[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [Help-gnu-radius] Irrelevant getpwnam in radius
|
From: |
Oleg Gawriloff |
|
Subject: |
RE: [Help-gnu-radius] Irrelevant getpwnam in radius |
|
Date: |
Tue, 13 Feb 2007 17:31:25 +0200 |
>By definition, `Group = value' instructs radiusd to check whether the
>user belongs to the given group (as specified either by the system
user/group
>database or by the corresponding SQL data).
'or'
But the current radius behaviour is 'and'. Radius checks in system group
database AND in SQL.
>You can patch groupcmp function (radiusd/files.c:1212). If you are sure
>you don't need system database at all, remove the call to
>system_groupcmp(). Otherwise, swap it with radiusd_sql_checkgroup
>invocation.
Is there any chance that this behaviour will be corrected in future radius
releases? For example as as option in configure or smth like this. Its
really hurts, when upgrading radius and about forget hand-made patches.
>This can help in your particular case. Notice, however, that the real
>cause of the trouble is in your ADS-controller.
I don't thinks so. ADS-controller can't handle 67 req/sec by definition (now
we have about 10000 users and 5000 groups on ADS).
Signed, Oleg Gawriloff.