Hi Durand,
I don't have any proxy configured in my server. The cert expire error not shows
up every time. I just tried to execute wget 3 times, no certificate expire
error any more, but 1 connection refused and 2 connection closed during
downloading. Is Fingerbank has a timeout setting for http connecting ? Is there
any other way to download and update fingerbank DB ? Or how to initialize this
component ?
The first try:
[root@PacketFence-ZEN ~]# wget
https://fingerbank.inverse.ca/api/v1/download?key=<my-key>
--2017-10-18 22:08:35--
https://fingerbank.inverse.ca/api/v1/download?key=<my-key>
Resolving fingerbank.inverse.ca (fingerbank.inverse.ca)... 167.114.150.85
Connecting to fingerbank.inverse.ca
(fingerbank.inverse.ca)|167.114.150.85|:443... failed: Connection refused.
The second try:
[root@PacketFence-ZEN ~]# wget
https://fingerbank.inverse.ca/api/v1/download?key=<my-key>
--2017-10-18 22:12:56--
https://fingerbank.inverse.ca/api/v1/download?key=<my-key>
Resolving fingerbank.inverse.ca (fingerbank.inverse.ca)... 167.114.150.85
Connecting to fingerbank.inverse.ca
(fingerbank.inverse.ca)|167.114.150.85|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 2020635648 (1.9G) [application/x-sqlite3]
Saving to: ??download?key=<my-key>??
3% [=>
] 70,840,939 52.1KB/s in 6m 55s
2017-10-18 22:19:53 (167 KB/s) - Connection closed at byte 70840939. Retrying.
--2017-10-18 22:19:54-- (try: 2)
https://fingerbank.inverse.ca/api/v1/download?key=<my-key>
Connecting to fingerbank.inverse.ca
(fingerbank.inverse.ca)|167.114.150.85|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 2020635648 (1.9G) [application/x-sqlite3]
Saving to: ??download?key=<my-key>??
0% [
] 0 --.-K/s in 0.003s
Cannot write to ??download?key=<my-key>?? (Success).
The third time is similar to the second time.
------------------ Original ------------------
From: packetfence-users <[email protected]>
Date: ????,10?? 18,2017 21:18
To: packetfence-users <[email protected]>
Cc: Fabrice Durand <[email protected]>
Subject: Re: [PacketFence-users] Can't download and update fingerbank DB
Hello Yan,
do you have a proxy between PacketFence and internet ?
When i see your wget command, i can see that : "Issued certificate has
expired" and the fingerbank.inverse.ca certificate is not yet expired so
there is probably something that block/filter the request.
Regards
Fabrice
Le 2017-10-17 ?? 22:16, Yan via PacketFence-users a ??crit :
Hi Durand,
After "Initialize MYSQL database" the error missing, but now
packetfence.log keeps filling with "pfqueue: pfqueue(10132) WARN:
[mac:xx:bd:27:xx:xx:xx] Unable to perform a Fingerbank lookup for
device with MAC address 'xx:bd:27:xx:xx:xx'
(pf::fingerbank::__ANON__)". And fingerbank.log is filling with
"fingerbank: pfqueue(10133) WARN: [mac:xx:xx:0e:cb:xx:xx] An error
occured while interrogating upstream Fingerbank project: 500 Can't
connect to fingerbank.inverse.ca:443
(fingerbank::Source::API::__ANON__)
Oct 18 09:59:59 PacketFence-ZEN fingerbank: pfqueue(10133)
INFO: [mac:xx:xx:0e:cb:xx:xx] Fingerbank API has returned an
invalid result, will not cache it.
(fingerbank::Source::API::match)".
