Adding a NAS via SQL
Peter Nixon
listuser at peternixon.net
Sun Jul 29 15:20:58 CEST 2007
Yeah. That would be one way, but its kind of like saying we are going to
introduce a new feature to a BMW that makes it dangerous at speeds over
100km so don't drive it on an autobahn...
It is an issue that has been discussed previously and FreeRADIUS is unlikely
to ever do an SQL SELECT of the nas table for every inbound packet. What may
be possible is to reload the nas list at certain intervals (from cron is the
easiest) but until/unless HUP handling is improved that is problematic for
deployments that need to keep session state (ie. EAP users). If you dont use
EAP, then there is no problem doing a full restart on a regular basis..
Cheers
Peter
On Sun 29 Jul 2007, Paul Lambert wrote:
> Thanks for your help guys.
>
> I guess a way to prevent the DoS is through the correct use of a firewall?
>
> Kind regards,
> Paul.
>
> On 7/28/07, Peter Nixon <listuser at peternixon.net> wrote:
> > On Sat 28 Jul 2007, Paul Lambert wrote:
> > > Hi,
> > >
> > > I have now taken a look through the archives and I can't see a clean
> > > solution for reloading the nas without restarting. I assume this is
> > > what you were suggesting I do via cron?
> >
> > Yep.. The short answer is that FreeRADIUS does not currently reload the
> > nas
> > table automatically, and does not currently support HUP properly. Not
> > perfect, but thats the way it is.
> >
> > If you can think of a secure way to do either or both, and write a patch
> > to
> > implement it, we would be happy :-)
--
Peter Nixon
http://peternixon.net/
More information about the Freeradius-Users
mailing list