P.s., what to make it clear, I am not having any VLAN switching problems after Packetfence 3.1 starts SNMPTRAPD (also after having figured out the nuances of CentOs 6.2's Firewall GUI last week.) Direction on the why SNMPTRAPD isn't started with Packetfences's SNMPTRAPD.CONF at server boot and the best way/place to correct it would be welcome. Thanks!
________________________________________ From: Steve Wittstruck Sent: Monday, February 06, 2012 11:44 AM To: [email protected] Subject: RE: [Packetfence-users] PF 3.1.0 doesn't change Cisco 3750 12.2(52)SE from Registration to Normal VLAN Hi again Francis and Packetfence volunteers: No surprise I'm writing again :}. Found another wrinkle in my VLAN switching problem, turns out SNMPTRAPD.CONF isn't getting read at server boot. I'll figure out why in time but wanted to throw it out here. BEFORE SNMPTRAPD RESTART THRU PACKETFENCE GUI: [root@packetfence ~]# ps -ef | grep snmp root 1799 1 0 10:55 ? 00:00:00 /usr/sbin/snmpd -LS0-6d -Lf /dev/null -p /var/run/snmpd.pid root 1807 1 0 10:55 ? 00:00:00 /usr/sbin/snmptrapd -Lsd -p /var/run/snmptrapd.pid ... AFTER SNMPTRAPD RESTART THRU PACKETFENCE GUI: [root@packetfence ~]# ps -ef | grep snmp root 1799 1 0 10:55 ? 00:00:00 /usr/sbin/snmpd -LS0-6d -Lf /dev/null -p /var/run/snmpd.pid root 4453 1 0 11:14 ? 00:00:00 /usr/sbin/snmptrapd -n -c /usr/local/pf/var/conf/snmptrapd.conf -C -A -Lf /usr/local/pf/logs/snmptrapd.log -p /usr/local/pf/var/run/snmptrapd.pid -On ... Perhaps another manifestation of the core problem (SNMPTRAPD.CONF not getting read at server boot) is SNMPTRAPD 'fails' shutdown during server restart? Thanks! Steve CSM ____________________________________ From: Steve Wittstruck Sent: Thursday, February 02, 2012 1:00 PM To: [email protected] Subject: RE: [Packetfence-users] PF 3.1.0 doesn't change Cisco 3750 12.2(52)SE from Registration to Normal VLAN Hi Francois, I got it working Thanks to your 3 problem areas to focus on: "-You removed the 127.0.0.1 switch from switches.conf, - There is a firewall blocking the SNMP traps to 127.0.0.1, - snmptrapd is not running". Of the 3, the firewall had the most possibility, i.e. it was easy to rule out a missing loopback switch definition and that snmptrapd wasn't running. Turns out the CentOs 6.2 Firewall GUI had me a little befuddled. Hitting the Disable button apparently doesn't "open the barn door", without more testing I'll have to assume hitting Disable simple leaves the system in a Closed state. Similarly hitting Enable doesn't apparently load the defined rules, for that you have to also hit the Apply button (I suppose some snickering is aptly deserved :). Unix/Linux hasn't ever really been my primary use OS so I have some skill sharpening to do... starting with command line iptables (no Firewall GUI if I can help it.) Thanks again for your direction and patience. I look forward to the time Packetfence gets to flex it's muscles on our network. Steve CSM ________________________________________ From: Steve Wittstruck Sent: Tuesday, January 31, 2012 5:07 PM To: [email protected] Subject: RE: [Packetfence-users] PF 3.1.0 doesn't change Cisco 3750 12.2(52)SE from Registration to Normal VLAN Francois, Sorry I took a few days to get back to you, unfortunately lab work takes a back seat to production. I'm not finding anything amiss with the 3 possibilities you listed: [127.0.0.1] type = PacketFence