Hi Louis, My fingerbank api could not be submitted. Started when I updated to 5.3.1. I chmod 666 on the fingerbank config and database and that seemed to fix that.
Here is my pf.conf: [general] # # general.domain # # Domain name of PacketFence system. domain=mydomain.org # # general.dhcpservers # # Comma-delimited list of DHCP servers. Passthroughs are created to allow DHCP transactions from even "trapped" nodes. dhcpservers=127.0.0.1,10.128.0.254,10.131.0.254,10.132.16.50 # # general.timezone # # System's timezone in string format. Supported list: # http://www.php.net/manual/en/timezones.php timezone=America/New_York [trapping] # # trapping.redirtimer # # How long to display the progress bar during trap release. Default value is # based on VLAN enforcement techniques. Inline enforcement only users could # lower the value. redirtimer=40s # # trapping.passthrough # # When enabled, pfdns will resolve the real IP addresses of passthroughs and add them in the ipset session to give access # to trapped devices. Don´t forget to enable ip_forward on your server. passthrough=enabled # # trapping.passthroughs # # Comma-delimited list of domains to be used as HTTP and HTTPS passthroughs to web sites. # passthroughs=ocsp= http://ocsp.comodoca.com/,crl=http://crl.comodoca.com/,cps=http://secure.comodo.net/ # # trapping.proxy_passthroughs # # Comma-delimited list of domains to be use for apache passthrough proxy_passthroughs=ocsp= http://ocsp.comodoca.com/,crl=http://crl.comodoca.com/,cps=http://secure.comodo.net/ [registration] # # registration.device_registration # # Enable or Disable the ability to register a gaming device using the specific portal page designed to do it device_registration=enabled # # registration.device_registration_role # # The role to assign to gaming devices. If none is specified, the role of the registrant is used. device_registration_role=guest [guests_self_registration] # # guests_self_registration.sponsorship_cc # # Sponsors requesting access and access confirmation emails are CC'ed to this # address. Multiple destinations can be comma separated. [email protected] [guests_admin_registration] # # guests_admin_registration.access_duration_choices # # These are all the choices offered in the guest management interface as # possible access duration values for a given registration. access_duration_choices=1h,3h,12h,1D,2D,3D,5D,30D,365D [alerting] # # alerting.emailaddr # # Email address to which notifications of rogue DHCP servers, violations with an action of "email", or any other # PacketFence-related message goes to. emailaddr= # # alerting.fromaddr # # Source email address for email notifications. Empty means root@ <server-domain-name>. [email protected] [database] # # database.pass # # Password for the mysql database used by PacketFence. pass=mypassword # # database.user # # Username of the account with access to the mysql database used by PacketFence. user=admin [expire] # # expire.node # # Time before a node is removed due to inactivity. # A value of 0D disables expiration. # example: # node=90D node=10W [vlan] # # vlan.bounce_duration # # Delay to wait between the shut / no-shut on a port. Some OS need a higher value than others. # Default should be reasonable for almost every OS but is too long for the usual proprietary OS. bounce_duration=3s [captive_portal] # # captive_portal.secure_redirect # # If secure_redirect is enabled, the captive portal uses HTTPS when redirecting # captured clients. This is the default behavior. secure_redirect=disabled [interface eth0.200] enforcement=vlan ip=10.128.100.254 type=internal mask=255.255.255.0 [interface eth0.201] enforcement=vlan ip=10.128.101.254 type=internal mask=255.255.255.0 [interface eth0] ip=10.128.0.66 type=management mask=255.255.252.0 And here is my switches.conf: # # Copyright (C) 2005-2015 Inverse inc. # # See the enclosed file COPYING for license information (GPL). # If you did not receive this file, see # http://www.fsf.org/licensing/licenses/gpl.html [default] description=Switches Default Values vlans=1,2,3,4,5 normalVlan=1 registrationVlan=2 isolationVlan=3 