Re: rlm_sqlippool Oracle sql error : ORA-00907: missing right parenthesis
westwood wrote: freeradius versions 2.1.8/9/10 + oracle 10.2.0 ... rlm_sql_oracle: query failed in sql_select_query: ORA-00907: missing right parenthesis That's an Oracle error. The query is malformed. i find the error occured when allocate-find executed in the file sql/oracle/ippool.conf , but this statement can work well in mysql. Uh... you're using MySQL syntax for an Oracle server? How can i make it works ? Use Oracle SQL syntax. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_sqlippool required?
On 01/09/2010 04:33 PM, John Kane wrote: John Kane wrote: Is the rlm_sqlippool required when allocating IPs from an SQL DB? Yes. I am trying to set this up on a 1.1.3 install, and don't see that module. Install 2.1.8. Alan DeKok. - Thanks Alan, unfortunately I am chained to Red Hat RPMs on this project, and their latest is 1.1.3 without the rlm_sqlippool module. I pulled the 1.1.3 down from the FreeRADIUS site, and it has that module (maybe our RH friend John Dennis can explain to me why it is on the FR site but not the RH RPM, and if I should open a ticket to RH to get it added). More current versions of FreeRADIUS than 1.1.3. are available for RHEL 5 and CentOS5, see: http://wiki.freeradius.org/Red_Hat_FAQ The latest build for RHEL5 is 2.1.7, I'll be adding 2.1.8 shortly. Note these are not official builds. We anticipate 2.1.7 will show up as an official build in the RHEL 5.5 update under the package name freeradius2. 2.1.8 was released after the cut off date, thus RHEL 5 will only have 2.1.7 and 1.1.3. As for why 1.1.3 didn't ship with rlm_sqlippo0l (it does ship with rlm_ippool) I can't tell you, it was before my time. If you would like to open a bug against the 1.1.3 RHEL 5.5 version please contact your support TAM. -- John Dennis jden...@redhat.com Looking to carve out IT costs? www.redhat.com/carveoutcosts/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_sqlippool required?
John Kane wrote: Thanks Alan, unfortunately I am chained to Red Hat RPMs on this project, and their latest is 1.1.3 without the rlm_sqlippool module. I pulled the 1.1.3 down from the FreeRADIUS site, and it has that module (maybe our RH friend John Dennis can explain to me why it is on the FR site but not the RH RPM, and if I should open a ticket to RH to get it added). http://freeradius.org/download.html See the Fedora link. There are RPMs produced by RH for 2.1.8. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_sqlippool required?
John Kane wrote: Is the rlm_sqlippool required when allocating IPs from an SQL DB? Yes. I am trying to set this up on a 1.1.3 install, and don't see that module. Install 2.1.8. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: rlm_sqlippool required?
John Kane wrote: Is the rlm_sqlippool required when allocating IPs from an SQL DB? Yes. I am trying to set this up on a 1.1.3 install, and don't see that module. Install 2.1.8. Alan DeKok. - Thanks Alan, unfortunately I am chained to Red Hat RPMs on this project, and their latest is 1.1.3 without the rlm_sqlippool module. I pulled the 1.1.3 down from the FreeRADIUS site, and it has that module (maybe our RH friend John Dennis can explain to me why it is on the FR site but not the RH RPM, and if I should open a ticket to RH to get it added). Thanks, John This message is confidential to Prodea Systems, Inc unless otherwise indicated or apparent from its nature. This message is directed to the intended recipient only, who may be readily determined by the sender of this message and its contents. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient:(a)any dissemination or copying of this message is strictly prohibited; and(b)immediately notify the sender by return message and destroy any copies of this message in any form(electronic, paper or otherwise) that you have.The delivery of this message and its information is neither intended to be nor constitutes a disclosure or waiver of any trade secrets, intellectual property, attorney work product, or attorney-client communications. The authority of the individual sending this message to legally bind Prodea Systems is neither apparent nor implied,and must be independently verified. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_sqlippool allocating duplicate IPs
Phil Mayers wrote: Is there a MAC in the Access-Request? If so, the IPPool module Sadly not. It's from pptp (pppd) radius.so plugin, so the requests basically only contain: Ugh. We should fix that to send the MAC in the Calling-Station-Id, rather than sending the IP address. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_sqlippool allocating duplicate IPs
Phil Mayers wrote: All, I've just become aware of a rather annoying problem with our PPTP VPN server. Sometimes, a client will connect, disconnect and reconnect in quick succession. In these circumstances, there seems to be a window which an IP can remain allocated to a live VPN session, but is marked as free in the SQL table, causing subsequent clients to connect, be allocated the IP, and fail to get any connectivity. ACK! Shortly after sending this email, we found the problem and it's truly vile. It's nothing to do with FreeRadius at all, except tangentially - what's actually happening is that the PPTP client is closing the PPP LCP layer and re-opening it on the same PPTP control/data channel. This results in a very rapid set of: 1. access-request nas-port-id = 100 2. access-accept framedipaddress = 192.168.1.100 3. acct-start acctsessionid = 4B151C655A nas-port-id = 100 framedipaddress = 192.168.1.100 4. acct-stop nas-port-id = 100 framedipaddress = 192.168.1.100 acctterminatecause = user-request 5. access-request nas-port-id = 100 6. access-accept framedipaddress = 192.168.1.100 7. acct-start acctsessionid = 4B151C685A0001 nas-port-id = 100 framedipaddress = 192.168.1.100 I am assuming the radius packet for #5 actually arrives before the accounting stop in #4, thus the accounting-stop then marks the IP free, and the problem occurs. Bah. I can probably work around this by unallocating the allocate-clear query in rlm_sqlippool. Sick.. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_sqlippool allocating duplicate IPs
Phil Mayers wrote: Phil Mayers wrote: All, I've just become aware of a rather annoying problem with our PPTP VPN server. Sometimes, a client will connect, disconnect and reconnect in quick succession. In these circumstances, there seems to be a window which an IP can remain allocated to a live VPN session, but is marked as free in the SQL table, causing subsequent clients to connect, be allocated the IP, and fail to get any connectivity. ACK! Shortly after sending this email, we found the problem and it's truly vile. It's nothing to do with FreeRadius at all, except tangentially - what's actually happening is that the PPTP client is closing the PPP LCP layer and re-opening it on the same PPTP control/data channel. This results in a very rapid set of: Ugh. Even worse, it doesn't actually re-authenticate the user; it actually just tears down the IPCP layer, and then brings it back up again USING THE SAME IP. Of course, since the stop-clear query has run at that point and re-set the pool_key column to 0, so the 2nd accounting start doesn't re-allocate the IP. That is, it does: access-request allocate-ip update pool set nas=%{NAS},pool_key=${pool-key} where ip=%I accounting-start update pool set expires=now()+x where nas=%{NAS} and pool_key=${pool-key} accounting-stop update pool set expires=now()-1,pool_key=0 where nas=%{NAS} and pool_key=${pool-key} accounting-start update pool set expires=now()+x where nas=%{NAS} and pool_key=${pool-key} FAILS because pool_key=0 now Bah. Bah bah bah. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_sqlippool allocating duplicate IPs
Phil Mayers wrote: Ugh. Even worse, it doesn't actually re-authenticate the user; it actually just tears down the IPCP layer, and then brings it back up again USING THE SAME IP. Of course, since the stop-clear query has run at that point and re-set the pool_key column to 0, so the 2nd accounting start doesn't re-allocate the IP. Is there a MAC in the Access-Request? If so, the IPPool module *should* save last allocated MAC. The preference for allocation should be: 1) previously unallocated IP (no MAC associated with it) 2) unused (MAC associated with it), ordered by last time it was released (prefer older IPs) That will maximize the re-use, and minimize the conflict. Surprisingly enough, the same algorithm is useful for DHCP, too. :) Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_sqlippool allocating duplicate IPs
