Greetings again list,
Hoping I can get some advice/critique for an ongoing PF installation
on a Debian system. Basic adaptation has now been done but I have run
into a wall at the SMTP level. Scanning the traffic w/tcpdump, it
seems that all SNMP traffic is being kicked out with an 'SNMP Security
access violation'. The snmptrapd.log reports 'Warning: Unknown token:
authCommunity' and extensive searching seems to indicate that there is
some difficulty with recent versions of the net-snmp package. I can't,
however, tell whether the reports are current or not. The system is
running net-snmp version 5.4.3 ... Does anyone have any insight into
this ? I've been trying for days to activate SNMP activity (I *think*
I've tried all possible configuration combinations) but haven't been
able to get it working.
Further, PF, whose DHCP server once passed a basic (that is, already
registered) IP to a client has seemingly stopped working. It's likely
related to the above logjam, but I can't be certain.
We are using an HP Procurve 2600 switch in a test setup.
According, any/all advice, info, insight, criticism would be
appreciated. I've attached all relevant config files and logs.
Thanks to all in advance.
Chris
# This file is generated from a template at
/usr/local/pf/conf/templates/dhcpd_vlan.conf
# Any changes made to this file will be lost on restart
authoritative;
ddns-update-style none;
ignore client-updates;
subnet 192.168.1.0 netmask 255.255.255.0 {
option routers 192.168.1.1;
option subnet-mask 255.255.255.0;
option domain-name "pf.xyz.fr";
option domain-name-servers 192.168.1.1;
range 192.168.1.10 192.168.1.200;
default-lease-time 300;
max-lease-time 600;
}
subnet 192.168.2.0 netmask 255.255.255.0 {
option routers 192.168.2.1;
option subnet-mask 255.255.255.0;
option domain-name "pf_registration.xyz.fr";
option domain-name-servers 192.168.2.1;
range 192.168.2.10 192.168.2.200;
default-lease-time 300;
max-lease-time 600;
}
subnet 192.168.3.0 netmask 255.255.255.0 {
option routers 192.168.3.1;
option subnet-mask 255.255.255.0;
option domain-name "pf_isolation.xyz.fr";
option domain-name-servers 192.168.3.1;
range 192.168.3.10 192.168.3.200;
default-lease-time 300;
max-lease-time 600;
}
subnet 192.168.4.0 netmask 255.255.255.0 {
option routers 192.168.4.1;
option subnet-mask 255.255.255.0;
option domain-name "pf_registration.xyz.fr";
option domain-name-servers 192.168.4.1;
range 192.168.4.10 192.168.4.200;
default-lease-time 300;
max-lease-time 600;
}
subnet 192.168.5.0 netmask 255.255.255.0 {
option routers 192.168.5.1;
option subnet-mask 255.255.255.0;
option domain-name "pf_guests.xyz.fr";
option domain-name-servers 192.168.5.1;
range 192.168.5.10 192.168.5.200;
default-lease-time 300;
max-lease-time 600;
}
# This file is generated from a template at
/usr/local/pf/conf/templates/httpd.conf
# Any changes made to this file will be lost on restart
## cg - from Gentoo docs
ServerRoot /usr/local/pf
HostnameLookups off
User pf
Group pf
ServerAdmin r...@pf.xyz.fr
ServerTokens Prod
ServerSignature Off
UseCanonicalName Off
Timeout 50
KeepAlive On
MaxKeepAliveRequests 100
KeepAliveTimeout 10
MinSpareServers 50
MaxSpareServers 100
StartServers 50
MaxClients 256
MaxRequestsPerChild 0
ServerName pf.xyz.fr
Listen 0.0.0.0:80
Listen 0.0.0.0:443
Listen 0.0.0.0:1443
PidFile /usr/local/pf/var/httpd.pid
LogFormat "%{User-agent}i" agent
LogFormat "%h %l %u %t \"%r\" %>s %b" common
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\""
combined
AddDefaultCharset ISO-8859-1
AddCharset ISO-8859-1 .iso8859-1 .latin1
AddHandler cgi-script .cgi
TypesConfig /etc/mime.types
AddType .gif image/gif binary
AddType .jpg image/jpg binary
Options Indexes
DirectoryIndex index.html index.cgi index.php
<IfModule !mod_auth_basic.c>
## cg
LoadModule auth_basic_module /usr/lib/apache2/modules/mod_auth_basic.so
</IfModule>
<IfModule !mod_authn_file.c>
## cg
LoadModule authn_file_module /usr/lib/apache2/modules/mod_authn_file.so
</IfModule>
<IfModule !mod_authz_user.c>
## cg
LoadModule authz_user_module /usr/lib/apache2/modules/mod_authz_user.so
</IfModule>
<IfModule !mod_authz_groupfile.c>
## cg
Loadmodule authz_groupfile_module
/usr/lib/apache2/modules/mod_authz_groupfile.so
</IfModule>
<IfModule !mod_rewrite.c>
## cg
LoadModule rewrite_module /usr/lib/apache2/modules/mod_rewrite.so
</IfModule>
<IfModule !mod_cgi.c>
## cg
LoadModule cgi_module /usr/lib/apache2/modules/mod_cgi.so
</IfModule>
<IfModule !mod_mime.c>
## cg
LoadModule mime_module /usr/lib/apache2/modules/mod_mime.so
</IfModule>
<IfModule !mod_dir.c>
## cg
LoadModule dir_module /usr/lib/apache2/modules/mod_dir.so
</IfModule>
<IfModule !mod_alias.c>
## cg
LoadModule alias_module /usr/lib/apache2/modules/mod_alias.so
</IfModule>
<IfModule !mod_log_config.c>
