I am having problemas deploying a redundant freeradius with mysql Here my sql.conf
# -*- text -*- ## ## sql.conf -- SQL modules ## ## $Id$ ###################################################################### # # Configuration for the SQL module # # The database schemas and queries are located in subdirectories: # # sql/DB/schema.sql Schema # sql/DB/dialup.conf Basic dialup (including policy) queries # sql/DB/counter.conf counter # sql/DB/ippool.conf IP Pools in SQL # sql/DB/ippool.sql schema for IP pools. # # Where "DB" is mysql, mssql, oracle, or postgresql. # sql sql1{ # # Set the database to one of: # # mysql, mssql, oracle, postgresql # database = "mysql" # # Which FreeRADIUS driver to use. # driver = "rlm_sql_${database}" # Connection info: server = "xxx.xxx.xxx.xxx" #port = 3306 login = "radius" password = "radius" # Database table configuration for everything except Oracle radius_db = "radiusprod" # If you are using Oracle then use this instead # radius_db = "(DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=localhost)(PORT=1521))(CONNECT_DATA=(SID=your_sid)))" # If you want both stop and start records logged to the # same SQL table, leave this as is. If you want them in # different tables, put the start table in acct_table1 # and stop table in acct_table2 acct_table1 = "radacct" acct_table2 = "radacct" # Allow for storing data after authentication postauth_table = "radpostauth" authcheck_table = "radcheck" authreply_table = "radreply" groupcheck_table = "radgroupcheck" groupreply_table = "radgroupreply" # Table to keep group info usergroup_table = "usergroup" # If set to 'yes' (default) we read the group tables # If set to 'no' the user MUST have Fall-Through = Yes in the radreply table # read_groups = yes # Remove stale session if checkrad does not see a double login deletestalesessions = yes # Print all SQL statements when in debug mode (-x) ######### ROML PONER SQLTRACE NO!############# sqltrace = no ############################################## sqltracefile = ${logdir}/sqltrace.sql # number of sql connections to make to server num_sql_socks = 8 #num_sql_socks = 40 # number of seconds to dely retrying on a failed database # connection (per_socket) connect_failure_retry_delay = 60 # lifetime of an SQL socket. If you are having network issues # such as TCP sessions expiring, you may need to set the socket # lifetime. If set to non-zero, any open connections will be # closed "lifetime" seconds after they were first opened. lifetime = 0 # Maximum number of queries used by an SQL socket. If you are # having issues with SQL sockets lasting "too long", you can # limit the number of queries performed over one socket. After # "max_qeuries", the socket will be closed. Use 0 for "no limit". max_queries = 0 # Set to 'yes' to read radius clients from the database ('nas' table) # Clients will ONLY be read on server startup. For performance # and security reasons, finding clients via SQL queries CANNOT # be done "live" while the server is running. # readclients = yes # Table to keep radius client info nas_table = "nas" # Read driver-specific configuration $INCLUDE sql/${database}/dialup.conf } sql sql2{ # # Set the database to one of: # # mysql, mssql, oracle, postgresql # database = "mysql" # # Which FreeRADIUS driver to use. # driver = "rlm_sql_${database}" # Connection info: server = "127.0.0.1" #port = 3306 login = "radius" password = "radius" # Database table configuration for everything except Oracle radius_db = "radiusprod" # If you are using Oracle then use this instead # radius_db = "(DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=localhost)(PORT=1521))(CONNECT_DATA=(SID=your_sid)))" # If you want both stop and start records logged to the # same SQL table, leave this as is. If you want them in # different tables, put the start table in acct_table1 # and stop table in acct_table2 acct_table1 = "radacct" acct_table2 = "radacct" # Allow for storing data after authentication postauth_table = "radpostauth" authcheck_table = "radcheck" authreply_table = "radreply" groupcheck_table = "radgroupcheck" groupreply_table = "radgroupreply" # Table to keep group info usergroup_table = "usergroup" # If set to 'yes' (default) we read the group tables # If set to 'no' the user MUST have Fall-Through = Yes in the radreply table # read_groups = yes # Remove stale session if checkrad does not see a double login deletestalesessions = yes # Print all SQL statements when in debug mode (-x) ######### ROML PONER SQLTRACE NO!