best place for logic - users file or custom module?

Tariq Rashid tariq.rashid at uk.easynet.net
Tue Aug 23 12:05:46 CEST 2005



hi, i'm planning a significant migration from a different radius server
(Radiator, perl based). 

one advantage of that server is that it is very easy to code custom hooks to
apply business logic to post-(ldap)-search and post-auth points of the
radius sequence. the disadvantage is the performance of the system
(single-threaded, low peak performance intorducing latency into system). 

our tests with freeradius show a much lighter server - its faster, and
easier on memory and cpu. however the downside is that applying custom logic
to the radius process is a bit more difficult. 

i'd like some advide on the best place to implement this logic. for example
- a common scenario is for a request to come from A, and the reply to A
contains instructions to extend a tunnel to a second device B. A second
query from B is then received. 

this case is handled easily in perl using "if()" constructs. in theory - and
for simple cases - i can do this in the "users" file with the matching
conditions to provide the logic - but that's not a scalable or sensible way
i think - correct me if i'm wrong. i'll be handling many conditions (if
nas-identifier = x, .., if domain/realm = y ... ).

so i guess i have to write a custom module for this? comments appreciated.

pointers to examples / tutorials also appreciated - i couldn't find any in
the documentation or on the website.

tariq



More information about the Freeradius-Users mailing list