## cg
LoadModule log_config_module /usr/lib/apache2/modules/mod_log_config.so
</IfModule>
<IfModule !mod_ssl.c>
## cg
LoadModule ssl_module /usr/lib/apache2/modules/mod_ssl.so
</IfModule>
<IfModule !mod_setenvif.c>
## cg
LoadModule setenvif_module /usr/lib/apache2/modules/mod_setenvif.so
</IfModule>
<IfModule !mod_proxy.c>
## cg
LoadModule proxy_module /usr/lib/apache2/modules/mod_proxy.so
</IfModule>
<IfModule !proxy_http.c>
## cg
LoadModule proxy_http_module /usr/lib/apache2/modules/mod_proxy_http.so
</IfModule>
<IfModule !mod_authz_host.c>
## cg
LoadModule authz_host_module /usr/lib/apache2/modules/mod_authz_host.so
</IfModule>
<IfModule !mod_headers.c>
## cg
LoadModule headers_module /usr/lib/apache2/modules/mod_headers.so
</IfModule>
<IfModule !sapi_apache2.c>
## cg
LoadModule php5_module /usr/lib/apache2/modules/libphp5.so
##LoadModule php4_module modules/libphp4.so
</IfModule>
AddType application/x-httpd-php .php
#<Files *.php>
# SetOutputFilter PHP
# SetInputFilter PHP
# LimitRequestBody 524288
#</Files>
## cg - from Debian apache2 - php5.conf
##<IfModule mod_php5.c>
## <FilesMatch "\.ph(p3?|tml)$">
## SetHandler application/x-httpd-php
## </FilesMatch>
## <FilesMatch "\.phps$">
## SetHandler application/x-httpd-php-source
## </FilesMatch>
## # To re-enable php in user directories comment the following lines
## # (from <IfModule ...> to </IfModule>.) Do NOT set it to On as it
## # prevents .htaccess files from disabling it.
## <IfModule mod_userdir.c>
## <Directory /home/*/public_html>
## php_admin_value engine Off
## </Directory>
## </IfModule>
##</IfModule>
ProxyRequests Off
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
RewriteLock /usr/local/pf/var/apache_rewrite_lock
#NameVirtualHost *:80
SSLPassPhraseDialog builtin
SSLSessionCache dbm:/usr/local/pf/var/ssl_scache
SSLSessionCacheTimeout 300
SSLMutex file:/usr/local/pf/var/ssl_mutex
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
<Files ~ "\.(cgi|shtml|phtml|php3?)$">
SSLOptions +StdEnvVars
</Files>
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
<VirtualHost *:80>
DocumentRoot /usr/local/pf/html/user
ServerName pf.xyz.fr:80
Alias /favicon.ico /usr/local/pf/html/common/favicon.ico
Alias /common/ /usr/local/pf/html/common/
ScriptAlias /cgi-bin/ "/usr/local/pf/cgi-bin/"
CustomLog /usr/local/pf/logs/access_log combined
ErrorLog /usr/local/pf/logs/error_log
<DirectoryMatch "/usr/local/pf(/cgi-bin|/html/user)">
Order deny,allow
Deny from all
allow from 192.168.1.0/24 192.168.2.0/24 192.168.3.0/24 192.168.4.0/24
192.168.5.0/24 192.168.3.0/24 192.168.4.0/24 192.168.2.0/24 127.0.0.1
</DirectoryMatch>
RewriteEngine On
#RewriteLogLevel 3
#RewriteLog /usr/local/pf/logs/rewrite_log
#activate if you don't want requests to update servers
#to end up going to the PacketFence system
#RewriteRule ^/msdownload/update.+$ - [F,L]
#RewriteRule ^/wpad.dat$ - [F,L]
#RewriteRule ^/ReportingWebService/ReportingWebService.asmx$ - [F,L]
#RewriteRule ^/v6/windowsupdate.+$ - [F,L]
#RewriteRule ^/v7/windowsupdate.+$ - [F,L]
#RewriteRule ^/remupd/cidsync.upd$ - [F,L]
#RewriteRule ^/NTInst/i386/cidsync.upd$ - [F,L]
# return 403 to Windows Proxy Autodetection (avoid server load)
RewriteRule ^/wpad.dat$ - [F,L]
# Some UserAgents we don't want to mess with (avoid server load)
RewriteCond %{HTTP_USER_AGENT} ^Microsoft-CryptoAPI.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^WinHttp-Autoproxy-Service.* [OR]
# Microsoft Windows Vista / 7 Network Connectivity Status Indicator (NCSI)
RewriteCond %{HTTP_USER_AGENT} "^Microsoft NCSI$" [OR]
RewriteCond %{HTTP_USER_AGENT} ^Windows-Update-Agent.*
RewriteRule ^.*$ - [L,forbidden]
RewriteCond %{REQUEST_URI} !^/favicon.ico
RewriteCond %{REQUEST_URI}
!^/msdownload/update/v3/static/trustedr/en/authrootseq.txt$
RewriteCond %{REQUEST_URI} !^/cgi-bin/redir.cgi
RewriteCond %{REQUEST_URI} !^/cgi-bin/release.cgi
RewriteCond %{REQUEST_URI} !^/cgi-bin/register.cgi
RewriteCond %{REQUEST_URI} !^/cgi-bin/enabler.cgi
RewriteCond %{REQUEST_URI} !^/common
RewriteCond %{REQUEST_URI} !^/content
RewriteCond %{REQUEST_URI} !^/3rdparty
RewriteCond %{REQUEST_URI} !^/status
RewriteCond %{REQUEST_URI} !^/proxies
# Now using temporary redirects instead of permanent (fixes #757)
RewriteRule ^.*$
https://pf.xyz.fr/cgi-bin/redir.cgi?destination_url=http://%{HTTP_HOST}%{REQUEST_URI}
[L,R=302]
ProxyPassReverse /msdownload/update/v3/static/trustedr/en/authrootseq.txt
http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt
ProxyPass /msdownload/update/v3/static/trustedr/en/authrootseq.txt
http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt
</VirtualHost>
<VirtualHost *:443>
DocumentRoot "/usr/local/pf/html/user"
ServerName pf.xyz.fr:443
Alias /favicon.ico /usr/local/pf/html/common/favicon.ico
