Thanks Regis, I wish I could take your direction but I started a scratch reinstall yesterday! Ugh!
It did occur to me to look at the file permissions but I didn't know what they should be set to and they seemed plausibly correct though I can't recall what they were (root root?) Steve Colorado Colorad of Mines - On May 17, 2010, at 5:37 PM, Regis Balzard wrote: > Steve, > > make sure to have the followings ownerships and rights on /usr/local/pf/logs: > drwxr-xr-x 2 pf pf 4096 May 13 11:58 logs > > and this on /usr/local/pf/logs/packetfence.log: > -rw-r--r-- 1 pf pf 283760 May 17 16:34 packetfence.log > > Regis Balzard > [email protected] :: +1.514.447.4918 (x110) :: www.inverse.ca > Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence > (www.packetfence.org) > > > Stephen Wittstruck a écrit : >> Hello Regis, Olivier, et al, >> >> BIND is working now thanks to Regis. >> >> I think I have a PF server certificate error, due to PF reinstall maybe, >> which I don't know how to fix. >> >> Browsers on both PF and switch connecting PC's show the following browser >> error (below) and I see this in /var/log/messages: "packetfence: error >> getting update info: Peer certificate commonName does not match host, >> expected packetfence.nac.mines.edu , go t packetfence" PF's web admin >> interface opens okay on the server, but nothing else it seems. >> >> Here's the browser error: >> --------- >> Software error: >> >> Can't open /usr/local/pf/logs/packetfence.log (Permission denied) at >> /usr/lib/perl5/5.8.8/CGI/Carp.pm line 314. >> Compilation failed in require at /usr/local/pf/cgi-bin/redir.cgi line 15. >> BEGIN failed--compilation aborted at /usr/local/pf/cgi-bin/redir.cgi line 15. >> -------- >> >> Thank you!! >> Steve Wittstruck >> Colorado School of Mines >> ====== >> On May 13, 2010, at 5:14 PM, Regis Balzard wrote: >> >>> Hi Steve, >>> >>> >>> Steve Wittstruck a écrit : >>>> Oliver, et al: >>>> >>>> I figured out port 53 wasn't open in iptables. >>>> >>>> Also I remembered BIND was installed after Packetfence, maybe this is the >>>> reason my BIND configuration isn't right. >>>> >>>> During server boot I noticed a message scroll by that says "locating >>>> /var/named/chroot//etc/named.conf failed" - note the double backlash, i..e >>>> '//', it was really in the message. I couldn't find this error logged and >>>> tried unsuccessfully to capture the error. I didn't find any 'named' >>>> /var/log/messages from this boot. >>>> >>>> Then I linked /etc/named.conf to /var/named/chroot/etc/named.conf, >>>> reloaded named and got the following /var/log/messages: >>> remove it, you don't need that. >>> >>> edit /etc/sysconfig/named and make sure that ALL the lines are commented >>> out, >>> especially the last one (KEYTAB_FILE=...) >>> >>> start named and see if it works. >>> Keep me posted. >>> >>> Regis Balzard >>> [email protected] :: +1.514.447.4918 (x110) :: www.inverse.ca >>> Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence >>> (www.packetfence.org) >>> >>> >>> >>>> May 13 16:27:38 packetfence named[4631]: starting BIND >>>> 9.3.6-P1-RedHat-9.3.6-4.P1.el5_4.2 >>>> May 13 16:27:38 packetfence named[4631]: adjusted limit on open files from >>>> 1024 to 1048576 >>>> May 13 16:27:38 packetfence named[4631]: found 4 CPUs, using 4 worker >>>> threads >>>> May 13 16:27:38 packetfence named[4631]: using up to 4096 sockets >>>> May 13 16:27:38 packetfence named[4631]: loading configuration from >>>> '/etc/named.conf' >>>> May 13 16:27:39 packetfence named[4631]: using default UDP/IPv4 port >>>> range: [1024, 65535] >>>> May 13 16:27:39 packetfence named[4631]: using default UDP/IPv6 port >>>> range: [1024, 65535] >>>> May 13 16:27:39 packetfence named[4631]: listening on IPv4 interface >>>> eth1.53, 192.168.3.1#53 >>>> May 13 16:27:39 packetfence named[4631]: listening on IPv4 interface >>>> eth1.51, 192.168.2.1#53 >>>> May 13 16:27:39 packetfence named[4631]: command channel listening on >>>> 127.0.0.1#953 >>>> May 13 16:27:39 packetfence named[4631]: couldn't open pid file >>>> '/var/run/named/named.pid': Permission denied >>>> May 13 16:27:39 packetfence named[4631]: exiting (due to early fatal error) >>>> >>>> If I reboot with this configuration (the /etc/named.conf file linked to >>>> /var/named/...) I get: >>>> May 13 16:33:58 packetfence named: zone ./IN: loading master file >>>> named-registration.ca: file not found >>>> May 13 16:33:58 packetfence named: registration/./IN: file not found >>>> May 13 16:33:58 packetfence named: zone ./IN: loading master file >>>> named-isolation.ca: file not found >>>> May 13 16:33:58 packetfence named: isolation/./IN: file not found >>>> >>>> Is there any hope of getting this system set right? >>>> >>>> Thanks again! >>>> Steve Wittstruck >>>> Colorado School of Mines >>>> ________________________________________ >>>> From: Olivier Bilodeau [[email protected]] >>>> Sent: Thursday, May 13, 2010 9:12 AM >>>> To: [email protected] >>>> Subject: Re: [Packetfence-users] DNS issues in registration VLAN (WAS: no >>>> 1.8.8 snmptraps from Cisco 3750?) >>>> >>>> Hi Steve, >>>> >>>> Steve Wittstruck wrote: >>>>> Hi Olivier, >>>>> >>>>> Sorry for the delay. >>>>> >>>>> Yes, I did follow the installation guide for setting up the 3 DNS files: >>>>> /etc/named.conf, /var/named/named-registration.ca, and >>>>> /var/named/named-isolation.ca. I just reviewed all 3 and the only >>>>> difference from the installation guide was 'admin.nac.mines.edu' in both >>>>> SOA entries. >>>>> >>>>> Is there anything else I can check? >>>> The goal for DHCP / DNS in the registration and isolation VLANs is the >>>> following: >>>> >>>> - PacketFence is the only one who serves DHCP and DNS in that VLAN >>>> - The DHCP is configured to give an IP in a new subnet and with >>>> following options: >>>> - DNS Server is the PacketFence IP in that VLAN >>>> - Default gateway is the PacketFence IP in that VLAN >>>> - The DNS is configured to ALWAYS return PacketFence's IP no matter what >>>> the question was >>>> >>>> This way, PacketFence's web server gets the HTTP request and we use a >>>> rewrite rule to rewrite the URL to something that is more meaningful to >>>> a user and present the captive portal. >>>> >>>> I'll need you to doublecheck that each required step in accomplished in >>>> the right way. One good way to do that is to put a PC in such a VLAN and >>>> validate DHCP first then network reachability, routing (if any), DNS, etc. >>>> >>>> If you want your problem solved quickly (you are under time >>>> constraints), you can always pay for support and we will log into your >>>> setup, diagnose what's wrong and suggest fix. Otherwise keep posting >>>> your progress and the community will troubleshoot you on the mailing >>>> list for free. >>>> >>>> Have a nice day! >>>> -- >>>> Olivier Bilodeau >>>> [email protected] :: +1.514.447.4918 *115 :: www.inverse.ca >>>> Inverse inc. :: Leaders behind SOGo (www.scalableogo.org) and >>>> PacketFence (www.packetfence.org) >>>> >>>> ------------------------------------------------------------------------------ >>>> >>>> _______________________________________________ >>>> Packetfence-users mailing list >>>> [email protected] >>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>>> >>>> ------------------------------------------------------------------------------ >>>> >>>> _______________________________________________ >>>> Packetfence-users mailing list >>>> [email protected] >>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>> ------------------------------------------------------------------------------ >>> >>> _______________________________________________ >>> Packetfence-users mailing list >>> [email protected] >>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >> >> >> ------------------------------------------------------------------------------ >> >> _______________________________________________ >> Packetfence-users mailing list >> [email protected] >> https://lists.sourceforge.net/lists/listinfo/packetfence-users > > ------------------------------------------------------------------------------ > > _______________________________________________ > Packetfence-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/packetfence-users ------------------------------------------------------------------------------ _______________________________________________ Packetfence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
