Ok, changed that part to look like this:
# trapping.passthrough
#
# When enabled, pfdns will resolve the real IP addresses of passthroughs
and add them in the ipset session to give access
# to trapped devices. Don´t forget to enable ip_forward on your server.
passthrough=enabled
#
# trapping.proxy_passthroughs
#
# Comma-delimited list of domains to be use for apache passthrough
proxy_passthroughs=
http://ocsp.comodoca.com/,http://crl.comodoca.com/,http://secure.comodo.net/
I increased my system to 4gb. I also commented out sql in this part of
/conf/radiusd/packetfence which was a suggestion by Fabrice in IRC:
accounting {
#sql
attr_filter.accounting_response
update request {
FreeRADIUS-Client-IP-Address := "%{Packet-Src-IP-Address}"
}
update control {
PacketFence-RPC-Server = ${rpc_host}
PacketFence-RPC-Port = ${rpc_port}
PacketFence-RPC-User = ${rpc_user}
PacketFence-RPC-Pass = ${rpc_pass}
PacketFence-RPC-Proto = ${rpc_proto}
}
packetfence
}
*Things seem to be working now*, but I would like to get accounting working
(Which never has worked). If I uncomment sql, things seem to go wrong again
so Fabrice thinks it is my database which is too slow or can't keep up.
I had a few of these in http.aaa.error when things weren't working properly:
root@packetfence:/usr/local/pf/conf# cat ../logs/httpd.aaa.error
[Sun Oct 04 21:54:29 2015] [notice] caught SIGTERM, shutting down
[Sun Oct 04 21:55:48 2015] [notice] Apache/2.2.22 (Debian) mod_ssl/2.2.22
OpenSSL/1.0.1e mod_perl/2.0.7 Perl/v5.14.2 configured -- resuming normal
operations
[Sun Oct 04 22:06:03 2015] [notice] caught SIGTERM, shutting down
[Sun Oct 04 22:07:13 2015] [notice] Apache/2.2.22 (Debian) mod_ssl/2.2.22
OpenSSL/1.0.1e mod_perl/2.0.7 Perl/v5.14.2 configured -- resuming normal
operations
[Sun Oct 04 22:12:37 2015] [notice] caught SIGTERM, shutting down
[Sun Oct 04 22:14:12 2015] [notice] Apache/2.2.22 (Debian) mod_ssl/2.2.22
OpenSSL/1.0.1e mod_perl/2.0.7 Perl/v5.14.2 configured -- resuming normal
operations
Use of uninitialized value in numeric ne (!=) at /usr/local/pf/lib/pf/
locationlog.pm line 580.
Use of uninitialized value in numeric ne (!=) at /usr/local/pf/lib/pf/
locationlog.pm line 580.
[Mon Oct 05 09:09:41 2015] [notice] caught SIGTERM, shutting down
[Mon Oct 05 09:10:53 2015] [notice] Apache/2.2.22 (Debian) mod_ssl/2.2.22
OpenSSL/1.0.1e mod_perl/2.0.7 Perl/v5.14.2 configured -- resuming normal
operations
[Mon Oct 05 09:40:30 2015] [notice] caught SIGTERM, shutting down
[Mon Oct 05 09:42:16 2015] [notice] Apache/2.2.22 (Debian) mod_ssl/2.2.22
OpenSSL/1.0.1e mod_perl/2.0.7 Perl/v5.14.2 configured -- resuming normal
operations
[Mon Oct 05 09:43:38 2015] [error] (12)Cannot allocate memory: fork: Unable
to fork new process
Use of uninitialized value in numeric ne (!=) at /usr/local/pf/lib/pf/
locationlog.pm line 580.
[Mon Oct 05 09:59:18 2015] [notice] caught SIGTERM, shutting down
[Mon Oct 05 10:00:23 2015] [notice] Apache/2.2.22 (Debian) mod_ssl/2.2.22
OpenSSL/1.0.1e mod_perl/2.0.7 Perl/v5.14.2 configured -- resuming normal
operations
[Mon Oct 05 10:02:01 2015] [error] (12)Cannot allocate memory: fork: Unable
to fork new process
How can I find out what is wrong with accounting or my mysql database? My
server is a virtual server running on SSDs in raid 10. I shouldn't be
having issues with io being too slow. I can always increase the memory if
need be.
On Mon, Oct 5, 2015 at 11:53 AM, Louis Munro <[email protected]> wrote:
>
>
> On Oct 5, 2015, at 11:11 , Chris Abel <[email protected]> wrote:
>
> # trapping.passthrough
> #
> # When enabled, pfdns will resolve the real IP addresses of passthroughs
> and add them in the ipset session to give access
> # to trapped devices. Don´t forget to enable ip_forward on your server.
> passthrough=enabled
> #
> # trapping.passthroughs
> #
> # Comma-delimited list of domains to be used as HTTP and HTTPS
> passthroughs to web sites.
> #
> passthroughs=ocsp=
> http://ocsp.comodoca.com/,crl=http://crl.comodoca.com/,cps=http://secure.comodo.net/
> #
> # trapping.proxy_passthroughs
> #
> # Comma-delimited list of domains to be use for apache passthrough
> proxy_passthroughs=ocsp=
> http://ocsp.comodoca.com/,crl=http://crl.comodoca.com/,cps=http://secure.comodo.net/
>
>
> This is not going to use.
> I am not sure what you are trying to do but this feature does not support
> that syntax.
>
> I would recommend removing those.
> The proper syntax would be to list the domains, comma separated without
> any scheme or slashes.
>
> I can’t comment on your memory use without knowing how many users you are
> trying to support.
> I would say that 4Gb of RAM is at the very minimum of the PF requirements.
>
> If you think there is any chance that your problems may be related to
> Fingerbank, I recommend turning off upstream interrogation and not
> recording unmatched records, at least temporarily.
> If that helps it may narrow down the issue. If it does not then you could
> just reenable it.
>
>
> Look at your packetfence.log file. Are there any warnings or errors?
> All your RADIUS logs tell me is that radiusd can not keeps up with the
> requests.
> Usually that’s because some other service on which it’s depending is too
> slow to reply, e.g. the database, your AD server if any, the PacketFence
> httpd.aaa etc.
>
> What do the httpd.aaa logs tell you?
>
> Regards,
> --
> Louis Munro
> [email protected] :: www.inverse.ca
> +1.514.447.4918 x125 :: +1 (866) 353-6153 x125
> Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence (
> www.packetfence.org)
>
>
> ------------------------------------------------------------------------------
>
> _______________________________________________
> PacketFence-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
>
--
Chris Abel
Systems and Network Administrator
Wildwood Programs
2995 Curry Road Extension
Schenectady, NY 12303
518-836-2341
--
IMPORTANT NOTICE: This message and any attachments are solely for the
intended recipient and may contain confidential information, which is, or
may be, legally privileged or otherwise protected by law from further
disclosure. If you are not the intended recipient, any disclosure, copying,
use, or distribution of the information included in this email and any
attachments is prohibited. If you have received this communication in
error, please notify the sender by reply email and immediately and
permanently delete this email and any attachments.
------------------------------------------------------------------------------
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