Alias /common/ /usr/local/pf/html/common/
#Alias /cgi-bin/register-skip.cgi /usr/local/pf/cgi-bin/register.cgi
ScriptAlias /cgi-bin/ "/usr/local/pf/cgi-bin/"
CustomLog /usr/local/pf/logs/access_log combined
ErrorLog /usr/local/pf/logs/error_log
<DirectoryMatch "/usr/local/pf(/cgi-bin|/html/user)">
SSLOptions +StdEnvVars
Options ExecCGI
Order deny,allow
Deny from all
allow from 192.168.1.0/24 192.168.2.0/24 192.168.3.0/24 192.168.4.0/24
192.168.5.0/24 192.168.3.0/24 192.168.4.0/24 192.168.2.0/24 127.0.0.1
</DirectoryMatch>
SSLEngine on
SSLCertificateFile /usr/local/pf/conf/ssl/server.crt
SSLCertificateKeyFile /usr/local/pf/conf/ssl/server.key
Redirect /status https://pf.xyz.fr/cgi-bin/register.cgi?mode=status
RewriteEngine On
#RewriteLogLevel 3
#RewriteLog /usr/local/pf/logs/rewrite_log
# return 403 to Windows Proxy Autodetection (avoid server load)
RewriteRule ^/wpad.dat$ - [F,L]
# Some UserAgents we don't want to mess with (avoid server load)
RewriteCond %{HTTP_USER_AGENT} ^Microsoft-CryptoAPI.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^WinHttp-Autoproxy-Service.* [OR]
# Microsoft Windows Vista / 7 Network Connectivity Status Indicator (NCSI)
RewriteCond %{HTTP_USER_AGENT} "^Microsoft NCSI$" [OR]
RewriteCond %{HTTP_USER_AGENT} ^Windows-Update-Agent.*
RewriteRule ^.*$ - [L,forbidden]
RewriteCond %{REQUEST_URI} !^/favicon.ico
RewriteCond %{REQUEST_URI} !^/cgi-bin/redir.cgi
RewriteCond %{REQUEST_URI} !^/cgi-bin/release.cgi
RewriteCond %{REQUEST_URI} !^/cgi-bin/register.+\.cgi
RewriteCond %{REQUEST_URI} !^/cgi-bin/register.cgi
RewriteCond %{REQUEST_URI} !^/cgi-bin/enabler.cgi
RewriteCond %{REQUEST_URI} !^/common
RewriteCond %{REQUEST_URI} !^/content
RewriteCond %{REQUEST_URI} !^/3rdparty
RewriteCond %{REQUEST_URI} !^/status
RewriteCond %{REQUEST_URI} !^/proxies
# Now using temporary redirects instead of permanent (fixes #757)
RewriteRule ^.*$
https://pf.xyz.fr/cgi-bin/redir.cgi?destination_url=https://%{HTTP_HOST}%{REQUEST_URI}
[L,R=302]
ProxyPassReverse /proxies/tools/stinger.exe
http://download.nai.com/products/mcafee-avert/stng260.exe
ProxyPass /proxies/tools/stinger.exe
http://download.nai.com/products/mcafee-avert/stng260.exe
<Location /content>
Options Indexes FollowSymLinks ExecCGI
php_value session.save_path "/usr/local/pf/var/session"
#(E_ALL & ~E_NOTICE) = 2047-8
php_value error_reporting 2039
</Location>
</VirtualHost>
<VirtualHost *:1443>
DocumentRoot "/usr/local/pf/html/admin"
ServerName pf.xyz.fr:1443
Alias /favicon.ico /usr/local/pf/html/common/favicon.ico
Alias /common/ /usr/local/pf/html/common/
Alias /cgi-bin/pfcmd.cgi /usr/local/pf/bin/pfcmd
Alias /cgi-bin/pdp.cgi /usr/local/pf/cgi-bin/pdp.cgi
Alias /docs/ /usr/local/pf/docs/
Alias /content/ /usr/local/pf/html/user/content/
CustomLog /usr/local/pf/logs/admin_access_log combined
ErrorLog /usr/local/pf/logs/admin_error_log
SSLEngine on
SSLCertificateFile /usr/local/pf/conf/ssl/server.crt
SSLCertificateKeyFile /usr/local/pf/conf/ssl/server.key
<Location /cgi-bin/pfcmd.cgi>
SetHandler cgi-script
Options Indexes FollowSymLinks ExecCGI
</Location>
<Location /cgi-bin/pdp.cgi>
SetHandler cgi-script
Options Indexes FollowSymLinks ExecCGI
</Location>
<LocationMatch /cgi-bin/(pfcmd|pdp).cgi>
AuthUserFile /usr/local/pf/conf/admin.conf
AuthGroupFile /dev/null
AuthName "PacketFence Authentication"
AuthType Basic
require valid-user
</LocationMatch>
<Location ~ />
Options Indexes FollowSymLinks ExecCGI
#AllowOverride None
#php_value register_globals "On"
php_value register_long_arrays "On"
php_value session.save_path "/usr/local/pf/var/session"
php_value memory_limit "64M"
#(E_ALL & ~E_NOTICE) = 2047-8
php_value error_reporting 2039
## cg
##php_value extension gd.so
</Location>
</VirtualHost>
# This file is generated from a template at
/usr/local/pf/conf/templates/named_vlan.conf
# Any changes made to this file will be lost on restart
options {
directory "/usr/local/pf/conf/named";
pid-file "/usr/local/pf/var/named.pid";
statistics-file "/usr/local/pf/logs/named_stats.txt";
};
key pf {
algorithm "hmac-md5";
secret "KTMl5kgxj9WERwjWbkNBz9xYZcCkoPd13VXsEwKtFcg8mD78AMJknNAdArXG";
};
controls {
inet 127.0.0.1 allow { pf; } keys { pf; };
};
acl pf {
127.0.0.1;
};
view "registration" {
match-clients { 192.168.2.0/24; };
zone "." IN {
type master;
file "named-registration.ca";
allow-update { none; };
};
};
view "isolation" {
match-clients { 192.168.3.0/24; 192.168.4.0/24; };
zone "." IN {
type master;
file "named-isolation.ca";
allow-update { none; };
};
};
; This file is generated from a template at
/usr/local/pf/conf/templates/named-isolation.ca
; Any changes made to this file will be lost on restart
$TTL 3600
. IN SOA pf. pf.pf.xyz.fr (
2009020901 ; serial
10800 ; refresh
3600 ; retry
604800 ; expire
86400 ; default_ttl
)
IN NS pf.
