On Fri, May 30, 2003 at 08:37:08AM -0800, Matthew Schumacher wrote:
> Alan,
>
> I also use ldap for autz/auth and sql/detail for accounting and have
> also seen this problem. I just didn't have enough information to really
> troubleshoot it further.
Which version do you running? Which db engine do you use?
I'm in process of configuring FR snapshot of 2003-04-24 (keeping
it up-to-date, so let's say it's a current snapshot), so able to
experiment as extremely as I can.
I use files+LDAP (OpenLDAP 2.0.25) in autz, LDAP in auth, 2
sqlcounters in post-auth (blame me, developers!), and detail+sql
(PostgreSQL 7.3.2, on the same machine) in acct and sql in session.
I also have check items like Attribute := `%{sql:...}` for some
users.
Let's dig a little:
1. radius running OK, handling access- & acct- requests right.
2. I kill -9 main postgres process, so no new conns can be done,
then I also kill -9 one of five postgres processes serving
radiusd. Most of Access-Requests are still handled fine.
For others one of the following occurs:
a) sqlcounters treat database error as if accumulated resource
(daily/monthly session time) was unconsumed;
b) group session returns fail, so radius has nothing to do but
consider user isn't online;
c) `%{sql:...}` expands to empty string.
Accept or Reject only depends on valid user credentials.
As for accounting, unhandled requests successfully failed over
to detail.
3. I kill the rest postgres processes. Now all of Access-Requests
are processed the way described in (2).
4. Once I restart postgres, those go away immediately, radius
continues normal operation.
So I can't see any BIG problem in my case.
> What I really need to do is get the latest CVS running in the lab and
> start trying to break it by kicking the database/ldap from under it.
Let's see if it helps...
--
Fduch M. Pravking
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