Alan DeKok wrote: Phil Mayers wrote: Ugh. Even worse, it doesn't actually re-authenticate the user; it actually just tears down the IPCP layer, and then brings it back up again USING THE SAME IP. Of course, since the stop-clear query has run at that point and re-set the pool_key column to 0, so the 2nd accounting start doesn't re-allocate the IP. Is there a MAC in the Access-Request? If so, the IPPool module Sadly not. It's from pptp (pppd) radius.so plugin, so the requests basically only contain: User-Name NAS-IP-Address NAS-Port = pppd_pty# Calling-Station-Id = the.vpn.client.ip Framed-IP-Address For the moment I've worked around it by changing the stop-clear query from: UPDATE ${ippool_table} SET \ nasipaddress = '', pool_key = 0, callingstationid = '' \ expiry_time = 'now'::timestamp(0) - '1 second'::interval ...to: UPDATE ${ippool_table} SET \ expiry_time = 'now'::timestamp(0) - '1 second'::interval This allows the start-update query to re-claim the IP allocation. It should also be safe, since in my case the pool-key option is NAS-Port and the allocate-clear query will zero out any spurious / dead sessions before the accounting gets a chance to eat them. Still - I'll admit to finding it a bit worrying. There are clearly cases when IPs can get lost. The other options are to base the WHERE clause on the framedipaddress, which in my case is always present in the accounting. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_sqlippool
On Thu, Jul 31, 2008 at 12:23:50AM +0200, Leander Schäfer wrote: Hi, I use FreeRADIUS 2.0.5 combined with PostgreSQL instead of using raddb/users file etc. . I tried to do the rlm_sqlippool HowTo (http://wiki.freeradius.org/Rlm_sqlippool) - and it worked out fine for me so far. BUT only if I put root ~ # cat /usr/local/etc/raddb/users leo Pool-Name := main_pool, Cleartext-Password := password Here the Pool-Name is in the control items, where it should be Service-Type = Framed-User, Framed-Protocol = PPP, # Framed-IP-Address = 255.255.255.254, Framed-IP-Netmask = 255.255.255.255, Framed-Routing = Broadcast-Listen, Framed-Filter-Id = std.ppp, Framed-MTU = 1492, Framed-Compression = Van-Jacobsen-TCP-IP, root ~ # But if I put it like that: root ~ # cat /usr/local/etc/raddb/users leoCleartext-Password := password Pool-Name := main_pool, Here it's in the reply items, where it does nothing. Service-Type = Framed-User, Framed-Protocol = PPP, # Framed-IP-Address = 255.255.255.254, Framed-IP-Netmask = 255.255.255.255, Framed-Routing = Broadcast-Listen, Framed-Filter-Id = std.ppp, Framed-MTU = 1492, Framed-Compression = Van-Jacobsen-TCP-IP, root ~ # The user leo won't get IP Pool address anylonger ... ;/ But why?! Because I neeed something like a single attribute for writing it into my PostgreSQL DB over DialupAdmin ;/ because I actually won't use my raddb/users file any longer Put the attribute/op/value into the radcheck/radgroupcheck table; those tables are either: * Compared to the request, for comparison operators * Added to the control items, for set operators e.g. := What am I doing wrong? Thx Regards, Leander -- Ist Ihr Browser Vista-kompatibel? Jetzt die neuesten Browser-Versionen downloaden: http://www.gmx.net/de/go/browser - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_sqlippool
no ideas? Leander Schäfer wrote: Hi, I use FreeRADIUS 2.0.5 combined with PostgreSQL instead of using raddb/users file etc. . I tried to do the rlm_sqlippool HowTo (http://wiki.freeradius.org/Rlm_sqlippool) - and it worked out fine for me so far. BUT only if I put root ~ # cat /usr/local/etc/raddb/users leo Pool-Name := main_pool, Cleartext-Password := password Service-Type = Framed-User, Framed-Protocol = PPP, # Framed-IP-Address = 255.255.255.254, Framed-IP-Netmask = 255.255.255.255, Framed-Routing = Broadcast-Listen, Framed-Filter-Id = std.ppp, Framed-MTU = 1492, Framed-Compression = Van-Jacobsen-TCP-IP, root ~ # But if I put it like that: root ~ # cat /usr/local/etc/raddb/users leoCleartext-Password := password Pool-Name := main_pool, Service-Type = Framed-User, Framed-Protocol = PPP, # Framed-IP-Address = 255.255.255.254, Framed-IP-Netmask = 255.255.255.255, Framed-Routing = Broadcast-Listen, Framed-Filter-Id = std.ppp, Framed-MTU = 1492, Framed-Compression = Van-Jacobsen-TCP-IP, root ~ # The user leo won't get IP Pool address anylonger ... ;/ But why?! Because I neeed something like a single attribute for writing it into my PostgreSQL DB over DialupAdmin ;/ because I actually won't use my raddb/users file any longer What am I doing wrong? Thx Regards, Leander - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_sqlippool
Phil Mayers schrieb: On Thu, Jul 31, 2008 at 12:23:50AM +0200, Leander Schäfer wrote: Hi, I use FreeRADIUS 2.0.5 combined with PostgreSQL instead of using raddb/users file etc. . I tried to do the rlm_sqlippool HowTo (http://wiki.freeradius.org/Rlm_sqlippool) - and it worked out fine for me so far. BUT only if I put root ~ # cat /usr/local/etc/raddb/users leo Pool-Name := main_pool, Cleartext-Password := password Here the Pool-Name is in the control items, where it should be Service-Type = Framed-User, Framed-Protocol = PPP, # Framed-IP-Address = 255.255.255.254, Framed-IP-Netmask = 255.255.255.255, Framed-Routing = Broadcast-Listen, Framed-Filter-Id = std.ppp, Framed-MTU = 1492, Framed-Compression = Van-Jacobsen-TCP-IP, root ~ # But if I put it like that: root ~ # cat /usr/local/etc/raddb/users leoCleartext-Password := password Pool-Name := main_pool, Here it's in the reply items, where it does nothing. Service-Type = Framed-User, Framed-Protocol = PPP, # Framed-IP-Address = 255.255.255.254, Framed-IP-Netmask = 255.255.255.255, Framed-Routing = Broadcast-Listen, Framed-Filter-Id = std.ppp, Framed-MTU = 1492, Framed-Compression = Van-Jacobsen-TCP-IP, root ~ # The user leo won't get IP Pool address anylonger ... ;/ But why?! Because I neeed something like a single attribute for writing it into my PostgreSQL DB over DialupAdmin ;/ because I actually won't use my raddb/users file any longer Put the attribute/op/value into the radcheck/radgroupcheck table; those tables are either: * Compared to the request, for comparison operators * Added to the control items, for set operators e.g. := What am I doing wrong? Thx Regards, Leander -- Ist Ihr Browser Vista-kompatibel? Jetzt die neuesten Browser-Versionen downloaden: http://www.gmx.net/de/go/browser - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Thx - I'll give it a try and report my success ;) - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_sqlippool
Allright ... got it working ; ) !!! Neccesary PostreSQL querry is: INSERT INTO radgroupcheck (groupname, attribute, op, value) VALUES ('GoupXY', 'Pool-Name', ':=', 'main_pool'); Since we're working with SQL might it be good to mention that in the HowTo offered at freeradius.org ?! Regards, Leander Phil Mayers schrieb: On Thu, Jul 31, 2008 at 12:23:50AM +0200, Leander Schäfer wrote: Hi, I use FreeRADIUS 2.0.5 combined with PostgreSQL instead of using raddb/users file etc. . I tried to do the rlm_sqlippool HowTo (http://wiki.freeradius.org/Rlm_sqlippool) - and it worked out fine for me so far. BUT only if I put root ~ # cat /usr/local/etc/raddb/users leo Pool-Name := main_pool, Cleartext-Password := password Here the Pool-Name is in the control items, where it should be Service-Type = Framed-User, Framed-Protocol = PPP, # Framed-IP-Address = 255.255.255.254, Framed-IP-Netmask = 255.255.255.255, Framed-Routing = Broadcast-Listen, Framed-Filter-Id = std.ppp, Framed-MTU = 1492, Framed-Compression = Van-Jacobsen-TCP-IP, root ~ # But if I put it like that: root ~ # cat /usr/local/etc/raddb/users leoCleartext-Password := password Pool-Name := main_pool, Here it's in the reply items, where it does nothing. Service-Type = Framed-User, Framed-Protocol = PPP, # Framed-IP-Address = 255.255.255.254, Framed-IP-Netmask = 255.255.255.255, Framed-Routing = Broadcast-Listen, Framed-Filter-Id = std.ppp, Framed-MTU = 1492, Framed-Compression = Van-Jacobsen-TCP-IP, root ~ # The user leo won't get IP Pool address anylonger ... ;/ But why?! Because I neeed something like a single attribute for writing it into my PostgreSQL DB over DialupAdmin ;/ because I actually won't use my raddb/users file any longer Put the attribute/op/value into the radcheck/radgroupcheck table; those tables are either: * Compared to the request, for comparison operators * Added to the control items, for set operators e.g. := What am I doing wrong? Thx Regards, Leander -- Ist Ihr Browser Vista-kompatibel? Jetzt die neuesten Browser-Versionen downloaden: http://www.gmx.net/de/go/browser - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_sqlippool
