freeradius and postgres - why needs to restart freeradius every nas table change?

Jarosław Kłopotek jkl at interduo.pl
Tue Aug 22 13:19:05 UTC 2023


W dniu 22.08.2023 o 14:41, Alan DeKok pisze:
> On Aug 22, 2023, at 8:34 AM, Jarosław Kłopotek <jkl at interduo.pl> wrote:
>> 1. I added "disabled" boolean type column to nas table.
>> 2. I added "disabled IS NOT TRUE" as WHERE condition in /etc/freeradius/3.0/mods-config/sql/main/postgresql/queries.conf
>>
>> I run SQL query: UPDATE nas SET disabled = true WHERE id = 2000;
>>
>> I expect: "no login anymore"
> Why? Does the documentation say that this will happen?
I know just how db works ;-)
>> I get: "I can login"
>>
>> After restarting freeradius - I get what I want.
>>
>> Is is normal?
> Yes.
Thanks I didn't find that in docs.
>    Read the docs.  The NAS table is loaded when the server starts.  It's not queried for every packet.
>    If you want dynamic clients, read sites-available/dynamic-clients
Thanks! That is it!
> The server *cannot* be vulnerable to denial of service attacks from unknown clients.  There are also many good reasons to cache client definitions.
It's easier and better to limit those on firewall by nftables.
>    If you want the behavior to be different, please send a patch.

It's not required because of "dynamic-clients" whitch I am going to 
implement in configuration instead of default site.
Have a nice day Alan. I wish You all the best.

>    Alan DeKok.

-- 
Jarosław Kłopotek, kom. 607 893 111
INTERDUO Bujek Kłopotek Sowa sp.j.
ul. Krańcowa 17, 21-100 Lubartów
tel. 81 475 3000




More information about the Freeradius-Users mailing list