rejecting the user via Post-Auth-Type = Reject): [dummy/dummy] (from client localhost port 411) (1) Using Post-Auth-Type Reject (1) # Executing group from file ./sites-enabled/default (1) Post-Auth-Type REJECT { (1) remove_reply_message_if_eap remove_reply_message_if_eap { (1) if (reply:EAP-Message && reply:Reply-Message) (1) if (reply:EAP-Message && reply:Reply-Message) -> FALSE (1) else else { (1) [noop] = noop (1) } # else else = noop (1) } # remove_reply_message_if_eap remove_reply_message_if_eap = noop (1) } # Post-Auth-Type REJECT = noop (1) Delaying response for 1 seconds Waking up in 0.3 seconds. Waking up in 0.6 seconds. (1) Sending delayed response Sending Access-Reject Id 243 from 127.0.0.1:1812 to 127.0.0.1:59013 Waking up in 3.9 seconds. (1) Cleaning up request packet ID 243 with timestamp +10 Ready to process requests. Peter
BALSIANOK, Peter wrote:
I`m playing with rlm_cache. I want to cache auth request to speed up future processing of the same auth request.
That probably isn't useful.
update { request: := &request: control: := &control: reply: := &reply: }
That isn't useful. You're caching the *request*? i.e. over-writing the *new* request with the *cached* one? Why would you ever do that? It makes no sense. Alan DeKok.
Ok, Maybe I didn`t write it correct. At this moment i`m using rlm_perl to do everythink. The perl code also contains internal cache to prevent contact LDAP server (each time). So I can process request quicker. But perl code has limitation. As I understand, only one thread (locking) can use perl code at the same time. Of course I can use more than one perl module instances, but I don`t want. Therefore I want to use rlm_cache to store reply&control for request, so I don`t need to call perl code if request was correct / incorrect last time. -----Original Message----- From: freeradius-users-bounces+peter.balsianok=orange.com@lists.freeradius.org [mailto:freeradius-users-bounces+peter.balsianok=orange.com@lists.freeradius.org] On Behalf Of Alan DeKok Sent: 3. septembra 2014 16:01 To: FreeRadius users mailing list Subject: Re: rlm_cache BALSIANOK, Peter wrote:
I`m playing with rlm_cache. I want to cache auth request to speed up future processing of the same auth request.
That probably isn't useful.
update { request: := &request: control: := &control: reply: := &reply: }
That isn't useful. You're caching the *request*? i.e. over-writing the *new* request with the *cached* one? Why would you ever do that? It makes no sense. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
BALSIANOK, Peter wrote:
Maybe I didn`t write it correct. At this moment i`m using rlm_perl to do everythink. The perl code also contains internal cache to prevent contact LDAP server (each time). So I can process request quicker.
I've tested LDAP servers at 10K auth/s. There shouldn't be a need for caching. And FreeRADIUS can talk to LDAP natively. There's no need to use Perl for that.
But perl code has limitation. As I understand, only one thread (locking) can use perl code at the same time.
Perl is thread-safe. rlm_perl is thread-safe.
Therefore I want to use rlm_cache to store reply&control for request, so I don`t need to call perl code if request was correct / incorrect last time.
I would suggest just using the LDAP module. It's simpler, and it works. Alan DeKok.
I agree with your arguments, unfortunately i need to use rlm_perl and on the other hand i can`t use rlm_ldap (in all respect is too simple to fulfill our complex tasks). Perl is thread-safe. rlm_perl is thread-safe. Does it mean that more than one thread (freeradius) can use perl code (rlm-perl) in parallel ? Please Is it possible to use rlm_cache as storage previously processed request ( correct or incorrect ) to speed up processing ? Thank you very much. ________________________________________ From: freeradius-users-bounces+peter.balsianok=orange.com@lists.freeradius.org [freeradius-users-bounces+peter.balsianok=orange.com@lists.freeradius.org] on behalf of Alan DeKok [aland@deployingradius.com] Sent: Wednesday, September 03, 2014 4:59 PM To: FreeRadius users mailing list Subject: Re: rlm_cache BALSIANOK, Peter wrote:
Maybe I didn`t write it correct. At this moment i`m using rlm_perl to do everythink. The perl code also contains internal cache to prevent contact LDAP server (each time). So I can process request quicker.
I've tested LDAP servers at 10K auth/s. There shouldn't be a need for caching. And FreeRADIUS can talk to LDAP natively. There's no need to use Perl for that.
But perl code has limitation. As I understand, only one thread (locking) can use perl code at the same time.
