Thanks Francois that's very helpful. We are already seeing lots of users connecting to our open registration SSID but never registering, and the system isn't even live yet, so I'd imagine that number will only increase and eventually it will be very impractical to delete the nodes from the web interface individually.
Cheers, Andi -----Original Message----- From: Francois Gaudreault [mailto:[email protected]] Sent: 09 July 2012 13:48 To: [email protected] Subject: Re: [PacketFence-users] expire.node Hi, > If I may jump in here and ask some questions? NO YOU CANNOT... just kidding ;) Of course! hehe > I guess it would be good practise to expire and remove nodes from the > database periodically as I can see it potentially building up and up. Is > there a way when using vlan mode to do this? Would running the 'delete from' > command that Francois gives below be sufficient to clear out the entries from > the nodes table if I was to schedule it in as a script? Should I also run > this for the location and iplog tables too? The "easiest" way would be to use the detect date (first DHCP seen, first RADIUS request). It is the date where the node is added to the DB. Automatically unregistering is easy, but expiring node will require some code (probably in pfmon). Now this also fires up some other questions: - Do we want to expire only unregistered nodes? - What do we do when the node still have an open locationlog? (ie. node still connected to a switchport) > > Ideally what I'd like to see is a way to unregister nodes after an amount of > time (ie, the end of academic year), and also something that would clear out > unregistered devices on a set time period, maybe once a week. Looking at the > documentation.conf it appears this is perfectly possible in arp mode, but not > vlan just yet. I think the use case is there. In fact, most of the people in the educational market would like to see that as well. I am thinking of a university in a downtown area with thousands of people hooking to their open SSID without registering. They would love to see the DB automatically cleaned out. I will open a ticket in our BTS so you will be able to follow the status of the feature. Thanks for your ideas! > > Cheers, > Andi > > -----Original Message----- > From: Francois Gaudreault [mailto:[email protected]] > Sent: 06 July 2012 14:52 > To: [email protected] > Subject: Re: [PacketFence-users] expire.node > > Hi Mark, > > On 12-07-06 9:13 AM, Mark Holmes wrote: >> When I do >> >> delete from node where status="unreg" AND detect_date<= NOW(); >> >> I get ' ERROR 1146 (42S02): Table 'pf.node_useragent' doesn't exist' >> >> If I do >> >> show tables from pf >> >> I see node and node_category but that is all. >> >> Did I miss a schema update somewhere? > Yes. You likely have a missing table/tables in the schema. This table has > been introduced back in upgrade-2.0.0-2.2.0.sql. > >> >> Mark >> >> >> -----Original Message----- >> From: Mark Holmes [mailto:[email protected]] >> Sent: 06 July 2012 13:57 >> To: [email protected] >> Subject: Re: [PacketFence-users] expire.node >> >>> Anyway, I am not even sure this expire is working for VLAN mode. I think >>> it was only designed for ARP mode. >> >> Ah, I'll leave that then. I am looking for a way to clear some nodes out as >> for some reason I have 65000+ rows in the nodes table (I don't know how as >> we only have 500 or so devices on the network...), but from looking around >> it seems this is problematic with VLAN isolation mode. >> >> In the bug tracking system I have seen 0000887 which is still open so I >> suppose there is no way to remove nodes yet? >> >> Mark >> >> >> >> >> >> >> -----Original Message----- >> From: Francois Gaudreault [mailto:[email protected]] >> Sent: 06 July 2012 13:51 >> To: [email protected] >> Subject: Re: [PacketFence-users] expire.node >> >> Hi, >> >> I am not able to reproduce, I set in pf.conf: >> >> [expire] >> node = 180D >> >> Running the checkup will pass. Anyway, I am not even sure this expire is >> working for VLAN mode. I think it was only designed for ARP mode. >> >> On 12-07-06 6:20 AM, Mark Holmes wrote: >>> I just set expire.node=180D in pf.conf >>> >>> When I start PacketFence I get >>> >>> FATAL - pf.conf value expire.node does not explicity define interval >>> (eg. 7200s, 120m, 2h) - please define it before running packetfence >>> >>> What have I missed? >>> >>> Thanks, >>> >>> Mark >>> >>> Nuffield College is a Registered Charity No. 1137506. Registered >>> Office: Nuffield College, New Road, Oxford, OX1 1NF >>> >>> -------------------------------------------------------------------- >>> - >>> - >>> -------- >>> Live Security Virtual Conference >>> Exclusive live event will cover all the ways today's security and >>> threat landscape has changed and how IT managers can respond. >>> Discussions will include endpoint security, mobile security and the >>> latest in malware threats. >>> http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ >>> _______________________________________________ >>> PacketFence-users mailing list >>> [email protected] >>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>> >> >> >> -- >> Francois Gaudreault, ing. jr >> [email protected] :: +1.514.447.4918 (x130) :: www.inverse.ca >> Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence >> (www.packetfence.org) >> >> --------------------------------------------------------------------- >> - >> -------- >> Live Security Virtual Conference >> Exclusive live event will cover all the ways today's security and >> threat landscape has changed and how IT managers can respond. >> Discussions