Adding a NAS via SQL
Krzysztof Olędzki
krzysztof.oledzki at axelspringer.pl
Mon Jul 30 16:57:08 CEST 2007
On 2007-07-30 15:54, Stefan Winter wrote:
> Hi,
>
>> It is an issue that has been discussed previously and FreeRADIUS is
>> unlikely to ever do an SQL SELECT of the nas table for every inbound
>> packet. What may be possible is to reload the nas list at certain intervals
>> (from cron is the easiest) but until/unless HUP handling is improved that
>> is problematic for deployments that need to keep session state (ie. EAP
>> users). If you dont use EAP, then there is no problem doing a full restart
>> on a regular basis..
>
> regular checks still would be a waste of resources most of the time (how often
> do you add a NAS?). How about:
>
> - doing the SQL query when it encounters a request from a new, unknown IP
> address,
> - RATE-LIMITED to once per minute or so.
>
> That would make re-reading event-driven, and not make the server be DoS'ed
> when a wave of fake requests comes in.
> Not sure how difficult to implement this though...
I'm not sure it this is a good idea. What if you need to change for
example a shared secret?
Pozdrawiam,
Krzysztof Olędzki
--
Krzysztof Olędzki
Axel Springer Polska Sp. z o.o.
tel: +48-22-2320969
fax: +48-22-2325530
More information about the Freeradius-Users
mailing list