freeradius and postgres - why needs to restart freeradius every nas table change?
Alan DeKok
aland at deployingradius.com
Tue Aug 22 12:41:28 UTC 2023
On Aug 22, 2023, at 8:34 AM, Jarosław Kłopotek <jkl at interduo.pl> wrote:
> 1. I added "disabled" boolean type column to nas table.
> 2. I added "disabled IS NOT TRUE" as WHERE condition in /etc/freeradius/3.0/mods-config/sql/main/postgresql/queries.conf
>
> I run SQL query: UPDATE nas SET disabled = true WHERE id = 2000;
>
> I expect: "no login anymore"
Why? Does the documentation say that this will happen?
> I get: "I can login"
>
> After restarting freeradius - I get what I want.
>
> Is is normal?
Yes.
Read the docs. The NAS table is loaded when the server starts. It's not queried for every packet.
If you want dynamic clients, read sites-available/dynamic-clients
The server *cannot* be vulnerable to denial of service attacks from unknown clients. There are also many good reasons to cache client definitions.
If you want the behavior to be different, please send a patch.
Alan DeKok.
More information about the Freeradius-Users
mailing list