On Wed, 2005-08-17 at 10:51 -0400, Alan DeKok wrote:
> Ben Thompson <
[hidden email]> wrote:
> > Thanks for that advice. I can see that I could end up with a very large
> > users file using this method. Is there any limit on the size of the
> > users file?
>
> Memory. Also, the CPU time required to walk it's internal
> representation (linked list).
>
> > In the near future we may have something like 800000 entries in
> > there. Is this where you would normally look to use a database
> > backend?
>
> Yes. Or, if the mappings are relatively simple, you could look at
> rlm_passwd, which does simple mappins. It uses a hash to look up
> data, so it should be fast.
>
> Alan DeKok.
Hi
Thanks for the info, I will have a look at rlm_passwd.
Meanwhile I have tested a setup using the huntgroups file combined with
the use of mutliple DEFAULT entries in the users file like this :-
huntgroups file >>>>
group1 NAS-Identifier == "accesspoint5"
group1 NAS-Identifier == "accesspoint2"
group2 NAS-Identifier == "switch6"
group2 NAS-Identifier == "switch3"
etc..
>>>>
users file >>>>
user1 NT-Password := "35C8397B2320E568467904961A2AF40F"
Fall-Through = Yes
user2 NT-Password := "35C8397B2320E568467904961A2AF40F"
Fall-Through = Yes
DEFAULT
Tunnel-Type:1 := VLAN,
Tunnel-Medium-Type:1 := IEEE-802,
Fall-Through = Yes
DEFAULT Huntgroup-Name == group1
Tunnel-Private-Group-ID:1 := 3970,
Fall-Through = Yes
DEFAULT Huntgroup-Name == group2
Tunnel-Private-Group-ID:1 := 4025
>>>>
This cuts the potential size of my users file down to about 20000
entries and the huntgroups file to about 50 entries. Does this sound
reasonable? I am currently running on a dual Xeon 2.8Ghz with 2GB of RAM
which is dedicated to running FreeRADIUS.
Many Thanks
Ben Thompson
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
Locked
