Hi Fabrice,
there it is :
=> cluster.conf
# Cluster configuration file for active/active
# This file will have it deactivated by default
# To activate the active/active mode, set a management IP in the cluster
section
# Before doing any changes to this file, read the documentation
#
[pfen1.domain.fr]
management_ip=IP_address
[pfen1.domain.fr interface eth0]
ip=IP_Addess
type=management,high-availability
mask=255.255.0.0
[pfen1.domain.fr interface eth1]
enforcement=vlan
ip=registration_vlan_ip
type=internal
mask=255.255.0.0
[pfen1.domain.fr interface eth2]
enforcement=vlan
ip=isolation_vlan_ip
type=internal
mask=255.255.0.0
=> pfcmd pfconfig show interfaces::portal_ints
$VAR1 = [
bless( {
'IBASE' => 174456832,
'BITS' => 16,
'Tip' => 'management_ip',
'Tint' => 'eth0'
}, 'pfconfig::objects::Net::Netmask' )
];
thank you for your help,
Regards
On Fri, 3 May 2019 at 03:22, Durand fabrice via PacketFence-users <
[email protected]> wrote:
> Hello,
>
> i noticed that you probably run a cluster, can you paste the cluster.conf
> file ?
>
> Also can you run that: pfcmd pfconfig show interfaces::portal_ints
>
> and paste the output ?
>
> Thanks
>
> Fabrice
>
>
> Le 19-04-30 à 09 h 41, pro fence via PacketFence-users a écrit :
>
> don't mind the " backend has no server available" it was a false alarm.
> I still dont know why the portal doesn't show up as i thought the
> packetfence server management ip should listen on port 80 ... ?
>
> Regards
>
> On Tue, 30 Apr 2019 at 10:10, pro fence <[email protected]> wrote:
>
>> Hello,
>>
>> one thing i have in haproxy log file is :
>>
>> backend registration_vlan_ip-backend has no server available!
>> backend isolation_vlan_ip-backend has no server available!
>>
>> Any help is appreciated
>> Regards,
>>
>> On Mon, 29 Apr 2019 at 16:06, pro fence <[email protected]> wrote:
>>
>>> Fabrice,
>>> here is what i have after issuing your commands :
>>>
>>> tcp 0 0 registration_vlan_ip:80 0.0.0.0:*
>>> LISTEN 7758/haproxy
>>> tcp 0 0 isolation_vlan_ip:80 0.0.0.0:*
>>> LISTEN 7758/haproxy
>>> tcp 0 0 127.0.0.1:80 0.0.0.0:*
>>> LISTEN 9239/httpd
>>> tcp 0 0 127.0.0.1:80 127.0.0.1:43622
>>> SYN_RECV -
>>> tcp 0 0 127.0.0.1:8080 0.0.0.0:*
>>> LISTEN 7877/perl
>>> tcp 0 0 127.0.0.1:8080 127.0.0.1:43946
>>> TIME_WAIT -
>>> tcp 0 0 127.0.0.1:8080 127.0.0.1:44226
>>> ESTABLISHED 8288/perl
>>> tcp 0 0 127.0.0.1:44226 127.0.0.1:8080
>>> ESTABLISHED 7883/pfhttpd
>>>
>>>
>>> tcp 0 0 registration_vlan_ip:443 0.0.0.0:*
>>> LISTEN 7758/haproxy
>>> tcp 0 0 isolation_vlan_ip:443 0.0.0.0:*
>>> LISTEN 7758/haproxy
>>>
>>> On Mon, 29 Apr 2019 at 15:54, pro fence <[email protected]> wrote:
>>>
>>>> Hello Fabrice,
>>>>
>>>> thank you, here it is, i skipped the "alerting" section
>>>>
>>>> #Subject prefix for email notifications of rogue DHCP servers,
>>>> violations with an action of "email", or any other
>>>> #PacketFence-related message.
>>>> subjectprefix=[PF Alertt]
>>>>
>>>> [captive_portal]
>>>> #
>>>> # captive_portal.network_detection_ip
>>>> #
>>>> # This IP is used as the webserver who hosts the
>>>> common/network-access-detection.gif which is used to detect if network
>>>> # access was enabled.
>>>> # It cannot be a domain name since it is used in registration or
>>>> quarantine where DNS is blackholed.
>>>> # It is recommended that you allow your users to reach your packetfence
>>>> server and put your LAN's PacketFence IP.
>>>> # By default we will make this reach PacketFence's website as an easy
>>>> solution.
>>>> #
>>>> network_detection_ip=management_ip
>>>>
>>>> [active_active]
>>>> #
>>>> # active_active.password
>>>> #
>>>> # Shared KEY for vrrp protocol (Must be the same on all members).
