freeradius-1.1.6 - mysql failover issue - bus error -
Hi all, I'm setting up module fail-over for mysql backend following the guide from the wiki, but something goes wrong. I included two sql.conf (mysql1.conf and mysql2.conf) in the modules section and radiusd -X reports the two files are included, but I only see the parameters from the first file get loaded and everything stops with bus error when trying to connect to the server. I checked name resolution, mysql user/password, network reachability and everything it's ok. I also set a tcpdump session on mysql1 but no packets for mysql are coming in. Then I straced radiusd execution and I noticed it fails after reading /etc/hosts (?!?). Here's the relevant output from radiusd -X: Module: Loaded SQL sql: driver = rlm_sql_mysql sql: server = mysql1.satcom.it sql: port = 3306 sql: login = radius sql: password = radius sql: radius_db = radius sql: nas_table = nas sql: sqltrace = no sql: sqltracefile = /var/log/freeradius/sqltrace.sql sql: readclients = no sql: deletestalesessions = yes sql: num_sql_socks = 100 sql: sql_user_name = %{User-Name} sql: default_user_profile = sql: query_on_not_found = no sql: authorize_check_query = SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = '%{SQL-User-Name}' ORDER BY id sql: authorize_reply_query = SELECT id,UserName,Attribute,Value,op FROM radreply WHERE Username = '%{SQL-User-Name}' ORDER BY id sql: authorize_group_check_query = SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = '%{SQL-User-Name}' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id sql: authorize_group_reply_query = SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = '%{SQL-User-Name}' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id sql: accounting_onoff_query = UPDATE radacct SET AcctStopTime='%S', AcctSessionTime=unix_timestamp('%S') - unix_timestamp(AcctStartTime), AcctTerminateCause='%{Acct-Terminate-Cause}', AcctStopDelay = '%{Acct-Delay-Time}' WHERE AcctSessionTime=0 AND AcctStopTime=0 AND NASIPAddress= '%{NAS-IP-Address}' AND AcctStartTime = '%S' sql: accounting_update_query = UPDATE radacct ? SET FramedIPAddress = '%{Framed-IP-Address}', ? AcctSessionTime = '%{Acct-Session-Time}', ? AcctInputOctets = '%{Acct-Input-Octets}', ? AcctOutputOctets = '%{Acct-Output-Octets}' ? WHERE AcctSessionId = '%{Acct-Session-Id}' ? AND UserName = '%{SQL-User-Name}' ? AND NASIPAddress= '%{NAS-IP-Address}' sql: accounting_update_query_alt = INSERT into radacct (AcctSessionId, AcctUniqueId, UserName, Realm, NASIPAddress, NASPortId, NASPortType, AcctStartTime, AcctSessionTime, AcctAuthentic, ConnectInfo_start, AcctInputOctets, AcctOutputOctets, CalledStationId, CallingStationId, ServiceType, FramedProtocol, FramedIPAddress, AcctStartDelay) values('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}', DATE_SUB('%S',INTERVAL (%{Acct-Session-Time:-0} + %{Acct-Delay-Time:-0}) SECOND), '%{Acct-Session-Time}', '%{Acct-Authentic}', '', '%{Acct-Input-Octets}', '%{Acct-Output-Octets}', '%{Called-Station-Id}', '%{Calling-Station-Id}', '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}', '0') sql: accounting_start_query = INSERT into radacct (AcctSessionId, AcctUniqueId, UserName, Realm, NASIPAddress, NASPortId, NASPortType, AcctStartTime, AcctStopTime, AcctSessionTime, AcctAuthentic, ConnectInfo_start, ConnectInfo_stop, AcctInputOctets, AcctOutputOctets, CalledStationId, CallingStationId, AcctTerminateCause, ServiceType, FramedProtocol, FramedIPAddress, AcctStartDelay, AcctStopDelay) values('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}', '%S', '0', '0', '%{Acct-Authentic}', '%{Connect-Info}', '', '0', '0', '%{Called-Station-Id}', '%{Calling-Station-Id}', '', '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}', '%{Acct-Delay-Time}', '0') sql: accounting_start_query_alt = UPDATE radacct SET AcctStartTime = '%S', AcctStartDelay = '%{Acct-Delay-Time}', ConnectInfo_start = '%{Connect-Info}' WHERE AcctSessionId = '%{Acct-Session-Id}' AND UserName = '%{SQL-User-Name}' AND NASIPAddress = '%{NAS-IP-Address}' sql: accounting_stop_query = UPDATE radacct SET AcctStopTime = '%S', AcctSessionTime = '%{Acct-Session-Time}', AcctInputOctets = '%{Acct-Input-Octets}', AcctOutputOctets = '%{Acct-Output-Octets}', AcctTerminateCause = '%{Acct-Terminate-Cause}', AcctStopDelay = '%{Acct-Delay-Time}', ConnectInfo_stop = '%{Connect-Info}' WHERE AcctSessionId = '%{Acct-Session-Id}' AND UserName = '%{SQL-User-Name}' AND NASIPAddress = '%{NAS-IP-Address}' sql: accounting_stop_query_alt =