############# sqltrace = no ############################################## sqltracefile = ${logdir}/sqltrace.sql # number of sql connections to make to server num_sql_socks = 8 #num_sql_socks = 40 # number of seconds to dely retrying on a failed database # connection (per_socket) connect_failure_retry_delay = 60 # lifetime of an SQL socket. If you are having network issues # such as TCP sessions expiring, you may need to set the socket # lifetime. If set to non-zero, any open connections will be # closed "lifetime" seconds after they were first opened. lifetime = 0 # Maximum number of queries used by an SQL socket. If you are # having issues with SQL sockets lasting "too long", you can # limit the number of queries performed over one socket. After # "max_qeuries", the socket will be closed. Use 0 for "no limit". max_queries = 0 # Set to 'yes' to read radius clients from the database ('nas' table) # Clients will ONLY be read on server startup. For performance # and security reasons, finding clients via SQL queries CANNOT # be done "live" while the server is running. # readclients = yes # Table to keep radius client info nas_table = "nas" # Read driver-specific configuration $INCLUDE sql/${database}/dialup.conf } radius.conf instantiate { # # Allows the execution of external scripts. # The entire command line (and output) must fit into 253 bytes. # # e.g. Framed-Pool = `%{exec:/bin/echo foo}` exec # # The expression module doesn't do authorization, # authentication, or accounting. It only does dynamic # translation, of the form: # # Session-Timeout = `%{expr:2 + 3}` # # So the module needs to be instantiated, but CANNOT be # listed in any other section. See 'doc/rlm_expr' for # more information. # expr # # We add the counter module here so that it registers # the check-name attribute before any module which sets # it # daily expiration logintime # subsections here can be thought of as "virtual" modules. # # e.g. If you have two redundant SQL servers, and you want to # use them in the authorize and accounting sections, you could # place a "redundant" block in each section, containing the # exact same text. Or, you could uncomment the following # lines, and list "redundant_sql" in the authorize and # accounting sections. # #redundant redundant_sql { # sql1 # sql2 #} redundant redundant_sql { sql1 sql2 handled } redundant redundant_sqlip { sqlippool1 sqlippool2 handled } } sqlippool.conf ## Configuration for the SQL based IP Pool module (rlm_sqlippool) ## ## The database schemas are available at: ## ## raddb/sql/DB/ippool.sql ## ## $Id$ sqlippool sqlippool1 { ######################################### ## SQL instance to use (from sql.conf) ## ## ## If you have multiple sql instances, such as "sql sql1 {...}", ## use the *instance* name here: sql1. ######################################### sql-instance-name = "sql1" ## SQL table to use for ippool range and lease info ippool_table = "radippool" ## IP lease duration. (Leases expire even if Acct Stop packet is lost) lease-duration = 3600 ## Attribute which should be considered unique per NAS ## Using NAS-Port gives behaviour similar to rlm_ippool. (And ACS) ## Using Calling-Station-Id works for NAS that send fixed NAS-Port ## ONLY change this if you know what you are doing! pool-key = "%{NAS-Port}" # pool-key = "%{Calling-Station-Id}" ################################################################ # # WARNING: MySQL has certain limitations that means it can # hand out the same IP address to 2 different users. # # We suggest using an SQL DB with proper transaction # support, such as PostgreSQL, or using MySQL # with InnoDB. # ################################################################ # # Use the same database as configured in the "sql" module, "database" # configuration