Arran Cudbard-Bell wrote:

> Yeah, complex sql really can be quite slow, specially when the queries 
> are being run multiple times for all the rounds required in eap 
> authentication.

  If you're using the TLS variants of EAP, you can do:

DEFAULT FreeRADIUS-Proxied-To == 127.0.0.1, Autz-Type := "internal"

  Then in the "authorize" section, add:

        ...
        Autz-Type internal {
                ... do DB lookups here
        }

  If you're doing password lookups in LDAP, put "ldap" in that section.
 Then, the LDAP lookups will only be done when they're needed.

  Alan DeKok.
--
  http://deployingradius.com       - The web site of the book
  http://deployingradius.com/blog/ - The blog
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to