Allright ... got it working ; ) !!! Neccesary PostreSQL querry is: INSERT INTO radgroupcheck (groupname, attribute, op, value) VALUES ('GoupXY', 'Pool-Name', ':=', 'main_pool'); Since we're working with SQL might it be good to mention that in the HowTo offered at freeradius.org ?! Regards, Leander Phil Mayers schrieb: On Thu, Jul 31, 2008 at 12:23:50AM +0200, Leander Schäfer wrote: Hi, I use FreeRADIUS 2.0.5 combined with PostgreSQL instead of using raddb/users file etc. . I tried to do the rlm_sqlippool HowTo (http://wiki.freeradius.org/Rlm_sqlippool) - and it worked out fine for me so far. BUT only if I put root ~ # cat /usr/local/etc/raddb/users leo Pool-Name := main_pool, Cleartext-Password := password Here the Pool-Name is in the control items, where it should be Service-Type = Framed-User, Framed-Protocol = PPP, # Framed-IP-Address = 255.255.255.254, Framed-IP-Netmask = 255.255.255.255, Framed-Routing = Broadcast-Listen, Framed-Filter-Id = std.ppp, Framed-MTU = 1492, Framed-Compression = Van-Jacobsen-TCP-IP, root ~ # But if I put it like that: root ~ # cat /usr/local/etc/raddb/users leoCleartext-Password := password Pool-Name := main_pool, Here it's in the reply items, where it does nothing. Service-Type = Framed-User, Framed-Protocol = PPP, # Framed-IP-Address = 255.255.255.254, Framed-IP-Netmask = 255.255.255.255, Framed-Routing = Broadcast-Listen, Framed-Filter-Id = std.ppp, Framed-MTU = 1492, Framed-Compression = Van-Jacobsen-TCP-IP, root ~ # The user leo won't get IP Pool address anylonger ... ;/ But why?! Because I neeed something like a single attribute for writing it into my PostgreSQL DB over DialupAdmin ;/ because I actually won't use my raddb/users file any longer Put the attribute/op/value into the radcheck/radgroupcheck table; those tables are either: * Compared to the request, for comparison operators * Added to the control items, for set operators e.g. := What am I doing wrong? Thx Regards, Leander -- Ist Ihr Browser Vista-kompatibel? Jetzt die neuesten Browser-Versionen downloaden: http://www.gmx.net/de/go/browser - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_sqlippool
Leander S. wrote: Since we're working with SQL might it be good to mention that in the HowTo offered at freeradius.org ?! The schema is already documented. The purpose of the Pool-Name attribute (and where it should go) is already documented. The documentation for your SQL server should tell you the syntax for INSERTs. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_sqlippool
2008/4/23 Ivan Kalik [EMAIL PROTECTED]: No idea. That check must have some purpose. Usual workaround for this is to rewrite (update in freeradius speak) NAS-Port attribute with the value of Calling-Station-Id (in unlang, perl, ...). That sorts out missing NAS-Port in the request. Yes, this was what I suggested in my first email, to update the request packets(Auth/Acct). This works well. There are way too many places where NAS-Port needs to be changed in the configuration, and you might need to alter code as well - hence ONLY change this if you know what you are doing!. As you suggested I sent a bug report based on my observations. http://bugs.freeradius.org/show_bug.cgi?id=548 Thanks a lot for your valuable comments/input. Ivan Kalik Kalik Informatika ISP Dana 23/4/2008, rsg [EMAIL PROTECTED] piše: raddb/sqlippool.conf ## Using Calling-Station-Id works for NAS that send fixed NAS-Port ## ONLY change this if you know what you are doing! ## pool-key = %{NAS-Port} pool-key = %{Calling-Station-Id} What I suggest is that we take the NAS that send fixed NAS-Port condition off from RLM_SQLIPPOOL module. Because, as I said before it is NOT a must to send the NAS-Port always (e.g. some GGSNs) What would be the consequences of taking it off? Thanks, On Tue, Apr 22, 2008 at 9:43 PM, rsg [EMAIL PROTECTED] wrote: On Tue, Apr 22, 2008 at 9:24 PM, Alan DeKok [EMAIL PROTECTED] wrote: rsg wrote: In my opinion it should be open to be decided between NAS-Port and Calling-Station-Id depending on the service. Which is why you can edit the queries in the SQL ippool module. If the non-SQL ippool module doesn't do what you want, fix it, and supply a patch. Alan DeKok. No I'm referring to the SQL ippool; The following entry gives the result what I've indicated in my first mail. From sqlippool.c : if (pairfind(request-packet-vps, PW_NAS_PORT) == NULL) { DEBUG(rlm_sqlippool: unknown NAS-Port); return RLM_MODULE_NOOP; } - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_sqlippool
I think that's the right way. If the configuration has settings to use either NAS-Port and Calling-Station-Id and the code doesn't support the second option ... Code needs fixing. Ivan Kalik Kalik Informatika ISP Dana 24/4/2008, rsg [EMAIL PROTECTED] piše: 2008/4/23 Ivan Kalik [EMAIL PROTECTED]: No idea. That check must have some purpose. Usual workaround for this is to rewrite (update in freeradius speak) NAS-Port attribute with the value of Calling-Station-Id (in unlang, perl, ...). That sorts out missing NAS-Port in the request. Yes, this was what I suggested in my first email, to update the request packets(Auth/Acct). This works well. There are way too many places where NAS-Port needs to be changed in the configuration, and you might need to alter code as well - hence ONLY change this if you know what you are doing!. As you suggested I sent a bug report based on my observations. http://bugs.freeradius.org/show_bug.cgi?id=548 Thanks a lot for your valuable comments/input. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_sqlippool
raddb/sqlippool.conf ## Using Calling-Station-Id works for NAS that send fixed NAS-Port ## ONLY change this if you know what you are doing! ## pool-key = %{NAS-Port} pool-key = %{Calling-Station-Id} What I suggest is that we take the NAS that send fixed NAS-Port condition off from RLM_SQLIPPOOL module. Because, as I said before it is NOT a must to send the NAS-Port always (e.g. some GGSNs) What would be the consequences of taking it off? Thanks, On Tue, Apr 22, 2008 at 9:43 PM, rsg [EMAIL PROTECTED] wrote: On Tue, Apr 22, 2008 at 9:24 PM, Alan DeKok [EMAIL PROTECTED] wrote: rsg wrote: In my opinion it should be open to be decided between NAS-Port and Calling-Station-Id depending on the service. Which is why you can edit the queries in the SQL ippool module. If the non-SQL ippool module doesn't do what you want, fix it, and supply a patch. Alan DeKok. No I'm referring to the SQL ippool; The following entry gives the result what I've indicated in my first mail. From sqlippool.c : if (pairfind(request-packet-vps, PW_NAS_PORT) == NULL) { DEBUG(rlm_sqlippool: unknown NAS-Port); return RLM_MODULE_NOOP; } - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_sqlippool
No idea. That check must have some purpose. Usual workaround for this is to rewrite (update in freeradius speak) NAS-Port attribute with the value of Calling-Station-Id (in unlang, perl, ...). That sorts out missing NAS-Port in the request. There are way too many places where NAS-Port needs to be changed in the configuration, and you might need to alter code as well - hence ONLY change this if you know what you are doing!. Ivan Kalik Kalik Informatika ISP Dana 23/4/2008, rsg [EMAIL PROTECTED] piše: raddb/sqlippool.conf ## Using Calling-Station-Id works for NAS that send fixed NAS-Port ## ONLY change this if you know what you are doing! ## pool-key = %{NAS-Port} pool-key = %{Calling-Station-Id} What I suggest is that we take the NAS that send fixed NAS-Port condition off from RLM_SQLIPPOOL module. Because, as I said before it is NOT a must to send the NAS-Port always (e.g. some GGSNs) What would be the consequences of taking it off? Thanks, On Tue, Apr 22, 2008 at 9:43 PM, rsg [EMAIL PROTECTED] wrote: On Tue, Apr 22, 2008 at 9:24 PM, Alan DeKok [EMAIL PROTECTED] wrote: rsg wrote: In my opinion it should be open to be decided between NAS-Port and Calling-Station-Id depending on the service. Which is why you can edit the queries in the SQL ippool module. If the non-SQL ippool module doesn't do what you want, fix it, and supply a patch. Alan DeKok. No I'm referring to the SQL ippool; The following entry gives the result what I've indicated in my first mail. From sqlippool.c : if (pairfind(request-packet-vps, PW_NAS_PORT) == NULL) { DEBUG(rlm_sqlippool: unknown NAS-Port); return RLM_MODULE_NOOP; } - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_sqlippool
Have a look at acct_unique in radiusd.conf and adjust accordingly. Ivan Kalik Kalik Informatika ISP Dana 22/4/2008, rsg [EMAIL PROTECTED] piše: When there's no NAS-Port in rad_request... the server doesn't assign an IP address; That's why in my opinion there's no Framed-IP-Address in Access-Accept message. If my reasoning is correct, I'd like to highlight that NAS-Port is not a mandatory attribute when it comes to Mobile telephony environment. Is there any workaround once again to bypass this. I can suggest one..i.e to update the Access-Request using unlang and hope it would work. auth: type Local auth: user supplied User-Password matches local User-Password Login OK: [test/test] (from client SSS port 0 cli 488) +- entering group post-auth rlm_sqlippool: unknown NAS-Port ++[sqlippool] returns noop } # server example Sending Access-Accept of id 56 to 192.168.1.4 port 1812 Primary-DNS-Server = 192.168.2.2 Secondary-DNS-Server = 192.168.2.2 Proxy-State = 0x30303338 Finished request 0. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_sqlippool
