Group Authorization Question

Alok Vimawala avimawal at umich.edu
Fri Jan 2 21:51:10 CET 2009


Hi Mike,

Are you trying to have the radius server send an access-reject when  
the user is not in the group?
Or are you trying to send a list of groups to the VPN device?

- Alok

On Jan 1, 2009, at 3:21 PM, Alan DeKok wrote:

> Mike Diggins wrote:
>> On a related note, should the rlm_dbm_parse program be able to  
>> convert
>> the users file (assuming it is the correct syntax) directly? It
>> complains about the ntlm_auth type.
>
>  I wouldn't suggest using rlm_dbm.  It's not really maintained, and
> it's not necessary.
>
>  As of 2.x, the server puts the "users" file entries into a hash when
> it loads the file.  I've tested 100K users being loaded in a second or
> two on a reasonable machine.  On top of that, 2.x supports HUP better
> than 1.x.
>
>  So... rlm_dbm is almost never necessary any more.
>
>  If you have less than 10K entries in the "users" file, I would  
> suggest
> that rlm_dbm is not for you.  If you have more than 10K users, I would
> suggest using an SQL database.
>
>  Alan DeKok.
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20090102/5ed45658/attachment.html>


More information about the Freeradius-Users mailing list