RADIUS 服务器冗余 MySQL

RADIUS Server redundant MySQL

我目前正在为 RADIUS 应用程序 运行 FreeRADIUS V.3.xx 结合 MySQL 构建测试设置。整个设置是多余的。所有服务器都是运行虚拟机运行 openSUSE 13.1

我的问题是我似乎无法找到冗余 MySQL 服务器的正确配置。有没有人有这方面的经验?

到目前为止我所做的,基本上是遵循官方freeradius wiki的相关部分...尝试使用rlm_sql_mysql套接字的组、细节、直接操作来提出变体......任何我能想到的......但没有成功。目前它回到了 "wiki status"

即:

我从 .../mods-enabled/ 中删除了 link 到 sql ,因为这导致冗余服务器甚至实例化失败。 ..

文件:.../radius.conf

部分:模块{...} 添加条目:

sql sql1{ ...#config...}
sql sql2{ ...#config...}

部分:实例化 {...} 添加条目:

redundant redundant_sql {
      sql1
      sql2
      handled
    }

然后在文件中添加redundant_sql:.../sites-available/default(link已启用站点)

Sections: authorize {...} & post-auth{...} (我不需要accounting)

这是一些调试输出:

实例化(sql1 和 sql2 都必须可以访问才能启动 RADIUS 服务器。这很糟糕,但不是当前的问题):

    radiusd: #### Instantiating modules ####
 instantiate {
 }
 modules {
  # Loaded module rlm_sql
  # Instantiating module "sql1" from file /etc/raddb/radiusd.conf
  sql sql1 {
    driver = "rlm_sql_mysql"
    server = "**IP sql1**"
    port = "3306"
    login = "radius"
    password = <<< secret >>>
    radius_db = "radius"
    read_groups = yes
    read_clients = no
    delete_stale_sessions = yes
    sql_user_name = "%{User-Name}"
    default_user_profile = ""
    client_query = "SELECT id, nasname, shortname, type, secret, server FROM nas"
    authorize_check_query = "SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id"
    authorize_reply_query = "SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id"
    authorize_group_check_query = "SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{Sql-Group}' ORDER BY id"
    authorize_group_reply_query = "SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '%{Sql-Group}' ORDER BY id"
    group_membership_query = "SELECT groupname FROM radusergroup WHERE username = BINARY '%{SQL-User-Name}' ORDER BY priority"
    simul_count_query = ""
    simul_verify_query = "SELECT radacctid, acctsessionid, username, nasipaddress, nasportid, framedipaddress, callingstationid, framedprotocol FROM radacct WHERE username = '%{SQL-User-Name}' AND acctstoptime IS NULL"
    safe_characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /"
  }
rlm_sql (sql1): Creating new attribute sql1-SQL-Group
rlm_sql (sql1): Registering sql_groupcmp for sql1-SQL-Group
   accounting {
    reference = "%{tolower:type.%{Acct-Status-Type}.query}"
   }
   post-auth {
    reference = ".query"
   }
   mysql {
    tls {
    }
   }
rlm_sql (sql1): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and linked
rlm_sql (sql1): Attempting to connect to database "radius"
rlm_sql (sql1): Initialising connection pool
   pool {
    start = 5
    min = 4
    max = 32
    spare = 3
    uses = 0
    lifetime = 0
    cleanup_interval = 30
    idle_timeout = 60
    retry_delay = 1
    spread = no
   }
rlm_sql (sql1): Opening additional connection (0)
rlm_sql_mysql: Starting connect to MySQL server
rlm_sql (sql1): Opening additional connection (1)
rlm_sql_mysql: Starting connect to MySQL server
rlm_sql (sql1): Opening additional connection (2)
rlm_sql_mysql: Starting connect to MySQL server
rlm_sql (sql1): Opening additional connection (3)
rlm_sql_mysql: Starting connect to MySQL server
rlm_sql (sql1): Opening additional connection (4)
rlm_sql_mysql: Starting connect to MySQL server
  # Instantiating module "sql2" from file /etc/raddb/radiusd.conf
  sql sql2 {
    driver = "rlm_sql_mysql"
    server = "**IP sql2**"
    port = "3306"
    login = "radius"
    password = <<< secret >>>
    radius_db = "radius"
    read_groups = yes
    read_clients = no
    delete_stale_sessions = yes
    sql_user_name = "%{User-Name}"
    default_user_profile = ""
    client_query = "SELECT id, nasname, shortname, type, secret, server FROM nas"
    authorize_check_query = "SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id"
    authorize_reply_query = "SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id"
    authorize_group_check_query = "SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{Sql-Group}' ORDER BY id"
    authorize_group_reply_query = "SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '%{Sql-Group}' ORDER BY id"
    group_membership_query = "SELECT groupname FROM radusergroup WHERE username = BINARY '%{SQL-User-Name}' ORDER BY priority"
    simul_count_query = ""
    simul_verify_query = "SELECT radacctid, acctsessionid, username, nasipaddress, nasportid, framedipaddress, callingstationid, framedprotocol FROM radacct WHERE username = '%{SQL-User-Name}' AND acctstoptime IS NULL"
    safe_characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /"
  }
rlm_sql (sql2): Creating new attribute sql2-SQL-Group
rlm_sql (sql2): Registering sql_groupcmp for sql2-SQL-Group
   accounting {
    reference = "%{tolower:type.%{Acct-Status-Type}.query}"
   }
   post-auth {
    reference = ".query"
   }
   mysql {
    tls {
    }
   }
rlm_sql (sql2): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and linked
rlm_sql (sql2): Attempting to connect to database "radius"
rlm_sql (sql2): Initialising connection pool
   pool {
    start = 5
    min = 4
    max = 32
    spare = 3
    uses = 0
    lifetime = 0
    cleanup_interval = 30
    idle_timeout = 60
    retry_delay = 1
    spread = no
   }
rlm_sql (sql2): Opening additional connection (0)
rlm_sql_mysql: Starting connect to MySQL server
rlm_sql (sql2): Opening additional connection (1)
rlm_sql_mysql: Starting connect to MySQL server
rlm_sql (sql2): Opening additional connection (2)
rlm_sql_mysql: Starting connect to MySQL server
rlm_sql (sql2): Opening additional connection (3)
rlm_sql_mysql: Starting connect to MySQL server
rlm_sql (sql2): Opening additional connection (4)
rlm_sql_mysql: Starting connect to MySQL server

