Can we do sql just once during eap-tls handshake
Phil Mayers
p.mayers at imperial.ac.uk
Thu Mar 5 12:32:43 CET 2009
Johan F2 wrote:
> We are using eap-tls for authetication assisted with a database for filling
> in some attributes.
>
> FreeRADIUS Version 2.1.3 with minimal configuration will do a sql lookup for
> each round.
> (Four selects: radcheck, radusergroup, radgroupcheck and radgroupreply).
> There are 6-9 rounds depending on certificate chain sizes.
>
> Obviously performance would be better with only one database lookup.
>
> Part of the (attempted) configuration:
> authorize {
> preprocess
>
> eap
> if (I have tried some conditions here) {
The default FR 2.0 config has:
authorize {
eap {
ok = return
}
}
...which will do what you want. As always, mangling the default config
without understanding why it does what it does is a bad idea.
More information about the Freeradius-Users
mailing list