Hello, it's me again :-) , so the problem is definetly solved this time, my cluster configuration was not correct thus preventing my portal from showing up.
I was trying to make a 2 servers cluster using cluster installation guide version 6.7.0 Thank you very much for your help Fabrice, regards On Mon, 13 May 2019 at 11:57, pro fence <[email protected]> wrote: > Hi Fabrice, > > there it is : > > => cluster.conf > > # Cluster configuration file for active/active > # This file will have it deactivated by default > # To activate the active/active mode, set a management IP in the cluster > section > # Before doing any changes to this file, read the documentation > # > [pfen1.domain.fr] > management_ip=IP_address > > [pfen1.domain.fr interface eth0] > ip=IP_Addess > type=management,high-availability > mask=255.255.0.0 > > [pfen1.domain.fr interface eth1] > enforcement=vlan > ip=registration_vlan_ip > type=internal > mask=255.255.0.0 > > > [pfen1.domain.fr interface eth2] > enforcement=vlan > ip=isolation_vlan_ip > type=internal > mask=255.255.0.0 > > => pfcmd pfconfig show interfaces::portal_ints > > $VAR1 = [ > bless( { > 'IBASE' => 174456832, > 'BITS' => 16, > 'Tip' => 'management_ip', > 'Tint' => 'eth0' > }, 'pfconfig::objects::Net::Netmask' ) > ]; > > thank you for your help, > Regards > > On Fri, 3 May 2019 at 03:22, Durand fabrice via PacketFence-users < > [email protected]> wrote: > >> Hello, >> >> i noticed that you probably run a cluster, can you paste the cluster.conf >> file ? >> >> Also can you run that: pfcmd pfconfig show interfaces::portal_ints >> >> and paste the output ? >> >> Thanks >> >> Fabrice >> >> >> Le 19-04-30 à 09 h 41, pro fence via PacketFence-users a écrit : >> >> don't mind the " backend has no server available" it was a false alarm. >> I still dont know why the portal doesn't show up as i thought the >> packetfence server management ip should listen on port 80 ... ? >> >> Regards >> >> On Tue, 30 Apr 2019 at 10:10, pro fence <[email protected]> wrote: >> >>> Hello, >>> >>> one thing i have in haproxy log file is : >>> >>> backend registration_vlan_ip-backend has no server available! >>> backend isolation_vlan_ip-backend has no server available! >>> >>> Any help is appreciated >>> Regards, >>> >>> On Mon, 29 Apr 2019 at 16:06, pro fence <[email protected]> wrote: >>> >>>> Fabrice, >>>> here is what i have after issuing your commands : >>>> >>>> tcp 0 0 registration_vlan_ip:80 0.0.0.0:* >>>> LISTEN 7758/haproxy >>>> tcp 0 0 isolation_vlan_ip:80 0.0.0.0:* >>>> LISTEN 7758/haproxy >>>> tcp 0 0 127.0.0.1:80 0.0.0.0:* >>>> LISTEN 9239/httpd >>>> tcp 0 0 127.0.0.1:80 127.0.0.1:43622 >>>> SYN_RECV - >>>> tcp 0 0 127.0.0.1:8080 0.0.0.0:* >>>> LISTEN 7877/perl >>>> tcp 0 0 127.0.0.1:8080 127.0.0.1:43946 >>>> TIME_WAIT - >>>> tcp 0 0 127.0.0.1:8080 127.0.0.1:44226 >>>> ESTABLISHED 8288/perl >>>> tcp 0 0 127.0.0.1:44226 127.0.0.1:8080 >>>> ESTABLISHED 7883/pfhttpd >>>> >>>> >>>> tcp 0 0 registration_vlan_ip:443 0.0.0.0:* >>>> LISTEN 7758/haproxy >>>> tcp 0 0 isolation_vlan_ip:443 0.0.0.0:* >>>> LISTEN 7758/haproxy >>>> >>>> On Mon, 29 Apr 2019 at 15:54, pro fence <[email protected]> wrote: >>>> >>>>> Hello Fabrice, >>>>> >>>>> thank you, here it is, i skipped the "alerting" section >>>>> >>>>> #Subject prefix for email notifications of rogue DHCP servers, >>>>> violations with an action of "email", or any other >>>>> #PacketFence-related message. >>>>> subjectprefix=[PF Alertt] >>>>> >>>>> [captive_portal] >>>>> # >>>>> # captive_portal.network_detection_ip >>>>> # >>>>> # This IP is used as the webserver who hosts the >>>>> common/network-access-detection.gif which is used to detect if network >>>>> # access was enabled. >>>>> # It cannot be a domain name since it is used in registration or >>>>> quarantine where DNS is blackholed. >>>>> # It is recommended that you allow your users to reach your >>>>> packetfence server and put your LAN's PacketFence IP. >>>>> # By default we will make this reach PacketFence's website as an easy >>>>> solution. >>>>> # >>>>> network_detection_ip=management_ip >>>>> >>>>> [active_active] >>>>> # >>>>> # active_active.password >>>>> # >>>>> # Shared KEY for vrrp protocol (Must be the same on all members). >>>>> password=pwd >>>>> >>>>> [interface eth0] >>>>> ip=management_ip >>>>> type=management,portal,high-availability >>>>> mask=255.255.0.0 >>>>> >>>>> [interface eth1] >>>>> enforcement=vlan >>>>> ip=registration_vlan_ip >>>>> type=internal >>>>> mask=255.255.0.0 >>>>> >>>>> [interface eth2] >>>>> enforcement=vlan >>>>> ip=isolation_vlan_ip >>>>> type=internal >>>>> mask=255.255.0.0 >>>>> >>>>> i will the commands and let you know >>>>> Regards >>>>> >>>>> >>>>> On Mon, 29 Apr 2019 at 15:46, Fabrice Durand via PacketFence-users < >>>>> [email protected]> wrote: >>>>> >>>>>> Hello Pro, >>>>>> >>>>>> haproxy is the process who is suppose to listen on the port 80 and >>>>>> 443. >>>>>> >>>>>> It looks that the configuration is not correctly generated. >>>>>> >>>>>> Can you you paste your pf.conf >>>>>> >>>>>> and do that: >>>>>> >>>>>> pfcmd pfconfig clear_backend >>>>>> >>>>>> pfcmd configreload hard >>>>>> >>>>>> pfcmd service haproxy-portal restart >>>>>> >>>>>> pfcmd service iptables restart >>>>>> >>>>>> >>>>>> Regards >>>>>> >>>>>> Fabrice >>>>>> >>>>>> >>>>>> Le 19-04-29 à 09 h 39, pro fence via PacketFence-users a écrit : >>>>>> >>>>>> HI, >>>>>> >>>>>> thanks for the reply i have already did that. >>>>>> Here is what i have >>>>>> >>>>>> >>>>>> tcp 0 0 127.0.0.1:80 0.0.0.0:* >>>>>> LISTEN 9239/httpd >>>>>> tcp 0 0 127.0.0.1:80 >>>>>> 127.0.0.1:33796 SYN_RECV - >>>>>> tcp 0 0 registration_vlan_ip:80 0.0.0.0:* >>>>>> LISTEN 8662/haproxy >>>>>> tcp 0 0 isolation_vlan_ip:80 0.0.0.0:* >>>>>> LISTEN 8662/haproxy >>>>>> tcp 0 0 127.0.0.1:8080 0.0.0.0:* >>>>>> LISTEN 7877/perl >>>>>> tcp 0 0 127.0.0.1:8080 >>>>>> 127.0.0.1:34264 TIME_WAIT - >>>>>> >>>>>> tcp 0 0 10.registration_vlan_ip:443 0.0.0.0:* >>>>>> LISTEN 8662/haproxy >>>>>> tcp 0 0 10.isolation_vlan_ip:443 0.0.0.0:* >>>>>> LISTEN 8662/haproxy >>>>>> >>>>>> the problem is that the portal url (on the switch role config) is as >>>>>> follows http://magement_ip/Cisco::WLC >>>>>> >>>>>> so when i use my ssid to connect it can't show the portal as a telnet >>>>>> management_ip 80 doens't work. >>>>>> I am new to packetfence so i d'ont know how a working config should >>>>>> behave. I a using a personnalised ssl certificate and i have the file >>>>>> server.pem