Hello,
i noticed that you probably run a cluster, can you paste the
cluster.conf file ?
Also can you run that: pfcmd pfconfig show interfaces::portal_ints
and paste the output ?
Thanks
Fabrice
Le 19-04-30 à 09 h 41, pro fence via PacketFence-users a écrit :
don't mind the " backend has no server available" it was a false alarm.
I still dont know why the portal doesn't show up as i thought the
packetfence server management ip should listen on port 80 ... ?
Regards
On Tue, 30 Apr 2019 at 10:10, pro fence <[email protected]
<mailto:[email protected]>> wrote:
Hello,
one thing i have in haproxy log file is :
backend registration_vlan_ip-backend has no server available!
backend isolation_vlan_ip-backend has no server available!
Any help is appreciated
Regards,
On Mon, 29 Apr 2019 at 16:06, pro fence <[email protected]
<mailto:[email protected]>> wrote:
Fabrice,
here is what i have after issuing your commands :
tcp 0 0 registration_vlan_ip:80
0.0.0.0:* LISTEN 7758/haproxy
tcp 0 0 isolation_vlan_ip:80
0.0.0.0:* LISTEN 7758/haproxy
tcp 0 0 127.0.0.1:80 <http://127.0.0.1:80>
0.0.0.0:* LISTEN 9239/httpd
tcp 0 0 127.0.0.1:80 <http://127.0.0.1:80>
127.0.0.1:43622 <http://127.0.0.1:43622> SYN_RECV -
tcp 0 0 127.0.0.1:8080 <http://127.0.0.1:8080>
0.0.0.0:* LISTEN 7877/perl
tcp 0 0 127.0.0.1:8080 <http://127.0.0.1:8080>
127.0.0.1:43946 <http://127.0.0.1:43946> TIME_WAIT -
tcp 0 0 127.0.0.1:8080 <http://127.0.0.1:8080>
127.0.0.1:44226 <http://127.0.0.1:44226> ESTABLISHED 8288/perl
tcp 0 0 127.0.0.1:44226 <http://127.0.0.1:44226>
127.0.0.1:8080 <http://127.0.0.1:8080> ESTABLISHED 7883/pfhttpd
tcp 0 0 registration_vlan_ip:443
0.0.0.0:* LISTEN 7758/haproxy
tcp 0 0 isolation_vlan_ip:443
0.0.0.0:* LISTEN 7758/haproxy
On Mon, 29 Apr 2019 at 15:54, pro fence <[email protected]
<mailto:[email protected]>> wrote:
Hello Fabrice,
thank you, here it is, i skipped the "alerting" section
#Subject prefix for email notifications of rogue DHCP
servers, violations with an action of "email", or any other
#PacketFence-related message.
subjectprefix=[PF Alertt]
[captive_portal]
#
# captive_portal.network_detection_ip
#
# This IP is used as the webserver who hosts the
common/network-access-detection.gif which is used to
detect if network
# access was enabled.
# It cannot be a domain name since it is used in
registration or quarantine where DNS is blackholed.
# It is recommended that you allow your users to reach
your packetfence server and put your LAN's PacketFence IP.
# By default we will make this reach PacketFence's website
as an easy solution.
#
network_detection_ip=management_ip
[active_active]
#
# active_active.password
#
# Shared KEY for vrrp protocol (Must be the same on all
members).
password=pwd
[interface eth0]
ip=management_ip
type=management,portal,high-availability
mask=255.255.0.0
[interface eth1]
enforcement=vlan
ip=registration_vlan_ip
type=internal
mask=255.255.0.0
[interface eth2]
enforcement=vlan
ip=isolation_vlan_ip
type=internal
mask=255.255.0.0
i will the commands and let you know
Regards
On Mon, 29 Apr 2019 at 15:46, Fabrice Durand via
PacketFence-users <[email protected]
<mailto:[email protected]>> wrote:
Hello Pro,
haproxy is the process who is suppose to listen on the
port 80 and 443.
It looks that the configuration is not correctly
generated.
Can you you paste your pf.conf
and do that:
pfcmd pfconfig clear_backend
pfcmd configreload hard
pfcmd service haproxy-portal restart
pfcmd service iptables restart
Regards
Fabrice
Le 19-04-29 à 09 h 39, pro fence via PacketFence-users
a écrit :
HI,
thanks for the reply i have already did that.
Here is what i have
tcp 0 0 127.0.0.1:80
<http://127.0.0.1:80> 0.0.0.0:* LISTEN 9239/httpd
tcp 0 0 127.0.0.1:80
<http://127.0.0.1:80> 127.0.0.1:33796
<http://127.0.0.1:33796> SYN_RECV -
tcp 0 0 registration_vlan_ip:80 0.0.0.0:*
LISTEN 8662/haproxy
tcp 0 0 isolation_vlan_ip:80 0.0.0.0:*
LISTEN 8662/haproxy
tcp 0 0 127.0.0.1:8080
<http://127.0.0.1:8080> 0.0.0.0:* LISTEN 7877/perl
tcp 0 0 127.0.0.1:8080
<http://127.0.0.1:8080> 127.0.0.1:34264
<http://127.0.0.1:34264> TIME_WAIT -
tcp 0 0 10.registration_vlan_ip:443
0.0.0.0:* LISTEN 8662/haproxy
tcp 0 0 10.isolation_vlan_ip:443
0.0.0.0:* LISTEN 8662/haproxy
the problem is that the portal url (on the switch
role config) is as follows http://magement_ip/Cisco::WLC
so when i use my ssid to connect it can't show the
portal as a telnet management_ip 80 doens't work.