R: freeradius-1.1.6 - mysql failover issue - bus error -
Hi all, further investigations show that it's a name resolution problem (if I put IP addresses in mysql1.conf and mysql2.conf everything works fine). So it doesn't seem to be a FR problem. Regards, Francesco Cristofori. -Messaggio originale- Da: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] freeradius .org]Per conto di Francesco Cristofori Inviato: martedì 3 luglio 2007 9.54 A: freeradius-users@lists.freeradius.org Oggetto: freeradius-1.1.6 - mysql failover issue - bus error - Hi all, I'm setting up module fail-over for mysql backend following the guide from the wiki, but something goes wrong. I included two sql.conf (mysql1.conf and mysql2.conf) in the modules section and radiusd -X reports the two files are included, but I only see the parameters from the first file get loaded and everything stops with bus error when trying to connect to the server. I checked name resolution, mysql user/password, network reachability and everything it's ok. I also set a tcpdump session on mysql1 but no packets for mysql are coming in. Then I straced radiusd execution and I noticed it fails after reading /etc/hosts (?!?). Here's the relevant output from radiusd -X: Module: Loaded SQL sql: driver = rlm_sql_mysql sql: server = mysql1.satcom.it sql: port = 3306 sql: login = radius sql: password = radius sql: radius_db = radius sql: nas_table = nas sql: sqltrace = no sql: sqltracefile = /var/log/freeradius/sqltrace.sql sql: readclients = no sql: deletestalesessions = yes sql: num_sql_socks = 100 sql: sql_user_name = %{User-Name} sql: default_user_profile = sql: query_on_not_found = no sql: authorize_check_query = SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = '%{SQL-User-Name}' ORDER BY id sql: authorize_reply_query = SELECT id,UserName,Attribute,Value,op FROM radreply WHERE Username = '%{SQL-User-Name}' ORDER BY id sql: authorize_group_check_query = SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribu te,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = '%{SQL-User-Name}' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id sql: authorize_group_reply_query = SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribu te,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = '%{SQL-User-Name}' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id sql: accounting_onoff_query = UPDATE radacct SET AcctStopTime='%S', AcctSessionTime=unix_timestamp('%S') - unix_timestamp(AcctStartTime), AcctTerminateCause='%{Acct-Terminate-Cause}', AcctStopDelay = '%{Acct-Delay-Time}' WHERE AcctSessionTime=0 AND AcctStopTime=0 AND NASIPAddress= '%{NAS-IP-Address}' AND AcctStartTime = '%S' sql: accounting_update_query = UPDATE radacct ? SET FramedIPAddress = '%{Framed-IP-Address}', ? AcctSessionTime = '%{Acct-Session-Time}', ? AcctInputOctets = '%{Acct-Input-Octets}', ? AcctOutputOctets = '%{Acct-Output-Octets}' ? WHERE AcctSessionId = '%{Acct-Session-Id}' ? AND UserName = '%{SQL-User-Name}' ? AND NASIPAddress= '%{NAS-IP-Address}' sql: accounting_update_query_alt = INSERT into radacct (AcctSessionId, AcctUniqueId, UserName, Realm, NASIPAddress, NASPortId, NASPortType, AcctStartTime, AcctSessionTime, AcctAuthentic, ConnectInfo_start, AcctInputOctets, AcctOutputOctets, CalledStationId, CallingStationId, ServiceType, FramedProtocol, FramedIPAddress, AcctStartDelay) values('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}', DATE_SUB('%S',INTERVAL (%{Acct-Session-Time:-0} + %{Acct-Delay-Time:-0}) SECOND), '%{Acct-Session-Time}', '%{Acct-Authentic}', '', '%{Acct-Input-Octets}', '%{Acct-Output-Octets}', '%{Called-Station-Id}', '%{Calling-Station-Id}', '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}', '0') sql: accounting_start_query = INSERT into radacct (AcctSessionId, AcctUniqueId, UserName, Realm, NASIPAddress, NASPortId, NASPortType, AcctStartTime, AcctStopTime, AcctSessionTime, AcctAuthentic, ConnectInfo_start, ConnectInfo_stop, AcctInputOctets, AcctOutputOctets, CalledStationId, CallingStationId, AcctTerminateCause, ServiceType, FramedProtocol, FramedIPAddress, AcctStartDelay, AcctStopDelay) values('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}', '%S', '0', '0', '%{Acct-Authentic}', '%{Connect-Info}', '', '0', '0', '%{Called-Station-Id}', '%{Calling-Station-Id}', '', '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}', '%{Acct-Delay-Time}', '0') sql: accounting_start_query_alt = UPDATE radacct SET AcctStartTime = '%S', AcctStartDelay = '%{Acct-Delay-Time
