Hi Semaan,
Thank you very much. After gave the file execute privilege with chmod + x, I
successfully restarted pfsso service. Hope the new patch can fix the restart
issue. I??ll keep an eye on it recently. Thank you again.
BTW below is what I executed just now:
# mv /usr/local/pf/bin/pfhttpd /usr/local/pf/bin/pfhttpd.bak20171222
# curl https://support.inverse.ca/~jsemaan/pfhttpd-2841>
/usr/local/pf/bin/pfhttpd
# chmod +x /usr/local/pf/bin/pfhttpd
# systemctl restart packetfence-pfsso
[root@pf-wensi ~]# journalctl -u packetfence-pfsso --since="5 minutes ago"
-- Logs begin at ?? 2017-12-21 14:20:15 CST, end at ?? 2017-12-22 21:34:44 CST.
--
12?? 22 21:34:30 pf-wensi systemd[1]: Stopping PacketFence PFSSO Service...
12?? 22 21:34:30 pf-wensi systemd[1]: Starting PacketFence PFSSO Service...
12?? 22 21:34:30 pf-wensi pfhttpd[30107]: Activating privacy features... done.
12?? 22 21:34:30 pf-wensi pfhttpd[30107]: Using configuration set log level:
INFO
12?? 22 21:34:30 pf-wensi pfhttpd[30107]: Using configured statsd protocol: udp
12?? 22 21:34:30 pf-wensi pfhttpd[30107]: Using configured prefix: pfsso
12?? 22 21:34:30 pf-wensi pfsso[30107]: t=2017-12-22T21:34:30+0800 lvl=dbug
msg="Resource is not valid anymore. Was loaded at 0001-01-01 00:00:
12?? 22 21:34:30 pf-wensi pfsso[30107]: t=2017-12-22T21:34:30+0800 lvl=dbug
msg="Resource is not valid anymore. Was loaded at 0001-01-01 00:00:
12?? 22 21:34:30 pf-wensi pfsso[30107]: t=2017-12-22T21:34:30+0800 lvl=dbug
msg="Resource is not valid anymore. Was loaded at 0001-01-01 00:00:
12?? 22 21:34:30 pf-wensi pfhttpd[30107]: http://localhost:8777
12?? 22 21:34:30 pf-wensi systemd[1]: Started PacketFence PFSSO Service.
------------------ Original ------------------
From: packetfence-users <packetfence-users@lists.sourceforge.net>
Date: ????,12?? 22,2017 10:20
To: packetfence-users <packetfence-users@lists.sourceforge.net>, Julien Semaan
<jsem...@inverse.ca>
Cc: Yan <1136723...@qq.com>
Subject: Re: [PacketFence-users] Why pfsso restarts itself recently ?
Hi Semaan,
I tried below steps on my backup pf server as you said but with no luck...When
I issue "systemctl restart packetfence-pfsso" it failed. Below is related logs.
Appreciate your reply.
[root@pf-wensi ~]# mv /usr/local/pf/bin/pfhttpd
/usr/local/pf/bin/pfhttpd.bak20171222
[root@pf-wensi ~]# curl https://support.inverse.ca/~jsemaan/pfhttpd-2841>
/usr/local/pf/bin/pfhttpd
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 18.5M 100 18.5M 0 0 1068k 0 0:00:17 0:00:17 --:--:-- 1396k
[root@pf-wensi ~]# systemctl restart packetfence-pfsso
Job for packetfence-pfsso.service failed because the control process exited
with error code. See "systemctl status packetfence-pfsso.service" and
"journalctl -xe" for details.
[root@pf-wensi ~]# systemctl status packetfence-pfsso.service
?? packetfence-pfsso.service - PacketFence PFSSO Service
Loaded: loaded (/usr/lib/systemd/system/packetfence-pfsso.service; enabled;
vendor preset: disabled)
Active: failed (Result: start-limit) since ?? 2017-12-22 09:58:24 CST; 1min
7s ago
Process: 8423 ExecStart=/usr/local/pf/bin/pfhttpd -conf
/usr/local/pf/conf/caddy-services/pfsso.conf -log-name pfsso (code=exited,
status=203/EXEC)
Main PID: 8423 (code=exited, status=203/EXEC)
12?? 22 09:58:23 pf-wensi systemd[1]: Failed to start PacketFence PFSSO Service.
12?? 22 09:58:23 pf-wensi systemd[1]: Unit packetfence-pfsso.service entered
failed state.
12?? 22 09:58:23 pf-wensi systemd[1]: packetfence-pfsso.service failed.
12?? 22 09:58:24 pf-wensi systemd[1]: packetfence-pfsso.service holdoff time
over, scheduling restart.
12?? 22 09:58:24 pf-wensi systemd[1]: start request repeated too quickly for
packetfence-pfsso.service
12?? 22 09:58:24 pf-wensi systemd[1]: Failed to start PacketFence PFSSO Service.
12?? 22 09:58:24 pf-wensi systemd[1]: Unit packetfence-pfsso.service entered
failed state.
12?? 22 09:58:24 pf-wensi systemd[1]: packetfence-pfsso.service failed.
