Hi Don On 2013-05-14, at 2:35 PM, Don Greer <[email protected]> wrote:
> So I’ve got 4.0.0 mostly working and was doing some testing. Attempted to > do a “Generic” violation on my test box and get a warning on the web gui of > an error when adding the violation. So, I go look at the log and I get this: > > May 14 13:02:41 httpd.admin(0) INFO: "1300000" found > (pfappserver::Base::Model::Config::hasId) > May 14 13:02:41 httpd.admin(0) INFO: grace expired on violation 1300000 for > node 00:24:7e:68:fc:c3 (pf::violation::violation_add) > May 14 13:02:41 httpd.admin(0) WARN: database query failed with: Cannot add > or update a child row: a foreign key constraint fails (`pf`.`violation`, > CONSTRAINT `0_61` FOR > EIGN KEY (`vid`) REFERENCES `class` (`vid`) ON DELETE CASCADE ON UPDATE > CASCADE). (errno: 1452), will try again (pf::db::db_query_execute) > May 14 13:02:41 httpd.admin(0) WARN: database query failed with: Cannot add > or update a child row: a foreign key constraint fails (`pf`.`violation`, > CONSTRAINT `0_61` FOR > EIGN KEY (`vid`) REFERENCES `class` (`vid`) ON DELETE CASCADE ON UPDATE > CASCADE). (errno: 1452), will try again (pf::db::db_query_execute) > May 14 13:02:41 httpd.admin(0) WARN: database query failed with: Cannot add > or update a child row: a foreign key constraint fails (`pf`.`violation`, > CONSTRAINT `0_61` FOR > EIGN KEY (`vid`) REFERENCES `class` (`vid`) ON DELETE CASCADE ON UPDATE > CASCADE). (errno: 1452), will try again (pf::db::db_query_execute) > May 14 13:02:41 httpd.admin(0) ERROR: Database issue: We tried 3 times to > serve query violation_add_sql called from pf::violation::violation_add and we > failed. Is the dat > abase running? (pf::db::db_query_execute) > > Of course, the database IS running. What does the following SQL query returns? select * from class where vid = 1300000; If it doesn't match any row, edit any violation in the web admin (Configuration -> Violations) and save it (no need to modify anything). The 'class' table will be updated with the violations definitions from violations.conf. > I also get a whole blast of these when I restart. I’m sure the DB is running > because it’s recording devices it discovers via dhcplistener. > > Any ideas where I should be looking? Is this a bug, or is this a config > issue on my side (I consider the latter more likely :^). > > I’m using an Extreme Networks Summit X450e, although I’ve set it to send > up/down notifications rather than port protection > > > pf.conf: > [general] > # > # general.domain > # > # Domain name of PacketFence system. > domain=dptlabs.com > # > # general.hostname > # > # Hostname of PacketFence system. This is concatenated with the domain in > Apache rewriting rules and therefore must be resolvable by clients. > hostname=pf-1 > # > # general.dnsservers > # > # Comma-delimited list of DNS servers. Passthroughs are created to allow > queries to these servers from even "trapped" nodes. > dnsservers=127.0.0.1,172.16.18.249 > # > # general.dhcpservers > # > # Comma-delimited list of DHCP servers. Passthroughs are created to allow > DHCP transactions from even "trapped" nodes. > dhcpservers=127.0.0.1,172.16.18.254 > # > # general.timezone > # > # System's timezone in string format. Supported list: > # http://www.php.net/manual/en/timezones.php > timezone=America/Chicago > > [network] > # > # network.rogue_dhcp_detection > # > # Tries to identify Rogue DHCP Servers and triggers the 1100010 violation if > one is found. > # This feature is only available if the dhcpdetector is activated. > rogue_dhcp_detection=disabled > > [registration] > # > # registration.range > # > # > range=192.168.2.0/24 > > [guests_self_registration] > # > # guests_self_registration.mandatory_fields > # > # Fields required to be filled in the self-registration form. Valid values > are: > # firstname, lastname, organization, phone, mobileprovider, email, > # sponsor_email. Basic validation of minimally required values per guest mode > # is provided by default. > mandatory_fields=firstname,lastname,phone,email,sponsor_email > # > # guests_self_registration.guest_pid > # > # What field should we assign to the pid of the guest? Defaults to email. > guest_pid=phone > > [guests_admin_registration] > # > # guests_admin_registration.default_access_duration > # > # This is the default access duration value selected in the dropdown on the > # guest management interface. > default_access_duration=5D > > [alerting] > # > # alerting.emailaddr > # > # Email address to which notifications of rogue DHCP servers, violations with > an action of "email", or any other > # PacketFence-related message goes to. > [email protected] > > [database] > # > # database.pass > # > # Password for the mysql database used by PacketFence. > pass=XXXXXX > > [expire] > # > # expire.node > # > # Time before a node is removed due to inactivity. > # A value of 0D disables expiration. > # example: > # node=90D > node=30D > > [vlan] > # > # vlan.trap_limit_action > # > # Action that PacketFence will take if the vlan.trap_limit_threshold is > reached. > # Defaults to none. email will send an email every hour if the limit's still > reached. > # shut will shut the port on the switch and will also send an email even if > email is not > # specified. > trap_limit_action=shut > > [interface em1.99] > ip=192.168.99.254 > type=management > mask=255.255.255.0 > > # enforcement=inline > #[interface em1.10] > #enforcement=vlan > #ip=192.168.10.254 > #type=internal > #mask=255.255.255.0 > [interface em1] > enforcement=vlan > ip=172.16.25.219 > type=internal > mask=255.255.240.0 > > > networks.conf: > [192.168.2.0] > dns=192.168.2.254 > dhcp_start=192.168.2.10 > gateway=192.168.2.254 > named=enabled > dhcp_max_lease_time=30 > dhcpd=enabled > type=vlan-registration > netmask=255.255.255.0 > dhcp_end=192.168.2.246 > dhcp_default_lease_time=30 > domain-name=vlan-registration.labnetwork.com > > [192.168.3.0] > dns=192.168.3.254 > dhcp_start=192.168.3.10 > gateway=192.168.3.254 > named=enabled > dhcp_max_lease_time=30 > dhcpd=enabled > type=vlan-isolation > netmask=255.255.255.0 > dhcp_end=192.168.3.246 > dhcp_default_lease_time=30 > domain-name=vlan-isolation.labnetwork.com > > > > switches.conf > # > # Copyright 2006-2008 Inverse inc. > # > # See the enclosed file COPYING for license information (GPL). > # If you did not receive this file, see > # http://www.fsf.org/licensing/licenses/gpl.html > [default] > vlans=1,2,3,4,5 > normalVlan=1 > registrationVlan=2 > isolationVlan=3 > macDetectionVlan=4 > voiceVlan=5 > inlineVlan=6 > inlineTrigger= > normalRole=normal > registrationRole=registration > isolationRole=isolation > macDetectionRole=macDetection > voiceRole=voice > inlineRole=inline > VoIPEnabled=no > mode=testing > macSearchesMaxNb=30 > macSearchesSleepInterval=2 > uplink=dynamic > # > # Command Line Interface > # > # cliTransport could be: Telnet, SSH or Serial > cliTransport=Telnet > cliUser= > cliPwd= > cliEnablePwd= > # > # SNMP section > # > # PacketFence -> Switch > SNMPVersion=1 > SNMPCommunityRead=public > SNMPCommunityWrite=private > #SNMPEngineID = 0000000000000 > #SNMPUserNameRead = readUser > #SNMPAuthProtocolRead = MD5 > #SNMPAuthPasswordRead = authpwdread > #SNMPPrivProtocolRead = DES > #SNMPPrivPasswordRead = privpwdread > #SNMPUserNameWrite = writeUser > #SNMPAuthProtocolWrite = MD5 > #SNMPAuthPasswordWrite = authpwdwrite > #SNMPPrivProtocolWrite = DES > #SNMPPrivPasswordWrite = privpwdwrite > # Switch -> PacketFence > SNMPVersionTrap=1 > SNMPCommunityTrap=public > #SNMPAuthProtocolTrap = MD5 > #SNMPAuthPasswordTrap = authpwdread > #SNMPPrivProtocolTrap = DES > #SNMPPrivPasswordTrap = privpwdread > # > # Web Services Interface > # > # wsTransport could be: http or https > wsTransport=http > wsUser= > wsPwd= > # > # RADIUS NAS Client config > # > # RADIUS shared secret with switch > radiusSecret= > > [192.168.0.1] > type=Cisco::Catalyst_2900XL > mode=production > uplink=23,24 > > [192.168.99.2] > mode=production > triggerInline= > deauthMethod=HTTP > type=Extreme::Summit_X250e > uplink_dynamic=0 > uplink=44,45,46,47 > employeeVlan=1 > employeeRole=employee > SNMPVersionTrap=2c > SNMPVersion=2c > cliUser=admin > cliPwd=XXXXXXX > cliEnablePwd=XXXXXXX > wsPwd=XXXXXXXX > wsUser=admin > defaultVlan=1 > voiceVlan=100 > guestVlan=5 > infrastructureVlan=99 > #SNMPVersion = 3 > #SNMPEngineID = 0000000000000 > #SNMPUserNameRead = readUser > #SNMPAuthProtocolRead = MD5 > #SNMPAuthPasswordRead = authpwdread > #SNMPPrivProtocolRead = DES > #SNMPPrivPasswordRead = privpwdread > #SNMPUserNameWrite = writeUser > #SNMPAuthProtocolWrite = MD5 > #SNMPAuthPasswordWrite = authpwdwrite > #SNMPPrivProtocolWrite = DES > #SNMPPrivPasswordWrite = privpwdwrite > #SNMPVersionTrap = 3 > #SNMPUserNameTrap = readUser > #SNMPAuthProtocolTrap = MD5 > #SNMPAuthPasswordTrap = authpwdread > #SNMPPrivProtocolTrap = DES > #SNMPPrivPasswordTrap = privpwdread > > > Don -- [email protected] :: +1.514.755.3640 :: http://www.inverse.ca Inverse :: Leaders behind SOGo (http://sogo.nu) and PacketFence (http://packetfence.org) ------------------------------------------------------------------------------ AlienVault Unified Security Management (USM) platform delivers complete security visibility with the essential security capabilities. Easily and efficiently configure, manage, and operate all of your security controls from a single console and one unified framework. Download a free trial. http://p.sf.net/sfu/alienvault_d2d _______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
