Re: [PacketFence-users] Controlling the PF Database Size (Resolved)
I have added the responses inline below. On Thu, 5 May 2022, 11:55 Baptiste Leroy, wrote: > 1. Oh my bad I was mistaken. Your problem was that PF was deprecated with > OpenVAS. Did you find a solution ? Nope, I dropped this feature from my > list to implement. I saw someone opened a bug to fix this one lets see how > and when it gets implemented. > 2. And well if you have time to help me that's really kind of you. Have you > implemented routed networks with PF ? My issue is that my dhcp > discover's reache PF server but it does not reply to them so I don't know > what's wrong since I added a "routed network". I can give you more > information if you want :D. > > PF---Switch---Router---Switch---PC > Yes, my isolation and registration vlans are on routed networks and works fine, I have configured ip helpers under these vlans networks in the router and specified the ip of nac servers. Also make sure your routed vlans are allowed on layer 2 of all the devices in between. > > Thanks ! > > Le jeu. 5 mai 2022 à 02:58, Misbah Hussaini a > écrit : > >> Hello Baptiste, >> >> Not sure where you read about dhcp issue from me as I didnt face any >> challenges with it. Maybe if you can describe your issue further I can >> relate to it, if I experienced it. >> >> On Wed, 4 May 2022, 18:29 Baptiste Leroy via PacketFence-users, < >> packetfence-users@lists.sourceforge.net> wrote: >> >>> Hello Misbah. >>> I have read that you had a problem with the routed network dhcp. I have >>> the same problem. Did you solve it ? >>> Thank you ! >>> >>> Le jeu. 28 avr. 2022 à 21:58, Misbah Hussaini via PacketFence-users < >>> packetfence-users@lists.sourceforge.net> a écrit : >>> >>>> Thanks for the reply. >>>> >>>> On Thu, 28 Apr 2022, 22:43 Zammit, Ludovic, wrote: >>>> >>>>> 11.2, you have nothing to worry about then. >>>>> >>>>> Thanks, >>>>> >>>>> *Ludovic Zammit* >>>>> *Product Support Engineer Principal* >>>>> *Cell:* +1.613.670.8432 >>>>> Akamai Technologies - Inverse >>>>> 145 Broadway >>>>> Cambridge, MA 02142 >>>>> Connect with Us: <https://community.akamai.com> >>>>> <http://blogs.akamai.com> <https://twitter.com/akamai> >>>>> <http://www.facebook.com/AkamaiTechnologies> >>>>> <http://www.linkedin.com/company/akamai-technologies> >>>>> <http://www.youtube.com/user/akamaitechnologies?feature=results_main> >>>>> >>>>> On Apr 28, 2022, at 1:15 PM, Misbah Hussaini >>>>> wrote: >>>>> >>>>> Hello Ludovic, >>>>> >>>>> Im using PF 11.2 in 3 nodes galera cluster. >>>>> >>>>> On Thu, 28 Apr 2022, 19:06 Zammit, Ludovic, >>>>> wrote: >>>>> >>>>>> Hello there, >>>>>> >>>>>> Packetfence perform basic cleanup task every minutes. It’s under >>>>>> Configuration > System config > maintenance >>>>>> >>>>>> Every night at 00:30 some cleaning tasks kick in to cleanup the db as >>>>>> well. >>>>>> >>>>>> Which PF version are you running ? >>>>>> >>>>>> Thanks, >>>>>> >>>>>> *Ludovic Zammit* >>>>>> *Product Support Engineer Principal* >>>>>> *Cell:* +1.613.670.8432 >>>>>> Akamai Technologies - Inverse >>>>>> 145 Broadway >>>>>> Cambridge, MA 02142 >>>>>> Connect with Us: <https://community.akamai.com/> >>>>>> <http://blogs.akamai.com/> >>>>>> <https://urldefense.com/v3/__https://twitter.com/akamai__;!!GjvTz_vk!XoaOSBHl3-7BzccW0wtVFdYrfhqjB4LuRQ7cIHkqLj1nzFsLM9dl5ojoTPL5UWPZyCING2IgFqT8FwD1hH0$> >>>>>> <https://urldefense.com/v3/__http://www.facebook.com/AkamaiTechnologies__;!!GjvTz_vk!XoaOSBHl3-7BzccW0wtVFdYrfhqjB4LuRQ7cIHkqLj1nzFsLM9dl5ojoTPL5UWPZyCING2IgFqT8lHmSqNc$> >>>>>> <https://urldefense.com/v3/__http://www.linkedin.com/company/akamai-technologies__;!!GjvTz_vk!XoaOSBHl3-7BzccW0wtVFdYrfhqjB4LuRQ7cIHkqLj1nzFsLM9dl5ojoTPL5UWPZyCING2IgFqT8S_VJw-I$> >>>>>> <https://urldefense.com/v3/__http://www.youtube.com/user/akamaitechnologies?feature=results_main__;!!GjvTz_vk!XoaOSBHl3-7BzccW0wtVFdYrfh
Re: [PacketFence-users] Controlling the PF Database Size (Resolved)
Hello Baptiste, Not sure where you read about dhcp issue from me as I didnt face any challenges with it. Maybe if you can describe your issue further I can relate to it, if I experienced it. On Wed, 4 May 2022, 18:29 Baptiste Leroy via PacketFence-users, < packetfence-users@lists.sourceforge.net> wrote: > Hello Misbah. > I have read that you had a problem with the routed network dhcp. I have > the same problem. Did you solve it ? > Thank you ! > > Le jeu. 28 avr. 2022 à 21:58, Misbah Hussaini via PacketFence-users < > packetfence-users@lists.sourceforge.net> a écrit : > >> Thanks for the reply. >> >> On Thu, 28 Apr 2022, 22:43 Zammit, Ludovic, wrote: >> >>> 11.2, you have nothing to worry about then. >>> >>> Thanks, >>> >>> *Ludovic Zammit* >>> *Product Support Engineer Principal* >>> *Cell:* +1.613.670.8432 >>> Akamai Technologies - Inverse >>> 145 Broadway >>> Cambridge, MA 02142 >>> Connect with Us: <https://community.akamai.com> >>> <http://blogs.akamai.com> <https://twitter.com/akamai> >>> <http://www.facebook.com/AkamaiTechnologies> >>> <http://www.linkedin.com/company/akamai-technologies> >>> <http://www.youtube.com/user/akamaitechnologies?feature=results_main> >>> >>> On Apr 28, 2022, at 1:15 PM, Misbah Hussaini >>> wrote: >>> >>> Hello Ludovic, >>> >>> Im using PF 11.2 in 3 nodes galera cluster. >>> >>> On Thu, 28 Apr 2022, 19:06 Zammit, Ludovic, wrote: >>> >>>> Hello there, >>>> >>>> Packetfence perform basic cleanup task every minutes. It’s under >>>> Configuration > System config > maintenance >>>> >>>> Every night at 00:30 some cleaning tasks kick in to cleanup the db as >>>> well. >>>> >>>> Which PF version are you running ? >>>> >>>> Thanks, >>>> >>>> *Ludovic Zammit* >>>> *Product Support Engineer Principal* >>>> *Cell:* +1.613.670.8432 >>>> Akamai Technologies - Inverse >>>> 145 