EAP-TLS performance SQL backend bottleneck
Alan DeKok
aland at deployingradius.com
Fri Sep 11 11:32:31 CEST 2009
leopold wrote:
> OK thanks Alan. I moved sql module call from "authorize" to "post-auth", this
> improves performance, but the behavior is different.
List "sql.authorize" in the post-auth section. Not "sql".
> Inside policy.conf we have "do_not_respond" policy and if SQL server is down
> we need to force server not to respond in "post-auth"
The code currently sets the response packet type (accept / reject),
and THEN calls the post-auth methods.
> Is there any limit where do_not_respond can be used?
Yes. It cannot be used in the post-auth section.
It sounds like your requirements are somewhat contradictory. You
DON'T want it to query SQL for the EAP-TLS traffic, but you DO want it
to ignore EAP-TLS if the SQL database is down.
If the SQL database is down, and you don't want the server to respond,
then just bring the server down. Write a simple shell script to poke
the SQL server, and to re-start FreeRADIUS once the SQL server comes
back up.
Alan DeKok.
More information about the Freeradius-Users
mailing list