Thanks James - That helps a great deal. At least I can now 'see' what is happening.
As my later posting mentioned the problem was down to 'illegitimate' demands for 90 days leases from Apple devices being honoured by PF via the DHCPREQUEST. By making PF only update the 'iplog' table from DHCPACK everything is now working OK after truncating the database tables. At least now when a device is registered and it gets a new IP after VLAN reassignment the database knows about it! Good job this thing isn't in production yet! Andrew -----Original Message----- From: [email protected] [mailto:[email protected]] Sent: 10 May 2016 15:05 To: [email protected] Subject: PacketFence-users Digest, Vol 97, Issue 16 Send PacketFence-users mailing list submissions to [email protected] To subscribe or unsubscribe via the World Wide Web, visit https://lists.sourceforge.net/lists/listinfo/packetfence-users or, via email, send a message with subject or body 'help' to [email protected] You can reach the person managing the list at [email protected] When replying, please edit your Subject line so it is more specific than "Re: Contents of PacketFence-users digest..." Today's Topics: 1. PF6+AD (???????? ??????) 2. Quick question - How to turn on verbose logging for some PF services (Torry, Andrew) 3. HP (3COM) A5500 configuration (tomas.rybicka) 4. Error messages in pfqueue.log (Torry, Andrew) 5. Re: Quick question - How to turn on verbose logging for some PF services (James Rouzier) ---------------------------------------------------------------------- Message: 1 Date: Tue, 10 May 2016 07:24:35 +0300 From: ???????? ?????? <[email protected]> Subject: [PacketFence-users] PF6+AD To: packetfence-users <[email protected]> Message-ID: <[email protected]> Content-Type: text/plain; charset="utf-8" Hello,? I am testing PF with wlc5508. I have set up integration between PF and AD. Users successfully authenticate on portal. I can see users in PF. But no user info is copyed from AD to PF. I would like to have user Firestname,Lastname,phone,email... in PF Is the way to copy user properties from AD to PF. Vorobyev Andrey. -------------- next part -------------- An HTML attachment was scrubbed... ------------------------------ Message: 2 Date: Tue, 10 May 2016 08:55:27 +0000 From: "Torry, Andrew" <[email protected]> Subject: [PacketFence-users] Quick question - How to turn on verbose logging for some PF services To: "[email protected]" <[email protected]> Message-ID: <3E8E447E59D97B4A941A18FA0D11ACEC01CF027915@TRSTAFFMAIL2010> Content-Type: text/plain; charset="us-ascii" I am trying to track down a problem with the PFQUEUE service in that it does not seem to be updating our long DHCP lease times properly and simply creating an entry with a lifetime of about 6 seconds! The pfqueue.log file contains entries like this:- May 10 09:28:18 pfqueue(11600) INFO: [mac:unknown] DHCPREQUEST from 04:4b:ed:43:13:2a (10.17.22.209) with lease of 7776000 seconds (pf::dhcp::processor::parse_dhcp_request) But the database has a start-time and end0time only 6 seconds apart for the IP address. All I need to do is turn on the verbose logging mode for pfqueue (-v option) but cannot find where to do it. Any ideas? Andrew -------------- next part -------------- An HTML attachment was scrubbed... ------------------------------ Message: 3 Date: Tue, 10 May 2016 15:04:26 +0200 From: "tomas\.rybicka" <[email protected]> Subject: [PacketFence-users] HP (3COM) A5500 configuration To: [email protected] Message-ID: <[email protected]> Content-Type: text/plain; charset="utf-8" Hi all, i have a problem with HP (3COM) A5500 EI (JG240A - Firmware a5500ei-cmw520-r2221p20.bin) configuration. Version - PacketFence 6.0.1, CentOS 6.7. In the documentation -? Network Devices Configuration says: system-view radius scheme PacketFence server-type standard primary authentication 192.168.1.5 1812 primary accounting 192.168.1.5 1812 accounting optional key authentication useStrongerSecret user-name-format without-domain quit domain packetfence.local radius-scheme PacketFence vlan-assignment-mode string quit domain default enable packetfence.local dot1x authentication-method eap port-security enable quitthe radius accounting port nuber really same as authentication radius port numer (1812)? In the domain section i have not 'vlan-assignment-mode strict' command available. Cheers Tom?? Rybi?ka -------------- next part -------------- An HTML attachment was scrubbed... ------------------------------ Message: 4 Date: Tue, 10 May 2016 13:36:17 +0000 From: "Torry, Andrew" <[email protected]> Subject: [PacketFence-users] Error messages in pfqueue.log To: "[email protected]" <[email protected]> Message-ID: <3E8E447E59D97B4A941A18FA0D11ACEC01CF027A43@TRSTAFFMAIL2010> Content-Type: text/plain; charset="us-ascii" By allowing PF to process the iplog table using DHCPREQUEST packets we end up with lots of bogus entries with 90 day leases (any Apple device basically!!!!). I have installed the UDP reflector on our production DHCP server and configured PF to use only the DHCPACK messages now and it all it seems to be working in that all our IP/MAC addresses are now appearing in the PF database with the correct lease times. I am now however seeing a lot of these messages (literally 1000's):- May 10 14:00:26 pfqueue(25956) ERROR: [mac:10:02:b5:9a:da:c6] Invalid task id