Hi Chris, Your proxy_passthroughs config is incorrect. This is what you want:
proxy_passthroughs=domain.com,example.com,mydomain.org As mentioned previously, do not include a protocol or slashes. Your apache errors definitely seem to point to a lack of memory. As I wrote, 4Gb of RAM is an absolute bare minimum. No guarantee that that will be enough for you. Memory use is proportional among other things to the number of devices connecting to the portal. As for your accounting, I believe you are sending radius accounting to the wrong port. The accounting port is 1813, not 1812. Mysql performance tuning and troubleshooting is a whole different topic. There have been whole books dedicated to that subject. Start with enabling the slow query log. Regards, -- Louis Munro [email protected] :: www.inverse.ca +1.514.447.4918 x125 :: +1 (866) 353-6153 x125 Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence (www.packetfence.org) On Oct 5, 2015, at 12:26 , Chris Abel <[email protected]> wrote: > Ok, changed that part to look like this: > > # trapping.passthrough > # > # When enabled, pfdns will resolve the real IP addresses of passthroughs and > add them in the ipset session to give access > # to trapped devices. Don´t forget to enable ip_forward on your server. > passthrough=enabled > # > # trapping.proxy_passthroughs > # > # Comma-delimited list of domains to be use for apache passthrough > proxy_passthroughs=http://ocsp.comodoca.com/,http://crl.comodoca.com/,http://secure.comodo.net/ > > > I increased my system to 4gb. I also commented out sql in this part of > /conf/radiusd/packetfence which was a suggestion by Fabrice in IRC: > > accounting { > #sql > attr_filter.accounting_response > update request { > FreeRADIUS-Client-IP-Address := "%{Packet-Src-IP-Address}" > } > update control { > PacketFence-RPC-Server = ${rpc_host} > PacketFence-RPC-Port = ${rpc_port} > PacketFence-RPC-User = ${rpc_user} > PacketFence-RPC-Pass = ${rpc_pass} > PacketFence-RPC-Proto = ${rpc_proto} > } > packetfence > } > > > Things seem to be working now, but I would like to get accounting working > (Which never has worked). If I uncomment sql, things seem to go wrong again > so Fabrice thinks it is my database which is too slow or can't keep up. > > > I had a few of these in http.aaa.error when things weren't working properly: > > root@packetfence:/usr/local/pf/conf# cat ../logs/httpd.aaa.error > [Sun Oct 04 21:54:29 2015] [notice] caught SIGTERM, shutting down > [Sun Oct 04 21:55:48 2015] [notice] Apache/2.2.22 (Debian) mod_ssl/2.2.22 > OpenSSL/1.0.1e mod_perl/2.0.7 Perl/v5.14.2 configured -- resuming normal > operations > [Sun Oct 04 22:06:03 2015] [notice] caught SIGTERM, shutting down > [Sun Oct 04 22:07:13 2015] [notice] Apache/2.2.22 (Debian) mod_ssl/2.2.22 > OpenSSL/1.0.1e mod_perl/2.0.7 Perl/v5.14.2 configured -- resuming normal > operations > [Sun Oct 04 22:12:37 2015] [notice] caught SIGTERM, shutting down > [Sun Oct 04 22:14:12 2015] [notice] Apache/2.2.22 (Debian) mod_ssl/2.2.22 > OpenSSL/1.0.1e mod_perl/2.0.7 Perl/v5.14.2 configured -- resuming normal > operations > Use of uninitialized value in numeric ne (!=) at > /usr/local/pf/lib/pf/locationlog.pm line 580. > Use of uninitialized value in numeric ne (!=) at > /usr/local/pf/lib/pf/locationlog.pm line 580. > [Mon Oct 05 09:09:41 2015] [notice] caught SIGTERM, shutting down > [Mon Oct 05 09:10:53 2015] [notice] Apache/2.2.22 (Debian) mod_ssl/2.2.22 > OpenSSL/1.0.1e mod_perl/2.0.7 Perl/v5.14.2 configured -- resuming normal > operations > [Mon Oct 05 09:40:30 2015] [notice] caught SIGTERM, shutting down > [Mon Oct 05 09:42:16 2015] [notice] Apache/2.2.22 (Debian) mod_ssl/2.2.22 > OpenSSL/1.0.1e mod_perl/2.0.7 Perl/v5.14.2 configured -- resuming normal > operations > [Mon Oct 05 09:43:38 2015] [error] (12)Cannot allocate memory: fork: Unable > to fork new process > Use of uninitialized value in numeric ne (!