mode = production uplink = dynamic I disabled the Firewall before reconnecting my registration test computer, and had the same results. I'm not running any changes to the Firewall, i.e., it's a clean OS install only doctored up by PF's configurator.pl (I think) via iptables.conf: # SNMP Traps -A input-management-if --protocol udp --match udp --dport 162 --jump ACCEPT PF GUI showed snmptrapd is running, pid 1795, which verifies in the ps shell command: [root@packetfence ~]# ps -p 1795 PID TTY TIME CMD 1795 ? 00:00:00 snmptrapd I tried looking for packetfence.logs that were different than those I've sent earlier. The following mysql logs show up about the time I restarted the PacketFence server; I also see they exist in archived log files. Jan 31 16:43:26 pfdhcplistener(8177) INFO: 00:24:81:56:15:ea requested an IP. DHCP Fingerprint: OS::107 (Microsoft Windows Vista/7 or Server 2008). Modified node with last_dhcp = 2 012-01-31 16:43:26,computername = Steve-MiniHP,dhcp_fingerprint = 1,15,3,6,44,46,47,31,33,121,249,43 (main::listen_dhcp) Jan 31 16:43:26 pfdhcplistener(8177) INFO: DHCPACK from 192.168.52.1 (00:0e:0c:09:31:7a) to host 00:24:81:56:15:ea (192.168.52.2) for 20 seconds (main::parse_dhcp_ack) Jan 31 16:43:36 pfdhcplistener(8177) WARN: database query failed with: MySQL server has gone away. (errno: 2006), will try again (pf::db::db_query_execute) Jan 31 16:43:36 pfdhcplistener(8177) FATAL: unable to connect to database: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) at /usr/local/pf/lib/p f/node.pm line 280 (pf::db::db_connect) Jan 31 16:43:36 pfdhcplistener(8177) INFO: stopping pfdhcplistener for interface eth0.52 (main::END) Jan 31 16:43:40 pfdhcplistener(8159) WARN: database query failed with: MySQL server has gone away. (errno: 2006), will try again (pf::db::db_query_execute) Jan 31 16:43:40 pfdhcplistener(8159) FATAL: unable to connect to database: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) at /usr/local/pf/lib/p f/node.pm line 280 (pf::db::db_connect) Jan 31 16:43:40 pfdhcplistener(8159) INFO: stopping pfdhcplistener for interface eth0.10 (main::END) Jan 31 16:43:47 pfdhcplistener(8156) INFO: stopping pfdhcplistener for interface eth0.53 (main::END) Jan 31 16:43:49 pfmon(0) FATAL: pfmon: caught SIGTERM - terminating (main::normal_sighandler) Jan 31 16:43:49 pfsetvlan(15) FATAL: pfsetvlan: caught SIGTERM - terminating at /usr/local/pf/sbin/pfsetvlan line 1784 thread 15 (main::normal_sighandler) Jan 31 16:43:49 pfsetvlan(15) FATAL: main::normal_sighandler('TERM') called at /usr/local/pf/sbin/pfsetvlan line 787 thread 15 (main::normal_sighandler) Jan 31 16:43:49 pfsetvlan(15) FATAL: eval {...} called at /usr/local/pf/sbin/pfsetvlan line 787 thread 15 (main::normal_sighandler) Jan 31 16:43:49 pfsetvlan(15) FATAL: main::signalHandlerThreadListQueued() called at /usr/local/pf/sbin/pfsetvlan line 216 thread 15 (main::normal_sighandler) Jan 31 16:43:49 pfsetvlan(15) FATAL: eval {...} called at /usr/local/pf/sbin/pfsetvlan line 216 thread 15 (main::normal_sighandler) Thread 15 terminated abnormally: pfsetvlan: caught SIGTERM - terminating at /usr/local/pf/sbin/pfsetvlan line 1784 thread 15 main::normal_sighandler('TERM') called at /usr/local/pf/sbin/pfsetvlan line 787 thread 15 eval {...} called at /usr/local/pf/sbin/pfsetvlan line 787 thread 15 main::signalHandlerThreadListQueued() called at /usr/local/pf/sbin/pfsetvlan line 216 thread 15 eval {...