Doesn't acct_unique come after ? When the server sees a Access-request without NAS-Port, it simply gives the result I indicated in my previous mail. Then comes a problem of clearing the IP address when Accounting-Stop message is received.. I tried changing acct_unique by replacing NAS-Port by Calling-Station-Id without any success. 2008/4/22 Ivan Kalik [EMAIL PROTECTED]: Have a look at acct_unique in radiusd.conf and adjust accordingly. Ivan Kalik Kalik Informatika ISP Dana 22/4/2008, rsg [EMAIL PROTECTED] piše: When there's no NAS-Port in rad_request... the server doesn't assign an IP address; That's why in my opinion there's no Framed-IP-Address in Access-Accept message. If my reasoning is correct, I'd like to highlight that NAS-Port is not a mandatory attribute when it comes to Mobile telephony environment. Is there any workaround once again to bypass this. I can suggest one..i.e to update the Access-Request using unlang and hope it would work. auth: type Local auth: user supplied User-Password matches local User-Password Login OK: [test/test] (from client SSS port 0 cli 488) +- entering group post-auth rlm_sqlippool: unknown NAS-Port ++[sqlippool] returns noop } # server example Sending Access-Accept of id 56 to 192.168.1.4 port 1812 Primary-DNS-Server = 192.168.2.2 Secondary-DNS-Server = 192.168.2.2 Proxy-State = 0x30303338 Finished request 0. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_sqlippool
rsg wrote: If my reasoning is correct, I'd like to highlight that NAS-Port is not a mandatory attribute when it comes to Mobile telephony environment. It's currently a mandatory attribute for the IP pool module. Is there any workaround once again to bypass this. I can suggest one..i.e to update the Access-Request using unlang and hope it would work. Don't. The issue is that you need a unique key to assign IP's. The SQL ippool module can use any key you want. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_sqlippool
From sqlippool.c : if (pairfind(request-packet-vps, PW_NAS_PORT) == NULL) { DEBUG(rlm_sqlippool: unknown NAS-Port); return RLM_MODULE_NOOP; } 2008/4/22 rsg [EMAIL PROTECTED]: Doesn't acct_unique come after ? When the server sees a Access-request without NAS-Port, it simply gives the result I indicated in my previous mail. Then comes a problem of clearing the IP address when Accounting-Stop message is received.. I tried changing acct_unique by replacing NAS-Port by Calling-Station-Id without any success. 2008/4/22 Ivan Kalik [EMAIL PROTECTED]: Have a look at acct_unique in radiusd.conf and adjust accordingly. Ivan Kalik Kalik Informatika ISP Dana 22/4/2008, rsg [EMAIL PROTECTED] piše: When there's no NAS-Port in rad_request... the server doesn't assign an IP address; That's why in my opinion there's no Framed-IP-Address in Access-Accept message. If my reasoning is correct, I'd like to highlight that NAS-Port is not a mandatory attribute when it comes to Mobile telephony environment. Is there any workaround once again to bypass this. I can suggest one..i.e to update the Access-Request using unlang and hope it would work. auth: type Local auth: user supplied User-Password matches local User-Password Login OK: [test/test] (from client SSS port 0 cli 488) +- entering group post-auth rlm_sqlippool: unknown NAS-Port ++[sqlippool] returns noop } # server example Sending Access-Accept of id 56 to 192.168.1.4 port 1812 Primary-DNS-Server = 192.168.2.2 Secondary-DNS-Server = 192.168.2.2 Proxy-State = 0x30303338 Finished request 0. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_sqlippool
Both Accept-Request Accounting-Request packets were updated with a bogus NAS-Port. Would like to know a better way of doing this. Ivan could you elaborate the method you proposed please? Thanks, 2008/4/22 rsg [EMAIL PROTECTED]: From sqlippool.c : if (pairfind(request-packet-vps, PW_NAS_PORT) == NULL) { DEBUG(rlm_sqlippool: unknown NAS-Port); return RLM_MODULE_NOOP; } 2008/4/22 rsg [EMAIL PROTECTED]: Doesn't acct_unique come after ? When the server sees a Access-request without NAS-Port, it simply gives the result I indicated in my previous mail. Then comes a problem of clearing the IP address when Accounting-Stop message is received.. I tried changing acct_unique by replacing NAS-Port by Calling-Station-Id without any success. 2008/4/22 Ivan Kalik [EMAIL PROTECTED]: Have a look at acct_unique in radiusd.conf and adjust accordingly. Ivan Kalik Kalik Informatika ISP Dana 22/4/2008, rsg [EMAIL PROTECTED] piše: When there's no NAS-Port in rad_request... the server doesn't assign an IP address; That's why in my opinion there's no Framed-IP-Address in Access-Accept message. If my reasoning is correct, I'd like to highlight that NAS-Port is not a mandatory attribute when it comes to Mobile telephony environment. Is there any workaround once again to bypass this. I can suggest one..i.e to update the Access-Request using unlang and hope it would work. auth: type Local auth: user supplied User-Password matches local User-Password Login OK: [test/test] (from client SSS port 0 cli 488) +- entering group post-auth rlm_sqlippool: unknown NAS-Port ++[sqlippool] returns noop } # server example Sending Access-Accept of id 56 to 192.168.1.4 port 1812 Primary-DNS-Server = 192.168.2.2 Secondary-DNS-Server = 192.168.2.2 Proxy-State = 0x30303338 Finished request 0. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_sqlippool
Many thanks for the response. It's mandatory for the ippool module, but sqlippool comes with an alternative pool-key which is the Calling-Station-Id. In reality NAS-Port is NOT supported by all the GGSNs. In my opinion it should be open to be decided between NAS-Port and Calling-Station-Id depending on the service. On Tue, Apr 22, 2008 at 4:22 PM, Alan DeKok [EMAIL PROTECTED] wrote: rsg wrote: If my reasoning is correct, I'd like to highlight that NAS-Port is not a mandatory attribute when it comes to Mobile telephony environment. It's currently a mandatory attribute for the IP pool module. Is there any workaround once again to bypass this. I can suggest one..i.e to update the Access-Request using unlang and hope it would work. Don't. The issue is that you need a unique key to assign IP's. The SQL ippool module can use any key you want. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_sqlippool
Sort of what you have done. Update NAS-Port with value of Calling-Station-Id for example. Anything that will make acct_unique unique in your scenario. Ivan Kalik Kalik Informatika ISP Dana 22/4/2008, rsg [EMAIL PROTECTED] piše: Both Accept-Request Accounting-Request packets were updated with a bogus NAS-Port. Would like to know a better way of doing this. Ivan could you elaborate the method you proposed please? Thanks, 2008/4/22 rsg [EMAIL PROTECTED]: From sqlippool.c : if (pairfind(request-packet-vps, PW_NAS_PORT) == NULL) { DEBUG(rlm_sqlippool: unknown NAS-Port); return RLM_MODULE_NOOP; } 2008/4/22 rsg [EMAIL PROTECTED]: Doesn't acct_unique come after ? When the server sees a Access-request without NAS-Port, it simply gives the result I indicated in my previous mail. Then comes a problem of clearing the IP address when Accounting-Stop message is received.. I tried changing acct_unique by replacing NAS-Port by Calling-Station-Id without any success. 2008/4/22 Ivan Kalik [EMAIL PROTECTED]: Have a look at acct_unique in radiusd.conf and adjust accordingly. Ivan Kalik Kalik Informatika ISP Dana 22/4/2008, rsg [EMAIL PROTECTED] piše: When there's no NAS-Port in rad_request... the server doesn't assign an IP address; That's why in my opinion there's no Framed-IP-Address in Access-Accept message. If my reasoning is correct, I'd like to highlight that NAS-Port is not a mandatory attribute when it comes to Mobile telephony environment. Is there any workaround once again to bypass this. I can suggest one..i.e to update the Access-Request using unlang and hope it would work. auth: type Local auth: user supplied User-Password matches local User-Password Login OK: [test/test] (from client SSS port 0 cli 488) +- entering group post-auth rlm_sqlippool: unknown NAS-Port ++[sqlippool] returns noop } # server example Sending Access-Accept of id 56 to 192.168.1.4 port 1812 Primary-DNS-Server = 192.168.2.2 Secondary-DNS-Server = 192.168.2.2 Proxy-State = 0x30303338 Finished request 0. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_sqlippool
Don't. The issue is that you need a unique key to assign IP's. The SQL ippool module can use any key you want. Alan DeKok. Then why does it gives, +- entering group post-auth rlm_sqlippool: unknown NAS-Port ++[sqlippool] returns noop --- when NAS-Port is not found? I've set the Calling-Station-Id as the pool-key. Hope my point is clear here. Thanks, - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_sqlippool
rsg wrote: In my opinion it should be open to be decided between NAS-Port and Calling-Station-Id depending on the service. Which is why you can edit the queries in the SQL ippool module. If the non-SQL ippool module doesn't do what you want, fix it, and supply a patch. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_sqlippool
