John,
It appears that Fabrice is right that this is something to do with
pfdhcplistener. There are log entries for known macs while it's broken but they
are all OMAPI matches. All log entries for this vlan relating to DHCP cease. I
am digging through for more.
I’m not sure I completely follow, can you give some log entries.
I am using linux vlan interfaces and have been for years. Is it possible that
is somehow related to the problem?
That shouldn’t be related. We are actively using linux VLAN interface
This is what I see from fingerbank.log. It seems like it's probably an
unrelated error.
From what I can see in the logs, you do not have any Fingerbank API configured.
"
May 21 08:58:22 httpd.portal(5603) WARN: Can't communicate with Fingerbank
project without a valid API key. (fingerbank::Query::_interrogateUpstream)
“
In the web admin of PacketFence, “Configuration” tab, under the “Fingerbank”
section in the left-hand side menu, you’ll see a “Settings” menu option. You
should be able to configure API from there.
Cheers!
dw.
--
Derek Wuelfrath
[email protected] :: +1.514.447.4918 (x110) :: +1.866.353.6153 (x110)
Inverse inc. (www.inverse.ca) :: Leaders behind SOGo (www.sogo.nu) and
PacketFence (www.packetfence.org)
On May 21, 2015 at 11:06:55, John Baker ([email protected]) wrote:
This is what I get from debugging on one process in httpd.portal. I can add
more but it all seems to repeat this.
It appears that Fabrice is right that this is something to do with
pfdhcplistener. There are log entries for known macs while it's broken but they
are all OMAPI matches. All log entries for this vlan relating to DHCP cease. I
am digging through for more.
I am using linux vlan interfaces and have been for years. Is it possible that
is somehow related to the problem?
This is what I see from fingerbank.log. It seems like it's probably an
unrelated error.
May 21 08:58:22 httpd.portal(5604) WARN: Cannot find any ID for 'User_Agent'
with value 'Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/42.0.2311.152 Safari/537.36' (fingerbank::Query::_getQueryKeyIDs)
May 21 08:58:22 httpd.portal(5603) INFO: Existing unmatched 'User_Agent' query
key detected with value 'Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/42.0.2311.152 Safari/537.36'. Incrementing the
number of occurence (fingerbank::Query::_recordUnmatched)
May 21 08:58:22 httpd.portal(5604) INFO: Existing unmatched 'User_Agent' query
key detected with value 'Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/42.0.2311.152 Safari/537.36'. Incrementing the
number of occurence (fingerbank::Query::_recordUnmatched)
May 21 08:58:22 httpd.portal(5603) WARN: Can't communicate with Fingerbank
project without a valid API key. (fingerbank::Query::_interrogateUpstream)
May 21 08:58:22 httpd.portal(5603) WARN: Unable to fullfil a match either
locally or using upstream Fingerbank project. (fingerbank::Query::match)
May 21 08:58:22 httpd.portal(5605) INFO: Searching for 'User_Agent' entries in
schema(s) returned an empty set (fingerbank::Base::CRUD::search)
May 21 08:58:22 httpd.portal(5605) WARN: Cannot find any ID for 'User_Agent'
with value 'Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/42.0.2311.152 Safari/537.36' (fingerbank::Query::_getQueryKeyIDs)
May 21 08:58:22 httpd.portal(5605) INFO: Existing unmatched 'User_Agent' query
key detected with value 'Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/42.0.2311.152 Safari/537.36'. Incrementing the
number of occurence (fingerbank::Query::_recordUnmatched)
May 21 08:58:22 httpd.portal(5605) WARN: Can't communicate with Fingerbank
project without a valid API key. (fingerbank::Query::_interrogateUpstream)
May 21 08:58:22 httpd.portal(5605) WARN: Unable to fullfil a match either
locally or using upstream Fingerbank project. (fingerbank::Query::match)
May 21 08:58:23 httpd.portal(5604) WARN: Can't communicate with Fingerbank
project without a valid API key. (fingerbank::Query::_interrogateUpstream)
May 21 08:58:23 httpd.portal(5604) WARN: Unable to fullfil a match either
locally or using upstream Fingerbank project. (fingerbank::Query::match)
May 21 08:58:25 httpd.portal(5442) INFO: Searching for 'MAC_Vendor' entries in
schema(s) returned an empty set (fingerbank::Base::CRUD::search)
May 21 08:58:25 httpd.portal(5442) WARN: Cannot find any ID for 'MAC_Vendor'
with value '9c:d2:1e:00:7e:6b' (fingerbank::Query::_getQueryKeyIDs)
May 21 08:58:25 httpd.portal(5442) INFO: Existing unmatched 'MAC_Vendor' query
key detected with value '9c:d2:1e:00:7e:6b'. Incrementing the number of
occurence (fingerbank::Query::_recordUnmatched)
On Wed, May 20, 2015 at 1:41 AM, Derek Wuelfrath <[email protected]> wrote:
John,
Thanks for that amount of details, I'll have a look at the workflow and see if
there's something missing.
Anyhow, I figured out that I didn't actually have full debugging for
pfdhcplistener on and got that on this morning. Should I also use debug on some
part of httpd.portal?
That'd be great. Please put httpd.portal, pfdhcplistener and packetfence genral
log in debug.
I also have a steady stream of "WARN: Unable to perform a Fingerbank lookup for
device with MAC address" errors but I'm not sure if that has any connection to
the problem or not.
