Derek,
Not to butt in, but I seem to have a somewhat related problem. I can't even
get my Cisco switches to provide the DHCP traffic to the DHCP listener on
the PF server; however, apparently that is not necessary as you should be
able to extract it from your RADIUS accounting feed. That feed seems to
produce it alright but the PF still does not get the location data for some
reason.
Details here:
http://www.mail-archive.com/packetfence-users%40lists.sourceforge.net/msg08823.html
I wonder if there is a way to make sense of all of this - i.e., I have yet
to see a well-defined way to instruct the PF to use a certain path for
determining the node's IP address for its records.
Cheers,
Boris.
On Wed, May 20, 2015 at 1:41 AM, Derek Wuelfrath <[email protected]>
wrote:
> John,
>
> Thanks for that amount of details, I'll have a look at the workflow and
> see if there's something missing.
>
> Anyhow, I figured out that I didn't actually have full debugging for
> pfdhcplistener on and got that on this morning. Should I also use debug on
> some part of httpd.portal?
>
> That'd be great. Please put httpd.portal, pfdhcplistener and packetfence
> genral log in debug.
>
> I also have a steady stream of "WARN: Unable to perform a Fingerbank
> lookup for device with MAC address" errors but I'm not sure if that has any
> connection to the problem or not.
>
> Can you have a look at /usr/local/fingerbank/log/fingerbank.log
> Cheers!
> dw.
>
> --
> Derek Wuelfrath
> [email protected] :: +1.514.447.4918 (x110) :: +1.866.353.6153 (x110)
> Inverse inc. (www.inverse.ca) :: Leaders behind SOGo (www.sogo.nu) and
> PacketFence (www.packetfence.org)
>
> On May 19, 2015 at 12:42:35, John Baker ([email protected]) wrote:
>
> Hi,
>
> Sorry, symptomatically it's been confusing and I just figured out how to
> get deeper into the program and set debugging on processes to look at
> specific problems.
>
> Here's what I have. We use inline mode exclusively and for some time we
> have had sporadic problems with users registering and then getting stuck on
> the "Your network should be enabled within a minute or two. If it is not
> reboot your computer" screen. When I was onsite to confirm I found that
> their mac and IP never got put in ipset. Just restarting the packetfence
> service always made it work again and it happened seldom enough that I
> didn't think it was a serious problem. But when I upgraded to 5 and now
> 5.02 it become more pervasive and seemed to be happening all the time.
>
> Then I found that it correlated with " httpd.portal(process#) WARN:
> [mac-address] Can't re-evaluate access because no open locationlog entry
> was found (pf::enforcement::reevaluate_access)" errors in packetfence.log.
> I also found that problem mac addresses didn't show up at all in
> pfdhcplistener.log though they were getting addresses from dhcpd.
>
> So again what I found yesterday when I did more thorough testing was that
> only new devices were not working. Devices registered and then unregistered
> were able to register again. Previously registered devices all had entries
> in the locationlog table but nothing was being updated or written to it.
> Once I restarted packtefence newly registered devices were written to the
> table and everything was happy.
>
> Anyhow, I figured out that I didn't actually have full debugging for
> pfdhcplistener on and got that on this morning. Should I also use debug on
> some part of httpd.portal?
>
> I have no idea when the problem will start again but I know what to look
> for to know that it's happening now. I can replicate the error consistently
> with any new machine when it's happening but I can't make it happen in the
> first place. I'm not sure what part is getting stuck. All of the processes
> all appear to be running properly when this happens.
>
> Could I just be missing some maintenance script that needs to run?
>
> I also have a steady stream of "WARN: Unable to perform a Fingerbank
> lookup for device with MAC address" errors but I'm not sure if that has any
> connection to the problem or not.
>
> thank you
>
>
>
>> On Tue, May 19, 2015 at 10:19 AM, Derek Wuelfrath <[email protected]>
>> wrote:
>>
>>> Hello John,
>>>
>>> Can you just do a quick recap in reply describing the scenario in which
>>> it doesn’t work, and the scenario in which it is working.
>>> I’ll then have a look at the workflow in the code and see if we are
>>> missing something.
>>>
>>> Cheers!
>>> dw.
>>>
>>> --
>>> Derek Wuelfrath
>>> [email protected] :: +1.514.447.4918 (x110) :: +1.866.353.6153
>>> (x110)
>>> Inverse inc. (www.inverse.ca) :: Leaders behind SOGo (www.sogo.nu) and
>>> PacketFence (www.packetfence.org)
>>>
>>> On May 18, 2015 at 19:08:03, John Baker ([email protected]) wrote:
>>>
>>> Ok, I have been pestering with this error. I pulled in 4 never
>>> registered computers along with a couple that were registered and then
>>> unregistered later. What I found was that only the previously registered
>>> ones worked after registration. All others were registered but stuck on the
>>> success screen and never added to IPset.
>>>
>>> Further digging revealed that the locationlog in in the database had not
>>> been written to for 4 days. So I unregistered all but one of the new
>>> devices and restarted the packetfence service. After doing so the new one
>>> that I left registered now had an entry in locationlog. I registered the
>>> others again and they all then wrote to locationlog without any problem.
>>>
>>> Any suggestions on why this might be happening? Do I just need to
>>> restart the service once a day with a cron job? Being that it runs iptables
>>> on the router this doesn't seem like a particularly safe method.
>>>
>>> --
>>> John Baker
>>> Network Administrator
>>> Marlboro College
>>> Phone: 451-7551 Cell: 490-0066
>>>
>>> ------------------------------------------------------------------------------
>>> One dashboard for servers and applications across Physical-Virtual-Cloud
>>> Widest out-of-the-box monitoring support with 50+ applications
>>> Performance metrics, stats and reports that give you Actionable Insights
>>> Deep dive visibility with transaction tracing using APM Insight.
>>>
>>> http://ad.doubleclick.net/ddm/clk/290420510;117567292;y_______________________________________________
>>> PacketFence-users mailing list
>>> [email protected]
>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>>
>>>
>>
>>
>> --
>> John Baker
>> Network Administrator
>> Marlboro College
>> Phone: 451-7551 Cell: 490-0066
>>
>
>
>
> --
> John Baker
> Network Administrator
> Marlboro College
> Phone: 451-7551 Cell: 490-0066
>
> ------------------------------------------------------------------------------
>
> One dashboard for servers and applications across Physical-Virtual-Cloud
> Widest out-of-the-box monitoring support with 50+ applications
> Performance metrics, stats and reports that give you Actionable Insights
> Deep dive visibility with transaction tracing using APM Insight.
>
> http://ad.doubleclick.net/ddm/clk/290420510;117567292;y_______________________________________________
> PacketFence-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
>
>
> ------------------------------------------------------------------------------
> One dashboard for servers and applications across Physical-Virtual-Cloud
> Widest out-of-the-box monitoring support with 50+ applications
> Performance metrics, stats and reports that give you Actionable Insights
> Deep dive visibility with transaction tracing using APM Insight.
> http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
> _______________________________________________
> PacketFence-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
>
------------------------------------------------------------------------------
One dashboard for servers and applications across Physical-Virtual-Cloud
Widest out-of-the-box monitoring support with 50+ applications
Performance metrics, stats and reports that give you Actionable Insights
Deep dive visibility with transaction tracing using APM Insight.
http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