Perl is thread-safe. rlm_perl is thread-safe.
Therefore I want to use rlm_cache to store reply&control for request, so I don`t need to call perl code if request was correct / incorrect last time.
I would suggest just using the LDAP module. It's simpler, and it works. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
BALSIANOK, Peter wrote:
I agree with your arguments, unfortunately i need to use rlm_perl and on the other hand i can`t use rlm_ldap (in all respect is too simple to fulfill our complex tasks).
Well that is vague.
Perl is thread-safe. rlm_perl is thread-safe. Does it mean that more than one thread (freeradius) can use perl code (rlm-perl) in parallel ?
That's what I said. Please don't ask for confirmation. It's annoying.
Please Is it possible to use rlm_cache as storage previously processed request ( correct or incorrect ) to speed up processing ?
Not the way you're using it. You can't just cache *everything* and expect it to work. You have to catch what is needed, and only when it is needed. Alan DeKok.
Could you please give me some hint how to do it ? ________________________________________ From: freeradius-users-bounces+peter.balsianok=orange.com@lists.freeradius.org [freeradius-users-bounces+peter.balsianok=orange.com@lists.freeradius.org] on behalf of Alan DeKok [aland@deployingradius.com] Sent: Wednesday, September 03, 2014 7:59 PM To: FreeRadius users mailing list Subject: Re: rlm_cache BALSIANOK, Peter wrote:
I agree with your arguments, unfortunately i need to use rlm_perl and on the other hand i can`t use rlm_ldap (in all respect is too simple to fulfill our complex tasks).
Well that is vague.
Perl is thread-safe. rlm_perl is thread-safe. Does it mean that more than one thread (freeradius) can use perl code (rlm-perl) in parallel ?
That's what I said. Please don't ask for confirmation. It's annoying.
Please Is it possible to use rlm_cache as storage previously processed request ( correct or incorrect ) to speed up processing ?
Not the way you're using it. You can't just cache *everything* and expect it to work. You have to catch what is needed, and only when it is needed. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hello Peter, Comments are inline. Albeit, I'm not providing any technical help. Sorry. On Wed, Sep 3, 2014 at 3:35 PM, BALSIANOK, Peter <Peter.BALSIANOK@orange.com> wrote:
Could you please give me some hint how to do it ?
Top posting like this is, to some degree, considered rude when the list (FR-users) convention is to inline post. Other mailing lists may have differing conventions. You may have noticed Alan's last email - each question (or comment) of yours was answered by Alan directly after it. That is inline posting. There are many places to find more info about "Why top posting is bad". The above question, "Could you please give me some hint how to do it" ought to be (immediately) after the part that "it" is referring to. I can only guess that the word "it" is referring to: ---{cut}--- You have to catch what is needed, and only when it
is needed. ---{end}---
Again, others are probably wondering what your question is referring to. Hope that helps, -m
________________________________________ From: freeradius-users-bounces+peter.balsianok=orange.com@lists.freeradius.org [freeradius-users-bounces+peter.balsianok=orange.com@lists.freeradius.org] on behalf of Alan DeKok [aland@deployingradius.com] Sent: Wednesday, September 03, 2014 7:59 PM To: FreeRadius users mailing list Subject: Re: rlm_cache
BALSIANOK, Peter wrote:
I agree with your arguments, unfortunately i need to use rlm_perl and on the other hand i can`t use rlm_ldap (in all respect is too simple to fulfill our complex tasks).
Well that is vague.
Perl is thread-safe. rlm_perl is thread-safe. Does it mean that more than one thread (freeradius) can use perl code (rlm-perl) in parallel ?
That's what I said. Please don't ask for confirmation. It's annoying.
Please Is it possible to use rlm_cache as storage previously processed request ( correct or incorrect ) to speed up processing ?
Not the way you're using it. You can't just cache *everything* and expect it to work. You have to catch what is needed, and only when it is needed.
Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
BALSIANOK, Peter wrote:
Could you please give me some hint how to do it ?
The problem is that your questions are extremely vague. So far I know you want to cache everything, but that doesn't work. You use rlm_perl to do "complex" things with LDAP. That's it. How, exactly am I supposed to help you when you don't describe what you're doing? I don't know what logic is applied. How the user is authenticated. What reply attributes are added, or why any reply attribute is added. Describe what you're doing. Be specific. If you're not specific, my answers are as vague as your messages. And as unhelpful. Alan DeKok.
participants (3)
-
Alan DeKok -
BALSIANOK, Peter -
Matt Zagrabelny