Broadway >>>> Cambridge, MA 02142 >>>> Connect with Us: <https://community.akamai.com/> >>>> <http://blogs.akamai.com/> >>>> <https://urldefense.com/v3/__https://twitter.com/akamai__;!!GjvTz_vk!XoaOSBHl3-7BzccW0wtVFdYrfhqjB4LuRQ7cIHkqLj1nzFsLM9dl5ojoTPL5UWPZyCING2IgFqT8FwD1hH0$> >>>> <https://urldefense.com/v3/__http://www.facebook.com/AkamaiTechnologies__;!!GjvTz_vk!XoaOSBHl3-7BzccW0wtVFdYrfhqjB4LuRQ7cIHkqLj1nzFsLM9dl5ojoTPL5UWPZyCING2IgFqT8lHmSqNc$> >>>> <https://urldefense.com/v3/__http://www.linkedin.com/company/akamai-technologies__;!!GjvTz_vk!XoaOSBHl3-7BzccW0wtVFdYrfhqjB4LuRQ7cIHkqLj1nzFsLM9dl5ojoTPL5UWPZyCING2IgFqT8S_VJw-I$> >>>> <https://urldefense.com/v3/__http://www.youtube.com/user/akamaitechnologies?feature=results_main__;!!GjvTz_vk!XoaOSBHl3-7BzccW0wtVFdYrfhqjB4LuRQ7cIHkqLj1nzFsLM9dl5ojoTPL5UWPZyCING2IgFqT8uM4YtH0$> >>>> >>>> On Apr 28, 2022, at 4:45 AM, Misbah Hussaini via PacketFence-users < >>>> packetfence-users@lists.sourceforge.net> wrote: >>>> >>>> Hello All, >>>> >>>> I was wondering whether any kind of database maintenance task needs to >>>> be carried out periodically to ensure the DB size does not grow >>>> exponentially. I'm not sure whether the backup and maintenance script will >>>> handle purging of data from the database (like removing all the entries >>>> older than 3 months or 6 months) or whether there is a separate script out >>>> there. >>>> >>>> Let me know your experience and how much data growth you have >>>> experienced in your environment over one year period and most importantly >>>> whether any data purging is required. >>>> >>>> Regards >>>> Misbah >>>> ___ >>>> PacketFence-users mailing list >>>> PacketFence-users@lists.sourceforge.net >>>> >>>> https://urldefense.com/v3/__https://lists.sourceforge.net/lists/listinfo/packetfence-users__;!!GjvTz_vk!WamryqoyMucA489Rm9Fy35unAm2qMa-v6CZS7r--bgZ5MXTL1UMwVr5EKhDkJmZgKX68hBtl3WF-k5iIB2XNXBObcchMHsbw-UDAbQ$ >>>> >>>> >>>> >>> ___ >> PacketFence-users mailing list >> PacketFence-users@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/packetfence-users >> > ___ > PacketFence-users mailing list > PacketFence-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/packetfence-users > ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
Re: [PacketFence-users] Controlling the PF Database Size (Resolved)
Thanks for the reply. On Thu, 28 Apr 2022, 22:43 Zammit, Ludovic, wrote: > 11.2, you have nothing to worry about then. > > Thanks, > > *Ludovic Zammit* > *Product Support Engineer Principal* > *Cell:* +1.613.670.8432 > Akamai Technologies - Inverse > 145 Broadway > Cambridge, MA 02142 > Connect with Us: <https://community.akamai.com> <http://blogs.akamai.com> > <https://twitter.com/akamai> <http://www.facebook.com/AkamaiTechnologies> > <http://www.linkedin.com/company/akamai-technologies> > <http://www.youtube.com/user/akamaitechnologies?feature=results_main> > > On Apr 28, 2022, at 1:15 PM, Misbah Hussaini > wrote: > > Hello Ludovic, > > Im using PF 11.2 in 3 nodes galera cluster. > > On Thu, 28 Apr 2022, 19:06 Zammit, Ludovic, wrote: > >> Hello there, >> >> Packetfence perform basic cleanup task every minutes. It’s under >> Configuration > System config > maintenance >> >> Every night at 00:30 some cleaning tasks kick in to cleanup the db as >> well. >> >> Which PF version are you running ? >> >> Thanks, >> >> *Ludovic Zammit* >> *Product Support Engineer Principal* >> *Cell:* +1.613.670.8432 >> Akamai Technologies - Inverse >> 145 Broadway >> Cambridge, MA 02142 >> Connect with Us: <https://community.akamai.com/> >> <http://blogs.akamai.com/> >> <https://urldefense.com/v3/__https://twitter.com/akamai__;!!GjvTz_vk!XoaOSBHl3-7BzccW0wtVFdYrfhqjB4LuRQ7cIHkqLj1nzFsLM9dl5ojoTPL5UWPZyCING2IgFqT8FwD1hH0$> >> <https://urldefense.com/v3/__http://www.facebook.com/AkamaiTechnologies__;!!GjvTz_vk!XoaOSBHl3-7BzccW0wtVFdYrfhqjB4LuRQ7cIHkqLj1nzFsLM9dl5ojoTPL5UWPZyCING2IgFqT8lHmSqNc$> >> <https://urldefense.com/v3/__http://www.linkedin.com/company/akamai-technologies__;!!GjvTz_vk!XoaOSBHl3-7BzccW0wtVFdYrfhqjB4LuRQ7cIHkqLj1nzFsLM9dl5ojoTPL5UWPZyCING2IgFqT8S_VJw-I$> >> <https://urldefense.com/v3/__http://www.youtube.com/user/akamaitechnologies?feature=results_main__;!!GjvTz_vk!XoaOSBHl3-7BzccW0wtVFdYrfhqjB4LuRQ7cIHkqLj1nzFsLM9dl5ojoTPL5UWPZyCING2IgFqT8uM4YtH0$> >> >> On Apr 28, 2022, at 4:45 AM, Misbah Hussaini via PacketFence-users < >> packetfence-users@lists.sourceforge.net> wrote: >> >> Hello All, >> >> I was wondering whether any kind of database maintenance task needs to be >> carried out periodically to ensure the DB size does not grow exponentially. >> I'm not sure whether the backup and maintenance script will handle purging >> of data from the database (like removing all the entries older than 3 >> months or 6 months) or whether there is a separate script out there. >> >> Let me know your experience and how much data growth you have experienced >> in your environment over one year period and most importantly whether any >> data purging is required. >> >> Regards >> Misbah >> ___ >> PacketFence-users mailing list >> PacketFence-users@lists.sourceforge.net >> >> https://urldefense.com/v3/__https://lists.sourceforge.net/lists/listinfo/packetfence-users__;!!GjvTz_vk!WamryqoyMucA489Rm9Fy35unAm2qMa-v6CZS7r--bgZ5MXTL1UMwVr5EKhDkJmZgKX68hBtl3WF-k5iIB2XNXBObcchMHsbw-UDAbQ$ >> >> >> > ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
Re: [PacketFence-users] Controlling the PF Database Size
