Try to run ipset command under the pf user.
Le 2013-05-30 11:08, Fletcher Haynes a écrit :
Hi Fabrice, Here is the entry I have in sudoers for pf user: pf ALL=NOPASSWD: /sbin/iptables, /usr/sbin/ipset Defaults:pf !requirettyOn Thu, May 30, 2013 at 8:05 AM, Fabrice DURAND <[email protected] <mailto:[email protected]>> wrote:Hi Fletcher, can you check in the sudoers file if there is an entry for ipset ? Thanks Fabrice Le 2013-05-29 19:41, Fletcher Haynes a écrit :Hello everyone, I have deployed packetfence in an OOB mode and it works great. I am now experimenting with the inline mode to handle a different use case. I can get through the captive portal on my test machine, but right after registration, ipset seems to have issues. I see the following log messages quite a bit: May 29 16:35:53 pfdhcplistener(12707) WARN: Problem trying to run command: LANG=C sudo ipset --list pfsession_Unreg_10.84.0.0 2>&1 called from get_ip_from_ipset_by_mac. Child exited with non-zero value 1 (pf::util::pf_run) May 29 16:35:54 pfdhcplistener(12707) WARN: Problem trying to run command: LANG=C sudo ipset --list pfsession_Reg_10.84.0.0 2>&1 called from ipset_remove_ip. Child exited with non-zero value 1 (pf::util::pf_run) May 29 16:35:54 pfdhcplistener(12707) WARN: Problem trying to run command: LANG=C sudo ipset --add pfsession_Reg_10.84.0.0 10.84.109.110,00:50:56:b4:7d:1b 2>&1 called from iptables_mark_node. Child exited with non-zero value 1 (pf::util::pf_run) May 29 16:34:38 pfsetvlan(9) WARN: Problem trying to run command: LANG=C sudo ipset --list pfsession_Unreg_10.84.0.0 2>&1 called from get_ip_from_ipset_by_mac. Child exited with non-zero value 1 (pf::util::pf_run) Use of uninitialized value $out in split at /usr/local/pf/lib/pf/ipset.pm <http://ipset.pm> line 304. May 29 16:34:38 pfsetvlan(9) WARN: Problem trying to run command: LANG=C sudo ipset --list pfsession_Reg_10.84.0.0 2>&1 called from ipset_remove_ip. Child exited with non-zero value 1 (pf::util::pf_run) Use of uninitialized value $out in split at /usr/local/pf/lib/pf/ipset.pm <http://ipset.pm> line 266. My test machine does not have any network access. However, if I run the ipset --add command manually (I copy and paste it right out of the log message) then it works fine. This is my pf.conf for the interface on the inline network: [interface eth4] ip=10.84.0.1 mask=255.255.0.0 type=internal enforcement=inline gateway=10.84.0.1 And this is my networks.conf for that network: [10.84.0.0] type=inline named=enabled dhcpd=enabled netmask=255.255.0.0 gateway=10.84.0.1 next_hop= domain-name=kiosk.willamette.edu <http://kiosk.willamette.edu> dns=158.104.100.1 dhcp_start=10.84.0.2 dhcp_end=10.84.254.254 dhcp_default_lease_time=300 dhcp_max_lease_time=30 I also enabled ipv4 forwarding in sysctl. Did I miss something? Any help would be greatly appreciated! Thanks,-- Fletcher Haynes <[email protected]<mailto:[email protected]>> ------------------------------------------------------------------------------ Introducing AppDynamics Lite, a free troubleshooting tool for Java/.NET Get 100% visibility into your production application - at no cost. Code-level diagnostics for performance bottlenecks with <2% overhead Download for free and get started troubleshooting in minutes. http://p.sf.net/sfu/appdyn_d2d_ap1 _______________________________________________ PacketFence-users mailing list [email protected] <mailto:[email protected]> https://lists.sourceforge.net/lists/listinfo/packetfence-users-- Fabrice Durand[email protected] <mailto:[email protected]> ::+1.514.447.4918 <tel:%2B1.514.447.4918> (x135) ::www.inverse.ca <http://www.inverse.ca> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence (http://packetfence.org) ------------------------------------------------------------------------------ Introducing AppDynamics Lite, a free troubleshooting tool for Java/.NET Get 100% visibility into your production application - at no cost. Code-level diagnostics for performance bottlenecks with <2% overhead Download for free and get started troubleshooting in minutes. http://p.sf.net/sfu/appdyn_d2d_ap1 _______________________________________________ PacketFence-users mailing list [email protected] <mailto:[email protected]> https://lists.sourceforge.net/lists/listinfo/packetfence-users -- Fletcher Haynes <[email protected] <mailto:[email protected]>> Systems Administrator/Network Services Consultant Willamette Integrated Technology Services Willamette University, Salem, OR Phone: 503.370.6016 ------------------------------------------------------------------------------ Introducing AppDynamics Lite, a free troubleshooting tool for Java/.NET Get 100% visibility into your production application - at no cost. Code-level diagnostics for performance bottlenecks with <2% overhead Download for free and get started troubleshooting in minutes. http://p.sf.net/sfu/appdyn_d2d_ap1 _______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
-- Fabrice Durand [email protected] :: +1.514.447.4918 (x135) :: www.inverse.ca Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence (http://packetfence.org)
------------------------------------------------------------------------------ Introducing AppDynamics Lite, a free troubleshooting tool for Java/.NET Get 100% visibility into your production application - at no cost. Code-level diagnostics for performance bottlenecks with <2% overhead Download for free and get started troubleshooting in minutes. http://p.sf.net/sfu/appdyn_d2d_ap1
_______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
