Red Hat Bugzilla – Bug 1291006
/etc/raddb/mods-config/sql/main/mysql/queries.conf[145]: Reference "${group_attribute}" not found
Last modified: 2015-12-24 06:50:06 EST
Description of problem: radiusd fails to start Version-Release number of selected component (if applicable): 3.0.9-1.fc22 How reproducible: Always Steps to Reproduce: 1.systemctl start radiusd 2. 3. Actual results: radiusd fails to start Expected results: radiusd should start Additional info: When it fails journalctl -xe tells me nothing about why it failed. In order to discover the problem I had to run in full debug mode /usr/sbin/radiusd -f -l /tmp/radius -X The failure is including configuration file /etc/raddb/mods-config/sql/main/mysql/queries.conf /etc/raddb/mods-config/sql/main/mysql/queries.conf[145]: Reference "${group_attribute}" not found /etc/raddb/mods-config/sql/main/mysql/queries.conf[152]: Reference "${group_attribute}" not found The file /etc/raddb/mods-config/sql/main/mysql/queries.conf has never been changed since the product build date. sudo ls -l /etc/raddb/mods-config/sql/main/mysql/queries.conf -rw-r-----. 1 root radiusd 13814 Aug 20 06:27 /etc/raddb/mods-config/sql/main/mysql/queries.conf rpm -qi freeradius Name : freeradius Version : 3.0.9 Release : 1.fc22 Architecture: x86_64 Install Date: Fri 27 Nov 2015 08:44:25 AM PST Group : System Environment/Daemons Size : 3616343 License : GPLv2+ and LGPLv2+ Signature : RSA/SHA256, Fri 21 Aug 2015 12:31:14 PM PDT, Key ID 11adc0948e1431d5 Source RPM : freeradius-3.0.9-1.fc22.src.rpm Build Date : Thu 20 Aug 2015 06:27:35 AM PDT Build Host : buildvm-20.phx2.fedoraproject.org Relocations : (not relocatable) Packager : Fedora Project Vendor : Fedora Project URL : http://www.freeradius.org/ Summary : High-performance and highly configurable free RADIUS server Description : This was all working fine up until recently, see also bug 1289330. I use radiusd to authenticate my Cisco hardware so I really want to see this problem fixed soon.
Thank you for your report. Do you have "group_attribute" set in your mods-available/sql file?
I think this is the issue. In the file mods-available/sql, which is dated Aug 24 2015, the group_attribute entry is missing. There is a file called sql.rpmnew, which is dated Aug 20 2015, which does have the group_attribute entry. If I do I fresh install of the freeradius.x86_64 package (I did this on a different machine) then the mods-available/sql file does have the group_attribute entry. It appears that the mods-available/sql was upgraded at some point, but the changes never made to the existing file. Here is a diff of sql vs sql.rpmnew [root@jackstraw mods-available]# diff sql sql.rpmnew 5c5 < ## $Id: 29fb4b28e1b085d66415052dcdb5cc255392dcc3 $ --- > ## $Id: 05e3e0b6fd6df4e8bb35b0bc2f49727db67dc5b8 $ 31,32c31 < # driver = "rlm_sql_null" < driver = "rlm_sql_mysql" --- > driver = "rlm_sql_null" 44a44,47 > # # How long to wait for write locks on the database to be > # # released (in ms) before giving up. > # busy_timeout = 200 > # 47c50 < # # contained within the file will be executed. --- > # # contained within the bootstrap file will be executed. 59a63,67 > # > # # If yes, (or auto and libmysqlclient reports warnings are > # # available), will retrieve and log additional warnings from > # # the server if an error has occured. Defaults to 'auto' > # warnings = auto 74c82 < dialect = "mysql" --- > dialect = "sqlite" 78c86 < server = "localhost" --- > # server = "localhost" 80,81c88,89 < login = "radius" < password = "RAD2011.db" --- > # login = "radius" > # password = "radpass" 84c92 < radius_db = "radiusdb-v3" --- > radius_db = "radius" 126c134 < logfile = ${logdir}/sqllog.sql --- > # logfile = ${logdir}/sqllog.sql 161,177c169,186 < # Number of connections to start < start = 5 < < # Minimum number of connections to keep open < min = 4 < < # Maximum number of connections < # < # If these connections are all in use and a new one < # is requested, the request will NOT get a connection. < # < # Setting 'max' to LESS than the number of threads means < # that some threads may starve, and you will see errors < # like "No connections available and at max connection limit" < # < # Setting 'max' to MORE than the number of threads means < # that there are more connections than necessary. --- > # Connections to create during module instantiation. > # If the server cannot create specified number of > # connections during instantiation it will exit. > # Set to 0 to allow the server to start without the > # database being available. > start = ${thread[pool].start_servers} > > # Minimum number of connections to keep open > min = ${thread[pool].min_spare_servers} > > # Maximum number of connections > # > # If these connections are all in use and a new one > # is requested, the request will NOT get a connection. > # > # Setting 'max' to LESS than the number of threads means > # that some threads may starve, and you will see errors > # like 'No connections available and at max connection limit' 178a188,189 > # Setting 'max' to MORE than the number of threads means > # that there are more connections than necessary. 181c192 < # Spare connections to be left idle --- > # Spare connections to be left idle 183,185c194,196 < # NOTE: Idle connections WILL be closed if "idle_timeout" < # is set. < spare = 3 --- > # NOTE: Idle connections WILL be closed if "idle_timeout" > # is set. This should be less than or equal to "max" above. > spare = ${thread[pool].max_spare_servers} 187c198 < # Number of uses before the connection is closed --- > # Number of uses before the connection is closed 189c200 < # 0 means "infinite" --- > # 0 means "infinite" 191a203,207 > # The number of seconds to wait after the server tries > # to open a connection, and fails. During this time, > # no new connections will be opened. > retry_delay = 30 > 195,196c211,212 < # idle timeout (in seconds). A connection which is < # unused for this length of time will be closed. --- > # idle timeout (in seconds). A connection which is > # unused for this length of time will be closed. 199,204c215,220 < # NOTE: All configuration settings are enforced. If a < # connection is closed because of "idle_timeout", < # "uses", or "lifetime", then the total number of < # connections MAY fall below "min". When that < # happens, it will open a new connection. It will < # also log a WARNING message. --- > # NOTE: All configuration settings are enforced. If a > # connection is closed because of "idle_timeout", > # "uses", or "lifetime", then the total number of > # connections MAY fall below "min". When that > # happens, it will open a new connection. It will > # also log a WARNING message. 206,207c222,223 < # The solution is to either lower the "min" connections, < # or increase lifetime/idle_timeout. --- > # The solution is to either lower the "min" connections, > # or increase lifetime/idle_timeout. 215a232,243 > > # > # The group attribute specific to this instance of rlm_sql > # > > # This entry should be used for additional instances (sql foo {}) > # of the SQL module. > # group_attribute = "${.:instance}-SQL-Group" > > # This entry should be used for the default instance (sql {}) > # of the SQL module. > group_attribute = "SQL-Group" <==== Here's the applicable change Paolo
The administrator is supposed to check for .rpmnew files and integrate the changes him/herself upon upgrade. This is the basic functionality of RPM. See also http://wiki.freeradius.org/guide/Red-Hat-FAQ#freeradius-red-hat-faq_how-are-configuration-files-handled-during-an-rpm-upgrade I would like to close this as NOTABUG.
Fine