macDetectionVlan=4 voiceVlan=5 inlineVlan=6 inlineTrigger= normalRole=normal registrationRole=registration isolationRole=isolation macDetectionRole=macDetection voiceRole=voice inlineRole=inline VoIPEnabled=no VlanMap=Y RoleMap=Y mode=testing macSearchesMaxNb=30 macSearchesSleepInterval=2 uplink=dynamic # # Command Line Interface # # cliTransport could be: Telnet, SSH or Serial cliTransport=Telnet cliUser= cliPwd= cliEnablePwd= # # SNMP section # # PacketFence -> Switch SNMPVersion=1 SNMPCommunityRead=public SNMPCommunityWrite=private #SNMPEngineID = 0000000000000 #SNMPUserNameRead = readUser #SNMPAuthProtocolRead = MD5 #SNMPAuthPasswordRead = authpwdread #SNMPPrivProtocolRead = DES #SNMPPrivPasswordRead = privpwdread #SNMPUserNameWrite = writeUser #SNMPAuthProtocolWrite = MD5 #SNMPAuthPasswordWrite = authpwdwrite #SNMPPrivProtocolWrite = DES #SNMPPrivPasswordWrite = privpwdwrite # Switch -> PacketFence SNMPVersionTrap=1 SNMPCommunityTrap=public #SNMPAuthProtocolTrap = MD5 #SNMPAuthPasswordTrap = authpwdread #SNMPPrivProtocolTrap = DES #SNMPPrivPasswordTrap = privpwdread # # Web Services Interface # # wsTransport could be: http or https wsTransport=http wsUser= wsPwd= # # RADIUS NAS Client config # # RADIUS shared secret with switch radiusSecret= [10.128.4.11] RoleMap=N wsPwd=APpassword mode=production StaffVlan=210 guestVlan=220 cliUser=root deauthMethod=RADIUS AccessListMap=N description=First AP type=Hostapd macDetectionVlan=2 cliPwd=APpassword VoIPEnabled=N isolationVlan=201 radiusSecret=s3cr3t cliEnablePwd=APpassword wsUser=admin registrationVlan=200 voiceVlan=50 inlineVlan=1 Do you think this is normal memory usage?: # free -m total used free shared buffers cached Mem: 3920 3148 772 0 86 134 -/+ buffers/cache: 2927 993 Swap: 2111 1241 870 # vmstat 1 procs -----------memory---------- ---swap-- -----io---- -system-- ----cpu---- r b swpd free buff cache si so bi bo in cs us sy id wa 0 0 1874044 645464 62540 107048 2209 2380 3238 3418 642 1926 44 13 41 2 6 0 1873980 644488 62696 107072 252 0 260 784 417 2548 53 7 39 1 0 0 1873976 644364 62704 107064 0 0 0 40 130 481 19 2 79 0 0 0 1873960 644240 62732 107056 64 0 68 136 125 456 9 0 91 0 0 0 1873960 644240 62732 107072 0 0 0 64 81 143 0 0 100 0 0 0 1873948 643992 62752 107096 32 0 32 124 174 679 11 1 88 0 5 0 1873916 643852 62884 107092 148 0 152 596 266 1498 29 3 66 1 0 0 1873892 643728 62940 107080 96 0 96 308 218 984 32 6 62 0 # htop CPU*[*|||||||||||||||||||||||||||||||||||||||||||| *59.8%]* Tasks: *122*, *172* thr; *1* running Mem*[*||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||* 2985/3920MB]* Load average: *1.31 *2.36 *3.39 * Swp*[*||||||||||||||||||||||||||||||||||||||||||| *1240/2111MB]* Uptime: *00:32:17* PID USER PRI NI VIRT RES SHR S CPU% MEM% TIME+ Command 3418 *pf * 20 0 961M 687M 2832 S 0.0 17.5 0:00.16 /usr/sbin/freeradius -d /usr/local/pf/raddb/ 3419 *pf * 20 0 961M 687M 2832 S 0.0 17.5 0:00.26 /usr/sbin/freeradius -d /usr/local/pf/raddb/ 3420 *pf * 20 0 961M 687M 2832 S 0.0 17.5 0:00.16 /usr/sbin/freeradius -d /usr/local/pf/raddb/ 3421 *pf * 20 0 961M 687M 2832 S 0.0 17.5 0:00.20 /usr/sbin/freeradius -d /usr/local/pf/raddb/ 3422 *pf * 20 0 961M 687M 2832 S 0.0 17.5 0:00.16 /usr/sbin/freeradius -d /usr/local/pf/raddb/ 5181 *pf * 20 0 961M 687M 2832 S 0.0 17.5 0:00.12 /usr/sbin/freeradius -d /usr/local/pf/raddb/ 5532 *pf * 20 0 961M 687M 2832 S 0.0 17.5 0:00.12 /usr/sbin/freeradius -d /usr/local/pf/raddb/ 5535 *pf * 20 0 961M 687M 2832 S 0.0 17.5 0:00.11 /usr/sbin/freeradius -d /usr/local/pf/raddb/ 5542 *pf * 20 0 961M 687M 2832 S 0.0 17.5 0:00.11 /usr/sbin/freeradius -d /usr/local/pf/raddb/ 3299 *pf * 20 0 961M 687M 2832 S 0.0 17.5 0:09.66 /usr/sbin/freeradius -d /usr/local/pf/raddb/ Thanks for any help you can provide. I'll look into the support package. It probably makes sense for us seeing how much we use it. On Mon, Oct 5, 2015 at 10:51 AM, Louis Munro <[email protected]> wrote: > Hi Chris, > > Help us help you. > > You are not saying what you did to fix you fingerbank issue, which you > also don’t explain. > We need your configuration, things like your conf/pf.conf