Thanks for your reply. Below is the information you asked. All the services are
running.
ipset --list (before device
registration)====================================================Name:
pfsession_Unreg_10.0.1.0Type: bitmap:ipHeader: range 10.0.1.0-10.0.1.255Size in
memory: 152References: 1Members:
Name: pfsession_Reg_10.0.1.0Type: bitmap:ipHeader: range
10.0.1.0-10.0.1.255Size in memory: 152References: 1Members:
Name: pfsession_Isol_10.0.1.0Type: bitmap:ipHeader: range
10.0.1.0-10.0.1.255Size in memory: 152References: 1Members:
ipset --list(after device registration via
portal)====================================================Name:
pfsession_Unreg_10.0.1.0Type: bitmap:ipHeader: range 10.0.1.0-10.0.1.255Size in
memory: 152References: 1Members:
Name: pfsession_Reg_10.0.1.0Type: bitmap:ipHeader: range
10.0.1.0-10.0.1.255Size in memory: 152References: 1Members:10.0.1.12
Name: pfsession_Isol_10.0.1.0Type: bitmap:ipHeader: range
10.0.1.0-10.0.1.255Size in memory: 152References: 1Members:
pf.conf====================================================[general]##
general.domain## Domain name of PacketFence system.domain=domain_name##
general.hostname## Hostname of PacketFence system. This is concatenated with
the domain in Apache rewriting rules and therefore must be resolvable by
clients.hostname=guest
[trapping]## trapping.redirtimer## How long to display the progress bar during
trap release. Default value is# based on VLAN enforcement techniques. Inline
enforcement only users could# lower the value.redirtimer=5s
[alerting]## alerting.emailaddr## Email address to which notifications of rogue
DHCP servers, violations with an action of "email", or any other#
PacketFence-related message goes to.emailaddr=email@domain_name.com##
alerting.fromaddr## Source email address for email notifications. Empty means
root@<server-domain-name>.fromaddr=email@domain_name.com
[database]## database.pass## Password for the mysql database used by
PacketFence.pass=PASSWORD## database.host## Server the mysql server is running
on.host=127.0.0.1
[expire]## expire.node## Time before a node is removed due to inactivity.# A
value of 0D disables expiration.# example:# node=90Dnode=1D
[inline]# inline.accounting## Should we handle accouting data for inline
clients?# This controls inline accouting tasks in pfmon.accounting=enabled
[captive_portal]## captive_portal.network_detection_ip## This IP is used as the
webserver who hosts the common/network-access-detection.gif which is used to
detect if network# access was enabled.# It cannot be a domain name since it is
used in registration or quarantine where DNS is blackholed.# It is recommended
that you allow your users to reach your packetfence server and put your LAN's
PacketFence IP.# By default we will make this reach PacketFence's website as an
easy solution.#network_detection_ip=172.31.30.10
[interface
eth1]enforcement=inlinel2ip=172.31.30.11type=internalvip=172.31.30.10mask=255.255.255.0
[interface eth2]ip=172.30.10.200type=managementmask=255.255.255.0
networks.conf====================================================[10.0.1.0] (a
layer 3 routed
network)dns=8.8.8.8next_hop=172.31.30.1gateway=10.0.1.1dhcp_start=10.0.1.10domain-name=inlinel3.domain_name.comnat_enabled=1named=enableddhcp_max_lease_time=86400dhcpd=enabledfake_mac_enabled=0netmask=255.255.255.0type=inlinel3dhcp_end=10.0.1.250dhcp_default_lease_time=86400
Some new log I am seeing regarding 'unknown switches'==>
/usr/local/pf/logs/pfconfig.log <==pfconfig(1663) ERROR: Unknown key
config::Switch;172.31.30.11pfconfig(1663) ERROR: Unknown key
config::Switch;172.31.30.11 (main::get_hash_element)
==> /usr/local/pf/logs/packetfence.log <==httpd.portal(16532) ERROR: WARNING !
Unknown switch(es) 172.31.30.11
(pf::SwitchFactory::instantiate)httpd.portal(16532) INFO: [MAC_ADDRESS]
re-evaluating access (redir.cgi called)
(pf::enforcement::reevaluate_access)httpd.portal(16532) INFO: Instantiate a new
iptables modification method. pf::ipset
(pf::inline::get_technique)httpd.portal(16532) INFO: Matched MAC 'MAC_ADDRESS'
to IP address '10.0.1.12' using OMAPI (pf::iplog::mac2ip)httpd.portal(16532)
INFO: Matched IP '10.0.1.12' to MAC address 'MAC_ADDRESS' using OMAPI
(pf::iplog::ip2mac)httpd.portal(16532) WARN: Unable to perform a Fingerbank
lookup for device with MAC address 'MAC_ADDRESS' (pf::fingerbank::process)
Thanks.
From: [email protected]
Date: Tue, 23 Jun 2015 10:45:14 -0400
To: [email protected]
Subject: Re: [PacketFence-users] Signup doesn't work
On Jun 23, 2015, at 10:02 , Andy A <[email protected]> wrote:Sorry. I
am so frustrated, I forgot to mention that I am using inline (PF 5.0, CentOS
6.6).
Ok, well in that case things are indeed somewhat different.
You need to make sure that your device is inserted into the correct ipset on
registration.
Try this test (and post the output).
1. Unregister the device2. Check the output of # ipset -- list
3. Register it on the portal4. Don’t disconnect and check # ipset -- list
Your device should have changed set.
It may also be useful if you were to share your current pf.conf and
network.conf.
Finally, make sure all services are running.
Regards,
--
Louis Munro
[email protected] :: www.inverse.ca
+1.514.447.4918 x125 :: +1 (866) 353-6153 x125
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence
(www.packetfence.org)
------------------------------------------------------------------------------
Monitor 25 network devices or servers for free with OpManager!
OpManager is web-based network management software that monitors
network devices and physical & virtual servers, alerts via email & sms
for fault. Monitor 25 devices for free with no restriction. Download now
http://ad.doubleclick.net/ddm/clk/292181274;119417398;o
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
------------------------------------------------------------------------------
Monitor 25 network devices or servers for free with OpManager!
OpManager is web-based network management software that monitors
network devices and physical & virtual servers, alerts via email & sms
for fault. Monitor 25 devices for free with no restriction. Download now
http://ad.doubleclick.net/ddm/clk/292181274;119417398;o
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