*. IN A 192.168.3.1
IN MX 5 pf.
1.3.168.192.in-addr.arpa. IN PTR pf
; This file is generated from a template at
/usr/local/pf/conf/templates/named-registration.ca
; Any changes made to this file will be lost on restart
$TTL 3600
. IN SOA pf. pf.pf.xyz.fr (
2009020901 ; serial
10800 ; refresh
3600 ; retry
604800 ; expire
86400 ; default_ttl
)
IN NS pf.
*. IN A 192.168.2.1
IN MX 5 pf.
1.2.168.192.in-addr.arpa. IN PTR pf
#
## cg - this file originally empty
#
## regular vlan eth0.101 ip=192.168.1.1
[192.168.1.0]
netmask=255.255.255.0
gateway=192.168.1.1
pf_gateway=192.168.1.254
domain-name=pf.xyz.fr
dns=192.168.1.1
dhcp_start=192.168.1.10
dhcp_end=192.168.1.200
dhcp_default_lease_time=300
dhcp_max_lease_time=600
type=regular
named=enabled
dhcpd=enabled
## registration vlan eth0.102 ip=192.168.2.1
[192.168.2.0]
netmask=255.255.255.0
gateway=192.168.2.1
pf_gateway=192.168.2.254
domain-name=pf_registration.xyz.fr
dns=192.168.2.1
dhcp_start=192.168.2.10
dhcp_end=192.168.2.200
dhcp_default_lease_time=300
dhcp_max_lease_time=600
type=registration
named=enabled
dhcpd=enabled
## isolation vlan eth0.103 ip=192.168.3.1
[192.168.3.0]
gateway=192.168.3.1
pf_gateway=192.168.3.254
netmask=255.255.255.0
domain-name=pf_isolation.xyz.fr
dns=192.168.3.1
dhcp_start=192.168.3.10
dhcp_end=192.168.3.200
dhcp_default_lease_time=300
dhcp_max_lease_time=600
type=isolation
named=enabled
dhcpd=enabled
## mac detection vlan eth0.104 ip=192.168.4.1
[192.168.4.0]
gateway=192.168.4.1
pf_gateway=192.168.4.254
netmask=255.255.255.0
domain-name=pf_registration.xyz.fr
## cg - not certain that these should be included in the Mac detection vlan
dns=192.168.4.1
dhcp_start=192.168.4.10
dhcp_end=192.168.4.200
dhcp_default_lease_time=300
dhcp_max_lease_time=600
## end doubtful section
##type='MAC detection'
##type=detection
type=isolation
##named=disabled
##dhcpd=disabled
named=enabled
dhcpd=enabled
##dns=
##dhcp_start=
##dhcp_end=
##dhcp_default_lease_time=
##dhcp_max_lease_time=
## guest vlan eth0.105 ip=192.168.5.1
[192.168.5.0]
gateway=192.168.5.1
pf_gateway=192.168.5.254
netmask=255.255.255.0
domain-name=pf_guests.xyz.fr
dns=192.168.5.1
dhcp_start=192.168.5.10
dhcp_end=192.168.5.200
dhcp_default_lease_time=300
dhcp_max_lease_time=600
## end doubtful section
##type='MAC detection'
##type=detection
type=regular
##named=disabled
##dhcpd=disabled
named=enabled
dhcpd=enabled
[general]
domain=xyz.fr
hostname=pf
dnsservers=192.168.1.1,192.168.2.1,192.168.3.1,192.168.4.1,192.168.5.1
##dnsservers=127.0.0.1
dhcpservers=192.168.1.1,192.168.2.1,192.168.3.1,192.168.4.1,192.168.5.1
##dhcpservers=127.0.0.1
[network]
mode=vlan
[trapping]
testing=disabled
range=192.168.1.0/24,192.168.2.0/24,192.168.3.0/24,192.168.4.0/24,192.168.5.0/24
##range=192.168.0.0/16
registration=enabled
detection=disabled
passthrough=proxy
[registration]
range=192.168.1.0/24,192.168.2.0/24,192.168.3.0/24,192.168.4.0/24,192.168.5.0/24
##range=192.168.0.0/16
auth=radius
[vlan]
dhcpd=enabled
named=enabled
[database]
pass=secret_pwd
[interface eth0.101]
ip=192.168.1.1
mask=255.255.255.0
##type=internal,managed,monitor
##type=external,managed,monitor
##type=external,managed
type=internal,managed
gateway=192.168.1.1
authorizedips=
[interface eth0.102]
ip=192.168.2.1
mask=255.255.255.0
type=internal
gateway=192.168.2.1
[interface eth0.103]
ip=192.168.3.1
mask=255.255.255.0
type=internal
gateway=192.168.3.1
[interface eth0.104]
ip=192.168.4.1
mask=255.255.255.0
type=internal
gateway=192.168.4.1
[interface eth0.105]
ip=192.168.5.1
mask=255.255.255.0
type=internal
##type=external
gateway=192.168.5.1
%%userLines%%
%%authLines%%
##--cg - snip
##disableAuthorization yes
##--snip
format1 %V|%#04.4y-%#02.2m-%02.2l|%#02.2h:%#02.2j:%#02.2k|%b|%a|BEGIN
TYPE %w END TYPE BEGIN SUBTYPE %q END SUBTYPE BEGIN VARIABLEBINDINGS %v END