Re: Mysql failover
Le Fri, Mar 16, 2007 at 04:28:52PM +0200, Etienne Pretorius ecrivait: I would rather keep it as it is, as it is a problem to be looked at and can be identified by the logs. And what if the first mysql server goes down right before receiving a SIGHUP because of logrotate ? Regards, Fox. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Mysql failover
Hello! I have configured mysql failover on my Freeradius and it seems to do starnge things. 1.- If my mysql server 1 is down and mysql server 2 is up. And I try to start the freeradius daemon, it returns me an error like that: Fri Mar 16 12:06:37 2007 : Info: Using deprecated naslist file. Support for this will go away soon. Fri Mar 16 12:06:37 2007 : Info: rlm_exec: Wait=yes but no output defined. Did you mean output=none? Fri Mar 16 12:06:37 2007 : Info: rlm_sql (sql1): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and linked Fri Mar 16 12:06:37 2007 : Info: rlm_sql (sql1): Attempting to connect to [EMAIL PROTECTED]:/radius Fri Mar 16 12:06:37 2007 : Info: rlm_sql_mysql: Starting connect to MySQL server for #0 Fri Mar 16 12:06:37 2007 : Error: rlm_sql_mysql: Couldn't connect socket to MySQL server [EMAIL PROTECTED]:radius Fri Mar 16 12:06:37 2007 : Error: rlm_sql_mysql: Mysql error 'Can't connect to MySQL server on 'mysql01.es.clara.net' (111)' Fri Mar 16 12:06:37 2007 : Error: rlm_sql (sql1): Failed to connect DB handle #0 Fri Mar 16 12:06:37 2007 : Info: rlm_sql (sql1): There are no DB handles to use! skipped 5, tried to connect 0 Fri Mar 16 12:06:37 2007 : Error: rlm_sql (sql1): generate_sql_clients() returned error Fri Mar 16 12:06:37 2007 : Error: radiusd.conf[14]: sql1: Module instantiation failed. Fri Mar 16 12:06:37 2007 : Error: radiusd.conf[1590] Unknown module sql1. Fri Mar 16 12:06:37 2007 : Error: radiusd.conf[1590] Failed to parse sql1 subsection. Fri Mar 16 12:06:37 2007 : Error: radiusd.conf[1517] Failed to parse authorize section. 2.- If I start freeradius daemon and my 2 mysql server is up, all works fine (obviously), but if my mysql server 1 fails, freeradius still works (Great!!). Then it seems that the problem is only at the start time. Is it Right? Is it a bug? Do I have misconfigured anything? Any idea? Thanks. Luis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Mysql failover
Luis Galán wrote: ... 1.- If my mysql server 1 is down and mysql server 2 is up. And I try to start the freeradius daemon, it returns me an error like that: ... 2.- If I start freeradius daemon and my 2 mysql server is up, all works fine (obviously), but if my mysql server 1 fails, freeradius still works (Great!!). Then it seems that the problem is only at the start time. Is it Right? Is it a bug? It's arguably a bug. The server could be a little more forgiving of databases that are down. On the other hand, if your databases are down, then the server can't really authenticate anyone, can it? Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Re: Mysql failover
Hello! Yes it can authenticate trough mysql server number 2. But it both mysql server are down, obviously it can't. Luis Alan DeKok escribió: Luis Galán wrote: ... 1.- If my mysql server 1 is down and mysql server 2 is up. And I try to start the freeradius daemon, it returns me an error like that: ... 2.- If I start freeradius daemon and my 2 mysql server is up, all works fine (obviously), but if my mysql server 1 fails, freeradius still works (Great!!). Then it seems that the problem is only at the start time. Is it Right? Is it a bug? It's arguably a bug. The server could be a little more forgiving of databases that are down. On the other hand, if your databases are down, then the server can't really authenticate anyone, can it? Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Mysql failover
