Hi PacketFence Users,
We have recently started testing PacketFence in our small environment and are
having issues with the httpd.portal service starting. We used the ZEN vAPP
version of PacketFence. We have it mostly configured and when I plug a device
into a switchport it successfully moves me to the registration VLAN. However
the httpd.portal service will not start. I have tried restarting the service
and restarting the whole PacketFence server. When I start it though the web
interface it things for about 10 seconds then refreshed the page and it stays
at "stopped". All other services are started without issue.
All I see in the httpd.portal.log file is:
Jul 06 11:13:41 httpd.portal(1802) INFO: captiveportal powered by Catalyst
5.90011 (Catalyst::setup)Jul 06 13:10:32 httpd.portal(2418) INFO: captiveportal
powered by Catalyst 5.90011 (Catalyst::setup)Jul 06 13:11:22 httpd.portal(2493)
INFO: captiveportal powered by Catalyst 5.90011 (Catalyst::setup)Jul 06
13:14:42 httpd.portal(2629) INFO: captiveportal powered by Catalyst 5.90011
(Catalyst::setup)Jul 06 13:15:44 httpd.portal(2650) INFO: captiveportal powered
by Catalyst 5.90011 (Catalyst::setup)Jul 10 18:48:48 httpd.portal(4055) INFO:
captiveportal powered by Catalyst 5.90011 (Catalyst::setup)Jul 10 18:50:48
httpd.portal(1801) INFO: captiveportal powered by Catalyst 5.90011
(Catalyst::setup)Jul 10 18:55:49 httpd.portal(1954) INFO: captiveportal powered
by Catalyst 5.90011 (Catalyst::setup)Jul 10 19:03:58 httpd.portal(2005) INFO:
captiveportal powered by Catalyst 5.90011 (Catalyst::setup)Jul 10 19:09:52
httpd.portal(2045) INFO: captiveportal powered by Catalyst 5.90011
(Catalyst::setup)
I also looked throught he packetfence.log file and other files in the log
directory. I didn't see anything that appeared to be related. Let me know if
there are other logs that would be good to check that I may have missed. I am
not sure if there is an Apache log anywhere.
Below is the Packetfence config and network configuration files as well as the
JuniperEX2200 48 port switch config.
We are currently using a local deployment. The Packetfence server is the
direct gateway for both Registration and Isolation VLANs.
Any help will be appreciated. Thanks!
PACKETFENCE CONFIGURATION FILE
[general]## general.domain## Domain name of PacketFence
system.domain=DOMAIN.LOCAL## general.hostname## Hostname of PacketFence system.
This is concatenated with the domain in Apache rewriting rules and therefore
must be resolvable by clients.hostname=NOC2-PF## general.dnsservers##
Comma-delimited list of DNS servers. Passthroughs are created to allow queries
to these servers from even "trapped" nodes.dnsservers=127.0.0.1,192.168.2.1##
general.dhcpservers## Comma-delimited list of DHCP servers. Passthroughs are
created to allow DHCP transactions from even "trapped"
nodes.dhcpservers=127.0.0.1,192.168.2.1
[trapping]## trapping.range## Comma-delimited list of address ranges/CIDR
blocks that PacketFence will monitor/detect/trap on. Gateway, network, and#
broadcast addresses are ignored.range=192.168.0.0/24,10.22.12.0/24,10.22.13.0/24
[registration]## registration.range##range=10.22.12.0/24##
registration.nbregpages## The number of registration pages to show to the
usernbregpages=1
[alerting]## alerting.emailaddr## Email address to which notifications of rogue
DHCP servers, violations with an action of "email", or any other#
PacketFence-related message goes [email protected]
[database]## database.pass## Password for the mysql database used by
PacketFence.(REMOVED PASSWORD)[captive_portal]##
captive_portal.network_detection_ip## This IP is used as the webserver who
hosts the common/network-access-detection.gif which is used to detect if
network# access was enabled.# It cannot be a domain name since it is used in
registration or quarantine where DNS is blackholed.# It is recommended that you
allow your users to reach your packetfence server and put your LAN's
PacketFence IP.# By default we will make this reach PacketFence's website as an
easy solution.#network_detection_ip=10.22.12.1##
captive_portal.secure_redirect## If secure_redirect is enabled, the captive
portal uses HTTPS when redirecting# captured clients. This is the default
behavior.secure_redirect=disabled
[interface eth0]ip=192.168.2.110type=managementmask=255.255.255.0
[interface eth1]enforcement=vlanip=10.22.12.1type=internalmask=255.255.255.0
[interface
eth2]enforcement=inlinel2ip=192.168.2.5type=internalmask=255.255.255.0
[interface eth1.12]enforcement=vlanip=10.22.12.1type=internalmask=255.255.255.0
[interface eth2.13]enforcement=vlanip=10.22.13.1type=internalmss=p@ck3tf3nc3
[captive_portal]## captive_portal.network_detection_ip## This IP is used as the