set along with server.crt and server.key and my >>>>>> packetfence-haproxy-portal service is up as a matter of fact here my >>>>>> running services : >>>>>> >>>>>> packetfence-api-frontend.service >>>>>> loaded active running PacketFence API frontend Service >>>>>> >>>>>> packetfence-config.service >>>>>> loaded active running PacketFence Config Service >>>>>> >>>>>> packetfence-haproxy-portal.service >>>>>> loaded active running PacketFence HAProxy Load Balancer for >>>>>> the >>>>>> captive portal >>>>>> >>>>>> packetfence-httpd.aaa.service >>>>>> loaded active running PacketFence AAA Apache HTTP Server >>>>>> >>>>>> packetfence-httpd.dispatcher.service >>>>>> loaded active running PacketFence HTTP Dispatcher >>>>>> >>>>>> packetfence-httpd.parking.service >>>>>> loaded active running PacketFence Parking Apache HTTP Server >>>>>> >>>>>> packetfence-httpd.portal.service >>>>>> loaded active running PacketFence Captive Portal Apache HTTP >>>>>> Server >>>>>> >>>>>> packetfence-httpd.webservices.service >>>>>> loaded active running PacketFence Webservices Apache HTTP >>>>>> Server >>>>>> >>>>>> packetfence-iptables.service >>>>>> loaded active running PacketFence Iptables configuration >>>>>> >>>>>> packetfence-mariadb.service >>>>>> loaded active running PacketFence MariaDB instance >>>>>> >>>>>> packetfence-netdata.service >>>>>> loaded active running Real time performance monitoring >>>>>> >>>>>> packetfence-pfdhcp.service >>>>>> loaded active running PacketFence GO DHCPv4 Server Daemon >>>>>> >>>>>> packetfence-pfdhcplistener.service >>>>>> loaded active running PacketFence DHCP Listener Service >>>>>> >>>>>> packetfence-pfdns.service >>>>>> loaded active running PacketFence GO DNS Server Daemon >>>>>> >>>>>> packetfence-pffilter.service >>>>>> loaded active running PacketFence pffilter Service >>>>>> >>>>>> packetfence-pfipset.service >>>>>> loaded active running PacketFence Ipset Daemon >>>>>> >>>>>> packetfence-pfmon.service >>>>>> loaded active running PacketFence pfmon Service >>>>>> >>>>>> packetfence-pfperl-api.service >>>>>> loaded active running PacketFence Unified API >>>>>> >>>>>> packetfence-pfqueue.service >>>>>> loaded active running PacketFence pfqueue Service >>>>>> >>>>>> packetfence-pfsso.service >>>>>> loaded active running PacketFence PFSSO Service >>>>>> >>>>>> packetfence-pfstats.service >>>>>> loaded active running PacketFence Stats daemon >>>>>> >>>>>> packetfence-radiusd-acct.service >>>>>> loaded active running PacketFence FreeRADIUS multi-protocol >>>>>> accounting server >>>>>> >>>>>> packetfence-radiusd-auth.service >>>>>> loaded active running PacketFence FreeRADIUS authentication >>>>>> multi-protocol authentication server >>>>>> >>>>>> packetfence-radsniff.service >>>>>> loaded active running PacketFence radsniff Service >>>>>> >>>>>> packetfence-redis-cache.service >>>>>> loaded active running PacketFence Redis Cache Service >>>>>> packetfence-redis_queue.service >>>>>> >>>>>> thanks in advance, >>>>>> regards >>>>>> >>>>>> On Mon, 29 Apr 2019 at 15:15, Fabrice Durand via PacketFence-users < >>>>>> [email protected]> wrote: >>>>>> >>>>>>> Hello pro, >>>>>>> >>>>>>> you just need to add and additional listening daemon on the >>>>>>> management interface: >>>>>>> >>>>>>> https://@mgmt_ip:1443/admin/configuration#configuration/networks/interfaces >>>>>>> >>>>>>> Then restart packetfence. >>>>>>> >>>>>>> Regards >>>>>>> >>>>>>> Fabrice >>>>>>> Le 19-04-29 à 08 h 49, pro fence via PacketFence-users a écrit : >>>>>>> >>>>>>> Hi, >>>>>>> >>>>>>> thanks for the reply. but i still don't see how to active port 80 >>>>>>> and 443 on management ip. >>>>>>> >>>>>>> Any help is appreciated >>>>>>> Regards, >>>>>>> >>>>>>> On Mon, 29 Apr 2019 at 14:06, Nicolas Quiniou-Briand via >>>>>>> PacketFence-users <[email protected]> wrote: >>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> On 2019-04-29 10:27 a.m., pro fence via PacketFence-users wrote: >>>>>>>> > my packetfence server is not listening on port 80 on the >>>>>>>> management >>>>>>>> > interface (and my portal is on that interface as per the >>>>>>>> installation >>>>>>>> > guide), but it is listening on registration and isolation. >>>>>>>> > changing the /usr/local/pf/var/conf/haproxy-portal.conf is >>>>>>>> useless >>>>>>>> > because it is lost on restart. >>>>>>>> >>>>>>>> You should be able to change this setting in pf.conf (see ports >>>>>>>> section). >>>>>>>> -- >>>>>>>> Nicolas Quiniou-Briand >>>>>>>> [email protected] :: +1.514.447.4918 *140 :: https://inverse.ca >>>>>>>> Inverse inc. :: Leaders behind SOGo (https://sogo.nu), PacketFence >>>>>>>> (https://packetfence.org) and Fingerbank (http://fingerbank.org) >>>>>>>> >>>>>>>> >>>>>>>> _______________________________________________ >>>>>>>> PacketFence-users mailing list >>>>>>>> [email protected] >>>>>>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>>>>>>> >>>>>>> >>>>>>> >>>>>>> _______________________________________________ >>>>>>> PacketFence-users mailing >>>>>>> [email protected]https://lists.sourceforge.net/lists/listinfo/packetfence-users >>>>>>> >>>>>>> -- >>>>>>> Fabrice [email protected] :: +1.514.447.4918 (x135) :: >>>>>>> www.inverse.ca >>>>>>> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and >>>>>>> PacketFence (http://packetfence.org) >>>>>>> >>>>>>> _______________________________________________ >>>>>>> PacketFence-users mailing list >>>>>>> [email protected] >>>>>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>>>>>> >>>>>> >>>>>> >>>>>> _______________________________________________ >>>>>> PacketFence-users mailing >>>>>> [email protected]https://lists.sourceforge.net/lists/listinfo/packetfence-users >>>>>> >>>>>> -- >>>>>> Fabrice [email protected] :: +1.514.447.4918 (x135) :: >>>>>> www.inverse.ca >>>>>> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence >>>>>> (http://packetfence.org) >>>>>> >>>>>> _______________________________________________ >>>>>> PacketFence-users mailing list >>>>>> [email protected] >>>>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>>>>> >>>>> >> >> _______________________________________________ >> PacketFence-users mailing >> [email protected]https://lists.sourceforge.net/lists/listinfo/packetfence-users >> >> _______________________________________________ >> PacketFence-users mailing list >> [email protected] >> https://lists.sourceforge.net/lists/listinfo/packetfence-users >> >
_______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
