EAP-TLS performance SQL backend bottleneck

Alan Buxey A.L.M.Buxey at lboro.ac.uk
Thu Sep 10 21:40:15 CEST 2009


> If not in "authorize" section, where do I put "sql" module call?
> We have to go and validate user in SQL and we need to return
> reply-attributes to the client.

authorize is used solely to see if someone is able to use a service
from a particular IP address..at a certain time etc etc. its got
nothing to do with 'validation' of a user and it shouldnt be
used for reply attributes.

to 'validate' a user, use authentication

to return reply-attributes, call sql in the post-auth section
(you only want to call this function if they have validated etc)

its just a case of semantics and understanding what each letter in AAA
really means


More information about the Freeradius-Users mailing list