VARIABLEBINDINGS\n
format2 %V|%#04.4y-%#02.2m-%02.2l|%#02.2h:%#02.2j:%#02.2k|%b|%a|BEGIN
TYPE %w END TYPE BEGIN SUBTYPE %q END SUBTYPE BEGIN VARIABLEBINDINGS %v END
VARIABLEBINDINGS\n
#
# Copyright 2006-2008 Inverse inc.
[default]
vlans = 101,102,103,104,105
normalVlan = 101
registrationVlan = 102
isolationVlan = 103
macDetectionVlan = 104
guestVlan = 105
VoIPEnabled = no
mode = production
macSearchesMaxNb = 30
macSearchesSleepInterval = 2
uplink = dynamic
cliTransport = Telnet
SNMPCommunityTrap = public
##SNMPCommunityTrap = rd_pub
SNMPAuthCommunity = public
##SNMPAuthCommunity = wr_pub
# PacketFence -> Switch
SNMPVersion = 1
SNMPCommunityRead = rd_pub
SNMPCommunityWrite = wr_pub
SNMPEngineID = 0000000000000
SNMPUserNameRead = readUser
SNMPAuthProtocolRead = MD5
SNMPAuthPasswordRead = authpwdread
SNMPPrivProtocolRead = DES
SNMPPrivPasswordRead = privpwdread
SNMPUserNameWrite = writeUser
SNMPAuthProtocolWrite = MD5
SNMPAuthPasswordWrite = authpwdwrite
SNMPPrivProtocolWrite = DES
SNMPPrivPasswordWrite = privpwdwrite
# Switch -> PacketFence
SNMPVersionTrap = 1
SNMPUserNameTrap = readUser
SNMPAuthProtocolTrap = MD5
SNMPAuthPasswordTrap = authpwdread
SNMPPrivProtocolTrap = DES
SNMPPrivPasswordTrap = privpwdread
[127.0.0.1]
type = PacketFence
mode = production
uplink = dynamic
[137.194.50.147]
type=HP::Procurve_2600
uplink = 50
mode = production
Sep 09 11:24:50 pfcmd(0) INFO: /usr/sbin/named status
(pf::services::service_ctl)
Sep 09 11:24:50 pfcmd(0) INFO: pidof -x named returned 0
(pf::services::service_ctl)
Sep 09 11:24:50 pfcmd(0) INFO: /usr/sbin/dhcpd status
(pf::services::service_ctl)
Sep 09 11:24:50 pfcmd(0) INFO: pidof -x dhcpd returned 0
(pf::services::service_ctl)
Sep 09 11:24:50 pfcmd(0) INFO: /usr/local/pf/sbin/pfdhcplistener status
(pf::services::service_ctl)
Sep 09 11:24:50 pfcmd(0) INFO: pidof -x pfdhcplistener returned 0
(pf::services::service_ctl)
Sep 09 11:24:50 pfcmd(0) INFO: /usr/local/pf/sbin/pfmon status
(pf::services::service_ctl)
Sep 09 11:24:50 pfcmd(0) INFO: pidof -x pfmon returned 0
(pf::services::service_ctl)
Sep 09 11:24:50 pfcmd(0) INFO: /usr/local/pf/sbin/pfdetect status
(pf::services::service_ctl)
Sep 09 11:24:50 pfcmd(0) INFO: pidof -x pfdetect returned 0
(pf::services::service_ctl)
Sep 09 11:24:50 pfcmd(0) INFO: /usr/local/pf/sbin/pfredirect status
(pf::services::service_ctl)
Sep 09 11:24:50 pfcmd(0) INFO: pidof -x pfredirect returned 0
(pf::services::service_ctl)
Sep 09 11:24:50 pfcmd(0) INFO: /usr/sbin/snort status
(pf::services::service_ctl)
Sep 09 11:24:50 pfcmd(0) INFO: pidof -x snort returned 0
(pf::services::service_ctl)
Sep 09 11:24:50 pfcmd(0) INFO: /usr/sbin/httpd status
(pf::services::service_ctl)
Sep 09 11:24:50 pfcmd(0) INFO: pidof -x apache2 returned 0
(pf::services::service_ctl)
Sep 09 11:24:50 pfcmd(0) INFO: /usr/sbin/snmptrapd status
(pf::services::service_ctl)
Sep 09 11:24:50 pfcmd(0) INFO: pidof -x snmptrapd returned 0
(pf::services::service_ctl)
Sep 09 11:24:50 pfcmd(0) INFO: /usr/local/pf/sbin/pfsetvlan status
(pf::services::service_ctl)
Sep 09 11:24:50 pfcmd(0) INFO: pidof -x pfsetvlan returned 0
(pf::services::service_ctl)
Sep 09 11:24:51 pfcmd(0) INFO: /usr/sbin/named start (pf::services::service_ctl)
Sep 09 11:24:51 pfcmd(0) INFO: Generating configuration file for named
(generate_named_conf) (pf::services::service_ctl)
Sep 09 11:24:51 pfcmd(0) INFO: Starting named with '/usr/sbin/named -u pf -c
/usr/local/pf/conf/named.conf' (pf::services::service_ctl)
Sep 09 11:24:51 pfcmd(0) INFO: /usr/sbin/dhcpd start (pf::services::service_ctl)
Sep 09 11:24:51 pfcmd(0) INFO: Generating configuration file for dhcpd
(generate_dhcpd_conf) (pf::services::service_ctl)
Sep 09 11:24:51 pfcmd(0) INFO: Command `/sbin/route add -net 192.168.2.0
netmask 255.255.255.0 gw 192.168.2.254` succedeed !