On Tue, Apr 22, 2008 at 9:24 PM, Alan DeKok [EMAIL PROTECTED] wrote: rsg wrote: In my opinion it should be open to be decided between NAS-Port and Calling-Station-Id depending on the service. Which is why you can edit the queries in the SQL ippool module. If the non-SQL ippool module doesn't do what you want, fix it, and supply a patch. Alan DeKok. No I'm referring to the SQL ippool; The following entry gives the result what I've indicated in my first mail. From sqlippool.c : if (pairfind(request-packet-vps, PW_NAS_PORT) == NULL) { DEBUG(rlm_sqlippool: unknown NAS-Port); return RLM_MODULE_NOOP; } - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_sqlippool in freeradius 1.1.6
On Tue 08 May 2007, Hugh Messenger wrote: I said: Is the rlm_sqlippool in 1.1.6 known to work with MySQL 5? Actually, I'm fairly sure it's not even getting as far as talking to the db. No matter what I try, it just tells me 'missing pool_name'. Turns out I borked something else in the users file which was breaking the Pool-Name statement in sqlippool mode. The next problem was getting the sqlippool queries to work. After more head / desk pounding, just after I finally got them working, I found this post with pretty much the same changes for MySQL in it: http://www.mail-archive.com/freeradius-users@lists.freeradius.org/msg30520 .html So ... I'm now happily autenticating against my Windows AD (using PAM and winbind), assigning PPPOE rate limit information via per user radreply table entries, assigning IP's from sqlippools based on 'Called-Station-ID', and accounting in the database. I am now officially a Happy Camper. Excellent! -- Peter Nixon http://www.peternixon.net/ PGP Key: http://www.peternixon.net/public.asc - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_sqlippool in freeradius 1.1.6
I said: Is the rlm_sqlippool in 1.1.6 known to work with MySQL 5? Actually, I'm fairly sure it's not even getting as far as talking to the db. No matter what I try, it just tells me 'missing pool_name'. Turns out I borked something else in the users file which was breaking the Pool-Name statement in sqlippool mode. The next problem was getting the sqlippool queries to work. After more head / desk pounding, just after I finally got them working, I found this post with pretty much the same changes for MySQL in it: http://www.mail-archive.com/freeradius-users@lists.freeradius.org/msg30520.html So ... I'm now happily autenticating against my Windows AD (using PAM and winbind), assigning PPPOE rate limit information via per user radreply table entries, assigning IP's from sqlippools based on 'Called-Station-ID', and accounting in the database. I am now officially a Happy Camper. Thanks to everyone who has answered my questions over the last week or so. -- hugh - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_sqlippool load failure
On Thu 19 Oct 2006 09:14, Francisco Gimeno wrote: Hello! This is my first post in the list, so please excuse any eventual problem I could cause. I'm running a FreeRadius 1.1.3 server with the Debian patches and a little patch I made to correct the NAS-Port known behaviour for fixed NAS-Port. You shouldn't need any patches for that. sqlippool handles fixed ports. Check the config file. I would like to test the rlm_sqlippool module, but I can't get it work. I finally got it compiled using this settings: -snip- I do the Auth with LDAP, and I have enabled in accounting and post-auth sections the sqlippool module. As I don't see the way to configure the sql settings, I finally added the postgresql.conf provided file with my customized settings (db, dbuser, dbpasword, dbhost, and so... ). I wouldn't like to enable it, but I don't find any other way to configure those settings. Thats correct. -snip- rlm_sql (sql): Attempting to connect rlm_sql_postgresql #3 rlm_sql (sql): Connected new DB handle, #3 rlm_sql (sql): starting 4 rlm_sql (sql): Attempting to connect rlm_sql_postgresql #4 rlm_sql (sql): Connected new DB handle, #4 Module: Instantiated sql (sql) freeradius: relocation error: /usr/lib/freeradius/rlm_sqlippool-1.1.3.so: undefined symbol: sql_get_socket The strange thing is that the sql module seems initialized, but sqlippool doesn't load. I looked the sql_get_socket function over the code, and I found it in the sql.c file in the rlm_sql module. Furthermore, I see that function being compiled and linked in the rlm_sql.so file as it's shown here: - [08:11:33] [EMAIL PROTECTED]:/home/fgd/src/freeradius-1.1.3/src/modules/rlm_sql/.libs# nm rlm_sql.so | grep sql_get_socket 47f0 T sql_get_socket - I don't know how to force it to be loaded... any hint? I have not seen this error before. Alan? Any ideas? Cheers -- Peter Nixon http://www.peternixon.net/ PGP Key: http://www.peternixon.net/public.asc pgpfQxbOIhvJZ.pgp Description: PGP signature - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_sqlippool load failure
2006/10/19, Peter Nixon [EMAIL PROTECTED]: This is my first post in the list, so please excuse any eventual problem I could cause. I'm running a FreeRadius 1.1.3 server with the Debian patches and a little patch I made to correct the NAS-Port known behaviour for fixed NAS-Port. You shouldn't need any patches for that. sqlippool handles fixed ports. Checkthe config file.The failure is not on the tiny patch. rlm_sql (sql): Attempting to connect rlm_sql_postgresql #3 rlm_sql (sql): Connected new DB handle, #3 rlm_sql (sql): starting 4 rlm_sql (sql): Attempting to connect rlm_sql_postgresql #4 rlm_sql (sql): Connected new DB handle, #4 Module: Instantiated sql (sql) freeradius: relocation error: /usr/lib/freeradius/rlm_sqlippool-1.1.3.so: undefined symbol: sql_get_socket The strange thing is that the sql module seems initialized, but sqlippool doesn't load. I looked the sql_get_socket function over the code, and I found it in the sql.c file in the rlm_sql module. Furthermore, I see that function being compiled and linked in the rlm_sql.so file as it's shown here: - [08:11:33] [EMAIL PROTECTED]:/home/fgd/src/freeradius-1.1.3/src/modules/rlm_sql/.libs# nm rlm_sql.so | grep sql_get_socket 47f0 T sql_get_socket - I don't know how to force it to be loaded... any hint?I have not seen this error before. Alan? Any ideas?I have tested with the CVS HEAD version, still the same problem here. rlm_sql (sql): Attempting to connect rlm_sql_postgresql #4rlm_sql (sql): Connected new DB handle, #4Module: Instantiated sql (sql)freeradius: relocation error: /usr/lib/freeradius/rlm_sqlippool- 2.0.0-pre0.so: undefined symbol: sql_get_socketummm.. I don't have any idea how to solve it...I'm thinking about #including sql.c in the rlm_sqlippool.Thanks for your fast response, Peter, - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_sqlippool load failure
Francisco Gimeno [EMAIL PROTECTED] wrote: freeradius: relocation error: /usr/lib/freeradius/rlm_sqlippool-1.1.3.so: undefined symbol: sql_get_socket It looks like the linker on your system isn't resolving symbols globally. Since the same problem appears with the CVS head, it looks like it's a system issue, and not FreeRADIUS. From what I recall of Debian, they have RTLD_GLOBAL turned off by default, so this behavior is expected. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: rlm_sqlippool
Hi Peter, Well the databse is configured, and I made some tests and it's working. But what I need to know is what changes should I do in the radiusd.conf file and especially in the users file, to oblige the users to use the authentication from the database not locally. Secondly, what is the entry that declares the ip pool in the database? Is it framed-pool? Thanks Peter. Elie -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Peter Nixon Sent: Monday, August 28, 2006 4:53 PM To: FreeRadius users mailing list Subject: Re: rlm_sqlippool Hi Elie My instructions assume that you already know how to setup rlm_sql. If you do not, you first need to read doc/rlm_sql Alternatively you can read the wiki: http://wiki.freeradius.org/index.php/Rlm_sql Regards Peter On Mon 28 Aug 2006 18:04, Elie Hani wrote: Hi; I was reading this email, and I've followed the steps. I have created the postgresql database, but what should I do to make the radius get the authentication from the postgresql database? And where should I add the configuration if I want to declare the username and the password in the database, and what changes should I do in the radiusd.conf and the users file? Thanks -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Peter Nixon Sent: Sunday, August 27, 2006 5:05 PM To: Chris Knipe; FreeRadius users mailing list Subject: Re: rlm_sqlippool On Sat 26 Aug 2006 23:09, Chris Knipe wrote: Hi, I know this is new, and not yet documented, but I saw some good posts about it being stable, so I'm looking at implementing it at the moment... But alas, I'm confused and the lack of documentation is not helping. doc/rlm_sqlippool states: The only required fields are, pool_name and ip_address. A pool consists of one or more rows in the table with the same pool_name and a different ip_address. The is no