date:20171222

Re: [PacketFence-users] Why pfsso restarts itself recently ?

2017-12-22 Thread Yan via PacketFence-users

Hi Semaan,


I tried below steps on my backup pf server as you said but with no luck...When 
I issue "systemctl restart packetfence-pfsso" it failed. Below is related logs. 
Appreciate your reply.




[root@pf-wensi ~]# mv /usr/local/pf/bin/pfhttpd 
/usr/local/pf/bin/pfhttpd.bak20171222
[root@pf-wensi ~]# curl https://support.inverse.ca/~jsemaan/pfhttpd-2841> 
/usr/local/pf/bin/pfhttpd
  % Total% Received % Xferd  Average Speed   TimeTime Time  Current
 Dload  Upload   Total   SpentLeft  Speed
100 18.5M  100 18.5M0 0  1068k  0  0:00:17  0:00:17 --:--:-- 1396k
[root@pf-wensi ~]# systemctl restart packetfence-pfsso
Job for packetfence-pfsso.service failed because the control process exited 
with error code. See "systemctl status packetfence-pfsso.service" and 
"journalctl -xe" for details.


[root@pf-wensi ~]# systemctl status packetfence-pfsso.service


?? packetfence-pfsso.service - PacketFence PFSSO Service


   Loaded: loaded (/usr/lib/systemd/system/packetfence-pfsso.service; enabled; 
vendor preset: disabled)


   Active: failed (Result: start-limit) since ?? 2017-12-22 09:58:24 CST; 1min 
7s ago


  Process: 8423 ExecStart=/usr/local/pf/bin/pfhttpd -conf 
/usr/local/pf/conf/caddy-services/pfsso.conf -log-name pfsso (code=exited, 
status=203/EXEC)


 Main PID: 8423 (code=exited, status=203/EXEC)






12?? 22 09:58:23 pf-wensi systemd[1]: Failed to start PacketFence PFSSO Service.


12?? 22 09:58:23 pf-wensi systemd[1]: Unit packetfence-pfsso.service entered 
failed state.


12?? 22 09:58:23 pf-wensi systemd[1]: packetfence-pfsso.service failed.


12?? 22 09:58:24 pf-wensi systemd[1]: packetfence-pfsso.service holdoff time 
over, scheduling restart.


12?? 22 09:58:24 pf-wensi systemd[1]: start request repeated too quickly for 
packetfence-pfsso.service


12?? 22 09:58:24 pf-wensi systemd[1]: Failed to start PacketFence PFSSO Service.


12?? 22 09:58:24 pf-wensi systemd[1]: Unit packetfence-pfsso.service entered 
failed state.


12?? 22 09:58:24 pf-wensi systemd[1]: packetfence-pfsso.service failed.


Hint: Some lines were ellipsized, use -l to show in full.






packetfence.log
Dec 22 10:00:51 pf-wensi pfhttpd: http://localhost:8777
Dec 22 10:00:51 pf-wensi pfsso[9309]: t=2017-12-22T10:00:51+0800 lvl=dbug 
msg="Resource is not valid anymore. Was loaded at 0001-01-01 00:00:00 + 
UTC" pid=9309 PfconfigObject=element|interfaces::management_network
Dec 22 10:00:51 pf-wensi pfsso[9309]: t=2017-12-22T10:00:51+0800 lvl=dbug 
msg="Resource is not valid anymore. Was loaded at 0001-01-01 00:00:00 + 
UTC" pid=9309 PfconfigObject=keys|config::Firewall_SSO
Dec 22 10:00:51 pf-wensi pfsso[9309]: t=2017-12-22T10:00:51+0800 lvl=dbug 
msg="Resource is not valid anymore. Was loaded at 0001-01-01 00:00:00 + 
UTC" pid=9309
Dec 22 10:00:51 pf-wensi pfhttpd: Using configured prefix: pfsso
Dec 22 10:00:51 pf-wensi pfhttpd: Using configured statsd protocol: udp
Dec 22 10:00:51 pf-wensi pfhttpd: Using configuration set log level: INFO
Dec 22 10:00:51 pf-wensi pfhttpd: Activating privacy features... done.



