Hi Yan,
Turns out the issue was easier to replicate than expected and even
better, the fix was easier than expected.
I've uploaded a new binary with the fix here:
https://support.inverse.ca/~jsemaan/pfhttpd
Here is how to apply the fix:
# mv /usr/local/pf/bin/pfhttpd /usr/local/pf/bin/pfhttpd.bak
# curl https://support.inverse.ca/~jsemaan/pfhttpd-2841 >
/usr/local/pf/bin/pfhttpd
# systemctl restart packetfence-pfsso
If it fails to start, revert to the previous pfhttpd and let me know the
errors in journalctl
This will be part of 7.4 so no need to worry about it for your future
upgrade
Best Regards,
--
Julien Semaan
[email protected] :: +1 (866) 353-6153 *155 ::www.inverse.ca
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence
(www.packetfence.org)
On 2017-12-21 10:53 AM, Yan wrote:
Glad to hear that. Thank you so much. Waiting for your good news.
------------------ Original ------------------
*From:* Julien Semaan <[email protected]>
*Date:* ????,12?? 21,2017 23:51
*To:* Yan <[email protected]>, packetfence-users
<[email protected]>
*Subject:* Re: [PacketFence-users] Why pfsso restarts itself recently ?
Hi Yan,
That config confirms my theory, having user/IP mapping sent to your
firewall is what we call SSO in PacketFence so you're technically
doing it.
I've opened the following Github issue to track this problem:
https://github.com/inverse-inc/packetfence/issues/2847
I should be able to provide resolution before the end of the week and
will update the mailing list + the Github issue
Best Regards,
-- Julien [email protected] :: +1 (866) 353-6153 *155
::www.inverse.caInverse inc. :: Leaders behind SOGo (www.sogo.nu) and
PacketFence (www.packetfence.org)
On 2017-12-21 10:48 AM, Yan wrote:
Hi Semaan,
My pf version is 7.3. My config file is as below. I just use syslog
feature to send ip user mapping info to palo alto firewall. I don??t
need to do sso via PF.
/usr/local/pf/conf/firewall_sso.con
[172.23.4.14]
transport=syslog
categories=default,employees
vsys=1
networks=172.0.0.0/8,10.97.0.0/16
port=443
cache_updates=0
username_format=$username
type=PaloAlto
cache_timeout=0
[172.22.3.13]
transport=syslog
categories=default,employees
vsys=1
networks=172.24.0.0/16
cache_timeout=0
port=443
cache_updates=0
username_format=$username
type=PaloAlto
#[192.168.1.254]
#type=FortiGate
#password=s3cr3t
#port=1813
#[192.168.1.253]
#type=PaloAlto
#key=
# Specific to the PaloAlto firewall , you must use a username and
password to fetch the key to use (see PaloAlto documentation).
------------------ Original ------------------
*From:* Julien Semaan <[email protected]>
*Date:* ????,12?? 21,2017 23:36
*To:* Yan <[email protected]>, packetfence-users
<[email protected]>
*Subject:* Re: [PacketFence-users] Why pfsso restarts itself recently ?
I have a theory of what could be happening.
Seems like the formatting of the usernames might be causing issues
with multiple firewalls which you do seems to have.
Could you send me your /usr/local/pf/conf/firewall_sso.conf (with
obfuscated secrets obviously)
Regards,
-- Julien [email protected] :: +1 (866) 353-6153 *155
::www.inverse.caInverse inc. :: Leaders behind SOGo (www.sogo.nu) and
PacketFence (www.packetfence.org)
On 2017-12-21 10:24 AM, Yan wrote:
It??s the latest version, V7.3.
------------------ Original ------------------
*From:* Julien Semaan <[email protected]>
*Date:* ????,12?? 21,2017 23:23
*To:* packetfence-users <[email protected]>
*Cc:* Yan <[email protected]>
*Subject:* Re: [PacketFence-users] Why pfsso restarts itself recently ?
Hi Yan,
Could you provide your PacketFence version?
Thanks
-- Julien [email protected] :: +1 (866) 353-6153 *155
::www.inverse.caInverse inc. :: Leaders behind SOGo (www.sogo.nu) and
PacketFence (www.packetfence.org)
On 2017-12-21 09:56 AM, Yan via PacketFence-users wrote:
Hi Fabrice,
Just after I sent out the mail, pfsso restarted again. I checked a
long time to detect the exact stop time but not found any obvious
log said pfsso stop. But I found below suspisious logs that might
related to pfsso restart, and the time is very related to alert time.
------------------ Original ------------------
*From:* packetfence-users <[email protected]>
*Date:* ????,12?? 21,2017 21:36
*To:* packetfence-users <[email protected]>
*Cc:* Fabrice Durand <[email protected]>
*Subject:* Re: [PacketFence-users] Why pfsso restarts itself recently ?
Hello Yan,
can you have a look in journalctl when pfsso restart ? (and give me
the log please)
Regards
Fabrice
Le 2017-12-21 ?? 08:26, Yan via PacketFence-users a ??crit :
Hi users,
Recently the pfsso service on our PF system always shutting down
suddenly and then about one or two minutes it start again without
any help. Below is our monitor log from zabbix. Why would pf
restart pfsso automatically ? There's no issue with other features
so I don't know if I should do anything ?
------------------------------------------------------------------------------Check
out the vibrant tech community on one of the world's mostengaging tech sites,
Slashdot.org!http://sdm.link/slashdot
_______________________________________________PacketFence-users mailing
[email protected]https://lists.sourceforge.net/lists/listinfo/packetfence-users
-- Fabrice [email protected] :: +1.514.447.4918 (x135)
::www.inverse.caInverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and
PacketFence (http://packetfence.org)
This body part will be downloaded on demand.
This body part will be downloaded on demand.
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
