Hi Semaan,
I tried below steps on my backup pf server as you said but with no
luck...When I issue "systemctl restart packetfence-pfsso" it failed.
Below is related logs. Appreciate your reply.
[root@pf-wensi ~]# mv /usr/local/pf/bin/pfhttpd
/usr/local/pf/bin/pfhttpd.bak20171222
[root@pf-wensi ~]# curl
https://support.inverse.ca/~jsemaan/pfhttpd-2841>
/usr/local/pf/bin/pfhttpd
?0?2 % Total ?0?2 ?0?2% Received % Xferd ?0?2Average Speed ?0?2 Time ?0?2 ?0?2Time ?0?2 ?0?2
Time ?0?2Current
?0?2 ?0?2 ?0?2 ?0?2 ?0?2 ?0?2 ?0?2 ?0?2 ?0?2 ?0?2 ?0?2 ?0?2 ?0?2 ?0?2 ?0?2 ?0?2 ?0?2Dload ?0?2Upload ?0?2 Total ?0?2 Spent ?0?2
?0?2Left ?0?2Speed
100 18.5M ?0?2100 18.5M ?0?2 ?0?20 ?0?2 ?0?2 0 ?0?21068k ?0?20 ?0?20:00:17 ?0?20:00:17 --:--:--
1396k
[root@pf-wensi ~]# systemctl restart packetfence-pfsso
Job for packetfence-pfsso.service failed because the control process
exited with error code. See "systemctl status
packetfence-pfsso.service" and "journalctl -xe" for details.
[root@pf-wensi ~]# systemctl status packetfence-pfsso.service
?? packetfence-pfsso.service - PacketFence PFSSO Service
?0?2 ?0?2Loaded: loaded (/usr/lib/systemd/system/packetfence-pfsso.service;
enabled; vendor preset: disabled)
?0?2 ?0?2Active: failed (Result: start-limit) since ?? 2017-12-22 09:58:24
CST; 1min 7s ago
?0?2 Process: 8423 ExecStart=/usr/local/pf/bin/pfhttpd -conf
/usr/local/pf/conf/caddy-services/pfsso.conf -log-name pfsso
(code=exited, status=203/EXEC)
?0?2Main PID: 8423 (code=exited, status=203/EXEC)
12?? 22 09:58:23 pf-wensi systemd[1]: Failed to start PacketFence
PFSSO Service.
12?? 22 09:58:23 pf-wensi systemd[1]: Unit packetfence-pfsso.service
entered failed state.
12?? 22 09:58:23 pf-wensi systemd[1]: packetfence-pfsso.service failed.
12?? 22 09:58:24 pf-wensi systemd[1]: packetfence-pfsso.service
holdoff time over, scheduling restart.
12?? 22 09:58:24 pf-wensi systemd[1]: start request repeated too
quickly for packetfence-pfsso.service
12?? 22 09:58:24 pf-wensi systemd[1]: Failed to start PacketFence
PFSSO Service.
12?? 22 09:58:24 pf-wensi systemd[1]: Unit packetfence-pfsso.service
entered failed state.
12?? 22 09:58:24 pf-wensi systemd[1]: packetfence-pfsso.service failed.
Hint: Some lines were ellipsized, use -l to show in full.
packetfence.log
Dec 22 10:00:51 pf-wensi pfhttpd: http://localhost:8777
Dec 22 10:00:51 pf-wensi pfsso[9309]: t=2017-12-22T10:00:51+0800
lvl=dbug msg="Resource is not valid anymore. Was loaded at 0001-01-01
00:00:00 +0000 UTC" pid=9309
PfconfigObject=element|interfaces::management_network
Dec 22 10:00:51 pf-wensi pfsso[9309]: t=2017-12-22T10:00:51+0800
lvl=dbug msg="Resource is not valid anymore. Was loaded at 0001-01-01
00:00:00 +0000 UTC" pid=9309 PfconfigObject=keys|config::Firewall_SSO
Dec 22 10:00:51 pf-wensi pfsso[9309]: t=2017-12-22T10:00:51+0800
lvl=dbug msg="Resource is not valid anymore. Was loaded at 0001-01-01
00:00:00 +0000 UTC" pid=9309
Dec 22 10:00:51 pf-wensi pfhttpd: Using configured prefix: pfsso
Dec 22 10:00:51 pf-wensi pfhttpd: Using configured statsd protocol: udp
Dec 22 10:00:51 pf-wensi pfhttpd: Using configuration set log level: INFO
Dec 22 10:00:51 pf-wensi pfhttpd: Activating privacy features... done.