停止 sql1 并发送请求后,会发生这种情况:

...#irrelevant stuff
Received Access-Request Id 36 from **IP switch**:8345 to **IP RADIUS**:1812 length 128
        User-Name = '**mac-address**'
        User-Password = '**mac-address**'
        NAS-IP-Address = **IP switch**
        NAS-Port = 3
        NAS-Port-Id = 'Port 3'
        NAS-Port-Type = Ethernet
        NAS-Identifier = '**nas name**'
        Service-Type = Call-Check
        Framed-MTU = 1500
        Called-Station-Id = '**mac-address**'
        Calling-Station-Id = '**mac-address**'
    (1) # Executing section authorize from file /etc/raddb/sites-enabled/default
    (1)   authorize {
    (1)   [preprocess] = ok
    (1)     update request {
    (1) EXPAND %{tolower:%{1}%{2}%{3}%{4}%{5}%{6}}
    (1)    --> **mac-address**
    (1)     Calling-Station-Id := '"**mac-address**"'
    (1)     User-Name := '&Calling-Station-Id -> '**mac-address**''
    (1)     User-Password := '&Calling-Station-Id -> '**mac-address**''
    (1)     } # update request = noop
    (1)     [updated] = updated
    (1)    } # if (Calling-Station-Id =~ **Syntax check**  = updated
    (1)     ... skipping else for request 1: Preceding "if" was taken
    (1)   } # rewrite_calling_station_id rewrite_calling_station_id = updated
    (1) detail : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d
    (1) detail :    --> /var/log/radius/radacct/**IP switch**/detail-20151019
    (1) detail : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d expands to /var/log/radius/radacct/**IP switch**/detail-20151019
    (1) detail : EXPAND %t
    (1) detail :    --> Mon Oct 19 15:03:18 2015
    (1)   [detail] = ok
    (1)   redundant redundant_sql {
    (1) sql1 : EXPAND %{User-Name}
    (1) sql1 :    --> **mac-address**
    (1) sql1 : SQL-User-Name set to '**mac-address**'
    rlm_sql (sql1): Reserved connection (4)
    (1) sql1 : EXPAND SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id
    (1) sql1 :    --> SELECT id, username, attribute, value, op FROM radcheck WHERE username = '**mac-address**' ORDER BY id
    rlm_sql (sql1): Executing query: 'SELECT id, username, attribute, value, op FROM radcheck WHERE username = '**mac-address**' ORDER BY id'
    rlm_sql_mysql: MYSQL check_error: 2006, returning RLM_SQL_RECONNECT
    rlm_sql (sql1): Reconnecting (4)
    rlm_sql_mysql: Starting connect to MySQL server
    rlm_sql_mysql: Couldn't connect socket to MySQL server radius@**IP sql1**:radius
    rlm_sql_mysql: Mysql error 'Can't connect to MySQL server on '**IP sql1**' (111 "Connection refused")'
    rlm_sql_mysql: Socket destructor called, closing socket
    rlm_sql_mysql: Socket destructor called, closing socket
    rlm_sql (sql1): Reserved connection (3)
    rlm_sql (sql1): Executing query: 'SELECT id, username, attribute, value, op FROM radcheck WHERE username = '**mac-address**' ORDER BY id'
