Failed oracle db connection kills the freeradius service
Alan DeKok
aland at deployingradius.com
Thu Apr 4 22:16:55 CEST 2019
On Apr 4, 2019, at 4:01 PM, R3DNano <r3dnano at gmail.com> wrote:
> Downtime could happen sometimes and I understand I can just comment out a
> module when the SQL server goes down, but sometimes it could be out of our
> control, a database can fail for hours
Then it isn't a database you need, is it?
> and I thought there might be a way
> freeradius can just "deal" with failed mysql connections by rejecting if
> the source is unavailable.... I don't mean that freeradius "should" deal
> with it, by any means, just to have the option of rejecting if the auth
> source is unreachable.
The issue is how does FreeRADIUS know that the database is down *permanently*? i.e. any failure lasting more than a second or two is permanent.
FreeRADIUS retries connections because you told it to use the DB, and it's really important that it uses the DB. FreeRADIUS doesn't just give up for *hours* if the database is down.
Look, what you want isn't trivial. *You* may know what you want FreeRADIUS to do. But FreeRADIUS can't read your mind. It has to implement decisions, in C, using only information it knows. That means it's not trivial.
> Does this mean the same behavior can be expected if I'm authenticating
> against LDAP and the LDAP server goes temporarily down?
Yes. Both LDAP and SQL have "pool" configurations. So they both operate largely the same way.
Don't take your databases down. And if you do take them down, expect FreeRADIUS to fail, too.
Alan DeKok.
More information about the Freeradius-Users
mailing list