Can you have a look at /usr/local/fingerbank/log/fingerbank.log
Cheers!
dw.
--
Derek Wuelfrath
[email protected] :: +1.514.447.4918 (x110) :: +1.866.353.6153 (x110)
Inverse inc. (www.inverse.ca) :: Leaders behind SOGo (www.sogo.nu) and
PacketFence (www.packetfence.org)
On May 19, 2015 at 12:42:35, John Baker ([email protected]) wrote:
Hi,
Sorry, symptomatically it's been confusing and I just figured out how to get
deeper into the program and set debugging on processes to look at specific
problems.
Here's what I have. We use inline mode exclusively and for some time we have
had sporadic problems with users registering and then getting stuck on the
"Your network should be enabled within a minute or two. If it is not reboot
your computer" screen. When I was onsite to confirm I found that their mac and
IP never got put in ipset. Just restarting the packetfence service always made
it work again and it happened seldom enough that I didn't think it was a
serious problem. But when I upgraded to 5 and now 5.02 it become more pervasive
and seemed to be happening all the time.
Then I found that it correlated with " httpd.portal(process#) WARN:
[mac-address] Can't re-evaluate access because no open locationlog entry was
found (pf::enforcement::reevaluate_access)" errors in packetfence.log. I also
found that problem mac addresses didn't show up at all in pfdhcplistener.log
though they were getting addresses from dhcpd.
So again what I found yesterday when I did more thorough testing was that only
new devices were not working. Devices registered and then unregistered were
able to register again. Previously registered devices all had entries in the
locationlog table but nothing was being updated or written to it. Once I
restarted packtefence newly registered devices were written to the table and
everything was happy.
Anyhow, I figured out that I didn't actually have full debugging for
pfdhcplistener on and got that on this morning. Should I also use debug on some
part of httpd.portal?
I have no idea when the problem will start again but I know what to look for to
know that it's happening now. I can replicate the error consistently with any
new machine when it's happening but I can't make it happen in the first place.
I'm not sure what part is getting stuck. All of the processes all appear to be
running properly when this happens.
Could I just be missing some maintenance script that needs to run?
I also have a steady stream of "WARN: Unable to perform a Fingerbank lookup for
device with MAC address" errors but I'm not sure if that has any connection to
the problem or not.
thank you
On Tue, May 19, 2015 at 10:19 AM, Derek Wuelfrath <[email protected]> wrote:
Hello John,
Can you just do a quick recap in reply describing the scenario in which it
doesn’t work, and the scenario in which it is working.
I’ll then have a look at the workflow in the code and see if we are missing
something.
Cheers!
dw.
--
Derek Wuelfrath
[email protected] :: +1.514.447.4918 (x110) :: +1.866.353.6153 (x110)
Inverse inc. (www.inverse.ca) :: Leaders behind SOGo (www.sogo.nu) and
PacketFence (www.packetfence.org)
On May 18, 2015 at 19:08:03, John Baker ([email protected]) wrote:
Ok, I have been pestering with this error. I pulled in 4 never registered
computers along with a couple that were registered and then unregistered later.
What I found was that only the previously registered ones worked after
registration. All others were registered but stuck on the success screen and
never added to IPset.
Further digging revealed that the locationlog in in the database had not been
written to for 4 days. So I unregistered all but one of the new devices and
restarted the packetfence service. After doing so the new one that I left
registered now had an entry in locationlog. I registered the others again and
they all then wrote to locationlog without any problem.
Any suggestions on why this might be happening? Do I just need to restart the
service once a day with a cron job? Being that it runs iptables on the router
this doesn't seem like a particularly safe method.
--
John Baker
Network Administrator
Marlboro College
Phone: 451-7551 Cell: 490-0066
------------------------------------------------------------------------------
One dashboard for servers and applications across Physical-Virtual-Cloud
Widest out-of-the-box monitoring support with 50+ applications
Performance metrics, stats and reports that give you Actionable Insights
Deep dive visibility with transaction tracing using APM Insight.
http://ad.doubleclick.net/ddm/clk/290420510;117567292;y_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
--
John Baker
Network Administrator
Marlboro College
Phone: 451-7551 Cell: 490-0066
--
John Baker
Network Administrator
Marlboro College
Phone: 451-7551 Cell: 490-0066
------------------------------------------------------------------------------
One dashboard for servers and applications across Physical-Virtual-Cloud
Widest out-of-the-box monitoring support with 50+ applications
Performance metrics, stats and reports that give you Actionable Insights
Deep dive visibility with transaction tracing using APM Insight.
http://ad.doubleclick.net/ddm/clk/290420510;117567292;y_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
--
John Baker
Network Administrator
Marlboro College
Phone: 451-7551 Cell: 490-0066
------------------------------------------------------------------------------
One dashboard for servers and applications across Physical-Virtual-Cloud
Widest out-of-the-box monitoring support with 50+ applications
Performance metrics, stats and reports that give you Actionable Insights
Deep dive visibility with transaction tracing using APM Insight.
http://ad.doubleclick.net/ddm/clk/290420510;117567292;y_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
------------------------------------------------------------------------------
One dashboard for servers and applications across Physical-Virtual-Cloud
Widest out-of-the-box monitoring support with 50+ applications
Performance metrics, stats and reports that give you Actionable Insights
Deep dive visibility with transaction tracing using APM Insight.
http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