I am new to packetfence so i d'ont know how a working
config should behave. I a using a personnalised ssl
certificate and i have the file server.pem set along
with server.crt and server.key and my
packetfence-haproxy-portal service is up as a matter
of fact here my running services :
packetfence-api-frontend.service loaded active
running PacketFence API frontend Service
packetfence-config.service loaded active running
PacketFence Config Service
packetfence-haproxy-portal.service loaded active
running PacketFence HAProxy Load Balancer for the
captive portal
packetfence-httpd.aaa.service loaded active
running PacketFence AAA Apache HTTP Server
packetfence-httpd.dispatcher.service loaded
active running PacketFence HTTP Dispatcher
packetfence-httpd.parking.service loaded active
running PacketFence Parking Apache HTTP Server
packetfence-httpd.portal.service loaded active
running PacketFence Captive Portal Apache HTTP Server
packetfence-httpd.webservices.service loaded
active running PacketFence Webservices Apache
HTTP Server
packetfence-iptables.service loaded active
running PacketFence Iptables configuration
packetfence-mariadb.service loaded active running
PacketFence MariaDB instance
packetfence-netdata.service loaded active running
Real time performance monitoring
packetfence-pfdhcp.service loaded active running
PacketFence GO DHCPv4 Server Daemon
packetfence-pfdhcplistener.service loaded active
running PacketFence DHCP Listener Service
packetfence-pfdns.service loaded active running
PacketFence GO DNS Server Daemon
packetfence-pffilter.service loaded active
running PacketFence pffilter Service
packetfence-pfipset.service loaded active running
PacketFence Ipset Daemon
packetfence-pfmon.service loaded active running
PacketFence pfmon Service
packetfence-pfperl-api.service loaded active
running PacketFence Unified API
packetfence-pfqueue.service loaded active running
PacketFence pfqueue Service
packetfence-pfsso.service loaded active running
PacketFence PFSSO Service
packetfence-pfstats.service loaded active running
PacketFence Stats daemon
packetfence-radiusd-acct.service loaded active
running PacketFence FreeRADIUS multi-protocol
accounting server
packetfence-radiusd-auth.service loaded active
running PacketFence FreeRADIUS authentication
multi-protocol authentication server
packetfence-radsniff.service loaded active
running PacketFence radsniff Service
packetfence-redis-cache.service loaded active
running PacketFence Redis Cache Service
packetfence-redis_queue.service
thanks in advance,
regards
On Mon, 29 Apr 2019 at 15:15, Fabrice Durand via
PacketFence-users
<[email protected]
<mailto:[email protected]>> wrote:
Hello pro,
you just need to add and additional listening
daemon on the management interface:
https://@mgmt_ip:1443/admin/configuration#configuration/networks/interfaces
Then restart packetfence.
Regards
Fabrice
Le 19-04-29 à 08 h 49, pro fence via
PacketFence-users a écrit :
Hi,
thanks for the reply. but i still don't see how
to active port 80 and 443 on management ip.
Any help is appreciated
Regards,
On Mon, 29 Apr 2019 at 14:06, Nicolas
Quiniou-Briand via PacketFence-users
<[email protected]
<mailto:[email protected]>>
wrote:
On 2019-04-29 10:27 a.m., pro fence via
PacketFence-users wrote:
> my packetfence server is not listening on
port 80 on the management
> interface (and my portal is on that
interface as per the installation
> guide), but it is listening on
registration and isolation.
> changing the
/usr/local/pf/var/conf/haproxy-portal.conf
is useless
> because it is lost on restart.
You should be able to change this setting in
pf.conf (see ports section).
--
Nicolas Quiniou-Briand
[email protected] <mailto:[email protected]> ::
+1.514.447.4918 *140 :: https://inverse.ca
Inverse inc. :: Leaders behind SOGo
(https://sogo.nu), PacketFence
(https://packetfence.org) and Fingerbank
(http://fingerbank.org)
_______________________________________________
PacketFence-users mailing list
[email protected]
<mailto:[email protected]>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
_______________________________________________
PacketFence-users mailing list
[email protected]
<mailto:[email protected]>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
--
Fabrice Durand
[email protected] <mailto:[email protected]> ::
+1.514.447.4918 (x135) ::www.inverse.ca <http://www.inverse.ca>
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu)
and PacketFence (http://packetfence.org)
_______________________________________________
PacketFence-users mailing list
[email protected]
<mailto:[email protected]>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
_______________________________________________
PacketFence-users mailing list
[email protected]
<mailto:[email protected]>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
--
Fabrice Durand
[email protected] <mailto:[email protected]> :: +1.514.447.4918
(x135) ::www.inverse.ca <http://www.inverse.ca>
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and
PacketFence (http://packetfence.org)
_______________________________________________
PacketFence-users mailing list
[email protected]
<mailto:[email protected]>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
