Thanks Louis, Got the passthroughs all cleared up now.
I have changed the accounting port. Good catch on that. I also uncommented sql in the accounting section of /conf/radiusd/packetfence. Wireless seems to be working and fingers crossed it stays that way. No idea what went on. My server load still seems high than it was before this all started, but perhaps that's just because the fingerbank is working now. Accounting is still not working after setting the port to 1813. Does it take a while to collect data? On Mon, Oct 5, 2015 at 12:50 PM, Louis Munro <[email protected]> wrote: > Hi Chris, > > Your proxy_passthroughs config is incorrect. > This is what you want: > > proxy_passthroughs=domain.com,example.com,mydomain.org > > As mentioned previously, do not include a protocol or slashes. > > Your apache errors definitely seem to point to a lack of memory. > As I wrote, 4Gb of RAM is an absolute bare minimum. > No guarantee that that will be enough for you. > > Memory use is proportional among other things to the number of devices > connecting to the portal. > > > As for your accounting, I believe you are sending radius accounting to the > wrong port. > The accounting port is 1813, not 1812. > > Mysql performance tuning and troubleshooting is a whole different topic. > There have been whole books dedicated to that subject. > Start with enabling the slow query log. > > > Regards, > -- > Louis Munro > [email protected] :: www.inverse.ca > +1.514.447.4918 x125 :: +1 (866) 353-6153 x125 > Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence ( > www.packetfence.org) > > On Oct 5, 2015, at 12:26 , Chris Abel <[email protected]> wrote: > > Ok, changed that part to look like this: > > # trapping.passthrough > # > # When enabled, pfdns will resolve the real IP addresses of passthroughs > and add them in the ipset session to give access > # to trapped devices. Don´t forget to enable ip_forward on your server. > passthrough=enabled > # > # trapping.proxy_passthroughs > # > # Comma-delimited list of domains to be use for apache passthrough > proxy_passthroughs= > http://ocsp.comodoca.com/,http://crl.comodoca.com/,http://secure.comodo.net/ > > > I increased my system to 4gb. I also commented out sql in this part of > /conf/radiusd/packetfence which was a suggestion by Fabrice in IRC: > > accounting { > #sql > attr_filter.accounting_response > update request { > FreeRADIUS-Client-IP-Address := "%{Packet-Src-IP-Address}" > } > update control { > PacketFence-RPC-Server = ${rpc_host} > PacketFence-RPC-Port = ${rpc_port} > PacketFence-RPC-User = ${rpc_user} > PacketFence-RPC-Pass = ${rpc_pass} > PacketFence-RPC-Proto = ${rpc_proto} > } > packetfence > } > > > *Things seem to be working now*, but I would like to get accounting > working (Which never has worked). If I uncomment sql, things seem to go > wrong again so Fabrice thinks it is my database which is too slow or can't > keep up. > > > I had a few of these in http.aaa.error when things weren't working > properly: > > root@packetfence:/usr/local/pf/conf# cat ../logs/httpd.aaa.error > [Sun Oct 04 21:54:29 2015] [notice] caught SIGTERM, shutting down > [Sun Oct 04 21:55:48 2015] [notice] Apache/2.2.22 (Debian) mod_ssl/2.2.22 > OpenSSL/1.0.1e mod_perl/2.0.7 Perl/v5.14.2 configured -- resuming normal > operations > [Sun Oct 04 22:06:03 2015] [notice] caught SIGTERM, shutting down > [Sun Oct 04 22:07:13 2015] [notice] Apache/2.2.22 (Debian) mod_ssl/2.2.22 > OpenSSL/1.0.1e mod_perl/2.0.7 Perl/v5.14.2 configured -- resuming normal > operations > [Sun Oct 04 22:12:37 2015] [notice] caught SIGTERM, shutting down > [Sun Oct 04 22:14:12 2015] [notice] Apache/2.2.22 (Debian) mod_ssl/2.2.22 > OpenSSL/1.0.1e mod_perl/2.0.7 Perl/v5.14.2 configured -- resuming normal > operations > Use of uninitialized value in numeric ne (!=) at /usr/local/pf/lib/pf/ > locationlog.pm line 580. > Use of uninitialized value in numeric ne (!=) at /usr/local/pf/lib/pf/ > locationlog.pm line 580. > [Mon Oct 05 09:09:41 2015] [notice] caught SIGTERM, shutting down > [Mon Oct 05 09:10:53 2015] [notice] Apache/2.2.22 (Debian) mod_ssl/2.2.22 > OpenSSL/1.0.1e mod_perl/2.0.7 Perl/v5.14.2 configured -- resuming normal > operations > [Mon Oct 05 09:40:30 2015] [notice] caught SIGTERM, shutting down > [Mon Oct 05 09:42:16 2015] [notice] Apache/2.2.22 (Debian) mod_ssl/2.2.22 > OpenSSL/1.0.1e mod_perl/2.0.7 Perl/v5.14.2 configured -- resuming normal > operations > [Mon Oct 05 09:43:38 2015] [error] (12)Cannot allocate memory: fork: > Unable to fork new process > Use of uninitialized value in numeric ne (!