Hello Ludovic, Im using PF 11.2 in 3 nodes galera cluster. On Thu, 28 Apr 2022, 19:06 Zammit, Ludovic, wrote: > Hello there, > > Packetfence perform basic cleanup task every minutes. It’s under > Configuration > System config > maintenance > > Every night at 00:30 some cleaning tasks kick in to cleanup the db as well. > > Which PF version are you running ? > > Thanks, > > *Ludovic Zammit* > *Product Support Engineer Principal* > *Cell:* +1.613.670.8432 > Akamai Technologies - Inverse > 145 Broadway > Cambridge, MA 02142 > Connect with Us: <https://community.akamai.com> <http://blogs.akamai.com> > <https://twitter.com/akamai> <http://www.facebook.com/AkamaiTechnologies> > <http://www.linkedin.com/company/akamai-technologies> > <http://www.youtube.com/user/akamaitechnologies?feature=results_main> > > On Apr 28, 2022, at 4:45 AM, Misbah Hussaini via PacketFence-users < > packetfence-users@lists.sourceforge.net> wrote: > > Hello All, > > I was wondering whether any kind of database maintenance task needs to be > carried out periodically to ensure the DB size does not grow exponentially. > I'm not sure whether the backup and maintenance script will handle purging > of data from the database (like removing all the entries older than 3 > months or 6 months) or whether there is a separate script out there. > > Let me know your experience and how much data growth you have experienced > in your environment over one year period and most importantly whether any > data purging is required. > > Regards > Misbah > ___ > PacketFence-users mailing list > PacketFence-users@lists.sourceforge.net > > https://urldefense.com/v3/__https://lists.sourceforge.net/lists/listinfo/packetfence-users__;!!GjvTz_vk!WamryqoyMucA489Rm9Fy35unAm2qMa-v6CZS7r--bgZ5MXTL1UMwVr5EKhDkJmZgKX68hBtl3WF-k5iIB2XNXBObcchMHsbw-UDAbQ$ > > > ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
[PacketFence-users] Controlling the PF Database Size
Hello All, I was wondering whether any kind of database maintenance task needs to be carried out periodically to ensure the DB size does not grow exponentially. I'm not sure whether the backup and maintenance script will handle purging of data from the database (like removing all the entries older than 3 months or 6 months) or whether there is a separate script out there. Let me know your experience and how much data growth you have experienced in your environment over one year period and most importantly whether any data purging is required. Regards Misbah ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
Re: [PacketFence-users] Packetfence config related fallback plan
on, 11 Apr 2022 at 17:19, Zammit, Ludovic >>>> wrote: >>>> >>>>> Hello, >>>>> >>>>> You can disable the TCP FB Collector analyzing: >>>>> >>>>> You can disable the TCP fingerprinting by doing >>>>> >>>>> >>>>> # systemctl edit packetfence-fingerbank-collector.service >>>>> >>>>> >>>>> In the editor that opens, add: >>>>> >>>>> >>>>> [Service] >>>>> >>>>> Environment=COLLECTOR_DISABLE_TCP_HANDLER=true >>>>> >>>>> >>>>> Close the editor, then do: >>>>> >>>>> >>>>> # systemctl daemon-reload >>>>> >>>>> # systemctl restart packetfence-fingerbank-collector >>>>> >>>>> >>>>> Thanks, >>>>> >>>>> *Ludovic Zammit* >>>>> *Product Support Engineer Principal* >>>>> *Cell:* +1.613.670.8432 >>>>> Akamai Technologies - Inverse >>>>> 145 Broadway >>>>> Cambridge, MA 02142 >>>>> Connect with Us: <https://community.akamai.com/> >>>>> <http://blogs.akamai.com/> >>>>> <https://urldefense.com/v3/__https://twitter.com/akamai__;!!GjvTz_vk!SWp7hL-2PyHJAaiZfWDTkgAbemIa3M4LNPnjmB3JPvhxHR1E_qQlKru872B5eN-rzoWFo7aUcvRhkGXhfII$> >>>>> <https://urldefense.com/v3/__http://www.facebook.com/AkamaiTechnologies__;!!GjvTz_vk!SWp7hL-2PyHJAaiZfWDTkgAbemIa3M4LNPnjmB3JPvhxHR1E_qQlKru872B5eN-rzoWFo7aUcvRhn3hmSw4$> >>>>> <https://urldefense.com/v3/__http://www.linkedin.com/company/akamai-technologies__;!!GjvTz_vk!SWp7hL-2PyHJAaiZfWDTkgAbemIa3M4LNPnjmB3JPvhxHR1E_qQlKru872B5eN-rzoWFo7aUcvRhiw82adM$> >>>>> <https://urldefense.com/v3/__http://www.youtube.com/user/akamaitechnologies?feature=results_main__;!!GjvTz_vk!SWp7hL-2PyHJAaiZfWDTkgAbemIa3M4LNPnjmB3JPvhxHR1E_qQlKru872B5eN-rzoWFo7aUcvRhY_n9_Qc$> >>>>> >>>>> On Apr 11, 2022, at 2:51 AM, Misbah Hussaini >>>>> wrote: >>>>> >>>>> Hello, >>>>> >>>>> We are currently doing only wired 802.1x & MAC auth, the server config >>>>> is >>>>> >>>>> Intel(R) Xeon(R) CPU E5-2407 v2 @ 2.40GHz >>>>> 16GB RAM (Free RAM - 8GB) >>>>> Running Debian X64. >>>>> >>>>> Also, I would like to disable the packetfence-fingerbank-collector >>>>> from monit config as it is generating too many zombie processes alerts, I >>>>> guess the monit config is managed by pfcmd geenratemonitconfig but I dunno >>>>> how to disable specifically fingerbank-collector. >>>>> >>>>> Regards >>>>> Misbah >>>>> >>>>> >>>>> On Sat, 9 Apr 2022 at 00:23, Zammit, Ludovic >>>>> wrote: >>>>> >>>>>> Hello Misbah, >>>>>> >>>>>> I highly doubt that you would cap a cluster capacity with only 250 >>>>>> devices registered. >>>>>> >>>>>> You have an ongoing issue that need to be fixed. >>>>>> >>>>>> What’s the spec on the PF servers? Are you doing 802.1x or Mac >>>>>> authentication ? Wired ? Wireless? >>>>>> >>>>>> We have cluster of 3 running 10 000 unique radius authentication >>>>>> without choking. >>>>>> >>>>>> Thanks, >>>>>> >>>>>> *Ludovic Zammit* >>>>>> *Product Support Engineer Principal* >>>>>> *Cell:* +1.613.670.8432 >>>>>> Akamai Technologies - Inverse >>>>>> 145 Broadway >>>>>> Cambridge, MA 02142 >>>>>> Connect with Us: <https://community.akamai.com/> >>>>>> <http://blogs.akamai.com/> >>>>>> <https://urldefense.com/v3/__https://twitter.com/akamai__;!!GjvTz_vk!WpjZfRBMI0mVuUAS2zXkY5v4UuJaTKuuP0bM29s40nnrJwz_hjxk8aolOJkcFWvyf6EOzIffTyvneW7Z63Y$> >>>>>> <https://urldefense.com/v3/__http://www.facebook.com/AkamaiTechnologies__;!!GjvTz_vk!WpjZfRBMI0mVuUAS2zXkY5v4UuJaTKuuP0bM29s40nnrJwz_hjxk8aolOJkcFWvyf6EOzIffTyvn00CMBGY$> >>>>>> <https://urldefense.com/v3/__http://www.linkedin.com/company/akamai-technologies__;!!GjvTz_vk!WpjZfRBMI0mVuUAS2zXkY5v4UuJaTKuuP0bM29s40nnrJwz_hjxk8aolOJkcFWvyf6EOzIffTyvnAn0KVkA$> >>>>>> <https://urldefense.com/v3/__http://www.youtube.com/user/akamaitechnologies?feature=results_main__;!!GjvTz_vk!WpjZfRBMI0mVuUAS2zXkY5v4UuJaTKuuP0bM29s40nnrJwz_hjxk8aolOJkcFWvyf6EOzIffTyvnCNH0oAI$> >>>>>> >>>>>> On