(pf::services::manage_Static_Route)
Sep 09 11:24:51 pfcmd(0) INFO: Command `/sbin/route add -net 192.168.3.0
netmask 255.255.255.0 gw 192.168.3.254` succedeed !
(pf::services::manage_Static_Route)
Sep 09 11:24:51 pfcmd(0) INFO: Command `/sbin/route add -net 192.168.4.0
netmask 255.255.255.0 gw 192.168.4.254` succedeed !
(pf::services::manage_Static_Route)
Sep 09 11:24:51 pfcmd(0) INFO: Starting dhcpd with '/usr/sbin/dhcpd -lf
/usr/local/pf/conf/dhcpd/dhcpd.leases -cf /usr/local/pf/conf/dhcpd.conf '
(pf::services::service_ctl)
Sep 09 11:24:51 pfcmd(0) INFO: /usr/local/pf/sbin/pfdhcplistener start
(pf::services::service_ctl)
Sep 09 11:24:51 pfcmd(0) INFO: Starting pfdhcplistener with
'/usr/local/pf/sbin/pfdhcplistener -i eth0.101 -d &' (pf::services::service_ctl)
Sep 09 11:24:51 pfcmd(0) INFO: Starting pfdhcplistener with
'/usr/local/pf/sbin/pfdhcplistener -i eth0.102 -d &' (pf::services::service_ctl)
Sep 09 11:24:51 pfcmd(0) INFO: Starting pfdhcplistener with
'/usr/local/pf/sbin/pfdhcplistener -i eth0.103 -d &' (pf::services::service_ctl)
Sep 09 11:24:51 pfcmd(0) INFO: Starting pfdhcplistener with
'/usr/local/pf/sbin/pfdhcplistener -i eth0.104 -d &' (pf::services::service_ctl)
Sep 09 11:24:51 pfcmd(0) INFO: Starting pfdhcplistener with
'/usr/local/pf/sbin/pfdhcplistener -i eth0.105 -d &' (pf::services::service_ctl)
Sep 09 11:24:51 pfcmd(0) INFO: /usr/local/pf/sbin/pfmon start
(pf::services::service_ctl)
Sep 09 11:24:51 pfcmd(0) INFO: Starting pfmon with '/usr/local/pf/sbin/pfmon -d
&' (pf::services::service_ctl)
Sep 09 11:24:51 pfcmd(0) INFO: /usr/sbin/httpd start (pf::services::service_ctl)
Sep 09 11:24:51 pfcmd(0) INFO: Generating configuration file for httpd
(generate_httpd_conf) (pf::services::service_ctl)
Sep 09 11:24:51 pfcmd(0) INFO: generating /usr/local/pf/conf/httpd.conf
(pf::services::generate_httpd_conf)
Sep 09 11:24:51 pfcmd(0) INFO: Starting httpd with '/usr/sbin/httpd -f
/usr/local/pf/conf/httpd.conf' (pf::services::service_ctl)
Sep 09 11:24:51 pfcmd(0) INFO: /usr/sbin/snmptrapd start
(pf::services::service_ctl)
Sep 09 11:24:51 pfcmd(0) INFO: Generating configuration file for snmptrapd
(generate_snmptrapd_conf) (pf::services::service_ctl)
Sep 09 11:24:52 pfcmd(0) INFO: generating /usr/local/pf/conf/snmptrapd.conf
(pf::services::generate_snmptrapd_conf)
Sep 09 11:24:52 pfcmd(0) INFO: Starting snmptrapd with '/usr/sbin/snmptrapd -n
-c /usr/local/pf/conf/snmptrapd.conf -C -A -Lf /usr/local/pf/logs/snmptrapd.log
-p /usr/local/pf/var/snmptrapd.pid -On' (pf::services::service_ctl)
Sep 09 11:24:52 pfcmd(0) INFO: /usr/local/pf/sbin/pfsetvlan start
(pf::services::service_ctl)
Sep 09 11:24:52 pfcmd(0) INFO: Starting pfsetvlan with
'/usr/local/pf/sbin/pfsetvlan -d &' (pf::services::service_ctl)
Sep 09 11:24:52 pfdhcplistener(0) INFO: pfdhcplistener_eth0.102 starting and
writing 10685 to /usr/local/pf/var/pfdhcplistener_eth0.102.pid
(pf::util::createpid)
Sep 09 11:24:52 pfdhcplistener(0) INFO: DHCP detector on eth0.102 enabled
(main::)
Sep 09 11:24:52 pfdhcplistener(0) INFO: pfdhcplistener_eth0.104 starting and
writing 10686 to /usr/local/pf/var/pfdhcplistener_eth0.104.pid
(pf::util::createpid)
Sep 09 11:24:52 pfdhcplistener(0) INFO: DHCP detector on eth0.104 enabled
(main::)
Sep 09 11:24:52 pfdhcplistener(0) INFO: pfdhcplistener_eth0.101 starting and
writing 10687 to /usr/local/pf/var/pfdhcplistener_eth0.101.pid
(pf::util::createpid)
Sep 09 11:24:52 pfdhcplistener(0) INFO: DHCP detector on eth0.101 enabled
(main::)
Sep 09 11:24:52 pfdhcplistener(0) INFO: pfdhcplistener_eth0.103 starting and
writing 10688 to /usr/local/pf/var/pfdhcplistener_eth0.103.pid
(pf::util::createpid)
Sep 09 11:24:52 pfdhcplistener(0) INFO: DHCP detector on eth0.103 enabled
(main::)
Sep 09 11:24:52 pfdhcplistener(0) INFO: pfdhcplistener_eth0.105 starting and
writing 10689 to /usr/local/pf/var/pfdhcplistener_eth0.105.pid
(pf::util::createpid)
Sep 09 11:24:52 pfdhcplistener(0) INFO: DHCP detector on eth0.105 enabled
(main::)
Sep 09 11:24:52 pfmon(0) INFO: pfmon starting and writing 10690 to
