Fabrice, here is what i have after issuing your commands : tcp 0 0 registration_vlan_ip:80 0.0.0.0:* LISTEN 7758/haproxy tcp 0 0 isolation_vlan_ip:80 0.0.0.0:* LISTEN 7758/haproxy tcp 0 0 127.0.0.1:80 0.0.0.0:* LISTEN 9239/httpd tcp 0 0 127.0.0.1:80 127.0.0.1:43622 SYN_RECV - tcp 0 0 127.0.0.1:8080 0.0.0.0:* LISTEN 7877/perl tcp 0 0 127.0.0.1:8080 127.0.0.1:43946 TIME_WAIT - tcp 0 0 127.0.0.1:8080 127.0.0.1:44226 ESTABLISHED 8288/perl tcp 0 0 127.0.0.1:44226 127.0.0.1:8080 ESTABLISHED 7883/pfhttpd
tcp 0 0 registration_vlan_ip:443 0.0.0.0:* LISTEN 7758/haproxy tcp 0 0 isolation_vlan_ip:443 0.0.0.0:* LISTEN 7758/haproxy On Mon, 29 Apr 2019 at 15:54, pro fence <[email protected]> wrote: > Hello Fabrice, > > thank you, here it is, i skipped the "alerting" section > > #Subject prefix for email notifications of rogue DHCP servers, violations > with an action of "email", or any other > #PacketFence-related message. > subjectprefix=[PF Alertt] > > [captive_portal] > # > # captive_portal.network_detection_ip > # > # This IP is used as the webserver who hosts the > common/network-access-detection.gif which is used to detect if network > # access was enabled. > # It cannot be a domain name since it is used in registration or > quarantine where DNS is blackholed. > # It is recommended that you allow your users to reach your packetfence > server and put your LAN's PacketFence IP. > # By default we will make this reach PacketFence's website as an easy > solution. > # > network_detection_ip=management_ip > > [active_active] > # > # active_active.password > # > # Shared KEY for vrrp protocol (Must be the same on all members). > password=pwd > > [interface eth0] > ip=management_ip > type=management,portal,high-availability > mask=255.255.0.0 > > [interface eth1] > enforcement=vlan > ip=registration_vlan_ip > type=internal > mask=255.255.0.0 > > [interface eth2] > enforcement=vlan > ip=isolation_vlan_ip > type=internal > mask=255.255.0.0 > > i will the commands and let you know > Regards > > > On Mon, 29 Apr 2019 at 15:46, Fabrice Durand via PacketFence-users < > [email protected]> wrote: > >> Hello Pro, >> >> haproxy is the process who is suppose to listen on the port 80 and 443. >> >> It looks that the configuration is not correctly generated. >> >> Can you you paste your pf.conf >> >> and do that: >> >> pfcmd pfconfig clear_backend >> >> pfcmd configreload hard >> >> pfcmd service haproxy-portal restart >> >> pfcmd service iptables restart >> >> >> Regards >> >> Fabrice >> >> >> Le 19-04-29 à 09 h 39, pro fence via PacketFence-users a écrit : >> >> HI, >> >> thanks for the reply i have already did that. >> Here is what i have >> >> >> tcp 0 0 127.0.0.1:80 0.0.0.0:* >> LISTEN 9239/httpd >> tcp 0 0 127.0.0.1:80 127.0.0.1:33796 >> SYN_RECV - >> tcp 0 0 registration_vlan_ip:80 0.0.0.0:* >> LISTEN 8662/haproxy >> tcp 0 0 isolation_vlan_ip:80 0.0.0.0:* >> LISTEN 8662/haproxy >> tcp 0 0 127.0.0.1:8080 0.0.0.0:* >> LISTEN 7877/perl >> tcp 0 0 127.0.0.1:8080 127.0.0.1:34264 >> TIME_WAIT - >> >> tcp 0 0 10.registration_vlan_ip:443 0.0.0.0:* >> LISTEN 8662/haproxy >> tcp 0 0 10.isolation_vlan_ip:443 0.0.0.0:* >> LISTEN 8662/haproxy >> >> the problem is that the portal url (on the switch role config) is as >> follows http://magement_ip/Cisco::WLC >> >> so when i use my ssid to connect it can't show the portal as a telnet >> management_ip 80 doens't work. >> I am new to packetfence so i d'ont know how a working config should >> behave. I a using a personnalised ssl certificate and i have the file >> server.pem set along with server.crt and server.key and my >> packetfence-haproxy-portal service is up as a matter of fact here my >> running services : >> >> packetfence-api-frontend.service >> loaded active running PacketFence API frontend Service >> >> packetfence-config.service >> loaded active running PacketFence Config Service >> >> packetfence-haproxy-portal.service >> loaded active running PacketFence HAProxy Load Balancer for the >> captive portal >> >> packetfence-httpd.aaa.service >> loaded active running PacketFence AAA Apache HTTP Server >> >> packetfence-httpd.dispatcher.service >> loaded active running PacketFence HTTP Dispatcher >> >> packetfence-httpd.parking.service >> loaded active running PacketFence Parking Apache HTTP Server >> >> packetfence-httpd.portal.service >> loaded active running PacketFence Captive Portal Apache HTTP >> Server >> >> packetfence-httpd.webservices.service >> loaded active