>>>> password=pwd
>>>>
>>>> [interface eth0]
>>>> ip=management_ip
>>>> type=management,portal,high-availability
>>>> mask=255.255.0.0
>>>>
>>>> [interface eth1]
>>>> enforcement=vlan
>>>> ip=registration_vlan_ip
>>>> type=internal
>>>> mask=255.255.0.0
>>>>
>>>> [interface eth2]
>>>> enforcement=vlan
>>>> ip=isolation_vlan_ip
>>>> type=internal
>>>> mask=255.255.0.0
>>>>
>>>> i will the commands and let you know
>>>> Regards
>>>>
>>>>
>>>> On Mon, 29 Apr 2019 at 15:46, Fabrice Durand via PacketFence-users <
>>>> [email protected]> wrote:
>>>>
>>>>> Hello Pro,
>>>>>
>>>>> haproxy is the process who is suppose to listen on the port 80 and 443.
>>>>>
>>>>> It looks that the configuration is not correctly generated.
>>>>>
>>>>> Can you you paste your pf.conf
>>>>>
>>>>> and do that:
>>>>>
>>>>> pfcmd pfconfig clear_backend
>>>>>
>>>>> pfcmd configreload hard
>>>>>
>>>>> pfcmd service haproxy-portal restart
>>>>>
>>>>> pfcmd service iptables restart
>>>>>
>>>>>
>>>>> Regards
>>>>>
>>>>> Fabrice
>>>>>
>>>>>
>>>>> Le 19-04-29 à 09 h 39, pro fence via PacketFence-users a écrit :
>>>>>
>>>>> HI,
>>>>>
>>>>> thanks for the reply i have already did that.
>>>>> Here is what i have
>>>>>
>>>>>
>>>>> tcp 0 0 127.0.0.1:80 0.0.0.0:*
>>>>> LISTEN 9239/httpd
>>>>> tcp 0 0 127.0.0.1:80
>>>>> 127.0.0.1:33796 SYN_RECV -
>>>>> tcp 0 0 registration_vlan_ip:80 0.0.0.0:*
>>>>> LISTEN 8662/haproxy
>>>>> tcp 0 0 isolation_vlan_ip:80 0.0.0.0:*
>>>>> LISTEN 8662/haproxy
>>>>> tcp 0 0 127.0.0.1:8080 0.0.0.0:*
>>>>> LISTEN 7877/perl
>>>>> tcp 0 0 127.0.0.1:8080 127.0.0.1:34264
>>>>> TIME_WAIT -
>>>>>
>>>>> tcp 0 0 10.registration_vlan_ip:443 0.0.0.0:*
>>>>> LISTEN 8662/haproxy
>>>>> tcp 0 0 10.isolation_vlan_ip:443 0.0.0.0:*
>>>>> LISTEN 8662/haproxy
>>>>>
>>>>> the problem is that the portal url (on the switch role config) is as
>>>>> follows http://magement_ip/Cisco::WLC
>>>>>
>>>>> so when i use my ssid to connect it can't show the portal as a telnet
>>>>> management_ip 80 doens't work.
>>>>> I am new to packetfence so i d'ont know how a working config should
>>>>> behave. I a using a personnalised ssl certificate and i have the file
>>>>> server.pem set along with server.crt and server.key and my
>>>>> packetfence-haproxy-portal service is up as a matter of fact here my
>>>>> running services :
>>>>>
>>>>> packetfence-api-frontend.service
>>>>> loaded active running PacketFence API frontend Service
>>>>>
>>>>> packetfence-config.service
>>>>> loaded active running PacketFence Config Service
>>>>>
>>>>> packetfence-haproxy-portal.service
>>>>> loaded active running PacketFence HAProxy Load Balancer for
>>>>> the
>>>>> captive portal
>>>>>
>>>>> packetfence-httpd.aaa.service
>>>>> loaded active running PacketFence AAA Apache HTTP Server
>>>>>
>>>>> packetfence-httpd.dispatcher.service
>>>>> loaded active running PacketFence HTTP Dispatcher
>>>>>
>>>>> packetfence-httpd.parking.service
>>>>> loaded active running PacketFence Parking Apache HTTP Server
>>>>>
>>>>> packetfence-httpd.portal.service
>>>>> loaded active running PacketFence Captive Portal Apache HTTP
>>>>> Server
>>>>>
>>>>> packetfence-httpd.webservices.service
>>>>> loaded active running PacketFence Webservices Apache HTTP
>>>>> Server
>>>>>
>>>>> packetfence-iptables.service
>>>>> loaded active running PacketFence Iptables configuration
>>>>>
>>>>> packetfence-mariadb.service
>>>>> loaded active running PacketFence MariaDB instance
>>>>>
>>>>> packetfence-netdata.service
>>>>> loaded active running Real time performance monitoring
>>>>>
>>>>> packetfence-pfdhcp.service
>>>>> loaded active running PacketFence GO DHCPv4 Server Daemon
>>>>>
>>>>> packetfence-pfdhcplistener.service
>>>>> loaded active running PacketFence DHCP Listener Service
>>>>>
>>>>> packetfence-pfdns.service
>>>>> loaded active running PacketFence GO DNS Server Daemon
>>>>>
>>>>> packetfence-pffilter.service
>>>>> loaded active running PacketFence pffilter Service
>>>>>
>>>>> packetfence-pfipset.service
>>>>> loaded active running PacketFence Ipset Daemon
>>>>>
>>>>> packetfence-pfmon.service
>>>>> loaded active running PacketFence pfmon Service
>>>>>
