leopold wrote: > OK thanks Alan. I moved sql module call from "authorize" to "post-auth", this > improves performance, but the behavior is different.
List "sql.authorize" in the post-auth section. Not "sql". > Inside policy.conf we have "do_not_respond" policy and if SQL server is down > we need to force server not to respond in "post-auth" The code currently sets the response packet type (accept / reject), and THEN calls the post-auth methods. > Is there any limit where do_not_respond can be used? Yes. It cannot be used in the post-auth section. It sounds like your requirements are somewhat contradictory. You DON'T want it to query SQL for the EAP-TLS traffic, but you DO want it to ignore EAP-TLS if the SQL database is down. If the SQL database is down, and you don't want the server to respond, then just bring the server down. Write a simple shell script to poke the SQL server, and to re-start FreeRADIUS once the SQL server comes back up. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