=) at > /usr/local/pf/lib/pf/locationlog.pm line 580. > [Mon Oct 05 09:59:18 2015] [notice] caught SIGTERM, shutting down > [Mon Oct 05 10:00:23 2015] [notice] Apache/2.2.22 (Debian) mod_ssl/2.2.22 > OpenSSL/1.0.1e mod_perl/2.0.7 Perl/v5.14.2 configured -- resuming normal > operations > [Mon Oct 05 10:02:01 2015] [error] (12)Cannot allocate memory: fork: Unable > to fork new process > > How can I find out what is wrong with accounting or my mysql database? My > server is a virtual server running on SSDs in raid 10. I shouldn't be having > issues with io being too slow. I can always increase the memory if need be. > > On Mon, Oct 5, 2015 at 11:53 AM, Louis Munro <[email protected]> wrote: > > > On Oct 5, 2015, at 11:11 , Chris Abel <[email protected]> wrote: > >> # trapping.passthrough >> # >> # When enabled, pfdns will resolve the real IP addresses of passthroughs and >> add them in the ipset session to give access >> # to trapped devices. Don´t forget to enable ip_forward on your server. >> passthrough=enabled >> # >> # trapping.passthroughs >> # >> # Comma-delimited list of domains to be used as HTTP and HTTPS passthroughs >> to web sites. >> # >> passthroughs=ocsp=http://ocsp.comodoca.com/,crl=http://crl.comodoca.com/,cps=http://secure.comodo.net/ >> # >> # trapping.proxy_passthroughs >> # >> # Comma-delimited list of domains to be use for apache passthrough >> proxy_passthroughs=ocsp=http://ocsp.comodoca.com/,crl=http://crl.comodoca.com/,cps=http://secure.comodo.net/ > > This is not going to use. > I am not sure what you are trying to do but this feature does not support > that syntax. > > I would recommend removing those. > The proper syntax would be to list the domains, comma separated without any > scheme or slashes. > > I can’t comment on your memory use without knowing how many users you are > trying to support. > I would say that 4Gb of RAM is at the very minimum of the PF requirements. > > If you think there is any chance that your problems may be related to > Fingerbank, I recommend turning off upstream interrogation and not recording > unmatched records, at least temporarily. > If that helps it may narrow down the issue. If it does not then you could > just reenable it. > > > Look at your packetfence.log file. Are there any warnings or errors? > All your RADIUS logs tell me is that radiusd can not keeps up with the > requests. > Usually that’s because some other service on which it’s depending is too slow > to reply, e.g. the database, your AD server if any, the PacketFence httpd.aaa > etc. > > What do the httpd.aaa logs tell you? > > Regards, > -- > Louis Munro > [email protected] :: www.inverse.ca > +1.514.447.4918 x125 :: +1 (866) 353-6153 x125 > Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence > (www.packetfence.org) > > ------------------------------------------------------------------------------ > > _______________________________________________ > PacketFence-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/packetfence-users > > > > > -- > Chris Abel > Systems and Network Administrator > Wildwood Programs > 2995 Curry Road Extension > Schenectady, NY 12303 > 518-836-2341 > > > IMPORTANT NOTICE: This message and any attachments are solely for the > intended recipient and may contain confidential information, which is, or may > be, legally privileged or otherwise protected by law from further disclosure. > If you are not the intended recipient, any disclosure, copying, use, or > distribution of the information included in this email and any attachments is > prohibited. If you have received this communication in error, please notify > the sender by reply email and immediately and permanently delete this email > and any > attachments.------------------------------------------------------------------------------ > _______________________________________________ > PacketFence-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/packetfence-users
------------------------------------------------------------------------------
_______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