restriction on which ip addresses/ranges may be in the same pool, and addresses do not need to be concurrent. Yet, raddb/sqlippool.conf, makes absolutely NO sense to me at the moment at all, and there is WAY more than merely a pool name and a IP address referenced in the queries... I understand that there is some unique elements required in the table to indicate that a IP is allocated, and to know where the IP is allocated (and obviously to release that IP once the session terminates). it is really not that complex :-) As the docs state put one or more records in the tabe with a pool_name and ip_address and then use the pool_name the same way you do with the standard ippool module. Thats it. Can someone perhaps please just take a moment to explain what exactly is going on in those queries?? I'm not referring to the SQL as such, but rather as to what is updated, and why. A table structure accompanying those queries in sqlippool.conf may help significantly as well, as I'm guessing at the moment what needs to go where :( The table structure is in the same file as all the rest of the database schema at doc/examples/postgresql.sql For reference it is: CREATE TABLE radippool ( id BIGSERIAL PRIMARY KEY, pool_name text NOT NULL, FramedIPAddress INET, NASIPAddresstext NOT NULL, CalledStationId VARCHAR(64), CallingStationIdtext DEFAULT ''::text NOT NULL, expiry_time TIMESTAMP(0) without time zone NOT NULL, usernametext DEFAULT ''::text, pool_keyVARCHAR(30) NOT NULL ); I have only tested this with Postgresql, although I will probably be testing on Oracle at some point. If you want to test it on some other database you are welcome. Please report the results :-) Regards -- Peter Nixon http://www.peternixon.net/ PGP Key: http://www.peternixon.net/public.asc - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: rlm_sqlippool
Hi; I was reading this email, and I've followed the steps. I have created the postgresql database, but what should I do to make the radius get the authentication from the postgresql database? And where should I add the configuration if I want to declare the username and the password in the database, and what changes should I do in the radiusd.conf and the users file? Thanks -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Peter Nixon Sent: Sunday, August 27, 2006 5:05 PM To: Chris Knipe; FreeRadius users mailing list Subject: Re: rlm_sqlippool On Sat 26 Aug 2006 23:09, Chris Knipe wrote: Hi, I know this is new, and not yet documented, but I saw some good posts about it being stable, so I'm looking at implementing it at the moment... But alas, I'm confused and the lack of documentation is not helping. doc/rlm_sqlippool states: The only required fields are, pool_name and ip_address. A pool consists of one or more rows in the table with the same pool_name and a different ip_address. The is no restriction on which ip addresses/ranges may be in the same pool, and addresses do not need to be concurrent. Yet, raddb/sqlippool.conf, makes absolutely NO sense to me at the moment at all, and there is WAY more than merely a pool name and a IP address referenced in the queries... I understand that there is some unique elements required in the table to indicate that a IP is allocated, and to know where the IP is allocated (and obviously to release that IP once the session terminates). it is really not that complex :-) As the docs state put one or more records in the tabe with a pool_name and ip_address and then use the pool_name the same way you do with the standard ippool module. Thats it. Can someone perhaps please just take a moment to explain what exactly is going on in those queries?? I'm not referring to the SQL as such, but rather as to what is updated, and why. A table structure accompanying those queries in sqlippool.conf may help significantly as well, as I'm guessing at the moment what needs to go where :( The table structure is in the same file as all the rest of the database schema at doc/examples/postgresql.sql For reference it is: CREATE TABLE radippool ( id BIGSERIAL PRIMARY KEY, pool_name text NOT NULL, FramedIPAddress INET, NASIPAddresstext NOT NULL, CalledStationId VARCHAR(64), CallingStationIdtext DEFAULT ''::text NOT NULL, expiry_time TIMESTAMP(0) without time zone NOT NULL, usernametext DEFAULT ''::text, pool_keyVARCHAR(30) NOT NULL ); I have only tested this with Postgresql, although I will probably be testing on Oracle at some point. If you want to test it on some other database you are welcome. Please report the results :-) Regards -- Peter Nixon http://www.peternixon.net/ PGP Key: http://www.peternixon.net/public.asc - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_sqlippool
Hi Elie My instructions assume that you already know how to setup rlm_sql. If you do not, you first need to read doc/rlm_sql Alternatively you can read the wiki: http://wiki.freeradius.org/index.php/Rlm_sql Regards Peter On Mon 28 Aug 2006 18:04, Elie Hani wrote: Hi; I was reading this email, and I've followed the steps. I have created the postgresql database, but what should I do to make the radius get the authentication from the postgresql database? And where should I add the configuration if I want to declare the username and the password in the database, and what changes should I do in the radiusd.conf and the users file? Thanks -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Peter Nixon Sent: Sunday, August 27, 2006 5:05 PM To: Chris Knipe; FreeRadius users mailing list Subject: Re: rlm_sqlippool On Sat 26 Aug 2006 23:09, Chris Knipe wrote: Hi, I know this is new, and not yet documented, but I saw some good posts about it being stable, so I'm looking at implementing it at the moment... But alas, I'm confused and the lack of documentation is not helping. doc/rlm_sqlippool states: The only required fields are, pool_name and ip_address. A pool consists of one or more rows in the table with the same pool_name and a different ip_address. The is no restriction on which ip addresses/ranges may be in the same pool, and addresses do not need to be concurrent. Yet, raddb/sqlippool.conf, makes absolutely NO sense to me at the moment at all, and there is WAY more than merely a pool name and a IP address referenced in the queries... I understand that there is some unique elements required in the table to indicate that a IP is allocated, and to know where the IP is allocated (and obviously to release that IP once the session terminates). it is really not that complex :-) As the docs state put one or more records in the tabe with a pool_name and ip_address and then use the pool_name the same way you do with the standard ippool module. Thats it. Can someone perhaps please just take a moment to explain what exactly is going on in those queries?? I'm not referring to the SQL as such, but rather as to what is updated, and why. A table structure accompanying those queries in sqlippool.conf may help significantly as well, as I'm guessing at the moment what needs to go where :( The table structure is in the same file as all the rest of the database schema at doc/examples/postgresql.sql For reference it is: CREATE TABLE radippool ( id BIGSERIAL PRIMARY KEY, pool_name text NOT NULL, FramedIPAddress INET, NASIPAddresstext NOT NULL, CalledStationId VARCHAR(64), CallingStationIdtext DEFAULT ''::text NOT NULL, expiry_time TIMESTAMP(0) without time zone NOT NULL, usernametext DEFAULT ''::text, pool_keyVARCHAR(30) NOT NULL ); I have only tested this with Postgresql, although I will probably be testing on Oracle at some point. If you want to test it on some other database you are welcome. Please report the results :-) Regards -- Peter Nixon http://www.peternixon.net/ PGP Key: http://www.peternixon.net/public.asc pgpNuM29n6kbA.pgp Description: PGP signature - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_sqlippool
