Arran Cudbard-Bell wrote: > Yeah, complex sql really can be quite slow, specially when the queries > are being run multiple times for all the rounds required in eap > authentication.
If you're using the TLS variants of EAP, you can do: DEFAULT FreeRADIUS-Proxied-To == 127.0.0.1, Autz-Type := "internal" Then in the "authorize" section, add: ... Autz-Type internal { ... do DB lookups here } If you're doing password lookups in LDAP, put "ldap" in that section. Then, the LDAP lookups will only be done when they're needed. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html