Hi Steve,
Steve Wittstruck a écrit : > Oliver, et al: > > I figured out port 53 wasn't open in iptables. > > Also I remembered BIND was installed after Packetfence, maybe this is the > reason my BIND configuration isn't right. > > During server boot I noticed a message scroll by that says "locating > /var/named/chroot//etc/named.conf failed" - note the double backlash, i..e > '//', it was really in the message. I couldn't find this error logged and > tried unsuccessfully to capture the error. I didn't find any 'named' > /var/log/messages from this boot. > > Then I linked /etc/named.conf to /var/named/chroot/etc/named.conf, reloaded > named and got the following /var/log/messages: remove it, you don't need that. edit /etc/sysconfig/named and make sure that ALL the lines are commented out, especially the last one (KEYTAB_FILE=...) start named and see if it works. Keep me posted. Regis Balzard [email protected] :: +1.514.447.4918 (x110) :: www.inverse.ca Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence (www.packetfence.org) > May 13 16:27:38 packetfence named[4631]: starting BIND > 9.3.6-P1-RedHat-9.3.6-4.P1.el5_4.2 > May 13 16:27:38 packetfence named[4631]: adjusted limit on open files from > 1024 to 1048576 > May 13 16:27:38 packetfence named[4631]: found 4 CPUs, using 4 worker threads > May 13 16:27:38 packetfence named[4631]: using up to 4096 sockets > May 13 16:27:38 packetfence named[4631]: loading configuration from > '/etc/named.conf' > May 13 16:27:39 packetfence named[4631]: using default UDP/IPv4 port range: > [1024, 65535] > May 13 16:27:39 packetfence named[4631]: using default UDP/IPv6 port range: > [1024, 65535] > May 13 16:27:39 packetfence named[4631]: listening on IPv4 interface eth1.53, > 192.168.3.1#53 > May 13 16:27:39 packetfence named[4631]: listening on IPv4 interface eth1.51, > 192.168.2.1#53 > May 13 16:27:39 packetfence named[4631]: command channel listening on > 127.0.0.1#953 > May 13 16:27:39 packetfence named[4631]: couldn't open pid file > '/var/run/named/named.pid': Permission denied > May 13 16:27:39 packetfence named[4631]: exiting (due to early fatal error) > > If I reboot with this configuration (the /etc/named.conf file linked to > /var/named/...) I get: > May 13 16:33:58 packetfence named: zone ./IN: loading master file > named-registration.ca: file not found > May 13 16:33:58 packetfence named: registration/./IN: file not found > May 13 16:33:58 packetfence named: zone ./IN: loading master file > named-isolation.ca: file not found > May 13 16:33:58 packetfence named: isolation/./IN: file not found > > Is there any hope of getting this system set right? > > Thanks again! > Steve Wittstruck > Colorado School of Mines > ________________________________________ > From: Olivier Bilodeau [[email protected]] > Sent: Thursday, May 13, 2010 9:12 AM > To: [email protected] > Subject: Re: [Packetfence-users] DNS issues in registration VLAN (WAS: no > 1.8.8 snmptraps from Cisco 3750?) > > Hi Steve, > > Steve Wittstruck wrote: >> Hi Olivier, >> >> Sorry for the delay. >> >> Yes, I did follow the installation guide for setting up the 3 DNS files: >> /etc/named.conf, /var/named/named-registration.ca, and >> /var/named/named-isolation.ca. I just reviewed all 3 and the only >> difference from the installation guide was 'admin.nac.mines.edu' in both SOA >> entries. >> >> Is there anything else I can check? > > The goal for DHCP / DNS in the registration and isolation VLANs is the > following: > > - PacketFence is the only one who serves DHCP and DNS in that VLAN > - The DHCP is configured to give an IP in a new subnet and with > following options: > - DNS Server is the PacketFence IP in that VLAN > - Default gateway is the PacketFence IP in that VLAN > - The DNS is configured to ALWAYS return PacketFence's IP no matter what > the question was > > This way, PacketFence's web server gets the HTTP request and we use a > rewrite rule to rewrite the URL to something that is more meaningful to > a user and present the captive portal. > > I'll need you to doublecheck that each required step in accomplished in > the right way. One good way to do that is to put a PC in such a VLAN and > validate DHCP first then network reachability, routing (if any), DNS, etc. > > If you want your problem solved quickly (you are under time > constraints), you can always pay for support and we will log into your > setup, diagnose what's wrong and suggest fix. Otherwise keep posting > your progress and the community will troubleshoot you on the mailing > list for free. > > Have a nice day! > -- > Olivier Bilodeau > [email protected] :: +1.514.447.4918 *115 :: www.inverse.ca > Inverse inc. :: Leaders behind SOGo (www.scalableogo.org) and > PacketFence (www.packetfence.org) > > ------------------------------------------------------------------------------ > > _______________________________________________ > Packetfence-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/packetfence-users > > ------------------------------------------------------------------------------ > > _______________________________________________ > Packetfence-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/packetfence-users ------------------------------------------------------------------------------ _______________________________________________ Packetfence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