webserver who hosts the common/network-access-detection.gif which is used to
detect if network# access was enabled.# It cannot be a domain name since it is
used in registration or quarantine where DNS is blackholed.# It is recommended
that you allow your users to reach your packetfence server and put your LAN's
PacketFence IP.# By default we will make this reach PacketFence's website as an
easy solution.#network_detection_ip=10.22.12.1#Mask=255.255.255.0
PACKETFENCE NETWORK CONFIGURATION FILE
[root@PacketFence-ZEN-4-2 conf]# vi
networks.conf[10.22.12.0]dns=10.22.12.1dhcp_start=10.22.12.10gateway=10.22.12.1domain-name=vlan-registration.DOMAIN.LOCALnamed=enableddhcp_max_lease_time=30dhcpd=enabledfake_mac_enabled=disableddhcp_end=10.22.12.246type=vlan-registrationnetmask=255.255.255.0dhcp_default_lease_time=30
[10.22.13.0]dns=10.22.13.1dhcp_start=10.22.13.10gateway=10.22.13.1domain-name=vlan-isolation.DOMAIN.LOCALnamed=enableddhcp_max_lease_time=30dhcpd=disabledfake_mac_enabled=disableddhcp_end=10.22.13.246type=vlan-isolationnetmask=255.255.255.0dhcp_default_lease_time=30
SWITCH CONFIGURATION - Juniper EX2200-48p(Sensitive Data Removed)All missing
switchports have the same configuration as ge0/0/0
root@PFtest> show configuration## Last commit: 2014-07-06 12:37:59 UTC by
rootversion 12.3R3.4;system { host-name PFtest; root-authentication {
encrypted-password "(REMOVED)."; ## SECRET-DATA } services {
ssh { protocol-version v2; } netconf { ssh;
} web-management { http; } dhcp {
traceoptions { file dhcp_logfile; level all;
flag all; } } } syslog { user * {
any emergency; } file messages { any notice;
authorization info; } file interactive-commands {
interactive-commands any; } }}chassis {
auto-image-upgrade;}interfaces { interface-range access-ports {
member-range ge-0/0/10 to ge-0/0/20; unit 0 { family
ethernet-switching { port-mode access; } }
} ge-0/0/0 { unit 0 { family ethernet-switching; }
}
************ge-0/0/1 to ge-0/0/45 have the same configuration as port
ge-0/0/0******************
ge-0/0/46 { unit 0 { family ethernet-switching {
port-mode trunk; vlan { members [
MANAGEMENT GUESTS NORMAL ]; } native-vlan-id
MANAGEMENT; } } } ge-0/0/47 { unit 0 {
family ethernet-switching { port-mode trunk;
vlan { members [ ISOLATION MANAGEMENT REGISTRATION MACDETECT
]; } native-vlan-id MANAGEMENT; }
} } ge-0/1/0 { unit 0 { family ethernet-switching;
} } ge-0/1/1 { unit 0 { family ethernet-switching;
} } ge-0/1/2 { unit 0 { family
ethernet-switching; } } ge-0/1/3 { unit 0 {
family ethernet-switching; } } vlan { unit 0 {
family inet { address 192.168.1.5/24; } }
unit 1 { family inet { address 192.168.2.4/24;
} } }}snmp { view jweb-view-all { oid .1 include;
} community SNMPPF { view jweb-view-all; authorization
read-write; } trap-group SNMPPF { categories {
authentication; chassis; link;
remote-operations; routing; startup;
rmon-alarm; vrrp-events; configuration; }
targets { 192.168.2.110; } }}routing-options { static {
route 0.0.0.0/0 next-hop 192.168.2.1; }}protocols { igmp-snooping
{ vlan all; } dot1x { authenticator {
authentication-profile-name packetfence; interface {
access-ports { supplicant multiple;
mac-radius { restrict;
flap-on-disconnect; } } } }
} rstp; lldp { interface all; } lldp-med {
interface all; }}access { radius-server { 192.168.2.110 {
port 1812; secret
"$9$LXZxb2aZjmPQhSYoZG.mp0BRSex7Vg4ZNdqP5Q9CuO1Ervx7V2oG"; ##
SECRET-DATA } } profile packetfence { authentication-order
radius; radius { authentication-server 192.168.2.110;
accounting-server 192.168.2.110; } accounting {
order radius; accounting-stop-on-failure;
accounting-stop-on-access-deny; } }}ethernet-switching-options {
secure-access-port { interface access-ports { mac-limit 1
action drop; } } voip; storm-control { interface all;
}}vlans { GUESTS { description "GUESTS VLAN"; vlan-id 15;
interface { ge-0/0/5.0; } } ISOLATION {
description "PacketFence Local Isolation"; vlan-id 13; } MACDETECT
{ description "MAC DETECTION"; vlan-id 14; interface {
ge-0/0/4.0; } } MANAGEMENT { description " Office
Network"; vlan-id 3; interface { ge-0/0/3.0; }
l3-interface vlan.1; } NORMAL { description "Normal VLAN";
vlan-id 20; interface { ge-0/0/6.0; } }
REGISTRATION { description "PacketFence Local Registration";
vlan-id 12; interface { ge-0/0/1.0; } } default
{ vlan-id 1; l3-interface vlan.0; }}
{master:0}
------------------------------------------------------------------------------
Open source business process management suite built on Java and Eclipse
Turn processes into business applications with Bonita BPM Community Edition
Quickly connect people, data, and systems into organized workflows
Winner of BOSSIE, CODIE, OW2 and Gartner awards
http://p.sf.net/sfu/Bonitasoft
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
