Advanced SQL Auth/Generate clients.conf from SQL?

Alan DeKok aland at deployingradius.com
Tue Feb 13 08:00:15 CET 2007


Luca Corti wrote:
> Please forgive my ignorance, but how is this different from what
> Freeradius already does when handling SIGHUP?

  There are some issues with the servers handling of HUP.

> Wrt  cron + kill -HUP I think that it may be a bit overkill just to
> reload the NAS table.

  Yes.

  An alternative is to read the clients "live" from the DB.  I've been
opposed to that because of DoS issues.  i.e. for known clients it works
fine.  But attackers can take down your RADIUS server by sending packets
from millions of source IP addresses, each causing an SQL lookup.

  I think there's a way to fix that, but I don't know if I have the time
to implement it.

  Alan DeKok.
--
  http://deployingradius.com       - The web site of the book
  http://deployingradius.com/blog/ - The blog



More information about the Freeradius-Users mailing list