I would rather keep it as it is, as it is a problem to be looked at and can be identified by the logs. Kind Regards Etienne Network Administrator Luis Galán wrote: Hello! Yes it can authenticate trough mysql server number 2. But it both mysql server are down, obviously it can't. Luis Alan DeKok escribió: Luis Galán wrote: ... 1.- If my mysql server 1 is down and mysql server 2 is up. And I try to start the freeradius daemon, it returns me an error like that: ... 2.- If I start freeradius daemon and my 2 mysql server is up, all works fine (obviously), but if my mysql server 1 fails, freeradius still works (Great!!). Then it seems that the problem is only at the start time. Is it Right? Is it a bug? It's arguably a bug. The server could be a little more forgiving of databases that are down. On the other hand, if your databases are down, then the server can't really authenticate anyone, can it? Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
MySQL failover
Sorry for all my questions lately. I think I have my setup almost complete. I am now stuck on the DB failover. I have read through the documents located here: http://wiki.freeradius.org/Fail-over but am still stuck. I have two mysql servers. If I shutdown mysql on sql1, it fails over to sql2 instantly. However, if i pull the ethernet plug on sql,1 freeradius appears to just be sitting and waiting to connect to sql1. This is what the console outputs: rlm_sql (sql1): Reserving sql socket id: 0 If I kill radius and start it up with sql1 disconnected it will failover instantly to sql2. Once I connect and then disconnect sql1 it starts hanging again. Has anyone else experienced this? Below are some snippets from my radius.conf: $INCLUDE ${confdir}/sql1.conf $INCLUDE ${confdir}/sql2.conf sql sql1 { } sql sql2 { } always handled { rcode = handled } authorize { suffix preprocess group { sql1 { fail = 1 notfound = 1 noop = 2 ok = return updated = 3 reject = return userlock = 4 invalid = 5 handled = 6 } sql2 { fail = 1 notfound = return noop = 2 ok = return updated = 3 reject = return userlock = 4 invalid = 5 handled = 6 } } -- Brad McAllister [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
mysql failover issue
Hi, I have seen these errors when primary radius server goes offline and the secondary takes over: All requests are coming via Redback SE400: Wed Sep 13 07:51:34 2006 : Error: Dropping conflicting packet from client redback:1812 - ID: 1 due to unfinished request 1051 285 Wed Sep 13 07:51:35 2006 : Error: Dropping conflicting packet from client redback:1812 - ID: 2 due to unfinished request 1051 286 This happens on both servers and after an hour it seemed to sort itself out. Setup is as follows: 2xfreeradius server 2xmysql cluster API nodes each FR server is pointed to a different node, so when we take one node offline, the secondary defined freeradius server should kick in and talk to its API. When the primary radius server came back after its mysql API was brought back after a planned outage, the primary and secondary radius servers got confused. They both started to drop connections with the above errors and no users could authenticate. Is this issue a known issue, is there a fix, has anyone got any further info on when this would happen. Restarting the primary radius server fixed the issue however this solution is meant to be a resiliant and redundant solution capable of working through either radius or mysql node failures. any info or assistance would be helpful for my RFO here. cheers -- andy[EMAIL PROTECTED] --- Never argue with an idiot. They drag you down to their level, then beat you with experience. --- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: mysql failover
On Sunday 30 May 2004 14:07, Gary McKinney wrote: Hmmm - The logic of the request does not really make much sense... If the FreeRadius server is responding to the NAS but the mysql server back-end is not responding that does not mean the radius server is broken... I would think you could setup to authenticate through multiple mysql backend servers to handle the event of the primary being offline or down instead of forcing a purfectly good working radius server to act like it was down and if you setup a secondary freeradius server to handle the event of the primary going down you can use the mysql servers that the first radius server points to for authentication by the second radius server so they have