Bug 1291006 - /etc/raddb/mods-config/sql/main/mysql/queries.conf[145]: Reference "${group_attribute}" not found
/etc/raddb/mods-config/sql/main/mysql/queries.conf[145]: Reference "${group_a...
Status: CLOSED NOTABUG
Product: Fedora
Classification: Fedora
Component: freeradius (Show other bugs)
22
x86_64 Linux
unspecified Severity high
: ---
: ---
Assigned To: Nikolai Kondrashov
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2015-12-12 12:17 EST by pgaltieri
Modified: 2015-12-24 06:50 EST (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2015-12-24 06:50:06 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description pgaltieri 2015-12-12 12:17:22 EST
Description of problem:
radiusd fails to start

Version-Release number of selected component (if applicable):
3.0.9-1.fc22

How reproducible:
Always

Steps to Reproduce:
1.systemctl start radiusd
2.
3.

Actual results:
radiusd fails to start

Expected results:
radiusd should start

Additional info:
When it fails journalctl -xe tells me nothing about why it failed.  In order to discover the problem I had to run in full debug mode

/usr/sbin/radiusd -f -l /tmp/radius -X

The failure is

including configuration file /etc/raddb/mods-config/sql/main/mysql/queries.conf
/etc/raddb/mods-config/sql/main/mysql/queries.conf[145]: Reference "${group_attribute}" not found
/etc/raddb/mods-config/sql/main/mysql/queries.conf[152]: Reference "${group_attribute}" not found

The file /etc/raddb/mods-config/sql/main/mysql/queries.conf has never been changed since the product build date.

sudo ls -l /etc/raddb/mods-config/sql/main/mysql/queries.conf

-rw-r-----. 1 root radiusd 13814 Aug 20 06:27 /etc/raddb/mods-config/sql/main/mysql/queries.conf


rpm -qi freeradius
Name        : freeradius
Version     : 3.0.9
Release     : 1.fc22
Architecture: x86_64
Install Date: Fri 27 Nov 2015 08:44:25 AM PST
Group       : System Environment/Daemons
Size        : 3616343
License     : GPLv2+ and LGPLv2+
Signature   : RSA/SHA256, Fri 21 Aug 2015 12:31:14 PM PDT, Key ID 11adc0948e1431d5
Source RPM  : freeradius-3.0.9-1.fc22.src.rpm
Build Date  : Thu 20 Aug 2015 06:27:35 AM PDT
Build Host  : buildvm-20.phx2.fedoraproject.org
Relocations : (not relocatable)
Packager    : Fedora Project
Vendor      : Fedora Project
URL         : http://www.freeradius.org/
Summary     : High-performance and highly configurable free RADIUS server
Description :

This was all working fine up until recently, see also bug 1289330.

I use radiusd to authenticate my Cisco hardware so I really want to see this problem fixed soon.
Comment 1 Nikolai Kondrashov 2015-12-15 10:10:59 EST
Thank you for your report. Do you have "group_attribute" set in your mods-available/sql file?
Comment 2 pgaltieri 2015-12-17 16:14:57 EST
I think this is the issue.  In the file mods-available/sql, which is dated Aug 24 2015, the group_attribute entry is missing.  There is a file called sql.rpmnew, which is dated Aug 20 2015, which does have the group_attribute entry.  

If I do I fresh install of the freeradius.x86_64 package (I did this on a different machine) then the mods-available/sql file does have the group_attribute entry.  It appears that the mods-available/sql was upgraded at some point, but the changes never made to the existing file.

