802.1x/iPSK DB access delegation.
Alan DeKok
aland at deployingradius.com
Wed Dec 29 16:50:59 CET 2021
On Dec 29, 2021, at 10:15 AM, Alex Zetaeffesse <fzetafs at gmail.com> wrote:
> I didn't know FR could query different sources of
> authentication/authorization sequentially (especially if tables are on
> different servers) but I guess that would introduce a lag in the response
> time back to the NAS
Yes.
FR can do pretty much anything. It's just that you usually don't want to do many queries. It's inefficient, and slow.
> Maybe a SQL proxy (that's on my side)? Then the first reply would be
> served. And uh by writing this I realized I could expose the service to a
> potential DoS for specific MAC addresses.
> Ok, much better a single table in a single DB where checks before storing a
> record can be done simply and quickly!
Exactly.
Also, the table used by FR doesn't have to be the same ones used by the web tool. You can create views, foreign keys, etc.
The point is that the DB used by FreeRADIUS should be (a) local, and (b) fast.
Alan DeKok.
More information about the Freeradius-Users
mailing list