a common shared database (double redundancy). Check the email archives - I remember someone answered how to setup multiple sql servers to be used for user authentication in freeradius (which is what you really want to do here)... if the first mysql server is not responding the second (or next in line) will perform the response instead gm... - Original Message - From: jesk [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Sunday, May 30, 2004 6:38 AM Subject: Re: mysql failover On Friday 28 May 2004 17:36, jesk wrote: hi everybody, is there a way to configure freeradius to NOT answer to a NAS if the mysql-backend is down, so that the nas can switch to the next secondary configured freeradius server with its own mysql-backend? i tested freeradius and shutted down the mysqlserver, the request from the nas came in and freeradius rejected the request in cause of the closed mysqldb-handle, now the nas rejected the ppp session and didnt requested the secondary freeradius. can somebody help me? thanks in advance, christian - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html no way? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html hi, my intend was to setup 2 freeradius server, both server have to local its own mysql-db. both mysqlserver are used to handle all 3 kinds of aaa. the replication for accounting data is done with radrelay, this works very fine. but now there is this problem with the potentiality breakdown of a mysqlserver. if iam handling this like you said, then i couldnt log accounting data, in cause of the radrelay i think, accounting data would be logged twice. is there no easy way to come around this circumstances? i use the mysql for all accounts only the DEFAULT entry is in the USER file. thanks for any hints! regards, christian - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: mysql failover
On Monday 31 May 2004 16:58, jesk wrote: On Sunday 30 May 2004 14:07, Gary McKinney wrote: Hmmm - The logic of the request does not really make much sense... If the FreeRadius server is responding to the NAS but the mysql server back-end is not responding that does not mean the radius server is broken... I would think you could setup to authenticate through multiple mysql backend servers to handle the event of the primary being offline or down instead of forcing a purfectly good working radius server to act like it was down and if you setup a secondary freeradius server to handle the event of the primary going down you can use the mysql servers that the first radius server points to for authentication by the second radius server so they have a common shared database (double redundancy). Check the email archives - I remember someone answered how to setup multiple sql servers to be used for user authentication in freeradius (which is what you really want to do here)... if the first mysql server is not responding the second (or next in line) will perform the response instead gm... - Original Message - From: jesk [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Sunday, May 30, 2004 6:38 AM Subject: Re: mysql failover On Friday 28 May 2004 17:36, jesk wrote: hi everybody, is there a way to configure freeradius to NOT answer to a NAS if the mysql-backend is down, so that the nas can switch to the next secondary configured freeradius server with its own mysql-backend? i tested freeradius and shutted down the mysqlserver, the request from the nas came in and freeradius rejected the request in cause of the closed mysqldb-handle, now the nas rejected the ppp session and didnt requested the secondary freeradius. can somebody help me? thanks in advance, christian - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html no way? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html hi, my intend was to setup 2 freeradius server, both server have to local its own mysql-db. both mysqlserver are used to handle all 3 kinds of aaa. the replication for accounting data is done with radrelay, this works very fine. but now there is this problem with the potentiality breakdown of a mysqlserver. if iam handling this like you said, then i couldnt log accounting data, in cause of the radrelay i think, accounting data would be logged twice. is there no easy way to come around this circumstances? i use the mysql for all accounts only the DEFAULT entry is in the USER file. thanks for any hints! regards, christian - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html hi, i configured the always module with handled in the authorize section: redundant { sql handled } i believed that that would do nothing if the mysql module would fail, but it return a reject to the mysql client: radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = 'test' ORDER BY id' rlm_sql (sql): Ignoring unconnected handle 4.. rlm_sql (sql): Ignoring unconnected handle 3.. rlm_sql (sql): Ignoring unconnected handle 2.. rlm_sql (sql): Ignoring unconnected handle 1.. rlm_sql (sql): Ignoring unconnected handle 0.. rlm_sql (sql): There are no DB handles to use! skipped 5, tried to connect 0 modcall[authorize]: module sql returns fail for request 0 modcall[authorize]: module handled returns handled for request 0 modcall: group redundant returns handled for request 0 modcall: group authorize returns handled for request 0 There was no response configured: rejecting request 0 Server rejecting request 4. Finished request 4 Going to the next request can somebody say me what im doing wrong? thanks and regards, christian - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: mysql failover
On Tuesday 01 June 2004 00:41, jesk wrote: On Monday 31 May 2004 16:58, jesk wrote: On Sunday 30 May 2004 14:07, Gary McKinney wrote: Hmmm - The logic of the request does not really make much sense... If the FreeRadius server is responding to the NAS but the mysql server back-end is not responding that does not mean the radius server is broken... I would think you could setup to authenticate through multiple mysql backend servers to handle the event of the primary being offline or down instead of forcing a purfectly good working radius server to act like it was down and if you setup a secondary freeradius server to handle the event of the primary going down you can use the mysql servers that the first radius server points to for authentication by the second radius server so they have a common shared database (double redundancy). Check the email archives - I remember someone answered how to setup multiple sql servers to be used for user authentication in freeradius (which is what you really want to do here)... if the first mysql server is not responding the second (or next in line) will perform the response instead gm... - Original Message - From: jesk [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Sunday, May 30, 2004 6:38 AM Subject: Re: mysql failover On Friday 28 May 2004 17:36, jesk wrote: hi everybody, is there a way to configure freeradius to NOT answer to a NAS if the mysql-backend is down, so that the nas can switch to the next secondary configured freeradius server with its own mysql-backend? i tested freeradius and shutted down the mysqlserver, the request from the nas came in and freeradius rejected the request in cause of the closed mysqldb-handle, now the nas rejected the ppp session and didnt requested the secondary freeradius. can somebody help me? thanks in advance, christian - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html no way? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html hi, my intend was to setup 2 freeradius server, both server have to local its own mysql-db. both mysqlserver are used to handle all 3 kinds of aaa. the replication for accounting data is done with radrelay, this works very fine. but now there is this problem with the potentiality breakdown of a mysqlserver. if iam handling this like you said, then i couldnt log accounting data, in cause of the radrelay i think, accounting data would be logged twice. is there no easy way to come around this circumstances? i use the mysql for all accounts only the DEFAULT entry is in the USER file. thanks for any hints! regards, christian - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html hi, i configured the always module with handled in the authorize section: redundant { sql handled } i believed that that would do nothing if the mysql module would fail, but it return a reject to the mysql client: radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = 'test' ORDER BY id' rlm_sql (sql): Ignoring unconnected handle 4.. rlm_sql (sql): Ignoring unconnected handle 3.. rlm_sql (sql): Ignoring unconnected