>> You don't see the need for a secondary server? We are investigating a Highly Available setup. However PF is just so blasted stable. I mean it. Solid as a freaking rock. The only time I ever had an issue with it was when someone found a bug in the version of FreeRADIUS I was running that would cause the FR server to crash when a special packet was sent to it. An enterprising computer science student decided to exploit this but was not happy with the results. : )
FreeRADIUS patched the vulnerability in a newer release so a simple FR upgrade solved the issue. One command on the CLI fixed it. That was a good day. I have spoken to Inverse a few times about developing a more easily deployed version of HA and I believe it is on their road map. But, to -date, we have been very blessed with the stability of our PF deployment. ***knocking frantically on every wood surface around!*** Jake Sallee Godfather of Bandwidth System Engineer University of Mary Hardin-Baylor 900 College St. Belton TX. 76513 Fone: 254-295-4658 Phax: 254-295-4221 HTTP://WWW.UMHB.EDU -----Original Message----- From: Jeremy Schubert [mailto:[email protected]] Sent: Thursday, March 07, 2013 12:14 PM To: [email protected] Subject: Re: [PacketFence-users] basic instalation questions Thank you Jake. So you just have one central PF server then? You don't see the need for a secondary server? Jeremy ----- Original Message ----- From: "Stephen Sallee (Jake)" <[email protected]> To: [email protected] Sent: Thursday, March 7, 2013 9:44:20 AM Subject: Re: [PacketFence-users] basic instalation questions ≫ How can I determine what hardware specs For what its worth here are my specs: PF Server (everything except MySQL) Dell R210 8 GB RAM 120 GB HD (RAID 1) 1 x Intel(R) Xeon(R) CPU X3430 @ 2.40GHz 2 x 1Gb Ethernet (only one in use) MySQL server is exactly the same as the PF server, but only running MySQL. With this setup I am running about 100 MySQL queries a second (steady, bursting higher). I currently have 10,492 registered devices and 11,541 un-registered devices. PF version 3.5.1 My only trouble has been making sure my RADIUS tables in the DB don’t get too big. I just had to clear them yesterday (2 tables almost 60 million rows combined). But that is something I do probably about 4 times a year as preventative maintenance. Jake Sallee Godfather of Bandwidth System Engineer University of Mary Hardin-Baylor 900 College St. Belton TX. 76513 Fone: 254-295-4658 Phax: 254-295-4221 HTTP://WWW.UMHB.EDU -----Original Message----- From: Jeremy Schubert [ mailto:[email protected] ] Sent: Thursday, March 07, 2013 10:04 AM To: [email protected] Cc: [email protected] Subject: Re: [PacketFence-users] basic instalation questions Thanks Mark. Re #2, yes, I want to insrall PF but just use the registration function for now. I see the guide talks about minimum hardware requirements. How can I determine what hardware specs I need based on how many users/nodes are on the network? Is there a rule of thumb like "this much ram and hard drive space per user/node"? Thx, Jeremy On 2013-03-07, at 6:07 AM, Mark Holmes < [email protected] > wrote: > Hi Jeremy, > > 1. Does packetfence need to be the dhcp server for the network? > > No, you can keep your current production DHCP server. PF usually > handles the DHCP for the registration and isolation networks > > 2. Do all services need to be running? Or can I use just the registration and > radius functions? > > Your question isn't entirely clear - if you mean can you just use PF to > register machines, without worrying about the additional stuff like SoH > (State of Health), Nessus/OpenVAS vulnerability scanning etc then yes, > absolutely. > > 3. Can I enter a list of MAC addresses to "pre authenticate" machines? > > Yes > > All of this is covered in the PacketFence Administration Guide, by the way.. > > http://www.packetfence.org/documentation/guides.html > > > Regards, > > Mark > > > > > > > > -----Original Message----- > From: Jeremy Schubert [ mailto:[email protected] ] > Sent: 07 March 2013 11:11 > To: [email protected] > Subject: [PacketFence-users] basic instalation questions > > Newbie here, excuse my ignorance: > 1. Does packetfence need to be the dhcp server for the network? > 2. Do all services need to be running? Or can I use just the registration and > radius functions? > 3. Can I enter a list of MAC addresses to "pre authenticate" machines? > Thanks, Jeremy > > ---------------------------------------------------------------------- > -------- Symantec Endpoint Protection 12 positioned as A LEADER in The > Forrester > Wave(TM): Endpoint Security, Q1 2013 and "remains a good choice" in the > endpoint security space. For insight on selecting the right partner to tackle > endpoint security challenges, access the full report. > http://p.sf.net/sfu/symantec-dev2dev > _______________________________________________ > PacketFence-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/packetfence-users > > Nuffield College is a Registered Charity No. 1137506. Registered > Office: Nuffield College, New Road, Oxford, OX1 1NF > > ---------------------------------------------------------------------- > -------- Symantec Endpoint Protection 12 positioned as A LEADER in The > Forrester > Wave(TM): Endpoint Security, Q1 2013 and "remains a good choice" in > the endpoint security space. For insight on selecting the right > partner to tackle endpoint security challenges, access the full report. > http://p.sf.net/sfu/symantec-dev2dev > _______________________________________________ > PacketFence-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/packetfence-users ------------------------------------------------------------------------------ Symantec Endpoint Protection 12 positioned as A LEADER in The Forrester Wave(TM): Endpoint Security, Q1 2013 and "remains a good choice" in the endpoint security space. For insight on selecting the right partner to tackle endpoint security challenges, access the full report. http://p.sf.net/sfu/symantec-dev2dev _______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users ------------------------------------------------------------------------------ Symantec Endpoint Protection 12 positioned as A LEADER in The Forrester Wave(TM): Endpoint Security, Q1 2013 and "remains a good choice" in the endpoint security space. For insight on selecting the right partner to tackle endpoint security challenges, access the full report. http://p.sf.net/sfu/symantec-dev2dev _______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users ------------------------------------------------------------------------------ Symantec Endpoint Protection 12 positioned as A LEADER in The Forrester Wave(TM): Endpoint Security, Q1 2013 and "remains a good choice" in the endpoint security space. For insight on selecting the right partner to tackle endpoint security challenges, access the full report. http://p.sf.net/sfu/symantec-dev2dev _______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users ------------------------------------------------------------------------------ Symantec Endpoint Protection 12 positioned as A LEADER in The Forrester Wave(TM): Endpoint Security, Q1 2013 and "remains a good choice" in the endpoint security space. For insight on selecting the right partner to tackle endpoint security challenges, access the full report. http://p.sf.net/sfu/symantec-dev2dev _______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