/usr/local/pf/var/pfmon.pid (pf::util::createpid)
Sep 09 11:24:52 pfmon(1) INFO: Starting cleanup thread (main::cleanup)
Sep 09 11:24:52 pfmon(1) INFO: closing open iplogs (just in case)
(main::cleanup)
Sep 09 11:24:52 pfmon(1) INFO: closing open iplogs (pf::iplog::iplog_shutdown)
Sep 09 11:24:52 pfsetvlan(0) INFO: pfsetvlan starting and writing 10692 to
/usr/local/pf/var/pfsetvlan.pid (pf::util::createpid)
Sep 09 11:24:52 pfsetvlan(0) INFO: Process started (main::)
Sep 09 11:33:52 pfmon(1) INFO: running expire check (main::cleanup)
Sep 09 11:33:52 pfmon(1) INFO: checking registered nodes for expiration
(main::cleanup)
Sep 09 11:43:39 pfsetvlan(0) WARN: ignoring non trap line No access
configuration - dropping trap. (main::)
Sep 09 11:43:39 pfsetvlan(0) WARN: ignoring non trap line No access
configuration - dropping trap. (main::)
Sep 09 11:43:40 pfsetvlan(0) WARN: ignoring non trap line No access
configuration - dropping trap. (main::)
Sep 09 11:43:40 pfsetvlan(0) WARN: ignoring non trap line No access
configuration - dropping trap. (main::)
Sep 09 11:43:41 pfsetvlan(0) WARN: ignoring non trap line No access
configuration - dropping trap. (main::)
Sep 09 11:43:42 pfsetvlan(0) WARN: ignoring non trap line No access
configuration - dropping trap. (main::)
Sep 09 11:43:52 pfmon(1) INFO: running expire check (main::cleanup)
Sep 09 11:43:52 pfmon(1) INFO: checking registered nodes for expiration
(main::cleanup)
Sep 09 11:53:52 pfmon(1) INFO: running expire check (main::cleanup)
Sep 09 11:53:52 pfmon(1) INFO: checking registered nodes for expiration
(main::cleanup)
Sep 09 12:03:52 pfmon(1) INFO: running expire check (main::cleanup)
Sep 09 12:03:52 pfmon(1) INFO: checking registered nodes for expiration
(main::cleanup)
Sep 09 12:13:52 pfmon(1) INFO: running expire check (main::cleanup)
Sep 09 12:13:52 pfmon(1) INFO: checking registered nodes for expiration
(main::cleanup)
Sep 09 12:23:52 pfmon(1) INFO: running expire check (main::cleanup)
Sep 09 12:23:52 pfmon(1) INFO: checking registered nodes for expiration
(main::cleanup)
Sep 09 12:33:52 pfmon(1) INFO: running expire check (main::cleanup)
Sep 09 12:33:52 pfmon(1) INFO: checking registered nodes for expiration
(main::cleanup)
Sep 09 12:43:34 pfsetvlan(0) WARN: ignoring non trap line No access
configuration - dropping trap. (main::)
Sep 09 12:43:35 pfsetvlan(0) WARN: ignoring non trap line No access
configuration - dropping trap. (main::)
Sep 09 12:43:35 pfsetvlan(0) WARN: ignoring non trap line No access
configuration - dropping trap. (main::)
Sep 09 12:43:36 pfsetvlan(0) WARN: ignoring non trap line No access
configuration - dropping trap. (main::)
Sep 09 12:43:37 pfsetvlan(0) WARN: ignoring non trap line No access
configuration - dropping trap. (main::)
Sep 09 12:43:38 pfsetvlan(0) WARN: ignoring non trap line No access
configuration - dropping trap. (main::)
Sep 09 12:43:52 pfmon(1) INFO: running expire check (main::cleanup)
Sep 09 12:43:52 pfmon(1) INFO: checking registered nodes for expiration
(main::cleanup)
Sep 09 12:53:52 pfmon(1) INFO: running expire check (main::cleanup)
Sep 09 12:53:52 pfmon(1) INFO: checking registered nodes for expiration
(main::cleanup)
Sep 09 13:03:52 pfmon(1) INFO: running expire check (main::cleanup)
Sep 09 13:03:52 pfmon(1) INFO: checking registered nodes for expiration
(main::cleanup)
Sep 09 13:13:52 pfmon(1) INFO: running expire check (main::cleanup)
Sep 09 13:13:52 pfmon(1) INFO: checking registered nodes for expiration
(main::cleanup)
Sep 09 13:23:52 pfmon(1) INFO: running expire check (main::cleanup)
Sep 09 13:23:52 pfmon(1) INFO: checking registered nodes for expiration
(main::cleanup)
Sep 09 13:33:52 pfmon(1) INFO: running expire check (main::cleanup)
Sep 09 13:33:52 pfmon(1) INFO: checking registered nodes for expiration
(main::cleanup)
Sep 09 13:43:33 pfsetvlan(0) WARN: ignoring non trap line No access
configuration - dropping trap. (main::)
Sep 09 13:43:34 pfsetvlan(0) WARN: ignoring non trap line No access
configuration - dropping trap. (main::)
Sep 09 13:43:34 pfsetvlan(0) WARN: ignoring non trap line No access