handle 2.. rlm_sql (sql): Ignoring unconnected handle 1.. rlm_sql (sql): Ignoring unconnected handle 0.. rlm_sql (sql): There are no DB handles to use! skipped 5, tried to connect 0 modcall[authorize]: module sql returns fail for request 0 modcall[authorize]: module handled returns handled for request 0 modcall: group redundant returns handled for request 0 modcall: group authorize returns handled for request 0 There was no response configured: rejecting request 0 Server rejecting request 4. Finished request 4 Going to the next request can somebody say me what im doing wrong? thanks and regards, christian - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html hi again, i wrote a mistake: i believed that that would do nothing if the mysql module would fail, but it return a reject to the mysql client: right it should be: i believed that that would do nothing if the mysql module would fail, but it returns a reject to the NAS client. furthermore i looked in the mail archive and find in the past the same question about the always handled module, but didnt find any helpful answers if it is now possible to do it or not :( in the doc/rlm_always file i read that its possible to do this: quote
Re: mysql failover
On Friday 28 May 2004 17:36, jesk wrote: hi everybody, is there a way to configure freeradius to NOT answer to a NAS if the mysql-backend is down, so that the nas can switch to the next secondary configured freeradius server with its own mysql-backend? i tested freeradius and shutted down the mysqlserver, the request from the nas came in and freeradius rejected the request in cause of the closed mysqldb-handle, now the nas rejected the ppp session and didnt requested the secondary freeradius. can somebody help me? thanks in advance, christian - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html no way? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: mysql failover
Hmmm - The logic of the request does not really make much sense... If the FreeRadius server is responding to the NAS but the mysql server back-end is not responding that does not mean the radius server is broken... I would think you could setup to authenticate through multiple mysql backend servers to handle the event of the primary being offline or down instead of forcing a purfectly good working radius server to act like it was down and if you setup a secondary freeradius server to handle the event of the primary going down you can use the mysql servers that the first radius server points to for authentication by the second radius server so they have a common shared database (double redundancy). Check the email archives - I remember someone answered how to setup multiple sql servers to be used for user authentication in freeradius (which is what you really want to do here)... if the first mysql server is not responding the second (or next in line) will perform the response instead gm... - Original Message - From: jesk [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Sunday, May 30, 2004 6:38 AM Subject: Re: mysql failover On Friday 28 May 2004 17:36, jesk wrote: hi everybody, is there a way to configure freeradius to NOT answer to a NAS if the mysql-backend is down, so that the nas can switch to the next secondary configured freeradius server with its own mysql-backend? i tested freeradius and shutted down the mysqlserver, the request from the nas came in and freeradius rejected the request in cause of the closed mysqldb-handle, now the nas rejected the ppp session and didnt requested the secondary freeradius. can somebody help me? thanks in advance, christian - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html no way? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
mysql failover
hi everybody, is there a way to configure freeradius to NOT answer to a NAS if the mysql-backend is down, so that the nas can switch to the next secondary configured freeradius server with its own mysql-backend? i tested freeradius and shutted down the mysqlserver, the request from the nas came in and freeradius rejected the request in cause of the closed mysqldb-handle, now the nas rejected the ppp session and didnt requested the secondary freeradius. can somebody help me? thanks in advance, christian - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html