And I found I can't update fingerbank DB. When I initialize
"Update Fingerbank DB" in Configuration--Compliance--Fingerbank
Profiling--General Settings--ACTION, I found the error message
"pfqueue: pfqueue(10324) ERROR: [mac:unknown] Couldn't update
Upstream database, code : 500, msg : An error occurred while
updating file '/usr/local/fingerbank/db/fingerbank_Upstream.db'
(pf::fingerbank::_update_fingerbank_component)" in
packetfence.log. I can manually execute wget cmd to download. Is this
meant I have to buy any fingerbank license ? As I noticed fingerbank
official website said free license has a 300 times' limit every hour.
We can buy it if necessary.
[root@PacketFence-ZEN logs]# wget --no-check-certificate
https://fingerbank.inverse.ca/api/v1/download?key=<my-key>
--2017-10-18 10:09:18--
https://fingerbank.inverse.ca/api/v1/download?key=<my-key>
Resolving fingerbank.inverse.ca (fingerbank.inverse.ca)...
167.114.150.85
Connecting to fingerbank.inverse.ca
(fingerbank.inverse.ca)|167.114.150.85|:443... connected.
WARNING: cannot verify fingerbank.inverse.ca's certificate,
issued by ??/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA
Limited/CN=COMODO RSA Domain Validation Secure Server CA??:
Issued certificate has expired.
HTTP request sent, awaiting response... 200 OK
Length: 2020635648 (1.9G) [application/x-sqlite3]
Saving to:
??download?key=8c7619e51115bd21f186822f19320edfa528681b??
0% [
] 12,525,568 1.77MB/s eta 21m 37s
------------------ Original ------------------
From: packetfence-users
<[email protected]>
Date: ????,10?? 17,2017 20:29
To: packetfence-users
<[email protected]>
Cc: Fabrice Durand <[email protected]>
Subject: Re: [PacketFence-users] Can't download and
update fingerbank DB
Hello Yan,
it looks that you didn't imported fingerbank into mysql.
Go in Configuration -> Compliance -> Fingerbank Profiling -> General
settings then in Action "Initialize MySQL database".
Regards
Fabrice
Le 2017-10-17 ?? 03:19, Yan via PacketFence-users a ??crit :
Hi dear users,
We are using PF V7.2 in our office. We want to
use PF to recognize mobile devices from computers when
connecting wireless ssid. It seems PF define device's type via
DHCP fingerprint. Our packetfence.log keeps logging "pfqueue:
pfqueue(1341) WARN: [mac:ff:ee:dd:cc:bb:aa] Unable
to perform a Fingerbank lookup for device with MAC
address 'ff:ee:dd:cc:bb:aa' (pf::fingerbank::__ANON__)".
And after I ran the "Update Fingerbank DB"
button and restart pf services, the packetfence.log is now
filling with "pfqueue(6013) ERROR: [mac:04:xx:xx:cb:0f:74]
DBIx::Class::Storage::DBI::_dbh_execute(): Table
'pf_fingerbank.dhcp_vendor' doesn't exist at
/usr/local/pf/lib/fingerbank/Base/CRUD.pm line 416 (pf::api::can_fork::notify)"
How to reinstall and update fingerbank ? Anyone
could help ? Thank you very much.
------------------------------------------------------------------------------Check
out the vibrant tech community on one of the world's mostengaging tech sites,
Slashdot.org! http://sdm.link/slashdot
_______________________________________________PacketFence-users
mailing
[email protected]https://lists.sourceforge.net/lists/listinfo/packetfence-users
-- Fabrice [email protected] :: +1.514.447.4918 (x135) ::
www.inverse.caInverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and
PacketFence (http://packetfence.org)
------------------------------------------------------------------------------Check
out the vibrant tech community on one of the world's mostengaging tech sites,
Slashdot.org! http://sdm.link/slashdot
_______________________________________________PacketFence-users mailing
[email protected]https://lists.sourceforge.net/lists/listinfo/packetfence-users
-- Fabrice [email protected] :: +1.514.447.4918 (x135) ::
www.inverse.caInverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and
PacketFence (http://packetfence.org)------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
