Failover for SQL lookup expansions?
Phil Mayers
p.mayers at imperial.ac.uk
Thu Mar 10 16:24:19 CET 2011
On 10/03/11 14:21, Brian Candler wrote:
> With freeradius 2.1.10 I can configure failover for SQL lookups like this:
>
> # in policy.conf
> sql_foo {
> redundant {
> sql_foo_local
> sql_foo_remote
> }
> }
>
>
> # in sites-available/foo
> authorize {
> sql_foo
> }
>
>
> However, it looks like I can't use this redundant module inside a string
> expansion:
>
> authorize {
> update request {
> Huntgroup-Name = "%{sql_foo:SELECT groupname FROM radhuntgroup where nasipaddress='%{NAS-IP-Address}' limit 1}"
> }
> }
Correct. Virtual modules (e.g. "redundant") do not implement the "xlat"
function.
> How could I get the same level of redundancy for string expansions? Could I
> do the expansion multiple times inside a redundant section? I am thinking of
> perhaps:
Unfortunately the "xlat" functions in FR don't return error/success
codes. They return "length of result string", and 0 for any failure
condition, which means it's impossible to distinguish a failure from an
empty result, and also that you can't use "if (ok)" constructs.
You will probably need something like this:
update request {
Attrib := "%{sql1:select ...}"
}
if (!Attrib) {
update request {
Attrib := "%{sql2:select ...}"
}
}
...and you will obviously need to ensure that a working SQL module never
returns an empty string for your query, else you'll just double the work up.
More information about the Freeradius-Users
mailing list