Re: [PacketFence-users] Why pfsso restarts itself recently ?
Hi Semaan, I tried below steps on my backup pf server as you said but with no luck...When I issue "systemctl restart packetfence-pfsso" it failed. Below is related logs. Appreciate your reply. [root@pf-wensi ~]# mv /usr/local/pf/bin/pfhttpd /usr/local/pf/bin/pfhttpd.bak20171222 [root@pf-wensi ~]# curl https://support.inverse.ca/~jsemaan/pfhttpd-2841> /usr/local/pf/bin/pfhttpd % Total% Received % Xferd Average Speed TimeTime Time Current Dload Upload Total SpentLeft Speed 100 18.5M 100 18.5M0 0 1068k 0 0:00:17 0:00:17 --:--:-- 1396k [root@pf-wensi ~]# systemctl restart packetfence-pfsso Job for packetfence-pfsso.service failed because the control process exited with error code. See "systemctl status packetfence-pfsso.service" and "journalctl -xe" for details. [root@pf-wensi ~]# systemctl status packetfence-pfsso.service ?? packetfence-pfsso.service - PacketFence PFSSO Service Loaded: loaded (/usr/lib/systemd/system/packetfence-pfsso.service; enabled; vendor preset: disabled) Active: failed (Result: start-limit) since ?? 2017-12-22 09:58:24 CST; 1min 7s ago Process: 8423 ExecStart=/usr/local/pf/bin/pfhttpd -conf /usr/local/pf/conf/caddy-services/pfsso.conf -log-name pfsso (code=exited, status=203/EXEC) Main PID: 8423 (code=exited, status=203/EXEC) 12?? 22 09:58:23 pf-wensi systemd[1]: Failed to start PacketFence PFSSO Service. 12?? 22 09:58:23 pf-wensi systemd[1]: Unit packetfence-pfsso.service entered failed state. 12?? 22 09:58:23 pf-wensi systemd[1]: packetfence-pfsso.service failed. 12?? 22 09:58:24 pf-wensi systemd[1]: packetfence-pfsso.service holdoff time over, scheduling restart. 12?? 22 09:58:24 pf-wensi systemd[1]: start request repeated too quickly for packetfence-pfsso.service 12?? 22 09:58:24 pf-wensi systemd[1]: Failed to start PacketFence PFSSO Service. 12?? 22 09:58:24 pf-wensi systemd[1]: Unit packetfence-pfsso.service entered failed state. 12?? 22 09:58:24 pf-wensi systemd[1]: packetfence-pfsso.service failed. Hint: Some lines were ellipsized, use -l to show in full. packetfence.log Dec 22 10:00:51 pf-wensi pfhttpd: http://localhost:8777 Dec 22 10:00:51 pf-wensi pfsso[9309]: t=2017-12-22T10:00:51+0800 lvl=dbug msg="Resource is not valid anymore. Was loaded at 0001-01-01 00:00:00 + UTC" pid=9309 PfconfigObject=element|interfaces::management_network Dec 22 10:00:51 pf-wensi pfsso[9309]: t=2017-12-22T10:00:51+0800 lvl=dbug msg="Resource is not valid anymore. Was loaded at 0001-01-01 00:00:00 + UTC" pid=9309 PfconfigObject=keys|config::Firewall_SSO Dec 22 10:00:51 pf-wensi pfsso[9309]: t=2017-12-22T10:00:51+0800 lvl=dbug msg="Resource is not valid anymore. Was loaded at 0001-01-01 00:00:00 + UTC" pid=9309 Dec 22 10:00:51 pf-wensi pfhttpd: Using configured prefix: pfsso Dec 22 10:00:51 pf-wensi pfhttpd: Using configured statsd protocol: udp Dec 22 10:00:51 pf-wensi pfhttpd: Using configuration set log level: INFO Dec 22 10:00:51 pf-wensi pfhttpd: Activating privacy features... done. -- Original -- From: packetfence-usersDate: ,12?? 21,2017 23:48 To: Julien Semaan , packetfence-users Cc: Yan <1136723...@qq.com> Subject: Re: [PacketFence-users] Why pfsso restarts itself recently ? Hi Semaan, My pf version is 7.3. My config file is as below. I just use syslog feature to send ip user mapping info to palo alto firewall. I don??t need to do sso via PF. /usr/local/pf/conf/firewall_sso.con [172.23.4.14] transport=syslog categories=default,employees vsys=1 networks=172.0.0.0/8,10.97.0.0/16 port=443 cache_updates=0 username_format=$username type=PaloAlto cache_timeout=0 [172.22.3.13] transport=syslog categories=default,employees vsys=1 networks=172.24.0.0/16 cache_timeout=0 port=443 cache_updates=0 username_format=$username type=PaloAlto #[192.168.1.254] #type=FortiGate #password=s3cr3t #port=1813 #[192.168.1.253] #type=PaloAlto #key= # Specific to the PaloAlto firewall , you must use a username and password to fetch the key to use (see PaloAlto documentation). -- Original -- From: Julien Semaan Date: ,12?? 21,2017 23:36 To: Yan <1136723...@qq.com>, packetfence-users Subject: Re: [PacketFence-users] Why pfsso restarts itself recently ? I have a theory of what could be happening. Seems like the formatting of the usernames might be causing issueswith multiple firewalls which you do seems to have. Could you send me your /usr/local/pf/conf/firewall_sso.conf (with obfuscated secrets obviously) Regards, -- Julien semaanjsem...@inverse.ca :: +1 (866) 353-6153 *155 :: www.inverse.caInverse inc. :: Leaders behind SOGo (www.sogo.nu)
Re: [PacketFence-users] Why pfsso restarts itself recently ?