>>>>> packetfence-pfperl-api.service
>>>>> loaded active running PacketFence Unified API
>>>>>
>>>>> packetfence-pfqueue.service
>>>>> loaded active running PacketFence pfqueue Service
>>>>>
>>>>> packetfence-pfsso.service
>>>>> loaded active running PacketFence PFSSO Service
>>>>>
>>>>> packetfence-pfstats.service
>>>>> loaded active running PacketFence Stats daemon
>>>>>
>>>>> packetfence-radiusd-acct.service
>>>>> loaded active running PacketFence FreeRADIUS multi-protocol
>>>>> accounting server
>>>>>
>>>>> packetfence-radiusd-auth.service
>>>>> loaded active running PacketFence FreeRADIUS authentication
>>>>> multi-protocol authentication server
>>>>>
>>>>> packetfence-radsniff.service
>>>>> loaded active running PacketFence radsniff Service
>>>>>
>>>>> packetfence-redis-cache.service
>>>>> loaded active running PacketFence Redis Cache Service
>>>>> packetfence-redis_queue.service
>>>>>
>>>>> thanks in advance,
>>>>> regards
>>>>>
>>>>> On Mon, 29 Apr 2019 at 15:15, Fabrice Durand via PacketFence-users <
>>>>> [email protected]> wrote:
>>>>>
>>>>>> Hello pro,
>>>>>>
>>>>>> you just need to add and additional listening daemon on the
>>>>>> management interface:
>>>>>>
>>>>>> https://@mgmt_ip:1443/admin/configuration#configuration/networks/interfaces
>>>>>>
>>>>>> Then restart packetfence.
>>>>>>
>>>>>> Regards
>>>>>>
>>>>>> Fabrice
>>>>>> Le 19-04-29 à 08 h 49, pro fence via PacketFence-users a écrit :
>>>>>>
>>>>>> Hi,
>>>>>>
>>>>>> thanks for the reply. but i still don't see how to active port 80
>>>>>> and 443 on management ip.
>>>>>>
>>>>>> Any help is appreciated
>>>>>> Regards,
>>>>>>
>>>>>> On Mon, 29 Apr 2019 at 14:06, Nicolas Quiniou-Briand via
>>>>>> PacketFence-users <[email protected]> wrote:
>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> On 2019-04-29 10:27 a.m., pro fence via PacketFence-users wrote:
>>>>>>> > my packetfence server is not listening on port 80 on the
>>>>>>> management
>>>>>>> > interface (and my portal is on that interface as per the
>>>>>>> installation
>>>>>>> > guide), but it is listening on registration and isolation.
>>>>>>> > changing the /usr/local/pf/var/conf/haproxy-portal.conf is useless
>>>>>>> > because it is lost on restart.
>>>>>>>
>>>>>>> You should be able to change this setting in pf.conf (see ports
>>>>>>> section).
>>>>>>> --
>>>>>>> Nicolas Quiniou-Briand
>>>>>>> [email protected] :: +1.514.447.4918 *140 :: https://inverse.ca
>>>>>>> Inverse inc. :: Leaders behind SOGo (https://sogo.nu), PacketFence
>>>>>>> (https://packetfence.org) and Fingerbank (http://fingerbank.org)
>>>>>>>
>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> PacketFence-users mailing list
>>>>>>> [email protected]
>>>>>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>>>>>>
>>>>>>
>>>>>>
>>>>>> _______________________________________________
>>>>>> PacketFence-users mailing
>>>>>> [email protected]https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>>>>>
>>>>>> --
>>>>>> Fabrice [email protected] :: +1.514.447.4918 (x135) ::
>>>>>> www.inverse.ca
>>>>>> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence
>>>>>> (http://packetfence.org)
>>>>>>
>>>>>> _______________________________________________
>>>>>> PacketFence-users mailing list
>>>>>> [email protected]
>>>>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>>>>>
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> PacketFence-users mailing
>>>>> [email protected]https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>>>>
>>>>> --
>>>>> Fabrice [email protected] :: +1.514.447.4918 (x135) ::
>>>>> www.inverse.ca
>>>>> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence
>>>>> (http://packetfence.org)
>>>>>
>>>>> _______________________________________________
>>>>> PacketFence-users mailing list
>>>>> [email protected]
>>>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>>>>
>>>>
>
> _______________________________________________
> PacketFence-users mailing
> [email protected]https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
> _______________________________________________
> PacketFence-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
