So I've got 4.0.0 mostly working and was doing some testing. Attempted to do
a "Generic" violation on my test box and get a warning on the web gui of an
error when adding the violation. So, I go look at the log and I get this:
May 14 13:02:41 httpd.admin(0) INFO: "1300000" found
(pfappserver::Base::Model::Config::hasId)
May 14 13:02:41 httpd.admin(0) INFO: grace expired on violation 1300000 for
node 00:24:7e:68:fc:c3 (pf::violation::violation_add)
May 14 13:02:41 httpd.admin(0) WARN: database query failed with: Cannot add or
update a child row: a foreign key constraint fails (`pf`.`violation`,
CONSTRAINT `0_61` FOR
EIGN KEY (`vid`) REFERENCES `class` (`vid`) ON DELETE CASCADE ON UPDATE
CASCADE). (errno: 1452), will try again (pf::db::db_query_execute)
May 14 13:02:41 httpd.admin(0) WARN: database query failed with: Cannot add or
update a child row: a foreign key constraint fails (`pf`.`violation`,
CONSTRAINT `0_61` FOR
EIGN KEY (`vid`) REFERENCES `class` (`vid`) ON DELETE CASCADE ON UPDATE
CASCADE). (errno: 1452), will try again (pf::db::db_query_execute)
May 14 13:02:41 httpd.admin(0) WARN: database query failed with: Cannot add or
update a child row: a foreign key constraint fails (`pf`.`violation`,
CONSTRAINT `0_61` FOR
EIGN KEY (`vid`) REFERENCES `class` (`vid`) ON DELETE CASCADE ON UPDATE
CASCADE). (errno: 1452), will try again (pf::db::db_query_execute)
May 14 13:02:41 httpd.admin(0) ERROR: Database issue: We tried 3 times to serve
query violation_add_sql called from pf::violation::violation_add and we failed.
Is the dat
abase running? (pf::db::db_query_execute)
Of course, the database IS running.
I also get a whole blast of these when I restart. I'm sure the DB is running
because it's recording devices it discovers via dhcplistener.
Any ideas where I should be looking? Is this a bug, or is this a config issue
on my side (I consider the latter more likely :^).
I'm using an Extreme Networks Summit X450e, although I've set it to send
up/down notifications rather than port protection
pf.conf:
[general]
#
# general.domain
#
# Domain name of PacketFence system.
domain=dptlabs.com
#
# general.hostname
#
# Hostname of PacketFence system. This is concatenated with the domain in
Apache rewriting rules and therefore must be resolvable by clients.
hostname=pf-1
#
# general.dnsservers
#
# Comma-delimited list of DNS servers. Passthroughs are created to allow
queries to these servers from even "trapped" nodes.
dnsservers=127.0.0.1,172.16.18.249
#
# general.dhcpservers
#
# Comma-delimited list of DHCP servers. Passthroughs are created to allow DHCP
transactions from even "trapped" nodes.
dhcpservers=127.0.0.1,172.16.18.254
#
# general.timezone
#
# System's timezone in string format. Supported list:
# http://www.php.net/manual/en/timezones.php
timezone=America/Chicago
[network]
#
# network.rogue_dhcp_detection
#
# Tries to identify Rogue DHCP Servers and triggers the 1100010 violation if
one is found.
# This feature is only available if the dhcpdetector is activated.
rogue_dhcp_detection=disabled
[registration]
#
# registration.range
#
#
range=192.168.2.0/24
[guests_self_registration]
#
# guests_self_registration.mandatory_fields
#
# Fields required to be filled in the self-registration form. Valid values are:
# firstname, lastname, organization, phone, mobileprovider, email,
# sponsor_email. Basic validation of minimally required values per guest mode
# is provided by default.
mandatory_fields=firstname,lastname,phone,email,sponsor_email
#
# guests_self_registration.guest_pid
#
# What field should we assign to the pid of the guest? Defaults to email.
guest_pid=phone
[guests_admin_registration]
#
# guests_admin_registration.default_access_duration
#
# This is the default access duration value selected in the dropdown on the
# guest management interface.
default_access_duration=5D
[alerting]
#
# alerting.emailaddr
#
# Email address to which notifications of rogue DHCP servers, violations with
an action of "email", or any other
# PacketFence-related message goes to.
[email protected]
[database]
#
# database.pass
#
# Password for the mysql database used by PacketFence.
pass=XXXXXX
[expire]
#
# expire.node
#
# Time before a node is removed due to inactivity.
# A value of 0D disables expiration.
# example:
# node=90D
node=30D
[vlan]
#
# vlan.trap_limit_action
#
# Action that PacketFence will take if the vlan.trap_limit_threshold is reached.
# Defaults to none. email will send an email every hour if the limit's still
reached.