-- Original --
From: packetfence-users 
Date: ,12?? 21,2017 23:48
To: Julien Semaan , packetfence-users 

Cc: Yan <1136723...@qq.com>
Subject: Re: [PacketFence-users] Why pfsso restarts itself recently ?





Hi Semaan,
My pf version is 7.3. My config file is as below. I just use syslog feature to 
send ip user mapping info to palo alto firewall. I don??t need to do sso via PF.


/usr/local/pf/conf/firewall_sso.con
[172.23.4.14]
transport=syslog
categories=default,employees
vsys=1
networks=172.0.0.0/8,10.97.0.0/16
port=443
cache_updates=0
username_format=$username
type=PaloAlto
cache_timeout=0


[172.22.3.13]
transport=syslog
categories=default,employees
vsys=1
networks=172.24.0.0/16
cache_timeout=0
port=443
cache_updates=0
username_format=$username
type=PaloAlto
#[192.168.1.254]
#type=FortiGate
#password=s3cr3t
#port=1813
#[192.168.1.253]
#type=PaloAlto
#key=
# Specific to the PaloAlto firewall , you must use a username and password to 
fetch the key to use (see PaloAlto documentation).

-- Original --
From: Julien Semaan 
Date: ,12?? 21,2017 23:36
To: Yan <1136723...@qq.com>, packetfence-users 

Subject: Re: [PacketFence-users] Why pfsso restarts itself recently ?



  I have a theory of what could be happening.

Seems like the formatting of the usernames might be causing issueswith 
multiple firewalls which you do seems to have.

Could you send me your /usr/local/pf/conf/firewall_sso.conf (with
obfuscated secrets obviously)

Regards,

-- Julien semaanjsem...@inverse.ca  ::  +1 (866) 353-6153 *155  ::  
www.inverse.caInverse inc. :: Leaders behind SOGo (www.sogo.nu)

Re: [PacketFence-users] Why pfsso restarts itself recently ?

2017-12-22 Thread Julien Semaan via PacketFence-users


Ah,

I think I might guess what is happening, the new file is lacking the 
executable bit.


Do this before restarting the process:
# chmod +x /usr/local/pf/bin/pfhttpd

On 2017-12-22 07:33 AM, Julien Semaan via PacketFence-users wrote:

Hi Yan,

Could you do it again, but then, providing the output of this command 
after doing it so I have more context

# journalctl -u packetfence-pfsso --since="5 minutes ago"

Thanks,

--
Julien Semaan
jsem...@inverse.ca   ::  +1 (866) 353-6153 *155  ::www.inverse.ca
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence 
(www.packetfence.org)


On 2017-12-21 09:20 PM, Yan wrote:


Hi Semaan,

I tried below steps on my backup pf server as you said but with no 
luck...When I issue "systemctl restart packetfence-pfsso" it failed. 
Below is related logs. Appreciate your reply.



[root@pf-wensi ~]# mv /usr/local/pf/bin/pfhttpd 
/usr/local/pf/bin/pfhttpd.bak20171222
[root@pf-wensi ~]# curl 
https://support.inverse.ca/~jsemaan/pfhttpd-2841> 
/usr/local/pf/bin/pfhttpd
?0?2 % Total ?0?2 ?0?2% Received % Xferd ?0?2Average Speed ?0?2 Time ?0?2 ?0?2Time ?0?2 ?0?2 
Time ?0?2Current
?0?2 ?0?2 ?0?2 ?0?2 ?0?2 ?0?2 ?0?2 ?0?2 ?0?2 ?0?2 ?0?2 ?0?2 ?0?2 ?0?2 ?0?2 ?0?2 ?0?2Dload ?0?2Upload ?0?2 Total ?0?2 Spent ?0?2 
?0?2Left ?0?2Speed
100 18.5M ?0?2100 18.5M ?0?2 ?0?20 ?0?2 ?0?2 0 ?0?21068k ?0?20 ?0?20:00:17 ?0?20:00:17 --:--:-- 
1396k

