Require NAS dependant radius return attributes

Ben Thompson bt4 at
Wed Aug 17 18:20:33 CEST 2005

On Wed, 2005-08-17 at 10:51 -0400, Alan DeKok wrote:
> Ben Thompson <bt4 at> wrote:
> > Thanks for that advice. I can see that I could end up with a very large
> > users file using this method. Is there any limit on the size of the
> > users file?
>   Memory.  Also, the CPU time required to walk it's internal
> representation (linked list).
> > In the near future we may have something like 800000 entries in
> > there. Is this where you would normally look to use a database
> > backend?
>   Yes.  Or, if the mappings are relatively simple, you could look at
> rlm_passwd, which does simple mappins.  It uses a hash to look up
> data, so it should be fast.
>   Alan DeKok.


Thanks for the info, I will have a look at rlm_passwd.

Meanwhile I have tested a setup using the huntgroups file combined with
the use of mutliple DEFAULT entries in the users file like this :-

huntgroups file >>>>

group1	NAS-Identifier == "accesspoint5"
group1	NAS-Identifier == "accesspoint2"

group2	NAS-Identifier == "switch6"
group2	NAS-Identifier == "switch3"



users file >>>>

user1	NT-Password := "35C8397B2320E568467904961A2AF40F"
        Fall-Through = Yes

user2	NT-Password := "35C8397B2320E568467904961A2AF40F"
        Fall-Through = Yes

        Tunnel-Type:1 := VLAN,
        Tunnel-Medium-Type:1 := IEEE-802,
        Fall-Through = Yes

DEFAULT Huntgroup-Name == group1
        Tunnel-Private-Group-ID:1 := 3970,
	Fall-Through = Yes

DEFAULT Huntgroup-Name == group2
        Tunnel-Private-Group-ID:1 := 4025


This cuts the potential size of my users file down to about 20000
entries and the huntgroups file to about 50 entries. Does this sound
reasonable? I am currently running on a dual Xeon 2.8Ghz with 2GB of RAM
which is dedicated to running FreeRADIUS.

Many Thanks

Ben Thompson

More information about the Freeradius-Users mailing list