hi,
firstly, thank you very much for this absolutely wonderful piece of
software - i've been running freeradius 0.7.1 on redhat 7.3 for 250+
days with exactly zero downtime (over 250000 users).
until recently my freeradius only used ldap as a backend. now we also
have to use oracle (on a rac cluster). the problem is, after about
2 minutes and 30 seconds the connection from freeradius to the rac
cluster seems to simply die. there is absolutely no difference if i
authorize 60000 users or no user at all within those 2:30min - within
that time everything works fine, and then freeradius doesn't get a
response from the rac cluster anymore (it doesn't even give me an
error message in debug mode).
of course then the nas client re-transmits the request, and freeradius
ignores that saying "discarding new request [...] due to live
request", since it seems to still be waiting for a reply from oracle.
i have tried snapshots 20030612 and 20030702 - same problem. only
rlm_sql seems to die, the users in the users file and ldap still work
fine.
i have installed oracle client + libraries in /opt/oci8 and compiled
freeradius with:
./configure --with-rlm_sql --with-rlm_sql_oracle
--with-oracle-home-dir=/opt/oci8 --with-snmp
--with-experimental-modules --without-rlm_x99_token
in my environment variables i have:
ORACLE_HOME=/opt/oci8
LD_LIBRARY_PATH=/opt/oci8/lib
export ORACLE_HOME LD_LIBRARY_PATH
in radiusd.conf in the authorize section i have:
Autz-Type SQL {
sql
}
in my users file i have:
DEFAULT NAS-Port-Type == 19, User-Profile := "wlan", Autz-Type := SQL
Framed-IP-Address = 255.255.255.254,
Idle-Timeout = 900,
Acct-Interim-Interval = 900,
Session-Timeout = 7200
in oraclesql.conf i have:
sql {
# Database type
# Current supported are: rlm_sql_mysql, rlm_sql_postgresql,
# rlm_sql_iodbc, rlm_sql_oracle, rlm_sql_unixodbc, rlm_sql_freetds
driver = "rlm_sql_oracle"
# Connect info
server = "192.168.123.123"
login = "oraclelogin"
password = "somepassword"
# Database table configuration
radius_db = "(DESCRIPTION = (ENABLE=BROKEN) (ADDRESS_LIST = (LOAD_BALANCE =
ON) (FAILOVER = ON) (ADDRESS = (PROTOCOL = TCP) (HOST = rac1) (PORT = 3223)) (ADDRESS
= (PROTOCOL = TCP) (HOST = rac2) (PORT = 3223))) (CONNECT_DATA = (SERVICE_NAME =
APPL.rac) (FAILOVER_MODE = (TYPE=SELECT) (METHOD=PRECONNECT))))"
authorize_check_query = "SELECT
1,'%{SQL-User-Name}','User-Password',radius.getPWD('%{SQL-User-Name}'),'==' FROM DUAL"
authorize_reply_query = "SELECT id,GroupName,Attribute,Value,op,DECODE
(z.checkresult, 'invalidpassword0001','reject','wlan') FROM radgroupreply o, (SELECT
radius.getPWD('%{SQL-User-Name}') checkresult FROM DUAL ) z WHERE o.GroupName =
DECODE (z.checkresult, 'invalidpassword0001','reject','wlan') ORDER BY o.id"
all other settings have been left to the default settings, except the
rest of the authorize_group select statements (commented out) and
accounting (i'm not accounting into oracle).
unfortunately i don't know much about oracle, and my
authorize_check_query and reply_query may look extremely strange ;)
but they work fine. we're basically calling a couple of functions
which return data exactly as freeradius expects it.
the connect string i was given by our dbas, does it make sense at all?
i mean - it obviously does work, but could this be the reason for my
connectivity problems? or is it a bug in rlm_sql or rlm_sql_oracle?
has anyone seen this behaviour before?
any help would be greatly appreciated! i don't want to have to kill
radiusd every 2 minutes so daemon tools starts it up again..! ;)
many thanks,
randy
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