[root@pf-wensi ~]# systemctl restart packetfence-pfsso
Job for packetfence-pfsso.service failed because the control process 
exited with error code. See "systemctl status 
packetfence-pfsso.service" and "journalctl -xe" for details.


[root@pf-wensi ~]# systemctl status packetfence-pfsso.service

?? packetfence-pfsso.service - PacketFence PFSSO Service

?0?2 ?0?2Loaded: loaded (/usr/lib/systemd/system/packetfence-pfsso.service; 
enabled; vendor preset: disabled)


?0?2 ?0?2Active: failed (Result: start-limit) since ?? 2017-12-22 09:58:24 
CST; 1min 7s ago


?0?2 Process: 8423 ExecStart=/usr/local/pf/bin/pfhttpd -conf 
/usr/local/pf/conf/caddy-services/pfsso.conf -log-name pfsso 
(code=exited, status=203/EXEC)


?0?2Main PID: 8423 (code=exited, status=203/EXEC)



12?? 22 09:58:23 pf-wensi systemd[1]: Failed to start PacketFence 
PFSSO Service.


12?? 22 09:58:23 pf-wensi systemd[1]: Unit packetfence-pfsso.service 
entered failed state.


12?? 22 09:58:23 pf-wensi systemd[1]: packetfence-pfsso.service failed.

12?? 22 09:58:24 pf-wensi systemd[1]: packetfence-pfsso.service 
holdoff time over, scheduling restart.


12?? 22 09:58:24 pf-wensi systemd[1]: start request repeated too 
quickly for packetfence-pfsso.service


12?? 22 09:58:24 pf-wensi systemd[1]: Failed to start PacketFence 
PFSSO Service.


12?? 22 09:58:24 pf-wensi systemd[1]: Unit packetfence-pfsso.service 
entered failed state.


12?? 22 09:58:24 pf-wensi systemd[1]: packetfence-pfsso.service failed.

Hint: Some lines were ellipsized, use -l to show in full.



packetfence.log
Dec 22 10:00:51 pf-wensi pfhttpd: http://localhost:8777
Dec 22 10:00:51 pf-wensi pfsso[9309]: t=2017-12-22T10:00:51+0800 
lvl=dbug msg="Resource is not valid anymore. Was loaded at 0001-01-01 
00:00:00 + UTC" pid=9309 
PfconfigObject=element|interfaces::management_network
Dec 22 10:00:51 pf-wensi pfsso[9309]: t=2017-12-22T10:00:51+0800 
lvl=dbug msg="Resource is not valid anymore. Was loaded at 0001-01-01 
00:00:00 + UTC" pid=9309 PfconfigObject=keys|config::Firewall_SSO
Dec 22 10:00:51 pf-wensi pfsso[9309]: t=2017-12-22T10:00:51+0800 
lvl=dbug msg="Resource is not valid anymore. Was loaded at 0001-01-01 
00:00:00 + UTC" pid=9309

Dec 22 10:00:51 pf-wensi pfhttpd: Using configured prefix: pfsso
Dec 22 10:00:51 pf-wensi pfhttpd: Using configured statsd protocol: udp
Dec 22 10:00:51 pf-wensi pfhttpd: Using configuration set log level: INFO
Dec 22 10:00:51 pf-wensi pfhttpd: Activating privacy features... done.


-- Original --
*From:* packetfence-users 
*Date:* ,12?? 21,2017 23:48
*To:* Julien Semaan , packetfence-users 


*Cc:* Yan <1136723...@qq.com>
*Subject:* Re: [PacketFence-users] Why pfsso restarts itself recently ?


