Anders Holm wrote: > I've got FR 2.1.3 running hooked up to an Oracle instance. While testing > failure scenarios I'm finding that the module never fails. I'm testing > failures where the server has initially been able to connect to the > database and then subsequently the database goes away. I'm testing by > doing a nasty ifdown on the interface to simulate dropping network > connectivity. Hence, this is for disaster type situations where > something suddenly severs our connectivity.
FreeRADIUS calls rlm_sql_oracle, which calls the Oracle client API... which hangs. > What I see when running a radtest to localhost is that FR tries the > initial SELECT query we have defined and then sits doing nothing until > something eventually times out about 18 minutes later and then it > proceeds to process whatever else has been sent to it. If there's an Oracle API to set timeouts on sockets, I don't know anything about it. (Not that I've looked... I don't have an Oracle license to debug these kinds of problems). > I'd be curious in knowing how this timeout can be tweaked as 18 minutes > is way too long for us, though I've been unable to find any > documentation leading me to an answer. Seems this may be somewhere in > the Oracle side of things, but I'm really not sure to be honest. Yes. It's an Oracle thing. > I'd also be highly curious to know how one may return an Access-Accept > even though we have not been able to actually authenticate the account, > seeing as our DB is down which holds all the credentials. It seems the > Fail-Over Wiki has a section on if-else branching which may be useful > here, as I'd really only want to send Access-Accept when the DB truly > has failed. though the wiki states "Documentation will be updated > later..." and doesn't go into any details on how this could be achieved. You could read "man unlang", which is included with the latest version of the server. > Of course, tweaking this timeout value somehow to rather be in the > seconds than minutes if not even sub-seconds would be preferable. Has > anyone done this before and if so could I get a snippet of your > configuration showing me how to achieve this? Patch the rlm_sql_oracle module to use some magic Oracle API, which tells the client code "don't keep fscking waiting forever on blocked connections". Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
