Glad to hear that. Thank you so much. Waiting for your good news.
------------------ Original ------------------
From: Julien Semaan <jsem...@inverse.ca>
Date: ????,12?? 21,2017 23:51
To: Yan <1136723...@qq.com>, packetfence-users
<packetfence-users@lists.sourceforge.net>
Subject: Re: [PacketFence-users] Why pfsso restarts itself recently ?
Hi Yan,
That config confirms my theory, having user/IP mapping sent to your
firewall is what we call SSO in PacketFence so you're technically doing it.
I've opened the following Github issue to track this problem:
https://github.com/inverse-inc/packetfence/issues/2847
I should be able to provide resolution before the end of the week and
will update the mailing list + the Github issue
Best Regards,
-- Julien semaanjsem...@inverse.ca :: +1 (866) 353-6153 *155 ::
www.inverse.caInverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence
(www.packetfence.org)
On 2017-12-21 10:48 AM, Yan wrote:
Hi Semaan,
My pf version is 7.3. My config file is as below. I just use
syslog feature to send ip user mapping info to palo alto firewall. I
don??t need to do sso via PF.
/usr/local/pf/conf/firewall_sso.con
[172.23.4.14]
transport=syslog
categories=default,employees
vsys=1
networks=172.0.0.0/8,10.97.0.0/16
port=443
cache_updates=0
username_format=$username
type=PaloAlto
cache_timeout=0
[172.22.3.13]
transport=syslog
categories=default,employees
vsys=1
networks=172.24.0.0/16
cache_timeout=0
port=443
cache_updates=0
username_format=$username
type=PaloAlto
#[192.168.1.254]
#type=FortiGate
#password=s3cr3t
#port=1813
#[192.168.1.253]
#type=PaloAlto
#key=
# Specific to the PaloAlto firewall , you must use a
username and password to fetch the key to use (see PaloAlto
documentation).
------------------ Original ------------------
From: Julien Semaan <jsem...@inverse.ca>
Date: ????,12?? 21,2017 23:36
To: Yan <1136723...@qq.com>, packetfence-users
<packetfence-users@lists.sourceforge.net>
Subject: Re: [PacketFence-users] Why pfsso restarts
itself recently ?
I have a theory of what could be happening.
Seems like the formatting of the usernames might be causing
issues with multiple firewalls which you do seems to have.
Could you send me your /usr/local/pf/conf/firewall_sso.conf
(with obfuscated secrets obviously)
Regards,
-- Julien semaanjsem...@inverse.ca :: +1 (866) 353-6153 *155 ::
www.inverse.caInverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence
(www.packetfence.org)
On 2017-12-21 10:24 AM, Yan wrote:
It??s the latest
version, V7.3.
------------------
Original ------------------
From: Julien Semaan <jsem...@inverse.ca>
Date: ????,12?? 21,2017 23:23
To: packetfence-users
<packetfence-users@lists.sourceforge.net>
Cc: Yan <1136723...@qq.com>
Subject: Re: [PacketFence-users] Why
pfsso restarts itself recently ?
Hi Yan,
Could you provide your PacketFence version?
Thanks
-- Julien semaanjsem...@inverse.ca :: +1 (866) 353-6153 *155
:: www.inverse.caInverse inc. :: Leaders behind SOGo (www.sogo.nu) and
PacketFence (www.packetfence.org)
On 2017-12-21 09:56 AM, Yan via
PacketFence-users wrote:
Hi Fabrice,
Just after I sent out the
mail, pfsso restarted again. I checked a long time to
detect the exact stop time but not found any obvious
log said pfsso stop. But I found below suspisious
logs that might related to pfsso restart, and
the time is very related to alert time.
------------------
Original ------------------
From: packetfence-users
<packetfence-users@lists.sourceforge.net>
Date: ????,12?? 21,2017 21:36
To: packetfence-users
<packetfence-users@lists.sourceforge.net>
Cc: Fabrice Durand <fdur...@inverse.ca>
Subject: Re: [PacketFence-users]
Why pfsso restarts itself recently ?
Hello Yan,
can you have a look in journalctl when pfsso restart ?
(and give me the log please)
Regards
Fabrice
Le 2017-12-21 ?? 08:26, Yan
via PacketFence-users a ??crit :
Hi users,
Recently the
pfsso service on our PF system always shutting
down suddenly and then about one or two
minutes it start again without any help. Below
is our monitor log from zabbix. Why would pf
restart pfsso automatically ? There's
no issue with other features so I
don't know if I should do anything ?
------------------------------------------------------------------------------Check
out the vibrant tech community on one of the world's mostengaging tech sites,
Slashdot.org! http://sdm.link/slashdot
_______________________________________________PacketFence-users mailing
listPacketFence-users@lists.sourceforge.nethttps://lists.sourceforge.net/lists/listinfo/packetfence-users
-- Fabrice durandfdur...@inverse.ca ::
+1.514.447.4918 (x135) :: www.inverse.caInverse inc. :: Leaders behind SOGo
(http://www.sogo.nu) and PacketFence (http://packetfence.org)
This body part will be downloaded on demand.
This body part will be downloaded on demand.------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users