will include endpoint security, mobile security and the >> latest in malware threats. >> http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ >> _______________________________________________ >> PacketFence-users mailing list >> [email protected] >> https://lists.sourceforge.net/lists/listinfo/packetfence-users >> >> Nuffield College is a Registered Charity No. 1137506. Registered >> Office: Nuffield College, New Road, Oxford, OX1 1NF >> >> --------------------------------------------------------------------- >> - >> -------- >> Live Security Virtual Conference >> Exclusive live event will cover all the ways today's security and >> threat landscape has changed and how IT managers can respond. >> Discussions will include endpoint security, mobile security and the >> latest in malware threats. >> http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ >> _______________________________________________ >> PacketFence-users mailing list >> [email protected] >> https://lists.sourceforge.net/lists/listinfo/packetfence-users >> >> Nuffield College is a Registered Charity No. 1137506. Registered >> Office: Nuffield College, New Road, Oxford, OX1 1NF >> >> --------------------------------------------------------------------- >> - >> -------- >> Live Security Virtual Conference >> Exclusive live event will cover all the ways today's security and >> threat landscape has changed and how IT managers can respond. >> Discussions will include endpoint security, mobile security and the >> latest in malware threats. >> http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ >> _______________________________________________ >> PacketFence-users mailing list >> [email protected] >> https://lists.sourceforge.net/lists/listinfo/packetfence-users >> >> > > > -- > Francois Gaudreault, ing. jr > [email protected] :: +1.514.447.4918 (x130) :: www.inverse.ca > Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence > (www.packetfence.org) > > ---------------------------------------------------------------------- > -------- > Live Security Virtual Conference > Exclusive live event will cover all the ways today's security and > threat landscape has changed and how IT managers can respond. > Discussions will include endpoint security, mobile security and the > latest in malware threats. > http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ > _______________________________________________ > PacketFence-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/packetfence-users > ________________________________ > > From 1st November 2011 UWIC changed its title to Cardiff Metropolitan > University. From the 6th December 2011, as part of this change, all > email addresses which included @uwic.ac.uk have changed to > @cardiffmet.ac.uk. All emails sent from Cardiff Metropolitan > University will now be sent from the new @cardiffmet.ac.uk address. > Please could you ensure that all of your contact records and databases > are updated to reflect this change. Further information can be found > on the website > here.<http://www3.uwic.ac.uk/English/News/Pages/UWIC-Name-Change.aspx> > > Ar Dachwedd y 1af 2011 newidiodd UWIC ei henw i Brifysgol Fetropolitan > Caerdydd. O Ragfyr 6ed, fel rhan o'r newid yma, bydd pob cyfeiriad > e-bost sy'n cynnwys @uwic.ac.uk yn newid i @cardiffmet.ac.uk. Bydd yr > holl ebyst a ddanfonir o Brifysgol Fetropolitan Caerdydd yn cael eu > danfon o‘r cyfeiriad @cardiffmet.ac.uk newydd. Gwnewch yn siwr eich > bod yn diweddaru eich cofnodion cyswllt a'ch cronfeydd data i > adlewyrchu hyn. Gellir cael rhagor o wybodaeth ar y wefan > yma.<http://www3.uwic.ac.uk/English/News/Pages/UWIC-Name-Change.aspx> > > ---------------------------------------------------------------------- > -------- > Live Security Virtual Conference > Exclusive live event will cover all the ways today's security and > threat landscape has changed and how IT managers can respond. > Discussions will include endpoint security, mobile security and the > latest in malware threats. > http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ > _______________________________________________ > PacketFence-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/packetfence-users -- Francois Gaudreault, ing. jr [email protected] :: +1.514.447.4918 (x130) :: www.inverse.ca Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence (www.packetfence.org) ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users ________________________________ From 1st November 2011 UWIC changed its title to Cardiff Metropolitan University. From the 6th December 2011, as part of this change, all email addresses which included @uwic.ac.uk have changed to @cardiffmet.ac.uk. All emails sent from Cardiff Metropolitan University will now be sent from the new @cardiffmet.ac.uk address. Please could you ensure that all of your contact records and databases are updated to reflect this change. Further information can be found on the website here.<http://www3.uwic.ac.uk/English/News/Pages/UWIC-Name-Change.aspx> Ar Dachwedd y 1af 2011 newidiodd UWIC ei henw i Brifysgol Fetropolitan Caerdydd. O Ragfyr 6ed, fel rhan o'r newid yma, bydd pob cyfeiriad e-bost sy'n cynnwys @uwic.ac.uk yn newid i @cardiffmet.ac.uk. Bydd yr holl ebyst a ddanfonir o Brifysgol Fetropolitan Caerdydd yn cael eu danfon o‘r cyfeiriad @cardiffmet.ac.uk newydd. Gwnewch yn siwr eich bod yn diweddaru eich cofnodion cyswllt a'ch cronfeydd data i adlewyrchu hyn. Gellir cael rhagor o wybodaeth ar y wefan yma.<http://www3.uwic.ac.uk/English/News/Pages/UWIC-Name-Change.aspx> ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