Here is a diff of sql vs sql.rpmnew

[root@jackstraw mods-available]# diff sql sql.rpmnew
5c5
< ##	$Id: 29fb4b28e1b085d66415052dcdb5cc255392dcc3 $
---
> ##	$Id: 05e3e0b6fd6df4e8bb35b0bc2f49727db67dc5b8 $
31,32c31
< #	driver = "rlm_sql_null"
< 	driver = "rlm_sql_mysql"
---
> 	driver = "rlm_sql_null"
44a44,47
> #		# How long to wait for write locks on the database to be
> #		# released (in ms) before giving up.
> #		busy_timeout = 200
> #
47c50
< #		# contained within the file will be executed.
---
> #		# contained within the bootstrap file will be executed.
59a63,67
> #
> #		# If yes, (or auto and libmysqlclient reports warnings are
> #		# available), will retrieve and log additional warnings from
> #		# the server if an error has occured. Defaults to 'auto'
> #		warnings = auto
74c82
< 	dialect = "mysql"
---
> 	dialect = "sqlite"
78c86
< 	server = "localhost"
---
> #	server = "localhost"
80,81c88,89
< 	login = "radius"
< 	password = "RAD2011.db"
---
> #	login = "radius"
> #	password = "radpass"
84c92
< 	radius_db = "radiusdb-v3"
---
> 	radius_db = "radius"
126c134
< 	logfile = ${logdir}/sqllog.sql
---
> #	logfile = ${logdir}/sqllog.sql
161,177c169,186
< 		# Number of connections to start
< 		start = 5
< 
< 		# Minimum number of connections to keep open
< 		min = 4
< 
< 		# Maximum number of connections
< 		#
< 		# If these connections are all in use and a new one
< 		# is requested, the request will NOT get a connection.
< 		#
< 		# Setting 'max' to LESS than the number of threads means
< 		# that some threads may starve, and you will see errors
< 		# like "No connections available and at max connection limit"
< 		#
< 		# Setting 'max' to MORE than the number of threads means
< 		# that there are more connections than necessary.
---
> 		#  Connections to create during module instantiation.
> 		#  If the server cannot create specified number of
> 		#  connections during instantiation it will exit.
> 		#  Set to 0 to allow the server to start without the
> 		#  database being available.
> 		start = ${thread[pool].start_servers}
> 
> 		#  Minimum number of connections to keep open
> 		min = ${thread[pool].min_spare_servers}
> 
> 		#  Maximum number of connections
> 		#
> 		#  If these connections are all in use and a new one
> 		#  is requested, the request will NOT get a connection.
> 		#
> 		#  Setting 'max' to LESS than the number of threads means
> 		#  that some threads may starve, and you will see errors
> 		#  like 'No connections available and at max connection limit'
178a188,189
> 		#  Setting 'max' to MORE than the number of threads means
> 		#  that there are more connections than necessary.
181c192
< 		# Spare connections to be left idle
---
> 		#  Spare connections to be left idle
183,185c194,196
< 		# NOTE: Idle connections WILL be closed if "idle_timeout"
< 		# is set.
< 		spare = 3
---
> 		#  NOTE: Idle connections WILL be closed if "idle_timeout"
> 		#  is set.  This should be less than or equal to "max" above.
> 		spare = ${thread[pool].max_spare_servers}
187c198
< 		# Number of uses before the connection is closed
---
> 		#  Number of uses before the connection is closed
189c200
< 		# 0 means "infinite"
---
> 		#  0 means "infinite"
191a203,207
> 		#  The number of seconds to wait after the server tries
> 		#  to open a connection, and fails.  During this time,
> 		#  no new connections will be opened.
> 		retry_delay = 30
> 
195,196c211,212
< 		# idle timeout (in seconds).  A connection which is
< 		# unused for this length of time will be closed.
---
> 		#  idle timeout (in seconds).  A connection which is
> 		#  unused for this length of time will be closed.
199,204c215,220
< 		# NOTE: All configuration settings are enforced.  If a
< 		# connection is closed because of "idle_timeout",
< 		# "uses", or "lifetime", then the total number of
< 		# connections MAY fall below "min".  When that
< 		# happens, it will open a new connection.  It will
< 		# also log a WARNING message.
---
> 		#  NOTE: All configuration settings are enforced.  If a
> 		#  connection is closed because of "idle_timeout",
> 		#  "uses", or "lifetime", then the total number of
> 		#  connections MAY fall below "min".  When that
> 		#  happens, it will open a new connection.  It will
> 		#  also log a WARNING message.
206,207c222,223
< 		# The solution is to either lower the "min" connections,
< 		# or increase lifetime/idle_timeout.
---
> 		#  The solution is to either lower the "min" connections,
> 		#  or increase lifetime/idle_timeout.
215a232,243
> 
> 	#
> 	# The group attribute specific to this instance of rlm_sql
> 	#
> 
> 	# This entry should be used for additional instances (sql foo {})
> 	# of the SQL module.
> #	group_attribute = "${.:instance}-SQL-Group"
> 
> 	# This entry should be used for the default instance (sql {})
> 	# of the SQL module.
> 	group_attribute = "SQL-Group"      <==== Here's the applicable change

Paolo
Comment 3 Nikolai Kondrashov 2015-12-18 08:15:24 EST
The administrator is supposed to check for .rpmnew files and integrate the changes him/herself upon upgrade. This is the basic functionality of RPM.

See also http://wiki.freeradius.org/guide/Red-Hat-FAQ#freeradius-red-hat-faq_how-are-configuration-files-handled-during-an-rpm-upgrade

I would like to close this as NOTABUG.
Comment 4 pgaltieri 2015-12-18 11:33:43 EST
Fine

Note You need to log in before you can comment on or make changes to this bug.