It is ONLY tested on Postgresql 8.1.x (On 32bit and 64bit SUSE Linux) although I expect it should work fine on any 8.X version of postgresql and probably earlier versions as well. If you want to run it on a different database, the driver itself should support it, but you will need to modify the schema and the queries. If you get it working please let us know (And send us your schema and queries) See below. It can more than likely do with more indexes though. I'm at this stage obviously only experimenting... I'm still checking, but I'm *baffled* as to why the rlm_sqlippool won't reconnect to the database then! As you said, it uses the SQL driver, whether it's PostGRE, mySQL, MSSQL, Oracle, surely, the reconnections are handled in the sql driver itself and not the module... Alan, anything I can look at perhaps??? My structures below should be quick and easy to understand. I'm sure there's mistakes in it as well (which I hope will be pointed out to me), and I hope other SQL servers will support INET_ATON() and INET_NTOA. Perhaps add these as variables in FreeRadius (Alan?). Considering pools are moving to SQL as well now - which is VERY good IMHO, I think it's a major waiste of space to allocate a VARCHAR(16) (at the minimum) to hold a IP Address in a database, when we can do it as a integer... Cheers Chris CREATE TABLE `IPPools` ( `EntryID` bigint(21) NOT NULL auto_increment, `GroupName` varchar(64) NOT NULL, `IPAddress` int(5) unsigned NOT NULL, `NASIPAddress` int(5) unsigned NOT NULL, `CallingStationID` varchar(50) default NULL, `PoolKey` char(33) NOT NULL, `ExpireTime` datetime default NULL, PRIMARY KEY (`EntryID`) ) ENGINE=MyISAM DEFAULT CHARSET=latin1; # This series of queries allocates an IP address allocate-clear = UPDATE GroupIPPools SET NASIPAddress = '0', PoolKey = MD5('0'), CallingStationID = NULL, ExpireTime = NOW() - INTERVAL 1 SECOND WHERE PoolKey = MD5(CONCAT('%{NAS-IP-Address}', '%{Calling-Station-Id}')) allocate-find = SELECT INET_NTOA(IPAddress) FROM GroupIPPools WHERE GroupID = '%{check:Pool-Name}' AND ExpireTime NOW() ORDER BY GroupID, (CallingStationID '%{Calling-Station-Id}'), ExpireTime, RAND() LIMIT 1 FOR UPDATE allocate-update = UPDATE GroupIPPools SET NASIPAddress = INET_ATON('%{NAS-IP-Address}'), PoolKey = MD5(CONCAT('%{NAS-IP-Address}', '%{Calling-Station-Id}')), CallingStationID = '%{Calling-Station-Id}', ExpireTime = NOW() + INTERVAL ${lease-duration} SECOND WHERE IPAddress = INET_ATON('%I') # This series of queries frees an IP number when an accounting START record arrives start-update = UPDATE GroupIPPools SET ExpireTime = NOW() + INTERVAL %J SECOND WHERE NASIPAddress = INET_ATON('%n') AND IPAddress = INET_ATON('%{Framed-IP-Address}') # This series of queries frees an IP number when an accounting STOP record arrives stop-clear = UPDATE GroupIPPools SET NASIPAddress = '0', PoolKey = MD5('0'), CallingStationID = NULL, ExpireTime = NOW() - INTERVAL 1 SECOND WHERE NASIPAddress = INET_ATON('%{Nas-IP-Address}') AND PoolKey = MD5(CONCAT('%{NAS-IP-Address}', '${pool-key}')) AND CallingStationID = '%{Calling-Station-Id}' AND IPAddress = INET_ATON('%{Framed-IP-Address}') # This series of queries frees an IP number when an accounting ALIVE record arrives alive-update = UPDATE GroupIPPools SET ExpireTime = NOW() + INTERVAL ${lease-duration} SECOND WHERE NASIPAddress = INET_ATON('%{Nas-IP-Address}') AND PoolKey = MD5(CONCAT('%{NAS-IP-Address}', '%{Calling-Station-Id}')) AND CallingStationID = '%{Calling-Station-Id}' AND IPAddress = INET_ATON('%{Framed-IP-Address}') # This series of queries frees the IP numbers allocate to a NAS when an accounting ON record arrives on-clear = UPDATE GroupIPPools SET NASIPaddress = '0', PoolKey = MD5('0'), CallingStationID = NULL, ExpireTime = NOW() - INTERVAL 1 SECOND WHERE NASIPaddress = INET_ATON('%{Nas-IP-Address}') AND
Re: rlm_sqlippool
On Sun 27 Aug 2006 18:56, Chris Knipe wrote: It is ONLY tested on Postgresql 8.1.x (On 32bit and 64bit SUSE Linux) although I expect it should work fine on any 8.X version of postgresql and probably earlier versions as well. If you want to run it on a different database, the driver itself should support it, but you will need to modify the schema and the queries. If you get it working please let us know (And send us your schema and queries) See below. It can more than likely do with more indexes though. I'm at this stage obviously only experimenting... I'm still checking, but I'm *baffled* as to why the rlm_sqlippool won't reconnect to the database then! As you said, it uses the SQL driver, whether it's PostGRE, mySQL, MSSQL, Oracle, surely, the reconnections are handled in the sql driver itself and not the module... Alan, anything I can look at perhaps??? I am not sure of the status of that. Reconnect may not be working at present. We manage our database fairly carefully on a dedicated system so it _never_ goes down :-) My structures below should be quick and easy to understand. I'm sure there's mistakes in it as well (which I hope will be pointed out to me), and I hope other SQL servers will support INET_ATON() and INET_NTOA. Perhaps add these as variables in FreeRadius (Alan?). Considering pools are moving to SQL as well now - which is VERY good IMHO, I think it's a major waiste of space to allocate a VARCHAR(16) (at the minimum) to hold a IP Address in a database, when we can do it as a integer... Actually, they ip_address file should be of type INET. I will make the change this week after testing it. -- Peter Nixon http://www.peternixon.net/ PGP Key: http://www.peternixon.net/public.asc pgpRjY21qSldz.pgp Description: PGP signature - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_sqlippool
See below. It can more than likely do with more indexes though. I'm at this stage obviously only experimenting... I'm still checking, but I'm *baffled* as to why the rlm_sqlippool won't reconnect to the database then! As you said, it uses the SQL driver, whether it's PostGRE, mySQL, MSSQL, Oracle, surely, the reconnections are handled in the sql driver itself and not the module... Alan, anything I can look at perhaps??? I am not sure of the status of that. Reconnect may not be working at present. We manage our database fairly carefully on a dedicated system so it _never_ goes down :-) This, is weird. I'll have to dig and test here. I had a error in one of my queries (only saw it now after I posted my queries in the email). It *seems* that if the DB Handle is down and it tries to execute a incorrect query when reconnecting, the driver stalls. I fixed my error in my query, and am running at 12,800 successfull authentications using rlm_sqlippool, without a single problem. The main thing with my test rig is that it's not busy. Part of managing a database is killing idle connections :-) That's why radius needs to reconnect the whole time... I'm not sure now whether the above should be seen as a possible bug in rlm_sql, or in rlm_sqlippool, or whether it should be seen as a bug at all. IMHO however, the handles should reconnect and the radius server should not 'stall' as such nevermind what happens. It creates a major backlog of queries and no other requests can be processed untill the timeout occured (not tested in a threaded environment). So far, it shows that IP addresses are also allocated correctly, as as it is supposed to by the queries, and specifically, the WHERE clauses So it seems all is well. Provided enough attention is given and you have your thinking cap on, I'm pretty much happy to say that this works with mySQL as well then... +---++ | CallingStationID | INET_NTOA(FramedIPAddress) | +---++ | 00:01:4A:5E:86:80 | 198.19.240.2 | | 00:0F:EA:61:0F:B3 | 198.19.240.1 | +---++ 2 rows in set (0.01 sec) My structures below should be quick and easy to understand. I'm sure there's mistakes in it as well (which I hope will be pointed out to me), and I hope other SQL servers will support INET_ATON() and INET_NTOA. Perhaps add these as variables in FreeRadius (Alan?). Considering pools are moving to SQL as well now - which is VERY good IMHO, I think it's a major waiste of space to allocate a VARCHAR(16) (at the minimum) to hold a IP Address in a database, when we can do it as a integer... Actually, they ip_address file should be of type INET. I will make the change this week after testing it. Is that supported on all database platforms though? As a 'default' configuration shipping with the FreeRadius distribution, I just feel that whatever is created / decided should be made generic enough so that it will work 'out of the box' so to speak.. Regards, Chris. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_sqlippool
Chris Knipe [EMAIL PROTECTED] wrote: I know this is new, and not yet documented, but I saw some good posts about it being stable, so I'm looking at implementing it at the moment... But alas, I'm confused and the lack of documentation is not helping. Well, yes. I've spent 5 minutes looking at it, and got the basic idea of SQL and IP pools. :) Can someone perhaps please just take a moment to explain what exactly is going on in those queries?? I'm not referring to the SQL as such, but rather as to what is updated, and why. A table structure accompanying those queries in sqlippool.conf may help significantly as well, as I'm guessing at the moment what needs to go where :( The general idea is to... grab IP's from a pool, based on a unique key. If an allocated IP for that key doesn't exist, then a free IP is taken, and the key written to the table. As for additional elements in the queries, the schema was changed from the original one, so the queries might be old. But you're right, it really needs a flow diagram, with explanations of what happens when. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_sqlippool
