Jackson Jerry-NPC637 wrote:
1. I’ve installed version 1.1.6, but have some dictionary files that
are/were setup for
Freeradius 1.1.3. I’ve seen from the README/faq that the dictionary
files have changed post 1.1.3
The dictionary files that are shipped with the server have changed.
Arran Cudbard-Bell wrote:
Yeah, complex sql really can be quite slow, specially when the queries
are being run multiple times for all the rounds required in eap
authentication.
If you're using the TLS variants of EAP, you can do:
DEFAULT FreeRADIUS-Proxied-To == 127.0.0.1, Autz-Type :=
Alan DeKok wrote:
Arran Cudbard-Bell wrote:
Yeah, complex sql really can be quite slow, specially when the queries
are being run multiple times for all the rounds required in eap
authentication.
If you're using the TLS variants of EAP, you can do:
DEFAULT
Arran Cudbard-Bell wrote:
This could also be done cleaner (but slower) with cleverly designed SQL
tables or stored procedures
Yeah, complex sql really can be quite slow, specially when the queries
are being run multiple times for all the rounds required in eap
authentication.
You've
Alan DeKok wrote:
Arran Cudbard-Bell wrote:
Yeah, complex sql really can be quite slow, specially when the queries
are being run multiple times for all the rounds required in eap
authentication.
If you're using the TLS variants of EAP, you can do:
Except if you're using plain EAP-TLS
Arran Cudbard-Bell wrote:
Wow this is going to speed stuff up so much !
We use this trick extensively. It works really well.
Ahh yes, I just got how this could work... because to deal with the
contents of the eap tunnel freeradius proxies it to itself...
Yes. And if you set
Phil Mayers wrote:
Arran Cudbard-Bell wrote:
This could also be done cleaner (but slower) with cleverly designed SQL
tables or stored procedures
Yeah, complex sql really can be quite slow, specially when the queries
are being run multiple times for all the rounds required in
Hi,
Just wondering if theres any way of checking the existence of
User-Password in users...
=* ANY always matches even if User-Password attribute isn't in the
request.. which is not the correct behaviour.
Thanks,
Arran
-
List info/subscribe/unsubscribe? See
Phil Mayers wrote:
Except if you're using plain EAP-TLS where there's no inner tunnel IIRC?
Yes.
I have wondered where it might be sensible to fake a PAP request with
the certificate details for EAP-TLS. This would provide (I think) quite
a good way for people to do certificate checking
Hi,
is it possible to filter out accounting requests with an
Acct-Status-Type of Interim-Update?
rlm_attr_filter works obviously only when we are a proxy, and rlm_files
with this acct_users changed nothing:
DEFAULT Acct-Status-Type == Interim-Update, Auth-Type := Reject
DEFAULT
10 matches
Mail list logo