Hello Regis, Olivier, et al, BIND is working now thanks to Regis.
I think I have a PF server certificate error, due to PF reinstall maybe, which I don't know how to fix. Browsers on both PF and switch connecting PC's show the following browser error (below) and I see this in /var/log/messages: "packetfence: error getting update info: Peer certificate commonName does not match host, expected packetfence.nac.mines.edu , go t packetfence" PF's web admin interface opens okay on the server, but nothing else it seems. Here's the browser error: --------- Software error: Can't open /usr/local/pf/logs/packetfence.log (Permission denied) at /usr/lib/perl5/5.8.8/CGI/Carp.pm line 314. Compilation failed in require at /usr/local/pf/cgi-bin/redir.cgi line 15. BEGIN failed--compilation aborted at /usr/local/pf/cgi-bin/redir.cgi line 15. -------- Thank you!! Steve Wittstruck Colorado School of Mines ====== On May 13, 2010, at 5:14 PM, Regis Balzard wrote: > Hi Steve, > > > Steve Wittstruck a écrit : >> Oliver, et al: >> >> I figured out port 53 wasn't open in iptables. >> >> Also I remembered BIND was installed after Packetfence, maybe this is the >> reason my BIND configuration isn't right. >> >> During server boot I noticed a message scroll by that says "locating >> /var/named/chroot//etc/named.conf failed" - note the double backlash, i..e >> '//', it was really in the message. I couldn't find this error logged and >> tried unsuccessfully to capture the error. I didn't find any 'named' >> /var/log/messages from this boot. >> >> Then I linked /etc/named.conf to /var/named/chroot/etc/named.conf, reloaded >> named and got the following /var/log/messages: > remove it, you don't need that. > > edit /etc/sysconfig/named and make sure that ALL the lines are commented out, > especially the last one (KEYTAB_FILE=...) > > start named and see if it works. > Keep me posted. > > Regis Balzard > [email protected] :: +1.514.447.4918 (x110) :: www.inverse.ca > Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence > (www.packetfence.org) > > > >> May 13 16:27:38 packetfence named[4631]: starting BIND >> 9.3.6-P1-RedHat-9.3.6-4.P1.el5_4.2 >> May 13 16:27:38 packetfence named[4631]: adjusted limit on open files from >> 1024 to 1048576 >> May 13 16:27:38 packetfence named[4631]: found 4 CPUs, using 4 worker threads >> May 13 16:27:38 packetfence named[4631]: using up to 4096 sockets >> May 13 16:27:38 packetfence named[4631]: loading configuration from >> '/etc/named.conf' >> May 13 16:27:39 packetfence named[4631]: using default UDP/IPv4 port range: >> [1024, 65535] >> May 13 16:27:39 packetfence named[4631]: using default UDP/IPv6 port range: >> [1024, 65535] >> May 13 16:27:39 packetfence named[4631]: listening on IPv4 interface >> eth1.53, 192.168.3.1#53 >> May 13 16:27:39 packetfence named[4631]: listening on IPv4 interface >> eth1.51, 192.168.2.1#53 >> May 13 16:27:39 packetfence named[4631]: command channel listening on >> 127.0.0.1#953 >> May 13 16:27:39 packetfence named[4631]: couldn't open pid file >> '/var/run/named/named.pid': Permission denied >> May 13 16:27:39 packetfence named[4631]: exiting (due to early fatal error) >> >> If I reboot with this configuration (the /etc/named.conf file linked to >> /var/named/...) I get: >> May 13 16:33:58 packetfence named: zone ./IN: loading master file >> named-registration.ca: file not found >> May 13 16:33:58 packetfence named: registration/./IN: file not found >> May 13 16:33:58 packetfence named: zone ./IN: loading master file >> named-isolation.ca: file not found >> May 13 16:33:58 packetfence named: isolation/./IN: file not found >> >> Is there any hope of getting this system set right? >> >> Thanks again! >> Steve Wittstruck >> Colorado School of Mines >> ________________________________________ >> From: Olivier Bilodeau [[email protected]] >> Sent: Thursday, May 13, 2010 9:12 AM >> To: [email protected] >> Subject: Re: [Packetfence-users] DNS issues in registration VLAN (WAS: no >> 1.8.8 snmptraps from Cisco 3750?) >> >> Hi Steve, >> >> Steve Wittstruck wrote: >>> Hi Olivier, >>> >>> Sorry for the delay. >>> >>> Yes, I did follow the installation guide for setting up the 3 DNS files: >>> /etc/named.conf, /var/named/named-registration.ca, and >>> /var/named/named-isolation.ca. I just reviewed all 3 and the only >>> difference from the installation guide was 'admin.nac.mines.edu' in both >>> SOA entries. >>> >>> Is there anything else I can check? >> >> The goal for DHCP / DNS in the registration and isolation VLANs is the >> following: >> >> - PacketFence is the only one who serves DHCP and DNS in that VLAN >> - The DHCP is configured to give an IP in a new subnet and with >> following options: >> - DNS Server is the PacketFence IP in that VLAN >> - Default gateway is the PacketFence IP in that VLAN >> - The DNS is configured to ALWAYS return PacketFence's IP no matter what >> the question was >> >> This way, PacketFence's web server gets the HTTP request and we use a >> rewrite rule to rewrite the URL to something that is more meaningful to >> a user and present the captive portal. >> >> I'll need you to doublecheck that each required step in accomplished in >> the right way. One good way to do that is to put a PC in such a VLAN and >> validate DHCP first then network reachability, routing (if any), DNS, etc. >> >> If you want your problem solved quickly (you are under time >> constraints), you can always pay for support and we will log into your >> setup, diagnose what's wrong and suggest fix. Otherwise keep posting >> your progress and the community will troubleshoot you on the mailing >> list for free. >> >> Have a nice day! >> -- >> Olivier Bilodeau >> [email protected] :: +1.514.447.4918 *115 :: www.inverse.ca >> Inverse inc. :: Leaders behind SOGo (www.scalableogo.org) and >> PacketFence (www.packetfence.org) >> >> ------------------------------------------------------------------------------ >> >> _______________________________________________ >> Packetfence-users mailing list >> [email protected] >> https://lists.sourceforge.net/lists/listinfo/packetfence-users >> >> ------------------------------------------------------------------------------ >> >> _______________________________________________ >> Packetfence-users mailing list >> [email protected] >> https://lists.sourceforge.net/lists/listinfo/packetfence-users > > ------------------------------------------------------------------------------ > > _______________________________________________ > Packetfence-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/packetfence-users ------------------------------------------------------------------------------ _______________________________________________ Packetfence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
