Salut Gildas -
On Fri, 11 Feb 2000, Gildas PERROT wrote:
> Salut Hugh,
>
> Content de voir que tu réagis toujours aussi vite !
>
de rien .... c'est normale
> > > - I have the choice to use AuthBy SYSTEM or AuthBy UNIX in order to
> > > authenticate local users by shadow passwords. What is it suggested to do ?
> > >
> >
> > AuthBy UNIX will read the entire password file into memory (and re-read the
> > file if it is modified), so the performance is very good.
> >
> > AuthBy SYSTEM will use the system calls to ask for a user record, so depending
> > on your system this can be significantly slower.
> >
> > See sections 6.21 and 6.31 in the reference manual for further details.
> >
> > There are also some indicative perfomance numbers in section 22.0 of the manual.
>
> In fact, performance are not so important for me. What I observe is that the
> process memory size is doubling with AuthBy UNIX (45 Mo !). That's why I will
> choose AuthBy SYSTEM. In the same idea, is there a way to not load users file
> at the radiusd start ? By this way, I will reduce the memory use of radiusd
> and furthermore, I will not have to restart it each time I modify users file.
>
Yes, you can use the NoCache flag in your AuthBy FILE - but you will take a big
performance hit - why does it matter how much memory you use?
And you don't have to restart Radiator when you modify the users file, Radiator
will notice that the file has been modified and reload it automatically.
BTW - at your scale of operation, you should really be looking at running an
SQL database with accounting data posted directly to the database. Have a look
at our RAdmin product (http://www.open.com.au/radmin).
> Other questions :
>
> - what could be the interest of <Log SYSLOG> instead of <Log File> ?
Only if you already have system administration tools to handle syslog as part
of your normal system administration operation.
> - no problem to have several NAS (10) sending accounting in one detail file
> (ex: locking problem ?) ?
No - the file is opened and closed for each operation.
> - no problem of loss of accounting with radiator ? I remember that with GRIC
> Traveler server has a Relog process...
Not with Radiator itself - but you are always at the mercy of UDP packet loss.
> - is it possible to define default check and reply items like :
>
> Auth-Type = System
> User-Service-Type = Framed-User,
> Framed-Protocol = PPP,
> Framed-Netmask = 255.255.255.0,
> Framed-Routing = None,
> Framed-MTU = 1500,
> Ascend-Idle-Limit = 600
>
> for each user instead of defining them in users file ?
Sure - you can use AddToReply or AddToReplyIfNotExist in your AuthBy, or you
can use cascaded AuthBy's. Tell me a bit more about what you want to do and
I'll give you an example configuration file.
> In this case, do other entries in users file take precedence on default one ?
If you specify AddToReplyIfNotExist, the users file will take precedence.
> - futhermore, I noticed that when I have the same ""Filename %D/users"
> directive for 2 different Real closures, the file is loaded twice. How to
> avoid that ?
Set up a single AuthBy with an Identifier and then just refer to it:
# define a single AuthBy FILE with Identifier CheckFile for later reference
<AuthBy FILE>
Identifier CheckFile
Filename %D/users
</AuthBy>
<Realm ....>
....
AuthBy CheckFile
....
</Realm>
<Realm ....>
....
AuthBy CheckFile
....
</Realm>
....
> - finally, I have the following problem :
> Thu Feb 10 15:19:56 2000: DEBUG: Radius::AuthFILE looks for match with p50fr
> Thu Feb 10 15:19:56 2000: DEBUG: Radius::AuthFILE REJECT: Check item
> User-Service-Type expression 'Framed-User' does not match '' in request
> Thu Feb 10 15:19:56 2000: INFO: Access rejected for p50fr: Check item
> User-Service-Type expression 'Framed-User' does not match '' in request
>
> with :
>
> <Realm>
> <AuthBy FILE>
> Filename %D/users
> </AuthBy>
>
> and :
>
> p50fr Password = "fdsfdsfsdf",
> User-Service-Type = Framed-User,
> Framed-Protocol = PPP,
> Framed-Address = 193.149.103.161,
> Framed-Netmask = 255.255.255.240,
> Ascend-Idle-Limit = 300
>
Using the defintion in the standard Radiator dictionary is this:
p50fr Password = "fdsfdsfsdf"
Service-Type = Framed-User,
Framed-Protocol = PPP,
Framed-Address = 193.149.103.161,
Framed-Netmask = 255.255.255.240,
Ascend-Idle-Limit = 300
You can either edit your users file to use the standard Radiator dictionary, or
add User-Service-Type to the Radiator dictionary (its just a text file). Also
notice that there is an error with a trailing comma "," after the
Password = "fdsfdsfsdf".
hth
Hugues
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8,
NT, Rhapsody
===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
