Barry,
Let's me make a quick recap of the situation:
Can you try with this pf.conf file?
I've removed the comments from it to make sure there is no wrapping that
could be misinterpreted by the parser.
Make sure to fill the removed parameters.
On 5/30/12 13:08 , Barry Quiel wrote:
So I thought I would try and just start over, since we aren't really
that far into PF yet. I moved /usr/local/pf to /usr/local/pf.old then
did a yum reinstall packetfence. Then I cracked open the admin guide
and went through the setup steps. I ran install.pl, then
configurator.pl. I checked the resulting pf.conf and networks.conf
and they are both empty files.
I'm stuck. I can't get my old install of PF working and I can't get a
new install of PF working.
Any suggestions?
On 5/29/2012 3:20 PM, Barry Quiel wrote:
On 5/29/2012 1:34 PM, Derek Wuelfrath wrote:
Barry,
Can you send us your logs/packetfence.log file.
Also can you do an ls -l on the pf.conf file.
Thanks!
So the log file isn't real interesting. Only has:
May 29 15:19:00 pfcmd(14640) INFO: Executing pfcmd service pf start
(main::service)
And here is the ls:
-rw-r--r-- 1 pf pf 1954 May 29 11:16 pf.conf
On 5/29/12 14:59 , Barry Quiel wrote:
On 5/29/2012 11:20 AM, Derek Wuelfrath wrote:
Did you get rid of the [192.168.11.0] section in networks.conf ?
Yes I did.
So what I'm finding is that the Config hash is defined coming into
checkup.pm. But for some reason some of the keys withing %Config
and %ConfigNetworks are not defined, which seems to hint at reading
the config files. But if that was broken then I would expect a lot
more messages on the mailing list.
In interfaces_defined() the foreach is not entered. This would
imply that tied(%Config)->GroupMembers("interface") isn't returning
anything in the assignment to $interface
In interfaces() the first check get_internal_devs() is making that
if statement add_problem
In network() the second foreach that check the network block values
it turns out that %net is not defined after the assignment from
%{$ConfigNetworks{$network}};
All roads seem to point to some type of parsing issue of the config
files. I checked the permission on the config files and they are
644 with pf:pf ownership.
Can you point me in the direction of the piece that reads the
config and I can throw in some debugging there. I don't think that
the process is broken, but putting in some debug there might help
show what the real problem is.
Any other suggestions?
On 5/29/12 14:00 , Barry Quiel wrote:
On 5/29/2012 10:11 AM, Derek Wuelfrath wrote:
Barry
Well, I'm glad you asked I am having a bit if an issue. This
was a working ( although limited since not fully deployed )
3.1.0 box. Now when I try to start pf I get the following:
Starting PacketFence...Checking configuration sanity...
Use of uninitialized value $net{"named"} in pattern match
(m//) at /usr/local/pf/lib/pf/pfcmd/checkup.pm line 362.
Use of uninitialized value $net{"dhcpd"} in pattern match
(m//) at /usr/local/pf/lib/pf/pfcmd/checkup.pm line 369.
FATAL - please define exactly one management interface
FATAL - internal network(s) not defined!
From what I can see from the provided config files, the
followings needs to be modified:
- Remove the entire [192.168.11.0] section from networks.conf.
This is your management network and don't need to be specified
in the networks.conf file
- You seems to be missing an isolation interface / network. PF
will complain if any of those (registration / isolation) is missing.
Try these fixes and let me know.
Thanks!
So adding a isolation network/interface didn't do it. Being a
bit of a perl monkey I broke into checkup.pm I found the
function interfaces_defined where the error "FATAL - please
define exactly one management interface" is coming from. I put a
few print statements in to see what was going on. I can see that
I enter that function. But the foreach loop that iterates
through the interfaces and validates the interface config blocks
is not being entered. So the counter nb_management_interface is
not being incremented and that causes the error to be generated.
I'm guessing %Config->GroupMembers("interface") is somehow
empty. I bet it relates to the "Use of uninitialized value
$net{"named"} in pattern match (m//) at
/usr/local/pf/lib/pf/pfcmd/checkup.pm line 362" as to why that's
empty. I will keep digging but since you know the code better
then I do an suggestions would be appreciated.
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
--
Derek Wuelfrath
[email protected] <mailto:[email protected]> :: +1.514.447.4918
x110 :: www.inverse.ca <http://www.inverse.ca>
Inverse inc. :: Leaders behind SOGo (www.sogo.nu <http://www.sogo.nu>)
and PacketFence (www.packetfence.org <http://www.packetfence.org>)
[general]
domain=chico.sungardps.lcl
timezone=America/Los_Angeles
[trapping]
range=192.168.20.0/24
registration=enabled
[registration]
auth=ldap
expire_mode=window
expire_window=24h
[alerting]
emailaddr=<removed>
fromaddr=<removed>
smtpserver=<removed>
[database]
pass=<removed>
[servicewatch]
restart=enabled
[vlan]
closelocationlogonstop=enabled
[expire]
node=240h
[interface eth0]
ip=192.168.11.50
mask=255.255.255.0
gateway=192.168.11.1
type=management
[interface eth1]
ip=192.168.20.1
mask=255.255.255.0
gateway=192.168.20.1
type=internal
enforcement=vlan
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