Apr 7, 2022, at 4:18 AM, Misbah Hussaini via PacketFence-users < >>>>>> packetfence-users@lists.sourceforge.net> wrote: >>>>>> >>>>>> Hello, >>>>>> >>>>>> Firstly, I'm happy with the way Packetfence is working in the >>>>>> environment. A big thanks to the team for the project and awesome >>>>>> documentation. I have configured Packetfence in a 3 node cluster and >>>>>> registered 250+ devices so far. >>>>>> >>>>>> I faced a problem with the radius server reaching the max connections >>>>>> limit and most of the users were disconnected while I fixed the problem >>>>>> (had to increase the max spare servers to a high value in radius.conf). I >>>>>> was optimistic with the cluster setup, thinking I should not be facing >>>>>> downtime issues but didn't realize that a config issue could lead to a >>>>>> blackout. >>>>>> >>>>>> Now, this leads me to wonder if there is a way in which I could have >>>>>> decreased the downtime for the end users while we fixed the problem in >>>>>> the >>>>>> config. Also, I would appreciate highlighting any other Production >>>>>> related >>>>>> settings that need to be fine tuned to avoid such instances in future.. >>>>>> >>>>>> >>>>>> Regards >>>>>> Misbah >>>>>> ___ >>>>>> PacketFence-users mailing list >>>>>> PacketFence-users@lists.sourceforge.net >>>>>> >>>>>> https://urldefense.com/v3/__https://lists.sourceforge.net/lists/listinfo/packetfence-users__;!!GjvTz_vk!HgrKFaieZq5jctGQKZZFOfERw1Xxn-35gkE2_VNs6FiuvQnK4pMpdGzvoWG00YjT$ >>>>>> >>>>>> >>>>>> >>>>> >>>> >> ___ >> PacketFence-users mailing list >> PacketFence-users@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/packetfence-users >> > ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
Re: [PacketFence-users] Packetfence config related fallback plan
max connection limit > Apr 7 10:07:07 NAC1 auth[36]: Ignoring request to auth address > 192.168.197.90 port 1812 bound to server packetfence from unknown client > 192.168.254.13 port 1645 proto udp > Apr 7 10:07:09 NAC1 auth[36]: rlm_sql (sql): No connections available > and at max connection limit > Apr 7 10:07:09 NAC1 auth[36]: Ignoring request to auth address > 192.168.197.90 port 1812 bound to server packetfence from unknown client > 192.168.254.23 port 1645 proto udp > Apr 7 10:07:12 NAC1 auth[36]: rlm_sql (sql): No connections available > and at max connection limit > Apr 7 10:07:12 NAC1 auth[36]: Ignoring request to auth address > 192.168.197.90 port 1812 bound to server packetfence from unknown client > 192.168.254.13 port 1645 proto udp > > > > Regards > Misbah > > > On Mon, 11 Apr 2022 at 17:19, Zammit, Ludovic wrote: > >> Hello, >> >> You can disable the TCP FB Collector analyzing: >> >> You can disable the TCP fingerprinting by doing >> >> >> # systemctl edit packetfence-fingerbank-collector.service >> >> >> In the editor that opens, add: >> >> >> [Service] >> >> Environment=COLLECTOR_DISABLE_TCP_HANDLER=true >> >> >> Close the editor, then do: >> >> >> # systemctl daemon-reload >> >> # systemctl restart packetfence-fingerbank-collector >> >> >> Thanks, >> >> *Ludovic Zammit* >> *Product Support Engineer Principal* >> *Cell:* +1.613.670.8432 >> Akamai Technologies - Inverse >> 145 Broadway >> Cambridge, MA 02142 >> Connect with Us: <https://community.akamai.com/> >> <http://blogs.akamai.com/> >> <https://urldefense.com/v3/__https://twitter.com/akamai__;!!GjvTz_vk!SWp7hL-2PyHJAaiZfWDTkgAbemIa3M4LNPnjmB3JPvhxHR1E_qQlKru872B5eN-rzoWFo7aUcvRhkGXhfII$> >> <https://urldefense.com/v3/__http://www.facebook.com/AkamaiTechnologies__;!!GjvTz_vk!SWp7hL-2PyHJAaiZfWDTkgAbemIa3M4LNPnjmB3JPvhxHR1E_qQlKru872B5eN-rzoWFo7aUcvRhn3hmSw4$> >> <https://urldefense.com/v3/__http://www.linkedin.com/company/akamai-technologies__;!!GjvTz_vk!SWp7hL-2PyHJAaiZfWDTkgAbemIa3M4LNPnjmB3JPvhxHR1E_qQlKru872B5eN-rzoWFo7aUcvRhiw82adM$> >> <https://urldefense.com/v3/__http://www.youtube.com/user/akamaitechnologies?feature=results_main__;!!GjvTz_vk!SWp7hL-2PyHJAaiZfWDTkgAbemIa3M4LNPnjmB3JPvhxHR1E_qQlKru872B5eN-rzoWFo7aUcvRhY_n9_Qc$> >> >> On Apr 11, 2022, at 2:51 AM, Misbah Hussaini >> wrote: >> >> Hello, >> >> We are currently doing only wired 802.1x & MAC auth, the server config >> is >> >> Intel(R) Xeon(R) CPU E5-2407 v2 @ 2.40GHz >> 16GB RAM (Free RAM - 8GB) >> Running Debian X64. >> >> Also, I would like to disable the packetfence-fingerbank-collector from >> monit config as it is generating too many zombie processes alerts, I guess >> the monit config is managed by pfcmd geenratemonitconfig but I dunno how to >> disable specifically fingerbank-collector. >> >> Regards >> Misbah >> >> >> On Sat, 9 Apr 2022 at 00:23, Zammit, Ludovic wrote: >> >>> Hello Misbah, >>> >>> I highly doubt that you would cap a cluster capacity with only 250 >>> devices registered. >>> >>> You have an ongoing issue that need to be fixed. >>> >>> What’s the spec on the PF servers? Are you doing 802.1x or Mac >>> authentication ? Wired ? Wireless? >>> >>> We have cluster of 3 running 10 000 unique radius authentication without >>> choking. >>> >>> Thanks, >>> >>> *Ludovic Zammit* >>> *Product Support Engineer Principal* >>> *Cell:* +1.613.670.8432 >>> Akamai Technologies - Inverse >>> 145 Broadway >>> Cambridge, MA 02142 >>> Connect with Us: <https://community.akamai.com/> >>> <http://blogs.akamai.com/> >>> <https://urldefense.com/v3/__https://twitter.com/akamai__;!!GjvTz_vk!WpjZfRBMI0mVuUAS2zXkY5v4UuJaTKuuP0bM29s40nnrJwz_hjxk8aolOJkcFWvyf6EOzIffTyvneW7Z63Y$> >>> <https://urldefense.com/v3/__http://www.facebook.com/AkamaiTechnologies__;!!GjvTz_vk!WpjZfRBMI0mVuUAS2zXkY5v4UuJaTKuuP0bM29s40nnrJwz_hjxk8aolOJkcFWvyf6EOzIffTyvn00CMBGY$> >>> <https://urldefense.com/v3/__http://www.linkedin.com/company/akamai-technologies__;!!GjvTz_vk!WpjZfRBMI0mVuUAS2zXkY5v4UuJaTKuuP0bM29s40nnrJwz_hjxk8aolOJkcFWvyf6EOzIffTyvnAn0KVkA$> >>> <https://urldefense.com/v3/__http://www.youtube.com/user/akamaitechnologies?feature=results_main__;!!GjvTz_vk!WpjZfRBMI0mVuUAS2zXkY5v4UuJaTKuuP0bM29s40nnrJwz_hjxk8aolOJkcFWv