configuration - dropping trap. (main::)
Sep 09 13:43:35 pfsetvlan(0) WARN: ignoring non trap line No access
configuration - dropping trap. (main::)
Sep 09 13:43:36 pfsetvlan(0) WARN: ignoring non trap line No access
configuration - dropping trap. (main::)
Sep 09 13:43:37 pfsetvlan(0) WARN: ignoring non trap line No access
configuration - dropping trap. (main::)
Sep 09 13:43:52 pfmon(1) INFO: running expire check (main::cleanup)
Sep 09 13:43:52 pfmon(1) INFO: checking registered nodes for expiration
(main::cleanup)
Sep 09 13:53:52 pfmon(1) INFO: running expire check (main::cleanup)
Sep 09 13:53:52 pfmon(1) INFO: checking registered nodes for expiration
(main::cleanup)
Sep 09 14:03:52 pfmon(1) INFO: running expire check (main::cleanup)
Sep 09 14:03:52 pfmon(1) INFO: checking registered nodes for expiration
(main::cleanup)
Sep 09 14:13:52 pfmon(1) INFO: running expire check (main::cleanup)
Sep 09 14:13:52 pfmon(1) INFO: checking registered nodes for expiration
(main::cleanup)
Sep 09 14:23:52 pfmon(1) INFO: running expire check (main::cleanup)
Sep 09 14:23:52 pfmon(1) INFO: checking registered nodes for expiration
(main::cleanup)
Sep 09 14:33:52 pfmon(1) INFO: running expire check (main::cleanup)
Sep 09 14:33:52 pfmon(1) INFO: checking registered nodes for expiration
(main::cleanup)
Sep 09 14:43:33 pfsetvlan(0) WARN: ignoring non trap line No access
configuration - dropping trap. (main::)
Sep 09 14:43:34 pfsetvlan(0) WARN: ignoring non trap line No access
configuration - dropping trap. (main::)
Sep 09 14:43:34 pfsetvlan(0) WARN: ignoring non trap line No access
configuration - dropping trap. (main::)
Sep 09 14:43:35 pfsetvlan(0) WARN: ignoring non trap line No access
configuration - dropping trap. (main::)
Sep 09 14:43:36 pfsetvlan(0) WARN: ignoring non trap line No access
configuration - dropping trap. (main::)
Sep 09 14:43:37 pfsetvlan(0) WARN: ignoring non trap line No access
configuration - dropping trap. (main::)
Sep 09 14:43:52 pfmon(1) INFO: running expire check (main::cleanup)
Sep 09 14:43:52 pfmon(1) INFO: checking registered nodes for expiration
(main::cleanup)
Sep 09 14:53:52 pfmon(1) INFO: running expire check (main::cleanup)
Sep 09 14:53:52 pfmon(1) INFO: checking registered nodes for expiration
(main::cleanup)
Sep 09 15:03:52 pfmon(1) INFO: running expire check (main::cleanup)
Sep 09 15:03:52 pfmon(1) INFO: checking registered nodes for expiration
(main::cleanup)
Sep 09 15:13:52 pfmon(1) INFO: running expire check (main::cleanup)
Sep 09 15:13:52 pfmon(1) INFO: checking registered nodes for expiration
(main::cleanup)
/usr/local/pf/conf/snmptrapd.conf: line 2: Warning: Unknown token:
authCommunity.
NET-SNMP version 5.4.3
No access configuration - dropping trap.
No access configuration - dropping trap.
No access configuration - dropping trap.
No access configuration - dropping trap.
No access configuration - dropping trap.
No access configuration - dropping trap.
No access configuration - dropping trap.
No access configuration - dropping trap.
No access configuration - dropping trap.
No access configuration - dropping trap.
No access configuration - dropping trap.
No access configuration - dropping trap.
No access configuration - dropping trap.
No access configuration - dropping trap.
No access configuration - dropping trap.
No access configuration - dropping trap.
No access configuration - dropping trap.
No access configuration - dropping trap.
No access configuration - dropping trap.
No access configuration - dropping trap.
No access configuration - dropping trap.
No access configuration - dropping trap.
No access configuration - dropping trap.
No access configuration - dropping trap.
------------------------------------------------------------------------------
This SF.net Dev2Dev email is sponsored by:
Show off your parallel programming skills.
Enter the Intel(R) Threading Challenge 2010.
http://p.sf.net/sfu/intel-thread-sfd
_______________________________________________
Packetfence-users mailing list
Packetfence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users
