On Sat July 12 2003 01:16, Alex Chen wrote: > I agree about the dictionary part since it will be a 'read-only' table and > practically > will not change at all. > > But I think it will be more scalable and manageable if the clients.conf > part can be configured to stored in DB's nas table, i.e. radiusd.conf > includes clients.conf, > which can have some kind of syntax to indicate that the information is to > be read from a 'nas' > tables in DB through 'sql' module. > Of course this will be configurable, so is the table name, like other parts > of radiusd.conf. > > If a new NAS needs to be added to the server, we only need to add a row > into the DB. The server can cache the NAS information retrieved from DB > during startup, like it > does with the clients.conf file currently. When it gets a request packet > from a unknown NAS > client, i.e. which does not exist in its cache, it can do another query > from the 'nas' > table to refresh the cache and proceed with the > authorization/authentication/accounting. > If the NAS still does not exist in the latest DB query, the server does > whatever it does > to unknown NAS now.
This sounds like a resonable solution to me. I already have a table listing my NASes anyway for reporting and query purposes, it would certainly make things neater if radius could use the same table. Especially for cases where you have more than radius server accessing a single DB backend. Having radius query the DB everytime it gets an unknown client query it could result in a trivial DoS though :-( There would need to be some though go into this.. > This can eliminate the need to send SIGHUP to the server to re-read the > clients.conf, > unless we change something in that file, and avoid possible file corruption > due to > human error when we update the file with large number of NAS. Yes, although because of DoS issues we maye still wish to -HUP the server anyway... I agree about management issues though. > Just a thought. > > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] Behalf Of > > Alan DeKok > > Sent: Friday, July 11, 2003 2:03 PM > > To: [EMAIL PROTECTED] > > Subject: Re: Dictionary and NAS tables > > > > "Alex Chen" <[EMAIL PROTECTED]> wrote: > > > This would imply that the 'dictionary' and 'nas' tables for > > > > Oracle and > > > > > Postgresql are not used at all. Is that correct? If so, is there > > > a plan to put that information into the two tables in DB for future > > > releases? > > > > Yes, and "not really". > > > > I see no benefit to putting dictionaries in an SQL table. > > > > Alan DeKok. > > > > - > > List info/subscribe/unsubscribe? See > > http://www.freeradius.org/list/users.html > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html -- Peter Nixon http://www.peternixon.net/ PGP Key: http://www.peternixon.net/public.asc - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
