rlm_sql, readclients=yes: multiple NASes with same IP

Milan Holub holub at thenet.ch
Wed Apr 11 17:40:49 CEST 2007 

Hi all,

with currect cvs head I've observed following behaviour:

- I'm using rlm_sql
- clients stored in mysql DB(standard DB scheme)
- in sql.conf I have "readclients=yes"(to read the nas table)

We are having multiple NASes on the same IP distinguished only by
different port(eg. multiple instances of nocat wlangw running on
differet ports).

This result in following DB records(for example):
+-----+----------------+-----------+-------+-------+----------+-----------+-------------+
| id  | nasname        | shortname | type  | ports | secret   |
community | description |
+-----+----------------+-----------+-------+-------+----------+-----------+-------------+
| 123 | <valid_IP> | wlan-gw51 | other |  5281 | secret | NULL
| off         |
| 117 | <same_valid_IP> | wlan-gw51 | other |  5280 | secret | NULL
| off         |
+-----+----------------+-----------+-------+-------+----------+-----------+-------------+
(the only difference is in the ports)

We are using nas table as a bind table to another table for "usage
view". Basically such NASes can serve completely different physical
locations and what really determinates the location is combination of nasname
and ports.

Now: freeradius refuses to start with the above configuration:
>>> DEBUG OUTPUT START
rlm_sql (sql): Read entry
nasname=<valid_IP>,shortname=wlan-gw51,secret=secret
rlm_sql (sql): Adding client <valid_IP> (wlan-gw51) to clients list
rlm_sql (sql): Read entry
nasname=<same_valid_IP>,shortname=wlan-gw51,secret=secret
rlm_sql (sql): Adding client <same_valid_IP> (wlan-gw51) to clients list
rlm_sql (sql): generate_sql_clients() returned error
rlm_sql (sql): Closing sqlsocket 4
rlm_sql (sql): Closing sqlsocket 3
rlm_sql (sql): Closing sqlsocket 2
rlm_sql (sql): Closing sqlsocket 1
rlm_sql (sql): Closing sqlsocket 0
radiusd.conf[10]: sql: Module instantiation failed.
radiusd.conf[1896] Failed to find module "sql".
radiusd.conf[1819] Failed to parse authorize section.
Errors setting up modules
>>> DEBUG OUTPUT END

I believe that for communication of the NAS with radius only the IP is
deciding for radius. I know this can be solved outside radius by
creating another "bind" table in DB(binding multiple ports to one unique
nas record) and changing existing applications for viewing accounting
data(php+mysql). For me at the moment it's easier to persuade freeradius
just to ignore such "duplicities" when reading clients by following simple patch:

Index: src/main/client.c
===================================================================
RCS file: /source/radiusd/src/main/client.c,v
retrieving revision 1.53
diff -u -r1.53 client.c
--- src/main/client.c   10 Apr 2007 14:21:24 -0000      1.53
+++ src/main/client.c   11 Apr 2007 15:36:19 -0000
@@ -225,7 +225,7 @@
         *      Duplicate?
         */
        if (!rbtree_insert(clients->trees[client->prefix], client)) {
-               return 0;
+               return 1;
        }

 #ifdef WITH_SNMP


I hope it helps someone.

Milan Holub
holub (at) thenet (dot) ch

--------------------------------------
 TheNet-Internet Services AG,
 im Bernertechnopark, Morgenstr. 129
 CH-3018, Bern, Switzerland
 031 998 4333, Fax 031 998 4330
 http://www.thenet.ch
 http://wlan.thenet.ch
--------------------------------------

More information about the Freeradius-Users mailing list