file as well as > conf/switches.conf at the bare minimum. > > Frankly, if you need urgent support, a support package is what I would > recommend. > > > Regards, > -- > Louis Munro > [email protected] :: www.inverse.ca > +1.514.447.4918 x125 :: +1 (866) 353-6153 x125 > Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence ( > www.packetfence.org) > > On Oct 5, 2015, at 9:30 , Chris Abel <[email protected]> wrote: > > *Information:* > PF Version: 5.3.1 > OS Version: Debian wheezy > Switches: OpenWRT Barrier Breaker 14.07 > > This all started when I tried to fix the fingerbank and radius accounting. > I think I fixed the fingerbank. It was a permissions issue. I then > restarted the packetfence server and I think that's when all hell broke > loose. Wireless connections seem very sporadic. Sometimes they will > connect, sometimes they won't. My BYOD network doesn't seem to work. Users > are never prompted for the portal page. They will either get a message > saying the password is incorrect or that it just couldn't be joined. > > It seems like something is bogging down the server. the admin interface > seems slower now and sometimes the admin interface completely crashes and > packetfence needs a restart to get it back. > > Looking at the Top command, pfbandwidthd is using a lot of CPU which is > odd because accounting isn't even working on it. I turned off the service, > but it didn't help. CPU usage looks pretty good now although I have a ton > of apache services running. Is that normal?: > > top - 09:25:02 up 11:11, 1 user, load average: 3.31, 6.81, 7.72 > > Tasks:* 148 *total,* 1 *running,* 146 *sleeping,* 0 *stopped,* 1 * > zombie > > %Cpu(s):* 33.8 *us,* 5.4 *sy,* 0.0 *ni,* 59.2 *id,* 0.0 *wa,* 0.0 *hi,* > 1.7 *si,* 0.0 *st > > KiB Mem: * 2061300 *total,* 1390088 *used,* 671212 *free,* 26392 * > buffers > > KiB Swap:* 2162684 *total,* 1913248 *used,* 249436 *free,* 88712 * > cached > > > > > I seem to be getting a lot of these in my logread on the openWRT APs. Not > sure if this is normal: > Mon Oct 5 13:05:18 2015 daemon.debug hostapd: wlan0: STA > 00:26:b6:1a:35:e9 RADIUS: Resending RADIUS message (id=224) > Mon Oct 5 13:05:18 2015 daemon.debug hostapd: wlan0: RADIUS Next RADIUS > client retransmit in 2 seconds > Mon Oct 5 13:05:20 2015 daemon.debug hostapd: wlan0: STA > 00:26:b6:1a:35:e9 RADIUS: Resending RADIUS message (id=219) > Mon Oct 5 13:05:20 2015 daemon.debug hostapd: wlan0: RADIUS Next RADIUS > client retransmit in 6 seconds > Mon Oct 5 13:05:22 2015 daemon.debug hostapd: wlan0: RADIUS Sending > RADIUS message to authentication server > Mon Oct 5 13:05:22 2015 daemon.debug hostapd: wlan0: RADIUS Next RADIUS > client retransmit in 3 seconds > > > > Wireless Configuration: > > config wifi-device radio0 > option type mac80211 > option channel 11 > option hwmode 11g > option path 'pci0000:00/0000:00:00.0' > option htmode HT20 > > config wifi-iface > option device 'radio0' > option mode 'ap' > option ssid 'BYOD WiFi' > option network 'lan' > option encryption 'psk2' > option key 'password' > option auth_server '10.128.0.66' > option auth_port '1812' > option auth_secret 'wifis3cr3t' > option acct_server '10.128.0.66' > option acct_port '1812' > option acct_secret 's3cr3t' > option dynamic_vlan '2' > option vlan_file '/etc/config/hostapd.vlan' > option vlan_tagged_interface 'eth0' > option dae_secret 'wifis3cr3t' > option dae_client '10.128.0.66' > option macfilter '2' > option dae_port '3799' > option nasid 'Ubiquiti' > > config wifi-iface > option device 'radio0' > option mode 'ap' > option ssid 'Internal' > option network 'lan' > option encryption 'psk2' > option key 'password' > option hidden '1' > option auth_server '10.128.0.66' > option auth_port '1812' > option auth_secret 's3cr3t' > option acct_server '10.128.0.66' > option acct_port '1812' > option acct_secret 'wifis3cr3t' > option dynamic_vlan '2' > option vlan_file '/etc/config/hostapd.vlan' > option vlan_tagged_interface 'eth0' > option macfilter '2' > option nasid 'Ubiquiti' > > > > My packetfence log looks like this: > > Oct 05 09:23:03 httpd.webservices(7790) INFO: