RADSQLRELAY(8) FreeRADIUS helper program RADSQLRELAY(8)NAME
radsqlrelay - relay SQL queries to a central database server
SYNOPSIS
radsqlrelay [-?] [-d sql_driver] [-b database] [-f file] [-h host] [-u user] [-P port] [-p password] [-1] [-x] file_path
DESCRIPTION
radsqlrelay tails a SQL logfile and forwards the queries to a database server. Used to replicate accounting records to one (central) data-
base, even if the database has extended downtime.
The SQL logfile is created by the rlm_sql_log module. The module must be configured in the radiusd server before you can use radsqlrelay.
OPTIONS
-? Print usage help information.
-d sql_driver
Driver to use: mysql, pg, oracle.
-b database
Name of the database to use.
-f file
Read password from file, instead of command line.
-h host
Connect to host.
-u user
User for login.
-P port
Port number to use for connection.
-p password
Password to use when connecting to server.
-1 One-shot mode: push the file to database and exit.
-x Turn on debugging.
file_path
The pathname of the SQL logfile to use.
NOTES
Oracle driver
The command "radsqlrelay -d oracle -b db.domain.tld sql-relay" reads the database description stored in $TNS_ADMIN/tnsnames.ora:
db.domain.tld =
(DESCRIPTION =
(ADDRESS_LIST =
(ADDRESS = (PROTOCOL = TCP)(HOST = db.domain.tld)(PORT = 1521))
)
(CONNECT_DATA =
(SERVICE_NAME = <DB SID>)
)
)
SEE ALSO rlm_sql_log(5)AUTHOR
Nicolas Baradakis <nicolas.baradakis@cegetel.net>
19 June 2005 RADSQLRELAY(8)
Check Out this Related Man Page
rlm_sql_log(5) FreeRADIUS Module rlm_sql_log(5)NAME
rlm_sql_log - FreeRADIUS Module
DESCRIPTION
The rlm_sql_log module appends the SQL queries in a log file which is read later by the scripts/radsqlrelay Perl program.
The purpose of this module is to de-couple the storage of long-term accounting data in SQL from "live" information needed by the RADIUS
server as it's running. If you are not using SQL for simultaneous login restrictions (i.e. "sql" is not listed in the "session" section of
"radiusd.conf"), then this module allows you to log SQL queries to a file, and then process them at your leisure.
The benefit of this approach is that for a busy server, the overhead of performing SQL qeuries may be significant. Also, if the SQL data-
bases are large (as is typical for ones storing months of data), the INSERTs and UPDATEs may take a relatively long time. Rather than
slowing down the RADIUS server by having it interact with a database, you can just log the queries to a file, and then run those queries on
another machine, or at a time when the RADIUS server is typically lightly loaded.
If the "sql" module is listed in the "session" section of "radiusd.conf", then a similar system can still be used. In that case, one data-
base would be used to maintain "live" session information. That database would be small, fast, and information would be deleted from it
when a user logs out. A second database would store long-term accounting information, as described above.
LIMITATIONS
This module only performs the dynamic expansion of the variables found in the SQL statements. No operation is executed on the database
server. (this would be done later by an external program) That means the module is useful only with non-"SELECT" statements.
CONFIGURATION
The main configuration items to be aware of are the path of the log file and the different SQL queries.
path An entry named "path" sets the full path of the file where the SQL queries are recorded. (this variable is run through dynamic
string expansion, and can include FreeRADIUS variables to create a dynamic filename)
Accounting queries
When a accounting record is processed, the module searches a config entry keyed by the Acct-Status-Type attribute present in the
packet. For example, the SQL to be run on an accounting start must be named "Start" in the configuration for the module. Other usual
values for Acct-Status-Type are "Stop", "Alive", "Accounting-On", etc. See the VALUEs for Acct-Status-Type in the dictio-
nary.rfc2866 file.
Post-Auth query
An entry named "Post-Auth" sets the query to run during the post-authentication stage. This query is mainly used to log sessions
where there may not be a later accounting packet.
modules {
...
sql_log {
path = "${radacctdir}/sql-relay"
acct_table = "radacct"
postauth_table = "radpostauth"
sql_user_name = "%{%{User-Name}:-DEFAULT}"
Start = "INSERT INTO ${acct_table} ..."
Stop = "UPDATE ${acct_table} SET ..."
Alive = "UPDATE ${acct_table} SET ..."
Post-Auth = "INSERT INTO ${postauth_table} ..."
}
...
}
accounting {
...
sql_log
...
}
post-auth {
...
sql_log
...
}
SECTIONS
accounting, post-auth
FILES
/etc/raddb/radiusd.conf
SEE ALSO radsqlrelay(8), radiusd(8), radiusd.conf(5)AUTHOR
Nicolas Baradakis <nicolas.baradakis@cegetel.net>
28 May 2005 rlm_sql_log(5)