Re: [PacketFence-users] Packetfence config related fallback plan
lt;http://www.linkedin.com/company/akamai-technologies> > <http://www.youtube.com/user/akamaitechnologies?feature=results_main> > > On Apr 11, 2022, at 2:51 AM, Misbah Hussaini > wrote: > > Hello, > > We are currently doing only wired 802.1x & MAC auth, the server config is > > Intel(R) Xeon(R) CPU E5-2407 v2 @ 2.40GHz > 16GB RAM (Free RAM - 8GB) > Running Debian X64. > > Also, I would like to disable the packetfence-fingerbank-collector from > monit config as it is generating too many zombie processes alerts, I guess > the monit config is managed by pfcmd geenratemonitconfig but I dunno how to > disable specifically fingerbank-collector. > > Regards > Misbah > > > On Sat, 9 Apr 2022 at 00:23, Zammit, Ludovic wrote: > >> Hello Misbah, >> >> I highly doubt that you would cap a cluster capacity with only 250 >> devices registered. >> >> You have an ongoing issue that need to be fixed. >> >> What’s the spec on the PF servers? Are you doing 802.1x or Mac >> authentication ? Wired ? Wireless? >> >> We have cluster of 3 running 10 000 unique radius authentication without >> choking. >> >> Thanks, >> >> *Ludovic Zammit* >> *Product Support Engineer Principal* >> *Cell:* +1.613.670.8432 >> Akamai Technologies - Inverse >> 145 Broadway >> Cambridge, MA 02142 >> Connect with Us: <https://community.akamai.com/> >> <http://blogs.akamai.com/> >> <https://urldefense.com/v3/__https://twitter.com/akamai__;!!GjvTz_vk!WpjZfRBMI0mVuUAS2zXkY5v4UuJaTKuuP0bM29s40nnrJwz_hjxk8aolOJkcFWvyf6EOzIffTyvneW7Z63Y$> >> <https://urldefense.com/v3/__http://www.facebook.com/AkamaiTechnologies__;!!GjvTz_vk!WpjZfRBMI0mVuUAS2zXkY5v4UuJaTKuuP0bM29s40nnrJwz_hjxk8aolOJkcFWvyf6EOzIffTyvn00CMBGY$> >> <https://urldefense.com/v3/__http://www.linkedin.com/company/akamai-technologies__;!!GjvTz_vk!WpjZfRBMI0mVuUAS2zXkY5v4UuJaTKuuP0bM29s40nnrJwz_hjxk8aolOJkcFWvyf6EOzIffTyvnAn0KVkA$> >> <https://urldefense.com/v3/__http://www.youtube.com/user/akamaitechnologies?feature=results_main__;!!GjvTz_vk!WpjZfRBMI0mVuUAS2zXkY5v4UuJaTKuuP0bM29s40nnrJwz_hjxk8aolOJkcFWvyf6EOzIffTyvnCNH0oAI$> >> >> On Apr 7, 2022, at 4:18 AM, Misbah Hussaini via PacketFence-users < >> packetfence-users@lists.sourceforge.net> wrote: >> >> Hello, >> >> Firstly, I'm happy with the way Packetfence is working in the >> environment. A big thanks to the team for the project and awesome >> documentation. I have configured Packetfence in a 3 node cluster and >> registered 250+ devices so far. >> >> I faced a problem with the radius server reaching the max connections >> limit and most of the users were disconnected while I fixed the problem >> (had to increase the max spare servers to a high value in radius.conf). I >> was optimistic with the cluster setup, thinking I should not be facing >> downtime issues but didn't realize that a config issue could lead to a >> blackout. >> >> Now, this leads me to wonder if there is a way in which I could have >> decreased the downtime for the end users while we fixed the problem in the >> config. Also, I would appreciate highlighting any other Production related >> settings that need to be fine tuned to avoid such instances in future.. >> >> >> Regards >> Misbah >> ___ >> PacketFence-users mailing list >> PacketFence-users@lists.sourceforge.net >> >> https://urldefense.com/v3/__https://lists.sourceforge.net/lists/listinfo/packetfence-users__;!!GjvTz_vk!HgrKFaieZq5jctGQKZZFOfERw1Xxn-35gkE2_VNs6FiuvQnK4pMpdGzvoWG00YjT$ >> >> >> > ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
Re: [PacketFence-users] Packetfence config related fallback plan
254.28 port 1645 proto udp >> Apr 7 10:06:57 NAC1 auth[36]: rlm_sql (sql): No connections >> available and at max connection limit >> Apr 7 10:06:57 NAC1 auth[36]: Ignoring request to auth address >> 192.168.197.90 port 1812 bound to server packetfence from unknown client >> 192.168.254.13 port 1645 proto udp >> Apr 7 10:07:02 NAC1 auth[36]: rlm_sql (sql): No connections >> available and at max connection limit >> Apr 7 10:07:02 NAC1 auth[36]: Ignoring request to auth address >> 192.168.197.90 port 1812 bound to server packetfence from unknown client >> 192.168.254.13 port 1645 proto udp >> Apr 7 10:07:04 NAC1 auth[36]: rlm_sql (sql): No connections >> available and at max connection limit >> Apr 7 10:07:04 NAC1 auth[36]: Ignoring request to auth address >> 192.168.197.90 port 1812 bound to server packetfence from unknown client >> 192.168.254.23 port 1645 proto udp >> Apr 7 10:07:07 NAC1 auth[36]: rlm_sql (sql): No connections >> available and at max connection limit >> Apr 7 10:07:07 NAC1 auth[36]: Ignoring request to auth address >> 192.168.197.90 port 1812 bound to server packetfence from unknown client >> 192.168.254.13 port 1645 proto udp >> Apr 7 10:07:09 NAC1 auth[36]: rlm_sql (sql): No connections >> available and at max connection limit >> Apr 7 10:07:09 NAC1 auth[36]: Ignoring request to auth address >> 192.168.197.90 port 1812 bound to server packetfence from unknown client >> 192.168.254.23 port 1645 proto udp >> Apr 7 10:07:12 NAC1 auth[36]: rlm_sql (sql): No connections >> available and at max connection limit >> Apr 7 10:07:12 NAC1 auth[36]: Ignoring request to auth address >> 192.168.197.90 port 1812 bound to server packetfence from unknown client >> 192.168.254.13 port 1645 