    rlm_sql_mysql: MYSQL check_error: 2006, returning RLM_SQL_RECONNECT
    rlm_sql (sql1): Reconnecting (3)
    rlm_sql_mysql: Starting connect to MySQL server
    rlm_sql_mysql: Couldn't connect socket to MySQL server radius@**IP sql1**:radius
    rlm_sql_mysql: Mysql error 'Can't connect to MySQL server on '**IP sql1**' (111 "Connection refused")'
    rlm_sql_mysql: Socket destructor called, closing socket
    rlm_sql_mysql: Socket destructor called, closing socket
    rlm_sql (sql1): Reserved connection (2)
    rlm_sql (sql1): Executing query: 'SELECT id, username, attribute, value, op FROM radcheck WHERE username = '**mac-address**' ORDER BY id'
    rlm_sql_mysql: MYSQL check_error: 2006, returning RLM_SQL_RECONNECT
    rlm_sql (sql1): Reconnecting (2)
    rlm_sql_mysql: Starting connect to MySQL server
    rlm_sql_mysql: Couldn't connect socket to MySQL server radius@**IP sql1**:radius
    rlm_sql_mysql: Mysql error 'Can't connect to MySQL server on '**IP sql1**' (111 "Connection refused")'
    rlm_sql_mysql: Socket destructor called, closing socket
    rlm_sql_mysql: Socket destructor called, closing socket
    rlm_sql (sql1): Reserved connection (1)
    rlm_sql (sql1): Executing query: 'SELECT id, username, attribute, value, op FROM radcheck WHERE username = '**mac-address**' ORDER BY id'
    rlm_sql_mysql: MYSQL check_error: 2006, returning RLM_SQL_RECONNECT
    rlm_sql (sql1): Reconnecting (1)
    rlm_sql_mysql: Starting connect to MySQL server
    rlm_sql_mysql: Couldn't connect socket to MySQL server radius@**IP sql1**:radius
    rlm_sql_mysql: Mysql error 'Can't connect to MySQL server on '**IP sql1**' (111 "Connection refused")'
    rlm_sql_mysql: Socket destructor called, closing socket
    rlm_sql_mysql: Socket destructor called, closing socket
    rlm_sql (sql1): Failed to reconnect (1), no free connections are available
    rlm_sql (sql1): Executing query: 'SELECT id, username, attribute, value, op FROM radcheck WHERE username = '**mac-address**' ORDER BY id'
    Segmentation fault

在破坏与 sql1 的最后一个连接后,我希望 "redundant" 启动并联系 sql2...但是 RADIUS 反而中止了。

我知道我只 ** IP 和 mac,但如果这个项目毕业 "test-setup-stage",其他一切都会被正确重置。

我真的很感激任何帮助,因为我有点束手无策了。

非常感谢您阅读到这里!

这是 FreeRADIUS 中的一个缺陷,您应该使用上面发布的信息在 FreeRADIUS issue tracker 上打开一个问题单,如果可以的话,在调试器下从 运行 回溯它。

对于 gdb 你应该能够做到:

gdb --args <path to radiusd> -X

run
bt

回溯将显示问题出在哪里。我曾快速尝试在 v3.1.x 分支上重现它,但未能成功,但这可能是因为该错误需要事先打开连接才能触发缺陷。

首先感谢Arran Cudbard-Bell的帮助!

致 运行 遇到同样问题的其他人;使用最新的 tarball (Version 3.0.10: tar.bz2 (PGP Signature)) 并从中构建包括解决冗余问题的错误修正。

另请注意,wiki 中的条目并不完整。如果要使用多个 sql 实例,则必须另外完成以下操作:

  • 如果您以前运行正在使用 sql 的单个实例,请从 raddb/mods-enabled/
  • 中删除 sql 软链接
  • 配置sql1和sql2模块时写:group_attribute = "${.:instance}-SQL-Group “$INCLUDE 之前 ${modconfdir}/${.:name}/main/${dialect}/queries.conf",因为如果你不这样做,标准配置会抛出错误。

虽然配置文件本身对此进行了记录,但 wiki 并未提及。

--感谢@所有&关闭--