Re: Detailed logging on 1.1.7 [fixed]
Hi all, Since I hate when people write No problem, I fixed it and then disappear into the ether without giving details that could be useful to others, here is what I did: 1. Install screen (not by default installed in FreeBSD). 2. Run a new screen, name it something convenient (# screen -S radiusd) 3. Hit Ctrl+A-H, this will log all console output to file. 4. Start radiusd with -X or -x 5. Detach from the screen with Ctrl+A-d FreeRADIUS is now running in this screen, and everything is being stored to log file. At any time, you can reattach to the screen (both from local and over SSH) to see what is going on in real time. Cheers, Mike - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Multiple accounting requests crash the server
Hi all, I am seeing a strange situation. I receive an accounting-stop request from a NAS, and FreeRADIUS (1.1.7 against Oracle) updates the corresponding radacct record. However, the NAS is not receiving the ack, and thus re-sends the stop request. On the second request, FreeRADIUS tries to do an update query again, and then, an insert query, with the stop message details (i.e. only a stop time, reason idle-timeout, etc.), which fails. After the third request from the NAS (and corresponding update followed by insert), Oracle throws a unique constraint violation error, and the server freezes. Questions: 1. Why is FreeRADIUS failing to see that this request was already acknowledged, i.e. it has been updated on the database, and just sends an ACK, rather than trying to insert a new record? 2. Why does FreeRADIUS freeze on an SQL error from Oracle? Should it not just log the error and carry on about its business? I am finding my server freezing every few days due to these issues, for example, if a query takes too long to run, or a trigger fails to execute. Is FreeRADIUS against Oracle more fragile than say MySQL? Cheers, Mike - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Multiple accounting requests crash the server [update]
Update to the problem: the accounting-stop alternate query is actually an INSERT, not an UPDATE, by default, which actually surprises me, as in case of a duplicate packet, an INSERT into a properly unique-indexed table is doomed. I have now simply changed the -alt into an UPDATE query, so it would also not affect any record, but at least will not cause Oracle to balk. My only problem now is how to make sure FreeRADIUS does not freeze upon an SQL error. Cheers, Mike Mother wrote: Hi all, I am seeing a strange situation. I receive an accounting-stop request from a NAS, and FreeRADIUS (1.1.7 against Oracle) updates the corresponding radacct record. However, the NAS is not receiving the ack, and thus re-sends the stop request. On the second request, FreeRADIUS tries to do an update query again, and then, an insert query, with the stop message details (i.e. only a stop time, reason idle-timeout, etc.), which fails. After the third request from the NAS (and corresponding update followed by insert), Oracle throws a unique constraint violation error, and the server freezes. Questions: 1. Why is FreeRADIUS failing to see that this request was already acknowledged, i.e. it has been updated on the database, and just sends an ACK, rather than trying to insert a new record? 2. Why does FreeRADIUS freeze on an SQL error from Oracle? Should it not just log the error and carry on about its business? I am finding my server freezing every few days due to these issues, for example, if a query takes too long to run, or a trigger fails to execute. Is FreeRADIUS against Oracle more fragile than say MySQL? Cheers, Mike - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Multiple accounting requests crash the server
Hi Alan, Thanks for your answers, mine inline below: Alan DeKok wrote: Mother wrote: I am seeing a strange situation. I receive an accounting-stop request from a NAS, and FreeRADIUS (1.1.7 against Oracle) updates the corresponding radacct record. However, the NAS is not receiving the ack, and thus re-sends the stop request. On the second request, FreeRADIUS tries to do an update query again, and then, an insert query, with the stop message details (i.e. only a stop time, reason idle-timeout, etc.), which fails. Why? As I mention in my update, an accounting-stop that uses the alternate default query will attempt an insert, not an update (I have a few new records in radacct with only stop time after this episode, all with the same session ID). The reason the NAS was resending was that it was not receiving the confirmation back from FreeRADIUS, most likely due to a temporary network failure on a segment along the way. After the third request from the NAS (and corresponding update followed by insert), Oracle throws a unique constraint violation error, and the server freezes. Weird. Indeed - why it throws this after the third query is what gets me, as the unique constraint should have been hit right after the first update was done. I will investigate the timeline of events with more detail. Questions: 1. Why is FreeRADIUS failing to see that this request was already acknowledged, i.e. it has been updated on the database, and just sends an ACK, rather than trying to insert a new record? Because RADIUS doesn't work like that. Accounting requests are never re-sent, so *all* accounting requests are brand