Ah, I think I might guess what is happening, the new file is lacking the executable bit. Do this before restarting the process: # chmod +x /usr/local/pf/bin/pfhttpd On 2017-12-22 07:33 AM, Julien Semaan via PacketFence-users wrote: Hi Yan, Could you do it again, but then, providing the output of this command after doing it so I have more context # journalctl -u packetfence-pfsso --since="5 minutes ago" Thanks, -- Julien Semaan jsem...@inverse.ca :: +1 (866) 353-6153 *155 ::www.inverse.ca Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence (www.packetfence.org) On 2017-12-21 09:20 PM, Yan wrote: Hi Semaan, I tried below steps on my backup pf server as you said but with no luck...When I issue "systemctl restart packetfence-pfsso" it failed. Below is related logs. Appreciate your reply. [root@pf-wensi ~]# mv /usr/local/pf/bin/pfhttpd /usr/local/pf/bin/pfhttpd.bak20171222 [root@pf-wensi ~]# curl https://support.inverse.ca/~jsemaan/pfhttpd-2841> /usr/local/pf/bin/pfhttpd ?0?2 % Total ?0?2 ?0?2% Received % Xferd ?0?2Average Speed ?0?2 Time ?0?2 ?0?2Time ?0?2 ?0?2 Time ?0?2Current ?0?2 ?0?2 ?0?2 ?0?2 ?0?2 ?0?2 ?0?2 ?0?2 ?0?2 ?0?2 ?0?2 ?0?2 ?0?2 ?0?2 ?0?2 ?0?2 ?0?2Dload ?0?2Upload ?0?2 Total ?0?2 Spent ?0?2 ?0?2Left ?0?2Speed 100 18.5M ?0?2100 18.5M ?0?2 ?0?20 ?0?2 ?0?2 0 ?0?21068k ?0?20 ?0?20:00:17 ?0?20:00:17 --:--:-- 1396k [root@pf-wensi ~]# systemctl restart packetfence-pfsso Job for packetfence-pfsso.service failed because the control process exited with error code. See "systemctl status packetfence-pfsso.service" and "journalctl -xe" for details. [root@pf-wensi ~]# systemctl status packetfence-pfsso.service ?? packetfence-pfsso.service - PacketFence PFSSO Service ?0?2 ?0?2Loaded: loaded (/usr/lib/systemd/system/packetfence-pfsso.service; enabled; vendor preset: disabled) ?0?2 ?0?2Active: failed (Result: start-limit) since ?? 2017-12-22 09:58:24 CST; 1min 7s ago ?0?2 Process: 8423 ExecStart=/usr/local/pf/bin/pfhttpd -conf /usr/local/pf/conf/caddy-services/pfsso.conf -log-name pfsso (code=exited, status=203/EXEC) ?0?2Main PID: 8423 (code=exited, status=203/EXEC) 12?? 22 09:58:23 pf-wensi systemd[1]: Failed to start PacketFence PFSSO Service. 12?? 22 09:58:23 pf-wensi systemd[1]: Unit packetfence-pfsso.service entered failed state. 12?? 22 09:58:23 pf-wensi systemd[1]: packetfence-pfsso.service failed. 12?? 22 09:58:24 pf-wensi systemd[1]: packetfence-pfsso.service holdoff time over, scheduling restart. 12?? 22 09:58:24 pf-wensi systemd[1]: start request repeated too quickly for packetfence-pfsso.service 12?? 22 09:58:24 pf-wensi systemd[1]: Failed to start PacketFence PFSSO Service. 12?? 22 09:58:24 pf-wensi systemd[1]: Unit packetfence-pfsso.service entered failed state. 12?? 