At 02:49 PM 1/15/2002 -0500, you wrote:
>I'm trying to get authentication working with multiple mysql databases,
>where the primary database is shutdown.
>
>In my configs ala the configuration_failover doc:
>$INCLUDE ${confdir}/sql.conf
>$INCLUDE ${confdir}/sql2.conf
>authorize {
> preprocess
> suffix
> redundant {
> sql1
> sql2
> }
> files
>}
>authenticate {
> authtype SQL {
> redundant {
> sql1
> sql2
> }
> }
>}
>accounting {
> detail
> sql1
> radutmp
>}
>
>So there is no redundancy for accounting.
Hi Jeremy,
I just went through setting up the same kind of redundancy you want last
night. I found that in *addition* to the patch that Alan just committed, I
had to use some custom fail over rules to get the behavior I wanted.
The 'redundant' block (again, after the latest patch) will fail over
properly if the server is down, but it also will fail over if an account
does not exist in your first SQL server or if the customer supplies a bad
password. Since the databases are *redundant*, there doesn't seem to be
any point in checking with the second SQL server in these cases (and it is
a slight performance penalty).
Below are the radiusd.conf lines I used to get around this. The docs for
this are available at:
http://www.freeradius.org/radiusd/doc/configurable_failover
authorize {
preprocess
# counter
attr_filter
suffix
files
group {
sql1auth {
fail = 1
notfound = return
noop = 2
ok = return
updated = 3
reject = return
userlock = 4
invalid = 5
handled = 6
}
sql2auth {
fail = 1
notfound = return
noop = 2
ok = return
updated = 3
reject = return
userlock = 4
invalid = 5
handled = 6
}
}
}
authenticate {
authtype SQL {
group {
sql1auth {
fail = 1
notfound = return
noop = 2
ok = return
updated = 3
reject = return
userlock = 4
invalid = 5
handled = 6
}
sql2auth {
fail = 1
notfound = return
noop = 2
ok = return
updated = 3
reject = return
userlock = 4
invalid = 5
handled = 6
}
}
}
}
Note for the record: I posted a slightly different set of rules to the
list back in December. Those rules didn't work quite right because of the
problem that the problem that the patch mentioned above fixed.
>When running in debug mode I get:
>
>rlm_sql: Trying to (re)connect an unconnected handle...
>rlm_sql: Couldn't connect socket to MySQL server radius@sql:radius_data
>rlm_sql: Mysql error 'Can't connect to MySQL server on 'sql' (111)'
>rlm_sql: Failed to connect DB handle #4
>rlm_sql: Ignoring unconnected handle
>rlm_sql: Ignoring unconnected handle
>rlm_sql: Ignoring unconnected handle
>rlm_sql: Ignoring unconnected handle
>rlm_sql: Ignoring unconnected handle
>rlm_sql: There are no DB handles to use!
>
>So it seems like it's not failing over to the secondary sql server. Does
>the failover code work for when it can't connect to one of the databases, or
>only if it doesn't get the correct response?
>
>Note, if I comment out the sql1 lines, everything works, it authenticates
>off of the secondary sql.
>
>
>-
>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Randy Moore
Axion Information Technologies, Inc.
email [EMAIL PROTECTED]
phone 301-408-1200
fax 301-445-3947
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
