Steve, make sure to have the followings ownerships and rights on /usr/local/pf/logs: drwxr-xr-x 2 pf pf 4096 May 13 11:58 logs
and this on /usr/local/pf/logs/packetfence.log: -rw-r--r-- 1 pf pf 283760 May 17 16:34 packetfence.log Regis Balzard [email protected] :: +1.514.447.4918 (x110) :: www.inverse.ca Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence (www.packetfence.org) Stephen Wittstruck a écrit : > Hello Regis, Olivier, et al, > > BIND is working now thanks to Regis. > > I think I have a PF server certificate error, due to PF reinstall maybe, > which I don't know how to fix. > > Browsers on both PF and switch connecting PC's show the following browser > error (below) and I see this in /var/log/messages: "packetfence: error > getting update info: Peer certificate commonName does not match host, > expected packetfence.nac.mines.edu , go t packetfence" PF's web admin > interface opens okay on the server, but nothing else it seems. > > Here's the browser error: > --------- > Software error: > > Can't open /usr/local/pf/logs/packetfence.log (Permission denied) at > /usr/lib/perl5/5.8.8/CGI/Carp.pm line 314. > Compilation failed in require at /usr/local/pf/cgi-bin/redir.cgi line 15. > BEGIN failed--compilation aborted at /usr/local/pf/cgi-bin/redir.cgi line 15. > -------- > > Thank you!! > Steve Wittstruck > Colorado School of Mines > ====== > On May 13, 2010, at 5:14 PM, Regis Balzard wrote: > >> Hi Steve, >> >> >> Steve Wittstruck a écrit : >>> Oliver, et al: >>> >>> I figured out port 53 wasn't open in iptables. >>> >>> Also I remembered BIND was installed after Packetfence, maybe this is the >>> reason my BIND configuration isn't right. >>> >>> During server boot I noticed a message scroll by that says "locating >>> /var/named/chroot//etc/named.conf failed" - note the double backlash, i..e >>> '//', it was really in the message. I couldn't find this error logged and >>> tried unsuccessfully to capture the error. I didn't find any 'named' >>> /var/log/messages from this boot. >>> >>> Then I linked /etc/named.conf to /var/named/chroot/etc/named.conf, reloaded >>> named and got the following /var/log/messages: >> remove it, you don't need that. >> >> edit /etc/sysconfig/named and make sure that ALL the lines are commented >> out, >> especially the last one (KEYTAB_FILE=...) >> >> start named and see if it works. >> Keep me posted. >> >> Regis Balzard >> [email protected] :: +1.514.447.4918 (x110) :: www.inverse.ca >> Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence >> (www.packetfence.org) >> >> >> >>> May 13 16:27:38 packetfence named[4631]: starting BIND >>> 9.3.6-P1-RedHat-9.3.6-4.P1.el5_4.2 >>> May 13 16:27:38 packetfence named[4631]: adjusted limit on open files from >>> 1024 to 1048576 >>> May 13 16:27:38 packetfence named[4631]: found 4 CPUs, using 4 worker >>> threads >>> May 13 16:27:38 packetfence named[4631]: using up to 4096 sockets >>> May 13 16:27:38 packetfence named[4631]: loading configuration from >>> '/etc/named.conf' >>> May 13 16:27:39 packetfence named[4631]: using default UDP/IPv4 port range: >>> [1024, 65535] >>> May 13 16:27:39 packetfence named[4631]: using default UDP/IPv6 port range: >>> [1024, 65535] >>> May 13 16:27:39 packetfence named[4631]: listening on IPv4 interface >>> eth1.53, 192.168.3.1#53 >>> May 13 16:27:39 packetfence named[4631]: listening on IPv4 interface >>> eth1.51, 192.168.2.1#53 >>> May 13 16:27:39 packetfence named[4631]: command channel listening on >>> 127.0.0.1#953 >>> May 13 16:27:39 packetfence named[4631]: couldn't open pid file >>> '/var/run/named/named.pid': Permission denied >>> May 13 16:27:39 packetfence named[4631]: exiting (due to early fatal error) >>> >>> If I reboot with this configuration (the /etc/named.conf file linked to >>> /var/named/...) I get: >>> May 13 16:33:58 packetfence named: zone ./IN: loading master file >>> named-registration.ca: file not found >>> May 13 16:33:58 packetfence named: registration/./IN: file not found >>> May 13 16:33:58 packetfence named: zone ./IN: loading master file >>> named-isolation.ca: file not found >>> May 13 16:33:58 packetfence named: isolation/./IN: file not found >>> >>> Is there any hope of getting this system set right? >>> >>> Thanks again! >>> Steve Wittstruck >>> Colorado School of Mines >>> ________________________________________ >>> From: Olivier Bilodeau [[email protected]] >>> Sent: Thursday, May 13, 2010 9:12 AM >>> To: [email protected] >>> Subject: Re: [Packetfence-users] DNS issues in registration VLAN (WAS: no >>> 1.8.8 snmptraps from Cisco 3750?) >>> >>> Hi Steve, >>> >>> Steve Wittstruck wrote: >>>> Hi Olivier, >>>> >>>> Sorry for the delay. >>>> >>>> Yes, I did follow the installation guide for setting up the 3 DNS files: >>>> /etc/named.conf, /var/named/named-registration.ca, and >>>> /var/named/named-isolation.ca. I just reviewed all 3 and the only >>>> difference from the installation guide was 'admin.nac.mines.edu' in both >>>> SOA entries. >>>> >>>> Is there anything else I can check? >>> The goal for DHCP / DNS in the registration and isolation VLANs is the >>> following: >>> >>> - PacketFence is the only one who serves DHCP and DNS in that VLAN >>> - The DHCP is configured to give an IP in a new subnet and with >>> following options: >>> - DNS Server is the PacketFence IP in that VLAN >>> - Default gateway is the PacketFence IP in that VLAN >>> - The DNS is configured to ALWAYS return PacketFence's IP no matter what >>> the question was >>> >>> This way, PacketFence's web server gets the HTTP request and we use a >>> rewrite rule to rewrite the URL to something that is more meaningful to >>> a user and present the captive portal. >>> >>> I'll need you to doublecheck that each required step in accomplished in >>> the right way. One good way to do that is to put a PC in such a VLAN and >>> validate DHCP first then network reachability, routing (if any), DNS, etc. >>> >>> If you want your problem solved quickly (you are under time >>> constraints), you can always pay for support and we will log into your >>> setup, diagnose what's wrong and suggest fix. Otherwise keep posting >>> your progress and the community will troubleshoot you on the mailing >>> list for free. >>> >>> Have a nice day! >>> -- >>> Olivier Bilodeau >>> [email protected] :: +1.514.447.4918 *115 :: www.inverse.ca >>> Inverse inc. :: Leaders behind SOGo (www.scalableogo.org) and >>> PacketFence (www.packetfence.org) >>> >>> ------------------------------------------------------------------------------ >>> >>> _______________________________________________ >>> Packetfence-users mailing list >>> [email protected] >>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>> >>> ------------------------------------------------------------------------------ >>> >>> _______________________________________________ >>> Packetfence-users mailing list >>> [email protected] >>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >> ------------------------------------------------------------------------------ >> >> _______________________________________________ >> Packetfence-users mailing list >> [email protected] >> https://lists.sourceforge.net/lists/listinfo/packetfence-users > > > ------------------------------------------------------------------------------ > > _______________________________________________ > Packetfence-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/packetfence-users ------------------------------------------------------------------------------ _______________________________________________ Packetfence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