item. Change the "postgresql" name below to be the # same as the "database" field of the SQL module referred to in the # "sql-instance-name", above. # $INCLUDE sql/mysql/ippool.conf ## Logging configuration. (Comment out to disable logging) sqlippool_log_exists = "Existing IP: %{reply:Framed-IP-Address} \ (did %{Called-Station-Id} cli %{Calling-Station-Id} port %{NAS-Port} user %{User-Name})" sqlippool_log_success = "Allocated IP: %{reply:Framed-IP-Address} from %{control:Pool-Name} \ (did %{Called-Station-Id} cli %{Calling-Station-Id} port %{NAS-Port} user %{User-Name})" sqlippool_log_clear = "Released IP %{Framed-IP-Address}\ (did %{Called-Station-Id} cli %{Calling-Station-Id} user %{User-Name})" sqlippool_log_failed = "IP Allocation FAILED from %{control:Pool-Name} \ (did %{Called-Station-Id} cli %{Calling-Station-Id} port %{NAS-Port} user %{User-Name})" sqlippool_log_nopool = "No Pool-Name defined \ (did %{Called-Station-Id} cli %{Calling-Station-Id} port %{NAS-Port} user %{User-Name})" } sqlippool sqlippool2 { ######################################### ## SQL instance to use (from sql.conf) ## ## ## If you have multiple sql instances, such as "sql sql1 {...}", ## use the *instance* name here: sql1. ######################################### sql-instance-name = "sql2" ## SQL table to use for ippool range and lease info ippool_table = "radippool" ## IP lease duration. (Leases expire even if Acct Stop packet is lost) lease-duration = 3600 ## Attribute which should be considered unique per NAS ## Using NAS-Port gives behaviour similar to rlm_ippool. (And ACS) ## Using Calling-Station-Id works for NAS that send fixed NAS-Port ## ONLY change this if you know what you are doing! pool-key = "%{NAS-Port}" # pool-key = "%{Calling-Station-Id}" ################################################################ # # WARNING: MySQL has certain limitations that means it can # hand out the same IP address to 2 different users. # # We suggest using an SQL DB with proper transaction # support, such as PostgreSQL, or using MySQL # with InnoDB. # ################################################################ # # Use the same database as configured in the "sql" module, "database" # configuration item. Change the "postgresql" name below to be the # same as the "database" field of the SQL module referred to in the # "sql-instance-name", above. # $INCLUDE sql/mysql/ippool.conf ## Logging configuration. (Comment out to disable logging) sqlippool_log_exists = "Existing IP: %{reply:Framed-IP-Address} \ (did %{Called-Station-Id} cli %{Calling-Station-Id} port %{NAS-Port} user %{User-Name})" sqlippool_log_success = "Allocated IP: %{reply:Framed-IP-Address} from %{control:Pool-Name} \ (did %{Called-Station-Id} cli %{Calling-Station-Id} port %{NAS-Port} user %{User-Name})" sqlippool_log_clear = "Released IP %{Framed-IP-Address}\ (did %{Called-Station-Id} cli %{Calling-Station-Id} user %{User-Name})" sqlippool_log_failed = "IP Allocation FAILED from %{control:Pool-Name} \ (did %{Called-Station-Id} cli %{Calling-Station-Id} port %{NAS-Port} user %{User-Name})" sqlippool_log_nopool = "No Pool-Name defined \ (did %{Called-Station-Id} cli %{Calling-Station-Id} port %{NAS-Port} user %{User-Name})" } sites-enable/default authorize { preprocess chap mschap suffix eap { ok = return } redundant_sql detail pap expiration logintime pap } authenticate { Auth-Type PAP { pap } Auth-Type CHAP { chap } Auth-Type MS-CHAP { mschap } unix eap } preacct { preprocess acct_unique suffix } accounting { detail { fail = 1 } redundant_sql radutmp redundant_sqlip } session { radutmp detail { fail = 1 } redundant_sql } post-auth { detail { fail = 1 } redundant_sqlip redundant_sql exec Post-Auth-Type REJECT { attr_filter.access_reject } } pre-proxy { } post-proxy { eap } The result after a radiusd -X is /etc/raddb/sql.conf[116]: Instantiation failed for module "sql2" /etc/raddb/radiusd.conf[771]: Failed to find module "sql2". /etc/raddb/radiusd.conf[771]: Failed to parse "sql2" entry. /etc/raddb/sites-enabled/default[1]: Errors parsing authorize section. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html