oldip (10.131.11.11) and > newip (10.131.5.149) are different for d0:e1:40:96:5c:36 - closing iplog > entry (pf::api::update_iplog) > Oct 05 09:23:03 httpd.webservices(7790) INFO: oldip (10.131.11.11) and > newip (10.131.5.149) are different for d0:e1:40:96:5c:36 - closing iplog > entry (pf::api::update_iplog) > Oct 05 09:26:48 httpd.portal(7786) INFO: Matched IP '10.128.100.68' to MAC > address '00:23:12:25:f7:7e' using OMAPI (pf::iplog::ip2mac) > Oct 05 09:26:48 httpd.portal(7786) INFO: Matched IP '10.128.100.68' to MAC > address '00:23:12:25:f7:7e' using OMAPI (pf::iplog::ip2mac) > Oct 05 09:26:48 httpd.portal(7786) INFO: [00:23:12:25:f7:7e] Updating node > user_agent with useragent: 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_5_8) > AppleWebKit/537.1 (KHTML, like Gecko) Chrome/21.0.1180.90 Safari/537.1' > (captiveportal::PacketFence::Controller::CaptivePortal::nodeRecordUserAgent) > Oct 05 09:26:49 httpd.portal(7786) INFO: Static User-Agent lookup data > initialized (pf::useragent::_init) > Oct 05 09:26:49 httpd.portal(7782) INFO: Matched IP '10.128.100.68' to MAC > address '00:23:12:25:f7:7e' using OMAPI (pf::iplog::ip2mac) > Oct 05 09:26:49 httpd.portal(7783) INFO: Matched IP '10.128.100.68' to MAC > address '00:23:12:25:f7:7e' using OMAPI (pf::iplog::ip2mac) > Oct 05 09:26:50 httpd.portal(7782) INFO: Matched IP '10.128.100.68' to MAC > address '00:23:12:25:f7:7e' using OMAPI (pf::iplog::ip2mac) > Oct 05 09:26:50 httpd.portal(7783) INFO: Matched IP '10.128.100.68' to MAC > address '00:23:12:25:f7:7e' using OMAPI (pf::iplog::ip2mac) > Oct 05 09:26:54 httpd.portal(7786) INFO: [00:23:12:25:f7:7e] redirected to > authentication page on portal > (captiveportal::PacketFence::Controller::CaptivePortal::checkIfNeedsToRegister) > Oct 05 09:26:54 httpd.portal(7782) INFO: [00:23:12:25:f7:7e] redirected to > authentication page on portal > (captiveportal::PacketFence::Controller::CaptivePortal::checkIfNeedsToRegister) > Oct 05 09:26:54 httpd.portal(7783) INFO: [00:23:12:25:f7:7e] redirected to > authentication page on portal > (captiveportal::PacketFence::Controller::CaptivePortal::checkIfNeedsToRegister) > > > Any other logs I can look at? Any help is much appreciated. I am currently > being screamed at for all my wireless users. > > > > IMPORTANT NOTICE: This message and any attachments are solely for the > intended recipient and may contain confidential information, which is, or > may be, legally privileged or otherwise protected by law from further > disclosure. If you are not the intended recipient, any disclosure, copying, > use, or distribution of the information included in this email and any > attachments is prohibited. If you have received this communication in > error, please notify the sender by reply email and immediately and > permanently delete this email and any attachments. > ------------------------------------------------------------------------------ > _______________________________________________ > PacketFence-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/packetfence-users > > > > > ------------------------------------------------------------------------------ > > _______________________________________________ > PacketFence-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/packetfence-users > > -- Chris Abel Systems and Network Administrator Wildwood Programs 2995 Curry Road Extension Schenectady, NY 12303 518-836-2341 -- IMPORTANT NOTICE: This message and any attachments are solely for the intended recipient and may contain confidential information, which is, or may be, legally privileged or otherwise protected by law from further disclosure. If you are not the intended recipient, any disclosure, copying, use, or distribution of the information included in this email and any attachments is prohibited. If you have received this communication in error, please notify the sender by reply email and immediately and permanently delete this email and any attachments.
------------------------------------------------------------------------------
_______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