=) at /usr/local/pf/lib/pf/ > locationlog.pm line 580. > [Mon Oct 05 09:59:18 2015] [notice] caught SIGTERM, shutting down > [Mon Oct 05 10:00:23 2015] [notice] Apache/2.2.22 (Debian) mod_ssl/2.2.22 > OpenSSL/1.0.1e mod_perl/2.0.7 Perl/v5.14.2 configured -- resuming normal > operations > [Mon Oct 05 10:02:01 2015] [error] (12)Cannot allocate memory: fork: > Unable to fork new process > > How can I find out what is wrong with accounting or my mysql database? My > server is a virtual server running on SSDs in raid 10. I shouldn't be > having issues with io being too slow. I can always increase the memory if > need be. > > On Mon, Oct 5, 2015 at 11:53 AM, Louis Munro <[email protected]> wrote: > >> >> >> On Oct 5, 2015, at 11:11 , Chris Abel <[email protected]> wrote: >> >> # trapping.passthrough >> # >> # When enabled, pfdns will resolve the real IP addresses of passthroughs >> and add them in the ipset session to give access >> # to trapped devices. Don´t forget to enable ip_forward on your server. >> passthrough=enabled >> # >> # trapping.passthroughs >> # >> # Comma-delimited list of domains to be used as HTTP and HTTPS >> passthroughs to web sites. >> # >> passthroughs=ocsp= >> http://ocsp.comodoca.com/,crl=http://crl.comodoca.com/,cps=http://secure.comodo.net/ >> # >> # trapping.proxy_passthroughs >> # >> # Comma-delimited list of domains to be use for apache passthrough >> proxy_passthroughs=ocsp= >> http://ocsp.comodoca.com/,crl=http://crl.comodoca.com/,cps=http://secure.comodo.net/ >> >> >> This is not going to use. >> I am not sure what you are trying to do but this feature does not support >> that syntax. >> >> I would recommend removing those. >> The proper syntax would be to list the domains, comma separated without >> any scheme or slashes. >> >> I can’t comment on your memory use without knowing how many users you are >> trying to support. >> I would say that 4Gb of RAM is at the very minimum of the PF requirements. >> >> If you think there is any chance that your problems may be related to >> Fingerbank, I recommend turning off upstream interrogation and not >> recording unmatched records, at least temporarily. >> If that helps it may narrow down the issue. If it does not then you could >> just reenable it. >> >> >> Look at your packetfence.log file. Are there any warnings or errors? >> All your RADIUS logs tell me is that radiusd can not keeps up with the >> requests. >> Usually that’s because some other service on which it’s depending is too >> slow to reply, e.g. the database, your AD server if any, the PacketFence >> httpd.aaa etc. >> >> What do the httpd.aaa logs tell you? >> >> Regards, >> -- >> Louis Munro >> [email protected] :: www.inverse.ca >> +1.514.447.4918 x125 :: +1 (866) 353-6153 x125 >> Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence ( >> www.packetfence.org) >> >> >> ------------------------------------------------------------------------------ >> >> _______________________________________________ >> PacketFence-users mailing list >> [email protected] >> https://lists.sourceforge.net/lists/listinfo/packetfence-users >> >> > > > -- > Chris Abel > Systems and Network Administrator > Wildwood Programs > 2995 Curry Road Extension > Schenectady, NY 12303 > 518-836-2341 > > IMPORTANT NOTICE: This message and any attachments are solely for the > intended recipient and may contain confidential information, which is, or > may be, legally privileged or otherwise protected by law from further > disclosure. If you are not the intended recipient, any disclosure, copying, > use, or distribution of the information included in this email and any > attachments is prohibited. If you have received this communication in > error, please notify the sender by reply email and immediately and > permanently delete this email and any attachments. > ------------------------------------------------------------------------------ > _______________________________________________ > PacketFence-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/packetfence-users > > > > > ------------------------------------------------------------------------------ > > _______________________________________________ > PacketFence-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/packetfence-users > > -- Chris Abel Systems and Network Administrator Wildwood Programs 2995 Curry Road Extension Schenectady, NY 12303 518-836-2341 -- IMPORTANT NOTICE: This message and any attachments are solely for the intended recipient and may contain confidential information, which is, or may be, legally privileged or otherwise protected by law from further disclosure. If you are not the intended recipient, any disclosure, copying, use, or distribution of the information included in this email and any attachments is prohibited. If you have received this communication in error, please notify the sender by reply email and immediately and permanently delete this email and any attachments.
------------------------------------------------------------------------------
_______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