Hi Semaan,
My pf version is 7.3. My config file is as below. I just use syslog 
feature to send ip user mapping info to palo alto firewall. I don??t 
need to do sso via PF.


/usr/local/pf/conf/firewall_sso.con
[172.23.4.14]
transport=syslog
categories=default,employees
vsys=1
networks=172.0.0.0/8,10.97.0.0/16
port=443
cache_updates=0
username_format=$username
type=PaloAlto
cache_timeout=0

[172.22.3.13]
transport=syslog
categories=default,employees
vsys=1
networks=172.24.0.0/16
cache_timeout=0
port=443
cache_updates=0
username_format=$username
type=PaloAlto
#[192.168.1.254]
#type=FortiGate
#password=s3cr3t
#port=1813
#[192.168.1.253]
#type=PaloAlto
#key=
# Specific to the PaloAlto firewall , you must use a username and 
password to fetch the

Re: [PacketFence-users] Why pfsso restarts itself recently ?

2017-12-22 Thread Julien Semaan via PacketFence-users


Hi Yan,

Could you do it again, but then, providing the output of this command 
after doing it so I have more context

# journalctl -u packetfence-pfsso --since="5 minutes ago"

Thanks,

--
Julien Semaan
jsem...@inverse.ca   ::  +1 (866) 353-6153 *155  ::www.inverse.ca
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence 
(www.packetfence.org)



On 2017-12-21 09:20 PM, Yan wrote:


Hi Semaan,

I tried below steps on my backup pf server as you said but with no 
luck...When I issue "systemctl restart packetfence-pfsso" it failed. 
Below is related logs. Appreciate your reply.



[root@pf-wensi ~]# mv /usr/local/pf/bin/pfhttpd 
/usr/local/pf/bin/pfhttpd.bak20171222
[root@pf-wensi ~]# curl 
https://support.inverse.ca/~jsemaan/pfhttpd-2841> 
/usr/local/pf/bin/pfhttpd
?0?2 % Total ?0?2 ?0?2% Received % Xferd ?0?2Average Speed ?0?2 Time ?0?2 ?0?2Time ?0?2 ?0?2 Time 
?0?2Current
?0?2 ?0?2 ?0?2 ?0?2 ?0?2 ?0?2 ?0?2 ?0?2 ?0?2 ?0?2 ?0?2 ?0?2 ?0?2 ?0?2 ?0?2 ?0?2 ?0?2Dload ?0?2Upload ?0?2 Total ?0?2 Spent ?0?2 ?0?2Left 
?0?2Speed

100 18.5M ?0?2100 18.5M ?0?2 ?0?20 ?0?2 ?0?2 0 ?0?21068k ?0?20 ?0?20:00:17 
?0?20:00:17 --:--:-- 1396k
[root@pf-wensi ~]# systemctl restart packetfence-pfsso
Job for packetfence-pfsso.service failed because the control process 
exited with error code. See "systemctl status 
packetfence-pfsso.service" and "journalctl -xe" for details.


[root@pf-wensi ~]# systemctl status packetfence-pfsso.service

?? packetfence-pfsso.service - PacketFence PFSSO Service

?0?2 ?0?2Loaded: loaded (/usr/lib/systemd/system/packetfence-pfsso.service; 
enabled; vendor preset: disabled)


?0?2 ?0?2Active: failed (Result: start-limit) since ?? 2017-12-22 09:58:24 
CST; 1min 7s ago


?0?2 Process: 8423 ExecStart=/usr/local/pf/bin/pfhttpd -conf 
/usr/local/pf/conf/caddy-services/pfsso.conf -log-name pfsso 
(code=exited, status=203/EXEC)


?0?2Main PID: 8423 (code=exited, status=203/EXEC)



12?? 22 09:58:23 pf-wensi systemd[1]: Failed to start PacketFence PFSSO 
Service.