proto udp >> >> >> >> Regards >> Misbah >> >> >> On Mon, 11 Apr 2022 at 17:19, Zammit, Ludovic wrote: >> >>> Hello, >>> >>> You can disable the TCP FB Collector analyzing: >>> >>> You can disable the TCP fingerprinting by doing >>> >>> >>> # systemctl edit packetfence-fingerbank-collector.service >>> >>> >>> In the editor that opens, add: >>> >>> >>> [Service] >>> >>> Environment=COLLECTOR_DISABLE_TCP_HANDLER=true >>> >>> >>> Close the editor, then do: >>> >>> >>> # systemctl daemon-reload >>> >>> # systemctl restart packetfence-fingerbank-collector >>> >>> >>> Thanks, >>> >>> *Ludovic Zammit* >>> *Product Support Engineer Principal* >>> *Cell:* +1.613.670.8432 >>> Akamai Technologies - Inverse >>> 145 Broadway >>> Cambridge, MA 02142 >>> Connect with Us: <https://community.akamai.com/> >>> <http://blogs.akamai.com/> >>> <https://urldefense.com/v3/__https://twitter.com/akamai__;!!GjvTz_vk!SWp7hL-2PyHJAaiZfWDTkgAbemIa3M4LNPnjmB3JPvhxHR1E_qQlKru872B5eN-rzoWFo7aUcvRhkGXhfII$> >>> <https://urldefense.com/v3/__http://www.facebook.com/AkamaiTechnologies__;!!GjvTz_vk!SWp7hL-2PyHJAaiZfWDTkgAbemIa3M4LNPnjmB3JPvhxHR1E_qQlKru872B5eN-rzoWFo7aUcvRhn3hmSw4$> >>> <https://urldefense.com/v3/__http://www.linkedin.com/company/akamai-technologies__;!!GjvTz_vk!SWp7hL-2PyHJAaiZfWDTkgAbemIa3M4LNPnjmB3JPvhxHR1E_qQlKru872B5eN-rzoWFo7aUcvRhiw82adM$> >>> <https://urldefense.com/v3/__http://www.youtube.com/user/akamaitechnologies?feature=results_main__;!!GjvTz_vk!SWp7hL-2PyHJAaiZfWDTkgAbemIa3M4LNPnjmB3JPvhxHR1E_qQlKru872B5eN-rzoWFo7aUcvRhY_n9_Qc$> >>> >>> On Apr 11, 2022, at 2:51 AM, Misbah Hussaini >>> wrote: >>> >>> Hello, >>> >>> We are currently doing only wired 802.1x & MAC auth, the server config >>> is >>> >>> Intel(R) Xeon(R) CPU E5-2407 v2 @ 2.40GHz >>> 16GB RAM (Free RAM - 8GB) >>> Running Debian X64. >>> >>> Also, I would like to disable the packetfence-fingerbank-collector from >>> monit config as it is generating too many zombie processes alerts, I guess >>> the monit config is managed by pfcmd geenratemonitconfig but I dunno how to >>> disable specifically fingerbank-collector. >>> >>> Regards >>> Misbah >>> >>> >>> On Sat, 9 Apr 2022 at 00:23, Zammit, Ludovic wrote: >>> >>>> Hello Misbah, >>>> >>>> I highly doubt that you would cap a cluster capacity with only 250 >>>> devices registered. &g
Re: [PacketFence-users] Packetfence config related fallback plan
Hello, We are currently doing only wired 802.1x & MAC auth, the server config is Intel(R) Xeon(R) CPU E5-2407 v2 @ 2.40GHz 16GB RAM (Free RAM - 8GB) Running Debian X64. Also, I would like to disable the packetfence-fingerbank-collector from monit config as it is generating too many zombie processes alerts, I guess the monit config is managed by pfcmd geenratemonitconfig but I dunno how to disable specifically fingerbank-collector. Regards Misbah On Sat, 9 Apr 2022 at 00:23, Zammit, Ludovic wrote: > Hello Misbah, > > I highly doubt that you would cap a cluster capacity with only 250 devices > registered. > > You have an ongoing issue that need to be fixed. > > What’s the spec on the PF servers? Are you doing 802.1x or Mac > authentication ? Wired ? Wireless? > > We have cluster of 3 running 10 000 unique radius authentication without > choking. > > Thanks, > > *Ludovic Zammit* > *Product Support Engineer Principal* > *Cell:* +1.613.670.8432 > Akamai Technologies - Inverse > 145 Broadway > Cambridge, MA 02142 > Connect with Us: <https://community.akamai.com> <http://blogs.akamai.com> > <https://twitter.com/akamai> <http://www.facebook.com/AkamaiTechnologies> > <http://www.linkedin.com/company/akamai-technologies> > <http://www.youtube.com/user/akamaitechnologies?feature=results_main> > > On Apr 7, 2022, at 4:18 AM, Misbah Hussaini via PacketFence-users < > packetfence-users@lists.sourceforge.net> wrote: > > Hello, > > Firstly, I'm happy with the way Packetfence is working in the environment. > A big thanks to the team for the project and awesome documentation. I have > configured Packetfence in a 3 node cluster and registered 250+ devices so > far. > > I faced a problem with the radius server reaching the max connections > limit and most of the users were disconnected while I fixed the problem > (had to increase the max spare servers to a high value in radius.conf). I > was optimistic with the cluster setup, thinking I should not be facing > downtime issues but didn't realize that a config issue could lead to a > blackout. > > Now, this leads me to wonder if there is a way in which I could have > decreased the downtime for the end users while we fixed the problem in the > config. Also, I would appreciate highlighting any other Production related > settings that need to be fine tuned to avoid such instances in future.. > > > Regards > Misbah > ___ > PacketFence-users mailing list > PacketFence-users@lists.sourceforge.net > > https://urldefense.com/v3/__https://lists.sourceforge.net/lists/listinfo/packetfence-users__;!!GjvTz_vk!HgrKFaieZq5jctGQKZZFOfERw1Xxn-35gkE2_VNs6FiuvQnK4pMpdGzvoWG00YjT$ > > > ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
Re: [PacketFence-users] Blank Page on Dashboard