new, and have to be treated that way. They are never re-sent? Then please tell one of the major European wireless ISP about this, as they were hammering my server :) This is what they saw: Fri Jan 25 10:31:10 2008: INFO: AuthRADIUS: No reply after 2 retransmissions to 80.33.137.68:1813 for [EMAIL PROTECTED] (25). Now have 1 consecutive failures over 0 seconds. Backing off for 30 seconds Note that they are *not* using FreeRADIUS. In any case, I will adapt the queries as needed so that they don't hit a brick wall if I find conditions like this. 2. Why does FreeRADIUS freeze on an SQL error from Oracle? Should it not just log the error and carry on about its business? I am finding my server freezing every few days due to these issues, for example, if a query takes too long to run, or a trigger fails to execute. Is FreeRADIUS against Oracle more fragile than say MySQL? I think that fewer people are using it that way. Yes, I understand Oracle penetration in FreeRADIUS is tiny, but still. Perhaps you could try posting the error message, or run it under gdb to see why it's freezing. These are the sanitized logs, with irrelevant crud cut out: #1: rad_recv: Accounting-Request packet from host X.X.X.X:46641, id=184, length=302 User-Name = blah NAS-Port = 2 NAS-Port-Type = Wireless-802.11 NAS-Identifier = XX NAS-IP-Address = X.X.X.X Acct-Status-Type = Stop Calling-Station-Id = MAC Called-Station-Id = MAC Event-Timestamp = Jan 25 2008 10:49:13 CET Acct-Delay-Time = 955 Acct-Session-Id = 59fdb3fd Acct-Authentic = RADIUS Acct-Session-Time = 343 Acct-Input-Octets = 48365 Acct-Input-Gigawords = 0 Acct-Input-Packets = 199 Acct-Output-Octets = 42343 Acct-Output-Gigawords = 0 Acct-Output-Packets = 248 Acct-Terminate-Cause = Idle-Timeout Framed-IP-Address = 192.168.51.186 WISPr-Location-Name = Address Vendor-18529-Attr-42 = 0x48455336373131 Attr-103 = 0x4799b09a Attr-103 = 0x4799b09a WISPr-Location-ID = isocc=es,cc=34,ac=08080,network=SSID UPDATE query (fails) INSERT query (seems to take place) rlm_sql (sql): Released sql socket id: 3 modcall[accounting]: module sql returns ok for request 0 modcall: leaving group accounting (returns ok) for request 0 Sending Accounting-Response of id 184 to X.X.X.X port 46641 Finished request 0 #2: rad_recv: Accounting-Request packet from host X.X.X.X:46641, id=185, length=302 User-Name = blah NAS-Port = 2 NAS-Port-Type = Wireless-802.11 NAS-Identifier = XXX NAS-IP-Address = X.X.X.X Acct-Status-Type = Stop Calling-Station-Id = MAC Called-Station-Id = MAC Event-Timestamp = Jan 25 2008 10:49:13 CET Acct-Delay-Time = 955 Acct-Session-Id = 59fdb3fd Acct-Authentic = RADIUS Acct-Session-Time = 343 Acct-Input-Octets = 48365 Acct-Input-Gigawords = 0 Acct-Input-Packets = 199 Acct-Output-Octets = 42343 Acct-Output-Gigawords = 0 Acct-Output-Packets = 248 Acct-Terminate-Cause = Idle-Timeout Framed-IP-Address = 192.168.51.186 WISPr-Location-Name = Address Vendor-18529-Attr-42 = 0x48455336373131 Attr-103 = 0x4799b05a Attr-103 = 0x4799b09b WISPr-Location-ID = isocc=es,cc=34,ac=08080,network=SSID UPDATE query (fails) INSERT
Detailed logging on 1.1.7
Hi all, After searching around the docs, I cannot find a way to control the debug log level (to radius.log), and since I am having problems where the server seems to freeze every now and then, I really need to find a cause. All I could see in the last batch of logs is: Wed Jan 23 09:15:51 2008 : Info: rlm_sql (sql): No matching entry in the database for request from user [mother] Wed Jan 23 11:34:00 2008 : Error: Discarding duplicate request from client Whisher-Test:2207 - ID: 0 due to unfinished request 391 About a dozen more of these Wed Jan 23 11:34:30 2008 : Error: WARNING: Unresponsive child (id 136186368) for request 391 (in component authorize module rlm_sql) Wed Jan 23 11:34:32 2008 : Error: Discarding duplicate request from client Whisher-Test:2207 - ID: 0 due to unfinished request 391 About another dozen of these It seems the server stopped responding at 09:15 or just after, and I restarted it at 11:34 after a user complained he could not login on the hotspot's landing page. Any insight will be greatly appreciated, regards, Mike PS Before you start screaming Upgrade to 2.0.0!!, I cannot (yet) as this is on a FreeBSD box using ports and Oracle. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Detailed logging on 1.1.7
Ivan, [EMAIL PROTECTED] wrote: http://www.digipedia.pl/man/radiusd.8.html Yes, deja-vu :) One question, -x (not -X), provides debug output to radius.log??? I tried this before, but did not seem to get anything other than what is already normally ouput. Best regards, Mike - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Version 2.0.0 has been released
Alan T DeKok wrote: January 10, 2007 - Version 2.0.0 has been released. We are pleased to announce that Version 2.0.0 has been released. This version is a tremendous step forward in functionality for the server. This is great news Alan! Any idea if a *BSD port is going to be released for it soon? I would love to see the Oracle module fixed so it can be selected/built from the configure menu (hint hint, eye twitch - David Wood). Cheers, Mike - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problem using Freeradius with Oracle [sec=unclassified]
Hi Frank,
Ranner, Frank MR wrote:
SNIP
Oracle doesn't seem to do bit shift. You can multiply by 2^32 instead.
