checkrad alternative

Alan DeKok aland at deployingradius.com
Mon Oct 30 00:09:41 UTC 2023


On Oct 29, 2023, at 8:04 PM, Igor Smitran <sigor at blic.net> wrote:
> Yes, i agree, but it's even less expensive (time regarding) to trigger perl module than to exec script, isn't it? Or am i wrong and missing something?

  Perl is pretty slow.  It's not a huge difference.  But checkrad isn't a Perl module.  It's a perl program which is exec'd by the server.  So it's slower than *either* just using rlm_perl, or "exec + radclient".

  The only way to make it faster is to use rlm_perl, and then have the Perl module open a socket, create the RADIUS packet, send the RADIUS packet, and look for the response.   This may help:

https://metacpan.org/pod/Authen::Radius

>> I still find it surprising it's not available over SNMP. E.g. Cisco ASR 1k supports the CISCO-SUBSCRIBER-SESSION-MIB which seems to contain what you want:
>> 
>> https://www.cisco.com/c/en/us/td/docs/routers/asr1000/mib/guide/asr1kmib/asr1mib3.html#23448 
> yes, i have two ASRs 1k and it works on them, but this new ASR 9901 doesn't have that table at all, did snmpwalk on entire tree and didn't find anything that looks even close to ASR 1k results.

  I suspect that vendors are removing MIBs.  checkrad / MIBs were in wide-spread use in the early 2000s.  In the last 10 years?  Not so much.

  Alan DeKok.




More information about the Freeradius-Users mailing list