------------------ Original ------------------
*From:* packetfence-users <[email protected]>
*Date:* ????,12?? 21,2017 23:48
*To:* Julien Semaan <[email protected]>, packetfence-users
<[email protected]>
*Cc:* Yan <[email protected]>
*Subject:* Re: [PacketFence-users] Why pfsso restarts itself recently ?
Hi Semaan,
My pf version is 7.3. My config file is as below. I just use syslog
feature to send ip user mapping info to palo alto firewall. I don??t
need to do sso via PF.
/usr/local/pf/conf/firewall_sso.con
[172.23.4.14]
transport=syslog
categories=default,employees
vsys=1
networks=172.0.0.0/8,10.97.0.0/16
port=443
cache_updates=0
username_format=$username
type=PaloAlto
cache_timeout=0
[172.22.3.13]
transport=syslog
categories=default,employees
vsys=1
networks=172.24.0.0/16
cache_timeout=0
port=443
cache_updates=0
username_format=$username
type=PaloAlto
#[192.168.1.254]
#type=FortiGate
#password=s3cr3t
#port=1813
#[192.168.1.253]
#type=PaloAlto
#key=
# Specific to the PaloAlto firewall , you must use a username and
password to fetch the key to use (see PaloAlto documentation).
------------------ Original ------------------
*From:* Julien Semaan <[email protected]>
*Date:* ????,12?? 21,2017 23:36
*To:* Yan <[email protected]>, packetfence-users
<[email protected]>
*Subject:* Re: [PacketFence-users] Why pfsso restarts itself recently ?
I have a theory of what could be happening.
Seems like the formatting of the usernames might be causing issues
with multiple firewalls which you do seems to have.
Could you send me your /usr/local/pf/conf/firewall_sso.conf (with
obfuscated secrets obviously)
Regards,
-- Julien [email protected] :: +1 (866) 353-6153 *155
::www.inverse.caInverse inc. :: Leaders behind SOGo (www.sogo.nu) and
PacketFence (www.packetfence.org)
On 2017-12-21 10:24 AM, Yan wrote:
It??s the latest version, V7.3.
------------------ Original ------------------
*From:* Julien Semaan <[email protected]>
*Date:* ????,12?? 21,2017 23:23
*To:* packetfence-users <[email protected]>
*Cc:* Yan <[email protected]>
*Subject:* Re: [PacketFence-users] Why pfsso restarts itself recently ?
Hi Yan,
Could you provide your PacketFence version?
Thanks
-- Julien [email protected] :: +1 (866) 353-6153 *155
::www.inverse.caInverse inc. :: Leaders behind SOGo (www.sogo.nu) and
PacketFence (www.packetfence.org)
On 2017-12-21 09:56 AM, Yan via PacketFence-users wrote:
Hi Fabrice,
Just after I sent out the mail, pfsso restarted again. I checked a
long time to detect the exact stop time but not found any obvious
log said pfsso stop. But I found below suspisious logs that might
related to pfsso restart, and the time is very related to alert time.
------------------ Original ------------------
*From:* packetfence-users <[email protected]>
*Date:* ????,12?? 21,2017 21:36
*To:* packetfence-users <[email protected]>
*Cc:* Fabrice Durand <[email protected]>
*Subject:* Re: [PacketFence-users] Why pfsso restarts itself recently ?
Hello Yan,
can you have a look in journalctl when pfsso restart ? (and give me
the log please)
Regards
Fabrice
Le 2017-12-21 ?? 08:26, Yan via PacketFence-users a ??crit :
Hi users,
Recently the pfsso service on our PF system always shutting down
suddenly and then about one or two minutes it start again without
any help. Below is our monitor log from zabbix. Why would pf
restart pfsso automatically ? There's no issue with other features
so I don't know if I should do anything ?
------------------------------------------------------------------------------Check
out the vibrant tech community on one of the world's mostengaging tech sites,
Slashdot.org!http://sdm.link/slashdot
_______________________________________________PacketFence-users mailing
[email protected]https://lists.sourceforge.net/lists/listinfo/packetfence-users
-- Fabrice [email protected] :: +1.514.447.4918 (x135)
::www.inverse.caInverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and
PacketFence (http://packetfence.org)
This body part will be downloaded on demand.
This body part will be downloaded on demand.