AcctInputOctets = '%{%{Acct-Input-Gigawords}:-0}' * 4294967296 +
'%{%{Acct-Input-Octets}:-0}'
Oracle supports up to 38 digit numbers.
/SNIP
Thanks so much for that suggestion, I will give it a go!
Best regards,
Mike
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: powerfull manager?
Hi Liran, liran tal wrote: Billing is indeed a crucial part but with some group-effort we could probably come up with something good... daloRADIUS is an open source application for management, accounting, and billing. The billing side is almost not developed at all but the management, accounting, and everything else is growing pretty fast. I wouldn't mind contributing, but I would like to have a manager that supports a flexible database plugin system, so that other DBs than the typical MySQL/Postgre can be added easily...for example, Oracle :) Best regards, Mike - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Problem using Freeradius with Oracle
Hi all,
My setup is FreeBSD 6.2, with Freeradius 1.1.7 installed using Ports (I
had to hack the configure so it would be built with Oracle, as there is
no option in the Ports make, but I digress...).
I have everything working now, but when the accounting stop message is
received, the SQL call causes Oracle to balk. The call (with
non-relevant portions removed) is:
UPDATE radacct SET ... AcctInputOctets = '0' 32 | '0',
AcctOutputOctets = '0' 32 | '0', ... WHERE ...
Now, Acc[input/output]Octets as I see in oraclesql.conf is derived like
this:
AcctInputOctets = '%{%{Acct-Input-Gigawords}:-0}' 32 |
'%{%{Acct-Input-Octets}:-0}'
So it seems (AFAIK) that it's attempting to bit-shift the Gigawords and
Octets received from the NAS.
My problem is that if this syntax is used, Oracle complains with
'ORA-00933: SQL command not properly ended'. If I remove the , and add
an extra pipe (|| is concatenate in Oracle), it seems to work, but not
as it should.
Has anyone got this working in their setup?
Cheers,
Mike
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problem using Freeradius with Oracle
Hi David, David Wood wrote: Hi Mike, In message [EMAIL PROTECTED], Mother [EMAIL PROTECTED] writes My setup is FreeBSD 6.2, with Freeradius 1.1.7 installed using Ports (I had to hack the configure so it would be built with Oracle, as there is no option in the Ports make, but I digress...). I maintain the FreeBSD net/freeradius port. I've not added support for Oracle because nobody has asked for it and I have no way of testing it. If you send me a diff for the port's Makefile, I'll include it in the port. No problem, once I'm sure the method I'm following is stable, and write a mini-HOWTO, I will send you the diff. There are basically two places to tweak, one is the actual Makefile (to include Oracle in the menu), and the other is the configure script for rlm_sql_oracle, which seems to basically ignore --with-oracle-home-dir. I ended up hard-coding ORACLE_HOME in the configure script, and copying it just as make finished extracting everything from the tarball (feel free to flame me for being lazy!). This assumes that FreeRADIUS works with the Oracle support in FreeBSD ports - if not, then you'll either have to sort out a fix to the Oracle support in ports, or continue to hack away! I have FreeRADIUS working perfectly against a remote Oracle server, using the 10.2.0.3 instantclient and oracle8-client ports. The only difficulty is that there doesn't seem to be an .sql script included with FreeRADIUS to create the Oracle table structure, triggers, etc. so I had to rely on an old version I found. Using this, I was only missing one row from the radacct table, but otherwise I was all set. The next hurdle is to figure out how to combine the Gigaword and octets in Oracle (thanks Alan, will dig through the docs) to make the accounting queries work - they do if I just leave the octets in. Will keep you posted, best regards, Mike - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problem using Freeradius with Oracle
Hi Ivan, [EMAIL PROTECTED] wrote: The only difficulty is that there doesn't seem to be an .sql script included with FreeRADIUS to create the Oracle table structure, triggers, etc. so I had to rely on an old version I found. If it's of any help now: http://wiki.freeradius.org/Oracle_DDL_script Thanks for that, it's the old version I was mentioning - basically, it is missing the XAscendSessionSvrKey column in the RADACCT table. This is used by the current FreeRADIUS, maybe worth editing into the wiki. Best regards, Mike - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