} called at /usr/local/pf/sbin/pfsetvlan line 216 thread 15 Jan 31 16:43:49 pfmon(0) INFO: stopping pfmon (main::END) Jan 31 16:47:02 pfcmd(2078) INFO: Executing pfcmd service pf start (main::service) Jan 31 16:47:05 pfcmd(2078) INFO: /usr/sbin/named status (pf::services::service_ctl) Jan 31 16:47:05 pfcmd(2078) INFO: pidof -x named returned 0 (pf::services::service_ctl) While putting this email together pfsetvlan crashed (see logs below), it also restarted on it's own. This reminds me, I've also seen a few OS kernel (Centos 6.2) crashes since doing the PF 3.x scratch install. Jan 31 16:32:05 pfsetvlan(0) FATAL: pfsetvlan: caught SIGTERM - terminating at /usr/share/perl5/File/Tail.pm line 554 (main::normal_sighandler) Uncaught exception from user code: pfsetvlan: caught SIGTERM - terminating at /usr/share/perl5/File/Tail.pm line 554 at /usr/share/perl5/File/Tail.pm line 554 File::Tail::read('File::Tail=HASH(0x94bf8a8)') called at /usr/local/pf/sbin/pfsetvlan line 279 Jan 31 16:32:05 pfsetvlan(0) INFO: stopping pfsetvlan (main::END) Thank you. Steve ________________________________________ From: Francois Gaudreault [[email protected]] Sent: Thursday, January 26, 2012 1:39 PM To: [email protected] Subject: Re: [Packetfence-users] PF 3.1.0 doesn't change Cisco 3750 12.2(52)SE from Registration to Normal VLAN Steve, I see that PF is sending the local SNMP trap for the VLAN reassignments, but I don't see the daemon receiving it. Two possibilites : - You removed the 127.0.0.1 switch from switches.conf - There is a firewall blocking the SNMP traps to 127.0.0.1 - snmptrapd is not running On 12-01-26 3:25 PM, Steve Wittstruck wrote: > Francois, > > I don't think there's anything else new or different in the log. Below are > the logs you asked for, i.e. the ones immediately following what I sent > earlier. This group seems to repeat itself, 2 more times I think, or a total > of 4 times, at which point I probably turned off the registering computer. > > Jan 26 08:37:00 pfdhcplistener(2184) INFO: 00:24:81:56:15:ea requested an IP. > DHCP Fingerprint: OS::107 (Microsoft Windows Vista/7 or Server 2008). > Modified node with last_dhcp = 2 > 012-01-26 08:37:00,computername = Steve-MiniHP,dhcp_fingerprint = > 1,15,3,6,44,46,47,31,33,121,249,43 (main::listen_dhcp) > Jan 26 08:37:00 pfdhcplistener(2184) INFO: DHCPACK from 192.168.52.1 > (00:0e:0c:09:31:7a) to host 00:24:81:56:15:ea (192.168.52.2) for 20 seconds > (main::parse_dhcp_ack) > Jan 26 08:37:10 pfdhcplistener(2184) INFO: 00:24:81:56:15:ea requested an IP. > DHCP Fingerprint: OS::107 (Microsoft Windows Vista/7 or Server 2008). > Modified node with last_dhcp = 2 > 012-01-26 08:37:10,computername = Steve-MiniHP,dhcp_fingerprint = > 1,15,3,6,44,46,47,31,33,121,249,43 (main::listen_dhcp) > Jan 26 08:37:10 pfdhcplistener(2184) INFO: DHCPACK from 192.168.52.1 > (00:0e:0c:09:31:7a) to host 00:24:81:56:15:ea (192.168.52.2) for 20 seconds > (main::parse_dhcp_ack) > Jan 26 08:37:20 pfdhcplistener(2184) INFO: 00:24:81:56:15:ea requested an IP. > DHCP Fingerprint: OS::107 (Microsoft Windows Vista/7 or Server 2008). > Modified node with last_dhcp = 2 > 012-01-26 08:37:20,computername = Steve-MiniHP,dhcp_fingerprint = > 1,15,3,6,44,46,47,31,33,121,249,43 (main::listen_dhcp) > Jan 26 08:37:21 pfdhcplistener(2184) INFO: DHCPACK from 192.168.52.1 > (00:0e:0c:09:31:7a) to host 