Hi, > It is an issue that has been discussed previously and FreeRADIUS is unlikely > to ever do an SQL SELECT of the nas table for every inbound packet. What may > be possible is to reload the nas list at certain intervals (from cron is the > easiest) but until/unless HUP handling is improved that is problematic for > deployments that need to keep session state (ie. EAP users). If you dont use > EAP, then there is no problem doing a full restart on a regular basis..
how about updating the NAS list from SQL via, for example, an SNMP write command or a special RADIUS command packet. both of these could have security protection to prevent DoS (eg the SNMP write from only certain locations (firewalled) and has password too of course... the RADIUS command packet could have a shared secret requirement and/or use the FR unlang/attribute protections for access/accept alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