12?? 22 09:58:23 pf-wensi systemd[1]: Unit packetfence-pfsso.service 
entered failed state.


12?? 22 09:58:23 pf-wensi systemd[1]: packetfence-pfsso.service failed.

12?? 22 09:58:24 pf-wensi systemd[1]: packetfence-pfsso.service holdoff 
time over, scheduling restart.


12?? 22 09:58:24 pf-wensi systemd[1]: start request repeated too 
quickly for packetfence-pfsso.service


12?? 22 09:58:24 pf-wensi systemd[1]: Failed to start PacketFence PFSSO 
Service.


12?? 22 09:58:24 pf-wensi systemd[1]: Unit packetfence-pfsso.service 
entered failed state.


12?? 22 09:58:24 pf-wensi systemd[1]: packetfence-pfsso.service failed.

Hint: Some lines were ellipsized, use -l to show in full.



packetfence.log
Dec 22 10:00:51 pf-wensi pfhttpd: http://localhost:8777
Dec 22 10:00:51 pf-wensi pfsso[9309]: t=2017-12-22T10:00:51+0800 
lvl=dbug msg="Resource is not valid anymore. Was loaded at 0001-01-01 
00:00:00 + UTC" pid=9309 
PfconfigObject=element|interfaces::management_network
Dec 22 10:00:51 pf-wensi pfsso[9309]: t=2017-12-22T10:00:51+0800 
lvl=dbug msg="Resource is not valid anymore. Was loaded at 0001-01-01 
00:00:00 + UTC" pid=9309 PfconfigObject=keys|config::Firewall_SSO
Dec 22 10:00:51 pf-wensi pfsso[9309]: t=2017-12-22T10:00:51+0800 
lvl=dbug msg="Resource is not valid anymore. Was loaded at 0001-01-01 
00:00:00 + UTC" pid=9309

Dec 22 10:00:51 pf-wensi pfhttpd: Using configured prefix: pfsso
Dec 22 10:00:51 pf-wensi pfhttpd: Using configured statsd protocol: udp
Dec 22 10:00:51 pf-wensi pfhttpd: Using configuration set log level: INFO
Dec 22 10:00:51 pf-wensi pfhttpd: Activating privacy features... done.


-- Original --
*From:* packetfence-users 
*Date:* ,12?? 21,2017 23:48
*To:* Julien Semaan , packetfence-users 


*Cc:* Yan <1136723...@qq.com>
*Subject:* Re: [PacketFence-users] Why pfsso restarts itself recently ?


Hi Semaan,
My pf version is 7.3. My config file is as below. I just use syslog 
feature to send ip user mapping info to palo alto firewall. I don??t 
need to do sso via PF.


/usr/local/pf/conf/firewall_sso.con
[172.23.4.14]
transport=syslog
categories=default,employees
vsys=1
networks=172.0.0.0/8,10.97.0.0/16
port=443
cache_updates=0
username_format=$username
type=PaloAlto
cache_timeout=0

[172.22.3.13]
transport=syslog
categories=default,employees
vsys=1
networks=172.24.0.0/16
cache_timeout=0
port=443
cache_updates=0
username_format=$username
type=PaloAlto
#[192.168.1.254]
#type=FortiGate
#password=s3cr3t
#port=1813
#[192.168.1.253]
#type=PaloAlto
#key=
# Specific to the PaloAlto firewall , you must use a username and 
password to fetch the key to use (see PaloAlto documentation).


-- Original --
*From:* Julien Semaan 
*Date:* ,12?? 21,2017 23:36
*To:* Yan <1136723...@qq.com>, packetfence-users

Re: [PacketFence-users] Why pfsso restarts itself recently ?

Re: [PacketFence-users] Why pfsso restarts itself recently ?

Re: [PacketFence-users] Why pfsso restarts itself recently ?

3 matches

Site Navigation

Mail list logo

Footer information