# shut will shut the port on the switch and will also send an email even if
email is not
# specified.
trap_limit_action=shut
[interface em1.99]
ip=192.168.99.254
type=management
mask=255.255.255.0
# enforcement=inline
#[interface em1.10]
#enforcement=vlan
#ip=192.168.10.254
#type=internal
#mask=255.255.255.0
[interface em1]
enforcement=vlan
ip=172.16.25.219
type=internal
mask=255.255.240.0
networks.conf:
[192.168.2.0]
dns=192.168.2.254
dhcp_start=192.168.2.10
gateway=192.168.2.254
named=enabled
dhcp_max_lease_time=30
dhcpd=enabled
type=vlan-registration
netmask=255.255.255.0
dhcp_end=192.168.2.246
dhcp_default_lease_time=30
domain-name=vlan-registration.labnetwork.com
[192.168.3.0]
dns=192.168.3.254
dhcp_start=192.168.3.10
gateway=192.168.3.254
named=enabled
dhcp_max_lease_time=30
dhcpd=enabled
type=vlan-isolation
netmask=255.255.255.0
dhcp_end=192.168.3.246
dhcp_default_lease_time=30
domain-name=vlan-isolation.labnetwork.com
switches.conf
#
# Copyright 2006-2008 Inverse inc.
#
# See the enclosed file COPYING for license information (GPL).
# If you did not receive this file, see
# http://www.fsf.org/licensing/licenses/gpl.html
[default]
vlans=1,2,3,4,5
normalVlan=1
registrationVlan=2
isolationVlan=3
macDetectionVlan=4
voiceVlan=5
inlineVlan=6
inlineTrigger=
normalRole=normal
registrationRole=registration
isolationRole=isolation
macDetectionRole=macDetection
voiceRole=voice
inlineRole=inline
VoIPEnabled=no
mode=testing
macSearchesMaxNb=30
macSearchesSleepInterval=2
uplink=dynamic
#
# Command Line Interface
#
# cliTransport could be: Telnet, SSH or Serial
cliTransport=Telnet
cliUser=
cliPwd=
cliEnablePwd=
#
# SNMP section
#
# PacketFence -> Switch
SNMPVersion=1
SNMPCommunityRead=public
SNMPCommunityWrite=private
#SNMPEngineID = 0000000000000
#SNMPUserNameRead = readUser
#SNMPAuthProtocolRead = MD5
#SNMPAuthPasswordRead = authpwdread
#SNMPPrivProtocolRead = DES
#SNMPPrivPasswordRead = privpwdread
#SNMPUserNameWrite = writeUser
#SNMPAuthProtocolWrite = MD5
#SNMPAuthPasswordWrite = authpwdwrite
#SNMPPrivProtocolWrite = DES
#SNMPPrivPasswordWrite = privpwdwrite
# Switch -> PacketFence
SNMPVersionTrap=1
SNMPCommunityTrap=public
#SNMPAuthProtocolTrap = MD5
#SNMPAuthPasswordTrap = authpwdread
#SNMPPrivProtocolTrap = DES
#SNMPPrivPasswordTrap = privpwdread
#
# Web Services Interface
#
# wsTransport could be: http or https
wsTransport=http
wsUser=
wsPwd=
#
# RADIUS NAS Client config
#
# RADIUS shared secret with switch
radiusSecret=
[192.168.0.1]
type=Cisco::Catalyst_2900XL
mode=production
uplink=23,24
[192.168.99.2]
mode=production
triggerInline=
deauthMethod=HTTP
type=Extreme::Summit_X250e
uplink_dynamic=0
uplink=44,45,46,47
employeeVlan=1
employeeRole=employee
SNMPVersionTrap=2c
SNMPVersion=2c
cliUser=admin
cliPwd=XXXXXXX
cliEnablePwd=XXXXXXX
wsPwd=XXXXXXXX
wsUser=admin
defaultVlan=1
voiceVlan=100
guestVlan=5
infrastructureVlan=99
#SNMPVersion = 3
#SNMPEngineID = 0000000000000
#SNMPUserNameRead = readUser
#SNMPAuthProtocolRead = MD5
#SNMPAuthPasswordRead = authpwdread
#SNMPPrivProtocolRead = DES
#SNMPPrivPasswordRead = privpwdread
#SNMPUserNameWrite = writeUser
#SNMPAuthProtocolWrite = MD5
#SNMPAuthPasswordWrite = authpwdwrite
#SNMPPrivProtocolWrite = DES
#SNMPPrivPasswordWrite = privpwdwrite
#SNMPVersionTrap = 3
#SNMPUserNameTrap = readUser
#SNMPAuthProtocolTrap = MD5
#SNMPAuthPasswordTrap = authpwdread
#SNMPPrivProtocolTrap = DES
#SNMPPrivPasswordTrap = privpwdread
Don
------------------------------------------------------------------------------
AlienVault Unified Security Management (USM) platform delivers complete
security visibility with the essential security capabilities. Easily and
efficiently configure, manage, and operate all of your security controls
from a single console and one unified framework. Download a free trial.
http://p.sf.net/sfu/alienvault_d2d
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