Task:776E5E1E-16AE-11E6-B5E1-674E5D08CCC2:Queue:pfdhcplistener:api:process_dhcp provided (pf::pfqueue::consumer::redis::process_next_job) May 10 14:00:26 pfqueue(25960) ERROR: [mac:58:20:b1:d4:83:f5] Invalid task id Task:777D5450-16AE-11E6-B5E1-674E5D08CCC2:Queue:pfdhcplistener:api:process_dhcp provided (pf::pfqueue::consumer::redis::process_next_job) May 10 14:00:26 pfqueue(25960) ERROR: [mac:58:20:b1:d4:83:f5] Invalid task id Task:777D6A4E-16AE-11E6-B5E1-674E5D08CCC2:Queue:pfdhcplistener:api:process_dhcp provided (pf::pfqueue::consumer::redis::process_next_job) May 10 14:00:26 pfqueue(25960) ERROR: [mac:58:20:b1:d4:83:f5] Invalid task id Task:777D7EC6-16AE-11E6-B5E1-674E5D08CCC2:Queue:pfdhcplistener:api:process_dhcp provided (pf::pfqueue::consumer::redis::process_next_job) May 10 14:00:26 pfqueue(25960) ERROR: [mac:58:20:b1:d4:83:f5] Invalid task id Task:7782C8B8-16AE-11E6-B5E1-674E5D08CCC2:Queue:pfdhcplistener:api:process_dhcp provided (pf::pfqueue::consumer::redis::process_next_job) May 10 14:00:26 pfqueue(25960) ERROR: [mac:58:20:b1:d4:83:f5] Invalid task id Task:7782EADC-16AE-11E6-B5E1-674E5D08CCC2:Queue:pfdhcplistener:api:process_dhcp provided (pf::pfqueue::consumer::redis::process_next_job) May 10 14:00:26 pfqueue(25960) ERROR: [mac:58:20:b1:d4:83:f5] Invalid task id Task:7787AFC2-16AE-11E6-B5E1-674E5D08CCC2:Queue:pfdhcplistener:api:process_dhcp provided (pf::pfqueue::consumer::redis::process_next_job) May 10 14:00:26 pfqueue(25960) ERROR: [mac:58:20:b1:d4:83:f5] Invalid task id Task:7787D5F6-16AE-11E6-B5E1-674E5D08CCC2:Queue:pfdhcplistener:api:process_dhcp provided (pf::pfqueue::consumer::redis::process_next_job) I would add our network is very very busy with well over 7000 clients. Any ideas on what they may be referring to. I have increased the number of 'helpers' in the pfqueue.conf file but they (the messages) still occur in large batches. Andrew -------------- next part -------------- An HTML attachment was scrubbed... ------------------------------ Message: 5 Date: Tue, 10 May 2016 10:04:15 -0400 From: James Rouzier <[email protected]> Subject: Re: [PacketFence-users] Quick question - How to turn on verbose logging for some PF services To: [email protected] Message-ID: <[email protected]> Content-Type: text/plain; charset="windows-1252" You can change the debug level by doing the following. Update the logging configuration for the service in this file conf/log.conf.d/pfqueue.conf Change to following line from this log4perl.rootLogger = INFO, PFQUEUE To this log4perl.rootLogger = TRACE, PFQUEUE Then you can either wait 5 minutes (that is the time it takes for the logging level to be updated) Or restart the service if you do not want to wait. James Rouzier [email protected] :: +1.514.447.4918 (x115) :: http://www.inverse.ca Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence (http://www.packetfence.org) On 2016-05-10 4:55 AM, Torry, Andrew wrote: > > I am trying to track down a problem with the PFQUEUE service in that > it does not seem to be updating > > our long DHCP lease times properly and simply creating an entry with a > lifetime of about 6 seconds! > > The pfqueue.log file contains entries like this:- > > May 10 09:28:18 pfqueue(11600) INFO: [mac:unknown] DHCPREQUEST from > 04:4b:ed:43:13:2a (10.17.22.209) with lease of 7776000 seconds > (pf::dhcp::processor::parse_dhcp_request) > > But the database has a start-time and end0time only 6 seconds apart > for the IP address. > > All I need to do is turn on the verbose logging mode for pfqueue (-v > option) but cannot find where to do it. > > Any ideas? > > Andrew > > > > ------------------------------------------------------------------------------ > Mobile security can be enabling, not merely restricting. Employees who > bring their own devices (BYOD) to work are irked by the imposition of MDM > restrictions. Mobile Device Manager Plus allows you to control only the > apps on BYO-devices by containerizing them, leaving personal data untouched! > https://ad.doubleclick.net/ddm/clk/304595813;131938128;j > > > _______________________________________________ > PacketFence-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/packetfence-users -------------- next part -------------- An HTML attachment was scrubbed... ------------------------------ ------------------------------------------------------------------------------ Mobile security can be enabling, not merely restricting. Employees who bring their own devices (BYOD) to work are irked by the imposition of MDM restrictions. Mobile Device Manager Plus allows you to control only the apps on BYO-devices by containerizing them, leaving personal data untouched! https://ad.doubleclick.net/ddm/clk/304595813;131938128;j ------------------------------ _______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users End of PacketFence-users Digest, Vol 97, Issue 16 ************************************************* ------------------------------------------------------------------------------ Mobile security can be enabling, not merely restricting. Employees who bring their own devices (BYOD) to work are irked by the imposition of MDM restrictions. Mobile Device Manager Plus allows you to control only the apps on BYO-devices by containerizing them, leaving personal data untouched! https://ad.doubleclick.net/ddm/clk/304595813;131938128;j _______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