00:24:81:56:15:ea (192.168.52.2) for 20 seconds > (main::parse_dhcp_ack) > Jan 26 08:37:30 pfdhcplistener(2184) INFO: 00:24:81:56:15:ea requested an IP. > DHCP Fingerprint: OS::107 (Microsoft Windows Vista/7 or Server 2008). > Modified node with last_dhcp = 2 > 012-01-26 08:37:30,computername = Steve-MiniHP,dhcp_fingerprint = > 1,15,3,6,44,46,47,31,33,121,249,43 (main::listen_dhcp) > Jan 26 08:37:30 pfdhcplistener(2184) INFO: DHCPACK from 192.168.52.1 > (00:0e:0c:09:31:7a) to host 00:24:81:56:15:ea (192.168.52.2) for 20 seconds > (main::parse_dhcp_ack) > Jan 26 08:37:40 pfdhcplistener(2184) INFO: 00:24:81:56:15:ea requested an IP. > DHCP Fingerprint: OS::107 (Microsoft Windows Vista/7 or Server 2008). > Modified node with last_dhcp = 2 > 012-01-26 08:37:40,computername = Steve-MiniHP,dhcp_fingerprint = > 1,15,3,6,44,46,47,31,33,121,249,43 (main::listen_dhcp) > Jan 26 08:37:40 pfdhcplistener(2184) INFO: DHCPACK from 192.168.52.1 > (00:0e:0c:09:31:7a) to host 00:24:81:56:15:ea (192.168.52.2) for 20 seconds > (main::parse_dhcp_ack) > Jan 26 08:37:50 pfdhcplistener(2184) INFO: 00:24:81:56:15:ea requested an IP. > DHCP Fingerprint: OS::107 (Microsoft Windows Vista/7 or Server 2008). > Modified node with last_dhcp = 2 > 012-01-26 08:37:50,computername = Steve-MiniHP,dhcp_fingerprint = > 1,15,3,6,44,46,47,31,33,121,249,43 (main::listen_dhcp) > Jan 26 08:37:50 pfdhcplistener(2184) INFO: DHCPACK from 192.168.52.1 > (00:0e:0c:09:31:7a) to host 00:24:81:56:15:ea (192.168.52.2) for 20 seconds > (main::parse_dhcp_ack) > Jan 26 08:37:55 redir.cgi(0) INFO: 00:24:81:56:15:ea being redirected > (ModPerl::ROOT::ModPerl::PerlRun::usr_local_pf_html_captive_2dportal_redir_2ecgi::handler) > Jan 26 08:37:55 redir.cgi(0) INFO: Updating node 00:24:81:56:15:ea user_agent > with useragent: 'Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; > Trident/5.0; SLCC2; .NET CLR 2.0.5 > 0727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C)' > (pf::web::web_node_record_user_agent) > Jan 26 08:37:55 redir.cgi(0) INFO: Static User-Agent lookup data initialized > (pf::useragent::_init) > Jan 26 08:37:56 redir.cgi(0) INFO: MAC 00:24:81:56:15:ea shouldn't reach > here. Calling access re-evaluation. Make sure your network device > configuration is correct. (ModPerl::ROOT: > :ModPerl::PerlRun::usr_local_pf_html_captive_2dportal_redir_2ecgi::handler) > Jan 26 08:37:56 redir.cgi(0) INFO: re-evaluating access for node > 00:24:81:56:15:ea (redir.cgi called) (pf::enforcement::reevaluate_access) > Jan 26 08:37:56 redir.cgi(0) INFO: 00:24:81:56:15:ea VLAN reassignment is > forced. (pf::enforcement::_should_we_reassign_vlan) > Jan 26 08:37:56 redir.cgi(0) INFO: switch port for 00:24:81:56:15:ea is > 138.67.244.16 ifIndex 10047 connection type: Wired SNMP > (pf::enforcement::_vlan_reevaluation) > Jan 26 08:37:56 redir.cgi(0) DEBUG: opening SNMP v1 connection to 127.0.0.1 > (pf::SNMP::PacketFence::connectWrite) > Jan 26 08:38:00 pfdhcplistener(2184) INFO: 00:24:81:56:15:ea requested an IP. > DHCP Fingerprint: OS::107 (Microsoft Windows Vista/7 or Server 2008). > Modified node with last_dhcp = 2 > 012-01-26 08:38:00,computername = Steve-MiniHP,dhcp_fingerprint = > 1,15,3,6,44,46,47,31,33,121,249,43 (main::listen_dhcp) > > Thank you! > Steve Wittstruck > Colorado School of Mines > ________________________________________ > From: Francois Gaudreault [[email protected]] > Sent: Thursday, January 26, 2012 12:36 PM > To: [email protected] > Subject: Re: [Packetfence-users] PF 3.1.0 doesn't change Cisco 3750 > 12.2(52)SE from Registration to Normal VLAN > > On 12-01-26 11:48 AM, Steve Wittstruck wrote: >> Jan 26 08:36:53 register.cgi(0) DEBUG: opening SNMP v1 connection to >> 127.0.0.1 (pf::SNMP::PacketFence::connectWrite) >> Jan 26 08:36:53 register.cgi(0) INFO: 192.168.52.2 - 00:24:81:56:15:ea >> (ModPerl::ROOT::ModPerl::PerlRun::usr_local_pf_html_captive_2dportal_register_2ecgi::handler) >> Jan 26 08:37:00 pfdhcplistener(2184) INFO: 00:24:81:56:15:ea requested an >> IP. DHCP Fingerprint: OS::107 (Microsoft Windows Vista/7 or Server 2008). >> Modified node with last_dhcp = 2 >> 012-01-26 08:37:00,computername = Steve-MiniHP,dhcp_fingerprint = >> 1,15,3,6,44,46,47,31,33,121,249,43 (main::listen_dhcp) >> Jan 26 08:37:00 pfdhcplistener(2184) INFO: DHCPACK from 192.168.52.1 >> (00:0e:0c:09:31:7a) to host 00:24:81:56:15:ea (192.168.52.2) for 20 seconds >> (main::parse_dhcp_ack) > > I need some few lines after that :) > > -- > Francois Gaudreault, ing. jr > [email protected] :: +1.514.447.4918 (x130) :: www.inverse.ca > Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence > (www.packetfence.org) > > ------------------------------------------------------------------------------ > Keep Your Developer Skills Current with LearnDevNow! > The most comprehensive online learning library for Microsoft developers > is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, > Metro Style Apps, more. Free future releases when you subscribe now! > http://p.sf.net/sfu/learndevnow-d2d > _______________________________________________ > Packetfence-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/packetfence-users > > ------------------------------------------------------------------------------ > Keep Your Developer Skills Current with LearnDevNow! > The most comprehensive online learning library for Microsoft developers > is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, > Metro Style Apps, more. Free future releases when you subscribe now! > http://p.sf.net/sfu/learndevnow-d2d > _______________________________________________ > Packetfence-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/packetfence-users > -- Francois Gaudreault, ing. jr [email protected] :: +1.514.447.4918 (x130) :: www.inverse.ca Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence (www.packetfence.org) ------------------------------------------------------------------------------ Keep Your Developer Skills Current with LearnDevNow! The most comprehensive online learning library for Microsoft developers is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, Metro Style Apps, more. Free future releases when you subscribe now! http://p.sf.net/sfu/learndevnow-d2d _______________________________________________ Packetfence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users ------------------------------------------------------------------------------ Try before you buy = See our experts in action! The most comprehensive online learning library for Microsoft developers is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, Metro Style Apps, more. Free future releases when you subscribe now! http://p.sf.net/sfu/learndevnow-dev2 _______________________________________________ Packetfence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
