suggestions for multiple vlans in hundreds of switches

Arran Cudbard-Bell A.Cudbard-Bell at sussex.ac.uk
Sat Apr 21 12:17:20 CEST 2007


Alan DeKok wrote:
> Arran Cudbard-Bell wrote:
>
>   
>> Yeah, complex sql really can be quite slow, specially when the queries 
>> are being run multiple times for all the rounds required in eap 
>> authentication.
>>     
>
>   If you're using the TLS variants of EAP, you can do:
>
> DEFAULT	FreeRADIUS-Proxied-To == 127.0.0.1, Autz-Type := "internal"
>
>   Then in the "authorize" section, add:
>
> 	...
> 	Autz-Type internal {
> 		... do DB lookups here
> 	}
>
>   If you're doing password lookups in LDAP, put "ldap" in that section.
>  Then, the LDAP lookups will only be done when they're needed.
>   
Yeees, and have a similar one checking for the existence of 
User-Password attribute and settings the Autz-Type to LDAP !

Wow this is going to speed stuff up so much !

Thankyou :)

Ahh yes, I just got how this could work... because to deal with the 
contents of the eap tunnel freeradius proxies it to itself...
And though your only writing the reply attributes to the tunnel , when 
the tunneled request comes back,
the attributes will be used in the main packet sent back to the NAS, 
including the eap message from the proxied request ...

Is the proxying to self new behaviour ?

I know the Authz-Type and Auth-Type stuff is only in CVS so you must not 
have been able to do it in 1.1* ?

>   Alan DeKok.
> --
>   http://deployingradius.com       - The web site of the book
>   http://deployingradius.com/blog/ - The blog
> - 
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>   




More information about the Freeradius-Users mailing list