Hello, one thing i have in haproxy log file is :
backend registration_vlan_ip-backend has no server available! backend isolation_vlan_ip-backend has no server available! Any help is appreciated Regards, On Mon, 29 Apr 2019 at 16:06, pro fence <[email protected]> wrote: > Fabrice, > here is what i have after issuing your commands : > > tcp 0 0 registration_vlan_ip:80 0.0.0.0:* > LISTEN 7758/haproxy > tcp 0 0 isolation_vlan_ip:80 0.0.0.0:* > LISTEN 7758/haproxy > tcp 0 0 127.0.0.1:80 0.0.0.0:* > LISTEN 9239/httpd > tcp 0 0 127.0.0.1:80 127.0.0.1:43622 > SYN_RECV - > tcp 0 0 127.0.0.1:8080 0.0.0.0:* > LISTEN 7877/perl > tcp 0 0 127.0.0.1:8080 127.0.0.1:43946 > TIME_WAIT - > tcp 0 0 127.0.0.1:8080 127.0.0.1:44226 > ESTABLISHED 8288/perl > tcp 0 0 127.0.0.1:44226 127.0.0.1:8080 > ESTABLISHED 7883/pfhttpd > > > tcp 0 0 registration_vlan_ip:443 0.0.0.0:* > LISTEN 7758/haproxy > tcp 0 0 isolation_vlan_ip:443 0.0.0.0:* > LISTEN 7758/haproxy > > On Mon, 29 Apr 2019 at 15:54, pro fence <[email protected]> wrote: > >> Hello Fabrice, >> >> thank you, here it is, i skipped the "alerting" section >> >> #Subject prefix for email notifications of rogue DHCP servers, violations >> with an action of "email", or any other >> #PacketFence-related message. >> subjectprefix=[PF Alertt] >> >> [captive_portal] >> # >> # captive_portal.network_detection_ip >> # >> # This IP is used as the webserver who hosts the >> common/network-access-detection.gif which is used to detect if network >> # access was enabled. >> # It cannot be a domain name since it is used in registration or >> quarantine where DNS is blackholed. >> # It is recommended that you allow your users to reach your packetfence >> server and put your LAN's PacketFence IP. >> # By default we will make this reach PacketFence's website as an easy >> solution. >> # >> network_detection_ip=management_ip >> >> [active_active] >> # >> # active_active.password >> # >> # Shared KEY for vrrp protocol (Must be the same on all members). >> password=pwd >> >> [interface eth0] >> ip=management_ip >> type=management,portal,high-availability >> mask=255.255.0.0 >> >> [interface eth1] >> enforcement=vlan >> ip=registration_vlan_ip >> type=internal >> mask=255.255.0.0 >> >> [interface eth2] >> enforcement=vlan >> ip=isolation_vlan_ip >> type=internal >> mask=255.255.0.0 >> >> i will the commands and let you know >> Regards >> >> >> On Mon, 29 Apr 2019 at 15:46, Fabrice Durand via PacketFence-users < >> [email protected]> wrote: >> >>> Hello Pro, >>> >>> haproxy is the process who is suppose to listen on the port 80 and 443. >>> >>> It looks that the configuration is not correctly generated. >>> >>> Can you you paste your pf.conf >>> >>> and do that: >>> >>> pfcmd pfconfig clear_backend >>> >>> pfcmd configreload hard >>> >>> pfcmd service haproxy-portal restart >>> >>> pfcmd service iptables restart >>> >>> >>> Regards >>> >>> Fabrice >>> >>> >>> Le 19-04-29 à 09 h 39, pro fence via PacketFence-users a écrit : >>> >>> HI, >>> >>> thanks for the reply i have already did that. >>> Here is what i have >>> >>> >>> tcp 0 0 127.0.0.1:80 0.0.0.0:* >>> LISTEN 9239/httpd >>> tcp 0 0 127.0.0.1:80 127.0.0.1:33796 >>> SYN_RECV - >>> tcp 0 0 registration_vlan_ip:80 0.0.0.0:* >>> LISTEN 8662/haproxy >>> tcp 0 0 isolation_vlan_ip:80 0.0.0.0:* >>> LISTEN 8662/haproxy >>> tcp 0 0 127.0.0.1:8080 0.0.0.0:* >>> LISTEN 7877/perl >>> tcp 0 0 127.0.0.1:8080 127.0.0.1:34264 >>> TIME_WAIT - >>> >>> tcp 0 0 10.registration_vlan_ip:443 0.0.0.0:* >>> LISTEN 8662/haproxy >>> tcp 0 0 10.isolation_vlan_ip:443 0.0.0.0:* >>> LISTEN 8662/haproxy >>> >>> the problem is that the portal url (on the switch role config) is as >>> follows http://magement_ip/Cisco::WLC >>> >>> so when i use my ssid to connect it can't show the portal as a telnet >>> management_ip 80 doens't work. >>> I am new to packetfence so i d'ont know how a working config should >>> behave. I a using a personnalised ssl certificate and i have the file >>> server.pem set along with server.crt and server.key and my >>> packetfence-haproxy-portal service is up as a matter of fact here my >>> running services : >>> >>> packetfence-api-frontend.service >>> loaded active running PacketFence API frontend Service >>> >>> packetfence-config.service >>> loaded active running PacketFence Config Service >>> >>> packetfence-haproxy-portal.service >>> loaded active running PacketFence HAProxy Load Balancer for the >>> captive portal >>> >>> packetfence-httpd.aaa.service >>> loaded active running PacketFence AAA Apache HTTP Server >>> >>> packetfence-httpd.dispatcher.service >>> loaded active running PacketFence HTTP Dispatcher >>> >>> packetfence-httpd.parking.service >>> loaded active running PacketFence Parking Apache HTTP Server >>> >>> packetfence-httpd.portal.service >>> loaded active running PacketFence Captive Portal Apache HTTP >>> Server >>> >>> packetfence-httpd.webservices.service >>> loaded active running PacketFence Webservices Apache HTTP Server >>> >>> packetfence-iptables.service >>> loaded active running PacketFence Iptables configuration >>> >>> packetfence-mariadb.service >>> loaded active running PacketFence MariaDB instance >>> >>> packetfence-netdata.service >>> loaded active running Real time performance monitoring >>> >>> packetfence-pfdhcp.service >>> loaded active running PacketFence GO DHCPv4 Server Daemon >>> >>> packetfence-pfdhcplistener.service >>> loaded active running PacketFence DHCP Listener Service >>> >>> packetfence-pfdns.service >>> loaded active running PacketFence GO DNS Server Daemon >>> >>> packetfence-pffilter.service >>> loaded active running PacketFence pffilter Service >>> >>> packetfence-pfipset.service >>> loaded active running PacketFence Ipset Daemon >>> >>> packetfence-pfmon.service >>> loaded active running PacketFence pfmon Service >>> >>> packetfence-pfperl-api.service >>> loaded active running PacketFence Unified API >>> >>> packetfence-pfqueue.service >>> loaded active running PacketFence pfqueue Service >>> >>> packetfence-pfsso.service >>> loaded active running PacketFence PFSSO Service >>> >>> packetfence-pfstats.service >>> loaded active running PacketFence Stats daemon >>> >>> packetfence-radiusd-acct.service >>> loaded active running PacketFence FreeRADIUS multi-protocol >>> accounting server >>> >>> packetfence-radiusd-auth.service >>> loaded active running PacketFence FreeRADIUS authentication >>> multi-protocol authentication server >>> >>> packetfence-radsniff.service >>> loaded active running PacketFence radsniff Service >>> >>> packetfence-redis-cache.service >>> loaded active running PacketFence Redis Cache Service >>> packetfence-redis_queue.service >>> >>> thanks in advance, >>> regards >>> >>> On Mon, 29 Apr 2019 at 15:15, Fabrice Durand via PacketFence-users < >>> [email protected]> wrote: >>> >>>> Hello pro, >>>> >>>> you just need to add and additional listening daemon on the management >>>> interface: >>>> >>>> https://@mgmt_ip:1443/admin/configuration#configuration/networks/interfaces >>>> >>>> Then restart packetfence. >>>> >>>> Regards >>>> >>>> Fabrice >>>> Le 19-04-29 à 08 h 49, pro fence via PacketFence-users a écrit : >>>> >>>> Hi, >>>> >>>> thanks for the reply. but i still don't see how to active port 80 and >>>> 443 on management ip. >>>> >>>> Any help is appreciated >>>> Regards, >>>> >>>> On Mon, 29 Apr 2019 at 14:06, Nicolas Quiniou-Briand via >>>> PacketFence-users <[email protected]> wrote: >>>> >>>>> >>>>> >>>>> On 2019-04-29 10:27 a.m., pro fence via PacketFence-users wrote: >>>>> > my packetfence server is not listening on port 80 on the management >>>>> > interface (and my portal is on that interface as per the >>>>> installation >>>>> > guide), but it is listening on registration and isolation. >>>>> > changing the /usr/local/pf/var/conf/haproxy-portal.conf is useless >>>>> > because it is lost on restart. >>>>> >>>>> You should be able to change this setting in pf.conf (see ports >>>>> section). >>>>> -- >>>>> Nicolas Quiniou-Briand >>>>> [email protected] :: +1.514.447.4918 *140 :: https://inverse.ca >>>>> Inverse inc. :: Leaders behind SOGo (https://sogo.nu), PacketFence >>>>> (https://packetfence.org) and Fingerbank (http://fingerbank.org) >>>>> >>>>> >>>>> _______________________________________________ >>>>> PacketFence-users mailing list >>>>> [email protected] >>>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>>>> >>>> >>>> >>>> _______________________________________________ >>>> PacketFence-users mailing >>>> [email protected]https://lists.sourceforge.net/lists/listinfo/packetfence-users >>>> >>>> -- >>>> Fabrice [email protected] :: +1.514.447.4918 (x135) :: >>>> www.inverse.ca >>>> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence >>>> (http://packetfence.org) >>>> >>>> _______________________________________________ >>>> PacketFence-users mailing list >>>> [email protected] >>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>>> >>> >>> >>> _______________________________________________ >>> PacketFence-users mailing >>> [email protected]https://lists.sourceforge.net/lists/listinfo/packetfence-users >>> >>> -- >>> Fabrice [email protected] :: +1.514.447.4918 (x135) :: >>> www.inverse.ca >>> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence >>> (http://packetfence.org) >>> >>> _______________________________________________ >>> PacketFence-users mailing list >>> [email protected] >>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>> >>
_______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
