sqlippool and exhausted pool
Alan DeKok
aland at deployingradius.com
Mon Jul 19 15:04:44 CEST 2021
On Jul 19, 2021, at 8:55 AM, Alberio Mirko <mirko.alberio at telemar.it> wrote:
>
> Hi Alan, thanks for the answer, I have some doubts:
>
> The module returns FAIL if it can't assign an IP address.
>
> What happens after that depends on your local configuration
>
> What do you mean with "depends on your local configuration"?
The module just returns "fail". Then, the virtual server gets processed as normal. This means any additional unlang rules, or modules, or...
i.e. whatever is in the virtual server. Which is your local configuration.
> Which comes from where?
> That is the point: the customer takes an IP from the pool without allocating the pool. Maybe is something related to the above question? Meaning is there something I miss to "block" a user on sqlippool module FAIL?
No. If the module returns "fail", then it hasn't assigned an IP.
Something else is going on. Either the NAS is assigning an IP, or something else is assigning an IP. You need to track down what's going on. Perhaps by checking debug output...
> And another thing I noticed:
>
> <pgdabjemfidclimd.png>
>
> we have some expiry_time way back in the past, but the ip is correctly assigned in NAS:
The IP is in use by the NAS. It is not CORRECTLY assigned in the NAS.
> <djjikgpmfhkndkah.png>
>
> What could it be?
Your NAS is broken.
If the DB says that the IP is expired, then FreeRADIUS thinks that the IP has expired. And can therefore assign it again.
However, if the IP is still in use by the NAS, then assigning the IP to another system will cause problems. The NAS SHOULD be sending accounting packets which indicate that the session is still in use, and that the IP is still allocated. If those packets are sent, then FreeRADIUS will update the DB to say that the IP is still in use.
So what's happening here one of two things:
1) your NAS isn't sending accounting update messages
2) you've configured FreeRADIUS to not run the sqlippool module when it receives accounting update messages.
(1) is much more likely than (2).
Fix the NAS, and the problem will go away.
Alan DeKok.
More information about the Freeradius-Users
mailing list