Hint: Some lines were ellipsized, use -l to show in full.
packetfence.log
Dec 22 10:00:51 pf-wensi pfhttpd: http://localhost:8777
Dec 22 10:00:51 pf-wensi pfsso[9309]: t=2017-12-22T10:00:51+0800 lvl=dbug
msg="Resource is not valid anymore. Was loaded at 0001-01-01 00:00:00 +0000
UTC" pid=9309 PfconfigObject=element|interfaces::management_network
Dec 22 10:00:51 pf-wensi pfsso[9309]: t=2017-12-22T10:00:51+0800 lvl=dbug
msg="Resource is not valid anymore. Was loaded at 0001-01-01 00:00:00 +0000
UTC" pid=9309 PfconfigObject=keys|config::Firewall_SSO
Dec 22 10:00:51 pf-wensi pfsso[9309]: t=2017-12-22T10:00:51+0800 lvl=dbug
msg="Resource is not valid anymore. Was loaded at 0001-01-01 00:00:00 +0000
UTC" pid=9309
Dec 22 10:00:51 pf-wensi pfhttpd: Using configured prefix: pfsso
Dec 22 10:00:51 pf-wensi pfhttpd: Using configured statsd protocol: udp
Dec 22 10:00:51 pf-wensi pfhttpd: Using configuration set log level: INFO
Dec 22 10:00:51 pf-wensi pfhttpd: Activating privacy features... done.
------------------ Original ------------------
From: packetfence-users <packetfence-users@lists.sourceforge.net>
Date: ????,12?? 21,2017 23:48
To: Julien Semaan <jsem...@inverse.ca>, packetfence-users
<packetfence-users@lists.sourceforge.net>
Cc: Yan <1136723...@qq.com>
Subject: Re: [PacketFence-users] Why pfsso restarts itself recently ?
Hi Semaan,
My pf version is 7.3. My config file is as below. I just use syslog feature to
send ip user mapping info to palo alto firewall. I don??t need to do sso via PF.
/usr/local/pf/conf/firewall_sso.con
[172.23.4.14]
transport=syslog
categories=default,employees
vsys=1
networks=172.0.0.0/8,10.97.0.0/16
port=443
cache_updates=0
username_format=$username
type=PaloAlto
cache_timeout=0
[172.22.3.13]
transport=syslog
categories=default,employees
vsys=1
networks=172.24.0.0/16
cache_timeout=0
port=443
cache_updates=0
username_format=$username
type=PaloAlto
#[192.168.1.254]
#type=FortiGate
#password=s3cr3t
#port=1813
#[192.168.1.253]
#type=PaloAlto
#key=
# Specific to the PaloAlto firewall , you must use a username and password to
fetch the key to use (see PaloAlto documentation).
------------------ Original ------------------
From: Julien Semaan <jsem...@inverse.ca>
Date: ????,12?? 21,2017 23:36
To: Yan <1136723...@qq.com>, packetfence-users
<packetfence-users@lists.sourceforge.net>
Subject: Re: [PacketFence-users] Why pfsso restarts itself recently ?
I have a theory of what could be happening.
Seems like the formatting of the usernames might be causing issues with
multiple firewalls which you do seems to have.
Could you send me your /usr/local/pf/conf/firewall_sso.conf (with
obfuscated secrets obviously)
Regards,
-- Julien semaanjsem...@inverse.ca :: +1 (866) 353-6153 *155 ::
www.inverse.caInverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence
(www.packetfence.org)
On 2017-12-21 10:24 AM, Yan wrote:
It??s the latest version, V7.3.
------------------ Original ------------------
From: Julien Semaan <jsem...@inverse.ca>
Date: ????,12?? 21,2017 23:23
To: packetfence-users
<packetfence-users@lists.sourceforge.net>
Cc: Yan <1136723...@qq.com>
Subject: Re: [PacketFence-users] Why pfsso restarts
itself recently ?
Hi Yan,
Could you provide your PacketFence version?
Thanks
-- Julien semaanjsem...@inverse.ca :: +1 (866) 353-6153 *155 ::
www.inverse.caInverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence
(www.packetfence.org)
On 2017-12-21 09:56 AM, Yan via PacketFence-users wrote:
Hi
Fabrice,
Just after I sent out the mail, pfsso
restarted again. I checked a long time to detect the exact
stop time but not found any obvious log said pfsso stop. But I
found below suspisious logs that might related to pfsso
restart, and the time is very related to alert time.
------------------
Original ------------------
From: packetfence-users
<packetfence-users@lists.sourceforge.net>
Date: ????,12?? 21,2017 21:36
To: packetfence-users
<packetfence-users@lists.sourceforge.net>
Cc: Fabrice Durand <fdur...@inverse.ca>
Subject: Re: [PacketFence-users] Why
pfsso restarts itself recently ?
Hello Yan,
can you have a look in journalctl when pfsso restart ? (and
give me the log please)
Regards
Fabrice
Le 2017-12-21 ?? 08:26, Yan via
PacketFence-users a ??crit :
Hi
users,
Recently the pfsso service on
our PF system always shutting down suddenly and then
about one or two minutes it start again without any
help. Below is our monitor log from zabbix. Why
would pf restart pfsso automatically ? There's
no issue with other features so I don't know
if I should do anything ?
------------------------------------------------------------------------------Check
out the vibrant tech community on one of the world's mostengaging tech sites,
Slashdot.org! http://sdm.link/slashdot
_______________________________________________PacketFence-users mailing
listPacketFence-users@lists.sourceforge.nethttps://lists.sourceforge.net/lists/listinfo/packetfence-users
-- Fabrice durandfdur...@inverse.ca :: +1.514.447.4918
(x135) :: www.inverse.caInverse inc. :: Leaders behind SOGo
(http://www.sogo.nu) and PacketFence (http://packetfence.org)
This body part will be downloaded on demand.
This body part will be downloaded on demand.------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users