Can someone perhaps please just take a moment to explain what exactly is going on in those queries?? I'm not referring to the SQL as such, but rather as to what is updated, and why. A table structure accompanying those queries in sqlippool.conf may help significantly as well, as I'm guessing at the moment what needs to go where :( The general idea is to... grab IP's from a pool, based on a unique key. If an allocated IP for that key doesn't exist, then a free IP is taken, and the key written to the table. Fair enough, and yes, that bit I figured out as well Quick debug output however: Value Of the Pool-Name is [MYPOOL] and its [6] Chars rlm_sql (sql): Reserving sql socket id: 10 radius_xlat: 'BEGIN' rlm_sql_mysql: MYSQL check_error: 2006, returning SQL_DOWN rlm_sql (sql): Attempting to connect rlm_sql_mysql #10 rlm_sql_mysql: Starting connect to MySQL server for #10 rlm_sql (sql): Connected new DB handle, #10 radius_xlat: 'UPDATE radippool SET nasipaddress = '', pool_key = 0, callingstationid = '', expiry_time = 'now'::timestamp(0) - '1 second'::interval WHERE pool_key = '00:0F:EA:61:0F:B3'' rlm_sql_mysql: MYSQL check_error: 1064 received sqlippool_command: database query error radius_xlat: 'SELECT framedipaddress FROM radippool WHERE pool_name = '' AND expiry_time 'now'::timestamp(0) ORDER BY pool_name, (username '[EMAIL PROTECTED]'), (callingstationid '00:0F:EA:61:0F:B3'), expiry_time LIMIT 1 FOR UPDATE' rlm_sql_mysql: MYSQL check_error: 1064 received sqlippool_query1: database query error rlm_sqlippool: ip=[] len=0 radius_xlat: 'COMMIT' rlm_sqlippool: IP number could not be allocated. rlm_sql (sql): Released sql socket id: 10 Ok, now sure... We have SQL errors because the tables doesn't even exist in the database (that is not why I'm asking about how the module works). I use a rather complex system, and it's important that it's integrated correctly. Looking at the UPDATE and the SELECT queries above... They are completely invalid. It's not even propper SQL syntax... UNLESS, expiry time *should* be a varchar instead of a datetime field - which again makes the database very big. Let's face it, a varchar uses a lot more space than a datetime, or even a int - should UNIX_TIMESTAMP be used instead. I *suppose* what it is trying to do, is that it saw that a user is trying to authenticate, and then it tried via the UPDATE to release any possible IP address which may have been allocated (I must admit, that is actually very clever!). It then proceeded to attempt to get a new dymaic IP address from the pool, but completely disregarded the pool-name ??? The config is stock standard, query in the config: allocate-find = SELECT framedipaddress FROM radippool \ WHERE pool_name = '%{reply:Pool-Name}' AND expiry_time 'now'::timestamp(0) \ ORDER BY pool_name, (username '%{User-Name}'), (callingstationid '%{Calling-Station-Id}'), expiry_time \ LIMIT 1 \ FOR UPDATE Should it not use the *check* attribute variable for the pool name (Pool-Name is, surely, a Check item and not a Reply item)??? Why also does timestamp(0) not expand? Is timestamp(0) a valid variable (It's not in variables.txt), and what is this supposed to be format wise? Can it be substituted with MySQL's NOW() instead? Not ranting or anything Alan, I'll figure this out... But even the example configuration file needs to get a serious kick up the rear It's invalid as it ships standard with the distribution tarball, and I'm possitive, it will confuse the living daylight out of users that is not so experienced -- C - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_sqlippool
Hmm. There seems to also be a bug in the code. If one of the mysql sockets to the database goes down, rlm_sqlippool won't reconnect to the database handles... Debug below for 2 auth requests... mySQL Logs show that the connection attempt does not even come through. Debug logs show that the username of the SQL connection string is incorrect. The radius server connects as user 'radius', bug debug shows it attempts to connect as 0164 And ty BTW Alan, think I'm starting to get the hang on what's going on irt the configuration of the module :-) Regards, Chris. rad_recv: Access-Request packet from host 192.168.1.20:1071, id=212, length=209 Service-Type = Framed-User Framed-Protocol = PPP NAS-Port = 91 NAS-Port-Type = Ethernet User-Name = [EMAIL PROTECTED] Calling-Station-Id = 00:0F:EA:61:0F:B3 Called-Station-Id = NAS01 NAS-Port-Id = Server Network MS-CHAP-Domain = domain.com User-Password = password NAS-Identifier = NAS01 NAS-IP-Address = 192.168.1.20 Mikrotik-Realm = domain.com rad_lowerpair: User-Name now '[EMAIL PROTECTED]' rad_lowerpair: User-Password now 'password' rad_rmspace_pair: User-Name now '[EMAIL PROTECTED]' rad_rmspace_pair: User-Password now 'password' SNIP rlm_sql (sql): sql_set_user escaped user -- '[EMAIL PROTECTED]' radius_xlat: 'SQL QUERY' rlm_sql (sql): Reserving sql socket id: 5 rlm_sql_mysql: MYSQL check_error: 2006, returning SQL_DOWN rlm_sql (sql): Attempting to connect rlm_sql_mysql #5 rlm_sql_mysql: Starting connect to MySQL server for #5 rlm_sql (sql): Connected new DB handle, #5 radius_xlat: 'SQL QUERY' radius_xlat: 'SQL QUERY' radius_xlat: 'SQL QUERY' rlm_sql (sql): Released sql socket id: 5 modcall[authorize]: module sql returns ok for request 6 modcall: leaving group authorize (returns ok) for request 6 SNIP radius_xlat: '[EMAIL PROTECTED]' rlm_sql (sql): sql_set_user escaped user -- '[EMAIL PROTECTED]' radius_xlat: 'SQL QUERY' rlm_sql (sql): Reserving sql socket id: 4 rlm_sql_mysql: MYSQL check_error: 2006, returning SQL_DOWN rlm_sql (sql): Attempting to connect rlm_sql_mysql #4 rlm_sql_mysql: Starting connect to MySQL server for #4 rlm_sql (sql): Connected new DB handle, #4 rlm_sql (sql): Released sql socket id: 4 modcall[session]: module sql returns ok for request 6 modcall: leaving group session (returns ok) for request 6 Login OK: [EMAIL PROTECTED] (from client NAS01 port 91 cli 00:0F:EA:61:0F:B3) SNIP Processing the post-auth section of radiusd.conf modcall: entering group post-auth for request 6 Value Of the Pool-Name is [6d9a0ffb-8330-1029-8ba8-5e000164] and its [36] Chars rlm_sql (sql): Reserving sql socket id: 6 radius_xlat: 'BEGIN' rlm_sql_mysql: MYSQL check_error: 2006, returning SQL_DOWN rlm_sql (sql): Attempting to connect rlm_sql_mysql #6 rlm_sql_mysql: Starting connect to MySQL server for #6 rlm_sql_mysql: Couldn't connect socket to MySQL server [EMAIL PROTECTED]:UltimateRadius rlm_sql_mysql: Mysql error 'Can't connect to MySQL server on 'mysqldb01.domain.com' (60)' rlm_sql (sql): Failed to connect DB handle #6 rlm_sql (sql): reconnect failed, database down? sqlippool_command: database query error DOES NOT RECONNECT radius_xlat: 'SQL QUERY' rlm_sql_mysql: Socket not connected rlm_sql (sql): Attempting to connect rlm_sql_mysql #6 rlm_sql_mysql: Starting connect to MySQL server for #6 rlm_sql_mysql: Couldn't connect socket to MySQL server [EMAIL PROTECTED]:UltimateRadius rlm_sql_mysql: Mysql error 'Can't connect to MySQL server on 'mysqldb01.domain.com' (60)' rlm_sql (sql): Failed to connect DB handle #6 rlm_sql (sql): reconnect failed, database down? sqlippool_command: database query error STILL NOT radius_xlat: 'SQL QUERY' rlm_sql_mysql: Socket not connected rlm_sql (sql): Attempting to connect rlm_sql_mysql #6 rlm_sql_mysql: Starting connect to MySQL server for #6 rlm_sql_mysql: Couldn't connect socket to MySQL server [EMAIL PROTECTED]:UltimateRadius rlm_sql_mysql: Mysql error 'Can't connect to MySQL server on 'mysqldb01.domain.com' (60)' rlm_sql (sql): Failed to connect DB handle #6 rlm_sql (sql): reconnect failed, database down? sqlippool_query1: database query error rlm_sqlippool: ip=[] len=0 radius_xlat: 'COMMIT' rlm_sql_mysql: Socket not connected rlm_sql (sql): Attempting to connect rlm_sql_mysql #6 rlm_sql_mysql: Starting connect to MySQL server for #6 rlm_sql_mysql: Couldn't connect socket to MySQL server [EMAIL PROTECTED]:UltimateRadius rlm_sql_mysql: Mysql error 'Can't connect to MySQL server on 'mysqldb01.domain.com' (60)' rlm_sql (sql): Failed to connect DB handle #6 rlm_sql (sql): reconnect failed, database down? sqlippool_command: database query error STILL DOWN rlm_sqlippool: IP number could not be allocated. rlm_sql (sql): Released sql socket id: 6 modcall[post-auth]: module sqlippool returns noop for request 6 SNIP Sending Access-Accept of id 212 to 192.168.1.20 port 1071
Re: rlm_sqlippool - try sql if not try sql1
RobertB wrote: At present it is not possible to do something like: try sql, if not available try sql1. Did you try to put the module in a redundant or a group stanza? http://freeradius.org/radiusd/doc/configurable_failover -- Nicolas Baradakis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: rlm_sqlippool - try sql if not try sql1
RobertB wrote: At present it is not possible to do something like: try sql, if not available try sql1.Did you try to put the module in a "redundant" or a "group" stanza? http://freeradius.org/radiusd/doc/configurable_failover Actually I'm using it with accounting packets, but it doesn't work with rlm_sqlippool, as radiusd.conf is expecting ip pool name. The sql-instance-name is set in sqlippool.sqls. Having two sql-instances would mean two sqlippools.conf filesand a different pool in each which wouldn't really work, unless I'm missing something. Cheers, RobertB - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html