Hello, When I try to access the netdata URL (https://mgmt_ip:1443/netdata/) I receive a 404 "Chart is not found: mysql_PacketFence_Database.queries" response. Any idea how to fix this? Other charts on the dashboard are working fine. Regards Misbah On Fri, 14 Jan 2022 at 19:19, Misbah Hussaini wrote: > Hello Fabrice, > > The issue was fixed when I restarted the netdata daemon on Node3. However, > a couple of charts are not getting generated, below are the URLs. > > mysql_PacketFence_Database.queries: chart not found on url > "/api/v1/chart?chart=mysql_PacketFence_Database.queries" > > mysql_PacketFence_Database.handlers: chart not found on url > "/api/v1/chart?chart=mysql_PacketFence_Database.handlers" > > I don't find any folder in /var/cache/netdata with the name starting > "mysql". > > > Regards > Syed Hussaini > > > On Fri, 14 Jan 2022 at 01:19, Fabrice Durand wrote: > >> Hello Syed, >> >> you have to use dev mode in the browser to see if you have any error >> (like 404) related to netdata (https://mgmt_ip:1443/netdata/....) >> >> Once found can you post the url ? >> >> Regards >> Fabrice >> >> >> Le jeu. 13 janv. 2022 à 09:53, Misbah Hussaini via PacketFence-users < >> packetfence-users@lists.sourceforge.net> a écrit : >> >>> Hello, >>> >>> I have clustered my PF servers running version 11.2 and post activity, >>> the charts are not visible on the Dashboard. Sometimes I get the* error >>> "The charts of the dashboard are currently not available"*. I have >>> cleared the cache in /var/cache/netdata and restarted all the services but >>> the problem remains. I have tried accessing the dashboard using the VIP or >>> node IP but the behaviour is still the same. >>> >>> Any clue on how to troubleshoot this? >>> >>> >>> Regards >>> Syed Hussaini >>> ___ >>> PacketFence-users mailing list >>> PacketFence-users@lists.sourceforge.net >>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>> >> ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
[PacketFence-users] Packetfence config related fallback plan
Hello, Firstly, I'm happy with the way Packetfence is working in the environment. A big thanks to the team for the project and awesome documentation. I have configured Packetfence in a 3 node cluster and registered 250+ devices so far. I faced a problem with the radius server reaching the max connections limit and most of the users were disconnected while I fixed the problem (had to increase the max spare servers to a high value in radius.conf). I was optimistic with the cluster setup, thinking I should not be facing downtime issues but didn't realize that a config issue could lead to a blackout. Now, this leads me to wonder if there is a way in which I could have decreased the downtime for the end users while we fixed the problem in the config. Also, I would appreciate highlighting any other Production related settings that need to be fine tuned to avoid such instances in future.. Regards Misbah ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
Re: [PacketFence-users] Wireless Auth using Cisco IPSK
Thanks for the response Simon, let me test and share the feedback. Regards Syed Hussaini On Mon, 31 Jan 2022 at 19:05, Simon Sutcliffe wrote: > Hi Syed > > > > I am by no means a PF expert but we are too looking at DPSK for one of our > use cases. > > > > The DPSK is assigned to the user (PID) you will find the field at the > bottom of the users profile page > > [image: Background pattern Description automatically generated] > > > > The device needs to be registered in the Nodes section and the PID of from > the users page > > [image: A picture containing text Description automatically generated] > > Need to be the Owner in the Node. > > [image: Graphical user interface, text, application, chat or text message > Description automatically generated] > > You will need a connection profile where the Enable DPSK is enabled. > > [image: Graphical user interface, text, chat or text message Description > automatically generated] > > > Getting the users and the nodes linked can be done with a provisioner or > via the self service portal. However we are considering writing out own > self service portal that utilises the API of PF was at the moment the > current workflow we feel is a little clunky for our over sensitive > workforce. > > > > Hope that helps. > > > > Simon > > > > *Simon Sutcliffe* > *IT Architect, Workplace Solutions* > > *T *+44 1733 336600 | *M *+44 7775 823368 | *E* simon.sutcli...@rhdhv.com > | *W* www.royalhaskoningdhv.com > HaskoningDHV UK Ltd., a company of *Royal HaskoningDHV* | Rightwell > House, Bretton, Peterborough PE3 8DW, United Kingdom > > > > > > > > > > > > Royal HaskoningDHV - Internal Use Only > > *From:* Misbah Hussaini via PacketFence-users < > packetfence-users@lists.sourceforge.net> > *Sent:* 31 January 2022 12:47 > *To:* packetfence-users > *Cc:* Misbah Hussaini > *Subject:* [PacketFence-users] Wireless Auth using Cisco IPSK > > > > This message was sent from an * e-mail domain unknown to Royal > HaskoningDHV*. Please be cautious. > > > > Hello All, > > > > I'm trying to consolidate different SSIDs, which use a Pre-Shared Key, > into a single SSID. The idea is to use the Roles to assign different VLANs > for different types of devices. Since these devices do not support 802.1x > mechanisms, I will have to use PSK and that's where I'm planning to use > DPSK. > > > > However, I have seen from the guide, the method to make DPSK work is to > use Open SSID and sign up the user which may not be applicable in my > scenario. Can someone help me point out which field (in GUI) holds the DPSK > value to authenticate the users and how do I assign roles to the devices. > > > > Thank You. > > > Regards > Syed Hussaini > This email and any attachments are intended solely for the use of the > addressee(s); disclosure or copying by others than the intended person(s) > is strictly prohibited. If you have received this email in error, please > treat this email as confidential, notify the sender and delete all copies > of the email immediately > ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
[PacketFence-users] Wireless Auth using Cisco IPSK