22 09:58:24 pf-wensi systemd[1]: packetfence-pfsso.service failed. Hint: Some lines were ellipsized, use -l to show in full. packetfence.log Dec 22 10:00:51 pf-wensi pfhttpd: http://localhost:8777 Dec 22 10:00:51 pf-wensi pfsso[9309]: t=2017-12-22T10:00:51+0800 lvl=dbug msg="Resource is not valid anymore. Was loaded at 0001-01-01 00:00:00 + UTC" pid=9309 PfconfigObject=element|interfaces::management_network Dec 22 10:00:51 pf-wensi pfsso[9309]: t=2017-12-22T10:00:51+0800 lvl=dbug msg="Resource is not valid anymore. Was loaded at 0001-01-01 00:00:00 + UTC" pid=9309 PfconfigObject=keys|config::Firewall_SSO Dec 22 10:00:51 pf-wensi pfsso[9309]: t=2017-12-22T10:00:51+0800 lvl=dbug msg="Resource is not valid anymore. Was loaded at 0001-01-01 00:00:00 + UTC" pid=9309 Dec 22 10:00:51 pf-wensi pfhttpd: Using configured prefix: pfsso Dec 22 10:00:51 pf-wensi pfhttpd: Using configured statsd protocol: udp Dec 22 10:00:51 pf-wensi pfhttpd: Using configuration set log level: INFO Dec 22 10:00:51 pf-wensi pfhttpd: Activating privacy features... done. -- Original -- *From:* packetfence-users*Date:* ,12?? 21,2017 23:48 *To:* Julien Semaan , packetfence-users *Cc:* Yan <1136723...@qq.com> *Subject:* Re: [PacketFence-users] Why pfsso restarts itself recently ? Hi Semaan, My pf version is 7.3. My config file is as below. I just use syslog feature to send ip user mapping info to palo alto firewall. I don??t need to do sso via PF. /usr/local/pf/conf/firewall_sso.con [172.23.4.14] transport=syslog categories=default,employees vsys=1 networks=172.0.0.0/8,10.97.0.0/16 port=443 cache_updates=0 username_format=$username type=PaloAlto cache_timeout=0 [172.22.3.13] transport=syslog categories=default,employees vsys=1 networks=172.24.0.0/16 cache_timeout=0 port=443 cache_updates=0 username_format=$username type=PaloAlto #[192.168.1.254] #type=FortiGate #password=s3cr3t #port=1813 #[192.168.1.253] #type=PaloAlto #key= # Specific to the PaloAlto firewall , you must use a username and password to fetch the
Re: [PacketFence-users] Why pfsso restarts itself recently ?
Hi Yan, Could you do it again, but then, providing the output of this command after doing it so I have more context # journalctl -u packetfence-pfsso --since="5 minutes ago" Thanks, -- Julien Semaan jsem...@inverse.ca :: +1 (866) 353-6153 *155 ::www.inverse.ca Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence (www.packetfence.org) On 2017-12-21 09:20 PM, Yan wrote: Hi Semaan, I tried below steps on my backup pf server as you said but with no luck...When I issue "systemctl restart packetfence-pfsso" it failed. Below is related logs. Appreciate your reply. [root@pf-wensi ~]# mv /usr/local/pf/bin/pfhttpd /usr/local/pf/bin/pfhttpd.bak20171222 [root@pf-wensi ~]# curl https://support.inverse.ca/~jsemaan/pfhttpd-2841> /usr/local/pf/bin/pfhttpd ?0?2 % Total ?0?2 ?0?2% Received % Xferd ?0?2Average Speed ?0?2 Time ?0?2 ?0?2Time ?0?2 ?0?2 Time ?0?2Current ?0?2 ?0?2 ?0?2 ?0?2 ?0?2 ?0?2 ?0?2 ?0?2 ?0?2 ?0?2 ?0?2 ?0?2 ?0?2 ?0?2 ?0?2 ?0?2 ?0?2Dload ?0?2Upload ?0?2 Total ?0?2 Spent ?0?2 ?0?2Left ?0?2Speed 100 18.5M ?0?2100 18.5M ?0?2 ?0?20 ?0?2 ?0?2 0 ?0?21068k ?0?20 ?0?20:00:17 ?0?20:00:17 --:--:-- 1396k [root@pf-wensi ~]# systemctl restart packetfence-pfsso Job for packetfence-pfsso.service failed because the control process exited with error code. See "systemctl status packetfence-pfsso.service" and "journalctl -xe" for details. [root@pf-wensi ~]# systemctl status packetfence-pfsso.service ?? packetfence-pfsso.service - PacketFence PFSSO Service ?0?2 ?0?2Loaded: loaded (/usr/lib/systemd/system/packetfence-pfsso.service; enabled; vendor preset: disabled) ?0?2 ?0?2Active: failed (Result: start-limit) since ?? 