Antw: Re: How many NAS kann radius take?
Alan DeKok
aland at deployingradius.com
Fri Feb 14 03:17:55 CET 2014
Anja Ruckdaeschel wrote:
> Every nas has an entry in an include file for clients.conf like:
> client 172.31.134.10 {
> secret = ***************
> shortname = blafasel
> nastype = other
> }
That's fine.
> and an entry per NAS in an include file for huntrgoups like:
>
> ap Client-IP-Address == x.x.x.x
> ap NAS-IP-Address == x.x.x.x
That's terrible. Don't do that. Ever.
Instead, put the client group information into the "client" section:
client 172.31.134.10 {
secret = ***************
shortname = blafasel
nastype = other
group = ap
}
Then do policy checking via %{client:group} instead of Huntgroup-Name.
It will do the same thing, and will be *enormously* faster.
As a general rule, if you're doing tens of checks, it's OK to put them
into a flat-text file. If you're doing thousands of checks, you should
really put them into a database.
Alan DeKok.
More information about the Freeradius-Users
mailing list