running PacketFence Webservices Apache HTTP Server >> >> packetfence-iptables.service >> loaded active running PacketFence Iptables configuration >> >> packetfence-mariadb.service >> loaded active running PacketFence MariaDB instance >> >> packetfence-netdata.service >> loaded active running Real time performance monitoring >> >> packetfence-pfdhcp.service >> loaded active running PacketFence GO DHCPv4 Server Daemon >> >> packetfence-pfdhcplistener.service >> loaded active running PacketFence DHCP Listener Service >> >> packetfence-pfdns.service >> loaded active running PacketFence GO DNS Server Daemon >> >> packetfence-pffilter.service >> loaded active running PacketFence pffilter Service >> >> packetfence-pfipset.service >> loaded active running PacketFence Ipset Daemon >> >> packetfence-pfmon.service >> loaded active running PacketFence pfmon Service >> >> packetfence-pfperl-api.service >> loaded active running PacketFence Unified API >> >> packetfence-pfqueue.service >> loaded active running PacketFence pfqueue Service >> >> packetfence-pfsso.service >> loaded active running PacketFence PFSSO Service >> >> packetfence-pfstats.service >> loaded active running PacketFence Stats daemon >> >> packetfence-radiusd-acct.service >> loaded active running PacketFence FreeRADIUS multi-protocol >> accounting server >> >> packetfence-radiusd-auth.service >> loaded active running PacketFence FreeRADIUS authentication >> multi-protocol authentication server >> >> packetfence-radsniff.service >> loaded active running PacketFence radsniff Service >> >> packetfence-redis-cache.service >> loaded active running PacketFence Redis Cache Service >> packetfence-redis_queue.service >> >> thanks in advance, >> regards >> >> On Mon, 29 Apr 2019 at 15:15, Fabrice Durand via PacketFence-users < >> [email protected]> wrote: >> >>> Hello pro, >>> >>> you just need to add and additional listening daemon on the management >>> interface: >>> >>> https://@mgmt_ip:1443/admin/configuration#configuration/networks/interfaces >>> >>> Then restart packetfence. >>> >>> Regards >>> >>> Fabrice >>> Le 19-04-29 à 08 h 49, pro fence via PacketFence-users a écrit : >>> >>> Hi, >>> >>> thanks for the reply. but i still don't see how to active port 80 and >>> 443 on management ip. >>> >>> Any help is appreciated >>> Regards, >>> >>> On Mon, 29 Apr 2019 at 14:06, Nicolas Quiniou-Briand via >>> PacketFence-users <[email protected]> wrote: >>> >>>> >>>> >>>> On 2019-04-29 10:27 a.m., pro fence via PacketFence-users wrote: >>>> > my packetfence server is not listening on port 80 on the management >>>> > interface (and my portal is on that interface as per the installation >>>> > guide), but it is listening on registration and isolation. >>>> > changing the /usr/local/pf/var/conf/haproxy-portal.conf is useless >>>> > because it is lost on restart. >>>> >>>> You should be able to change this setting in pf.conf (see ports >>>> section). >>>> -- >>>> Nicolas Quiniou-Briand >>>> [email protected] :: +1.514.447.4918 *140 :: https://inverse.ca >>>> Inverse inc. :: Leaders behind SOGo (https://sogo.nu), PacketFence >>>> (https://packetfence.org) and Fingerbank (http://fingerbank.org) >>>> >>>> >>>> _______________________________________________ >>>> PacketFence-users mailing list >>>> [email protected] >>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>>> >>> >>> >>> _______________________________________________ >>> PacketFence-users mailing >>> [email protected]https://lists.sourceforge.net/lists/listinfo/packetfence-users >>> >>> -- >>> Fabrice [email protected] :: +1.514.447.4918 (x135) :: >>> www.inverse.ca >>> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence >>> (http://packetfence.org) >>> >>> _______________________________________________ >>> PacketFence-users mailing list >>> [email protected] >>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>> >> >> >> _______________________________________________ >> PacketFence-users mailing >> [email protected]https://lists.sourceforge.net/lists/listinfo/packetfence-users >> >> -- >> Fabrice [email protected] :: +1.514.447.4918 (x135) :: >> www.inverse.ca >> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence >> (http://packetfence.org) >> >> _______________________________________________ >> PacketFence-users mailing list >> [email protected] >> https://lists.sourceforge.net/lists/listinfo/packetfence-users >> >
_______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