2017-12-22 09:58:24 CST; 1min 7s ago ?0?2 Process: 8423 ExecStart=/usr/local/pf/bin/pfhttpd -conf /usr/local/pf/conf/caddy-services/pfsso.conf -log-name pfsso (code=exited, status=203/EXEC) ?0?2Main PID: 8423 (code=exited, status=203/EXEC) 12?? 22 09:58:23 pf-wensi systemd[1]: Failed to start PacketFence PFSSO Service. 12?? 22 09:58:23 pf-wensi systemd[1]: Unit packetfence-pfsso.service entered failed state. 12?? 22 09:58:23 pf-wensi systemd[1]: packetfence-pfsso.service failed. 12?? 22 09:58:24 pf-wensi systemd[1]: packetfence-pfsso.service holdoff time over, scheduling restart. 12?? 22 09:58:24 pf-wensi systemd[1]: start request repeated too quickly for packetfence-pfsso.service 12?? 22 09:58:24 pf-wensi systemd[1]: Failed to start PacketFence PFSSO Service. 12?? 22 09:58:24 pf-wensi systemd[1]: Unit packetfence-pfsso.service entered failed state. 12?? 22 09:58:24 pf-wensi systemd[1]: packetfence-pfsso.service failed. Hint: Some lines were ellipsized, use -l to show in full. packetfence.log Dec 22 10:00:51 pf-wensi pfhttpd: http://localhost:8777 Dec 22 10:00:51 pf-wensi pfsso[9309]: t=2017-12-22T10:00:51+0800 lvl=dbug msg="Resource is not valid anymore. Was loaded at 0001-01-01 00:00:00 + UTC" pid=9309 PfconfigObject=element|interfaces::management_network Dec 22 10:00:51 pf-wensi pfsso[9309]: t=2017-12-22T10:00:51+0800 lvl=dbug msg="Resource is not valid anymore. Was loaded at 0001-01-01 00:00:00 + UTC" pid=9309 PfconfigObject=keys|config::Firewall_SSO Dec 22 10:00:51 pf-wensi pfsso[9309]: t=2017-12-22T10:00:51+0800 lvl=dbug msg="Resource is not valid anymore. Was loaded at 0001-01-01 00:00:00 + UTC" pid=9309 Dec 22 10:00:51 pf-wensi pfhttpd: Using configured prefix: pfsso Dec 22 10:00:51 pf-wensi pfhttpd: Using configured statsd protocol: udp Dec 22 10:00:51 pf-wensi pfhttpd: Using configuration set log level: INFO Dec 22 10:00:51 pf-wensi pfhttpd: Activating privacy features... done. -- Original -- *From:* packetfence-users*Date:* ,12?? 21,2017 23:48 *To:* Julien Semaan , packetfence-users *Cc:* Yan <1136723...@qq.com> *Subject:* Re: [PacketFence-users] Why pfsso restarts itself recently ? Hi Semaan, My pf version is 7.3. My config file is as below. I just use syslog feature to send ip user mapping info to palo alto firewall. I don??t need to do sso via PF. /usr/local/pf/conf/firewall_sso.con [172.23.4.14] transport=syslog categories=default,employees vsys=1 networks=172.0.0.0/8,10.97.0.0/16 port=443 cache_updates=0 username_format=$username type=PaloAlto cache_timeout=0 [172.22.3.13] transport=syslog categories=default,employees vsys=1 networks=172.24.0.0/16 cache_timeout=0 port=443 cache_updates=0 username_format=$username type=PaloAlto #[192.168.1.254] #type=FortiGate #password=s3cr3t #port=1813 #[192.168.1.253] #type=PaloAlto #key= # Specific to the PaloAlto firewall , you must use a username and password to fetch the key to use (see PaloAlto documentation). -- Original -- *From:* Julien Semaan *Date:* ,12?? 21,2017 23:36 *To:* Yan <1136723...@qq.com>, packetfence-users