Hello All, I'm trying to consolidate different SSIDs, which use a Pre-Shared Key, into a single SSID. The idea is to use the Roles to assign different VLANs for different types of devices. Since these devices do not support 802.1x mechanisms, I will have to use PSK and that's where I'm planning to use DPSK. However, I have seen from the guide, the method to make DPSK work is to use Open SSID and sign up the user which may not be applicable in my scenario. Can someone help me point out which field (in GUI) holds the DPSK value to authenticate the users and how do I assign roles to the devices. Thank You. Regards Syed Hussaini ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
Re: [PacketFence-users] GVM (Formerly OpenVAS) Integration with packetfence
Hello, Appreciate if someone can look into this or point me in the right direction to further research and have this functionality enabled. Regards Syed Hussaini On Fri, 14 Jan 2022 at 19:23, Misbah Hussaini wrote: > Hello, > > I have installed OpenVas Scanner (currently known as GVM) and the omp > package of openvas has been made obsolete in favour of gvmtools. The guide > in PF documents points to use omp and has no details about GVMTOOLS, can > someone help me to integrate PF with GVM using the gvmtools. > > PF version - 11.2 > GVM version - 21.04 > > Regards > Syed Hussaini > ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
[PacketFence-users] GVM (Formerly OpenVAS) Integration with packetfence
Hello, I have installed OpenVas Scanner (currently known as GVM) and the omp package of openvas has been made obsolete in favour of gvmtools. The guide in PF documents points to use omp and has no details about GVMTOOLS, can someone help me to integrate PF with GVM using the gvmtools. PF version - 11.2 GVM version - 21.04 Regards Syed Hussaini ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
Re: [PacketFence-users] Blank Page on Dashboard
Hello Fabrice, The issue was fixed when I restarted the netdata daemon on Node3. However, a couple of charts are not getting generated, below are the URLs. mysql_PacketFence_Database.queries: chart not found on url "/api/v1/chart?chart=mysql_PacketFence_Database.queries" mysql_PacketFence_Database.handlers: chart not found on url "/api/v1/chart?chart=mysql_PacketFence_Database.handlers" I don't find any folder in /var/cache/netdata with the name starting "mysql". Regards Syed Hussaini On Fri, 14 Jan 2022 at 01:19, Fabrice Durand wrote: > Hello Syed, > > you have to use dev mode in the browser to see if you have any error (like > 404) related to netdata (https://mgmt_ip:1443/netdata/) > > Once found can you post the url ? > > Regards > Fabrice > > > Le jeu. 13 janv. 2022 à 09:53, Misbah Hussaini via PacketFence-users < > packetfence-users@lists.sourceforge.net> a écrit : > >> Hello, >> >> I have clustered my PF servers running version 11.2 and post activity, >> the charts are not visible on the Dashboard. Sometimes I get the* error >> "The charts of the dashboard are currently not available"*. I have >> cleared the cache in /var/cache/netdata and restarted all the services but >> the problem remains. I have tried accessing the dashboard using the VIP or >> node IP but the behaviour is still the same. >> >> Any clue on how to troubleshoot this? >> >> >> Regards >> Syed Hussaini >> ___ >> PacketFence-users mailing list >> PacketFence-users@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/packetfence-users >> > ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
[PacketFence-users] Blank Page on Dashboard
Hello, I have clustered my PF servers running version 11.2 and post activity, the charts are not visible on the Dashboard. Sometimes I get the* error "The charts of the dashboard are currently not available"*. I have cleared the cache in /var/cache/netdata and restarted all the services but the problem remains. I have tried accessing the dashboard using the VIP or node IP but the behaviour is still the same. Any clue on how to troubleshoot this? Regards Syed Hussaini ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
[PacketFence-users] [Resolved] Re: Cisco 2960X - Unable to grant privileged CLI Access
Just to share heads up. I was able to fix this issue by disabling the
enable command, below is how my aaa config looks like.
aaa authentication login default local group NAC-Packetfence
aaa authentication login console group NAC-Packetfence
*aaa authentication enable default none*
aaa authentication dot1x default group NAC-Packetfence
aaa authorization network default group NAC-Packetfence
aaa accounting dot1x default start-stop group NAC-Packetfence
aaa server radius dynamic-author
client 192.168.197.90 server-key 7 113A163153020A5533
port 3799
!
!
radius server NAC1
address ipv4 192.168.197.90 auth-port 1812 acct-port 1813
key 7 046804324B314D1733
!
!
aaa group server radius NAC-Packetfence
server name NAC1
deadtime 1
!
!
!
aaa new-model
aaa session-id common
Regards
Misbah
On Mon, 13 Dec 2021 at 19:29, Misbah Hussaini wrote:
> Hello,
>
> I'm trying to configure CLI access for admins via PF. I'm so far able to
> make the admins login to the switch CLI, however when they try to enter
> enable mode they receive "% Error in Authentication" message.
>
> I tried and checked the radius.log which shows a successful
> authentication. I have also enabled the checkbox on the switch config to
> allow cli access. I understand that I need to send Cisco-AVPair for
> privileged access to work but dunno where it is set.
>
> Can someone pls help to grant the enable mode access on the switch via PF
> Freeradius.
>
> Below is the log from raddebug.
>
> (747) Mon Dec 13 19:08:16 2021: Debug: Received Access-Request Id 20 from
> 10.141.254.40:1645 to 192.168.197.90:1812 length 81
> (747) Mon Dec 13 19:08:16 2021: Debug: User-Name = "testuser123"
> (747) Mon Dec 13 19:08:16 2021: Debug: User-Password =
> "cleartextpassword"
> (747) Mon Dec 13 19:08:16 2021: Debug: NAS-Port = 2
> (747) Mon Dec 13 19:08:16 2021: Debug: NAS-Port-Id = "tty2"
> (747) Mon Dec 13 19:08:16 2021: Debug: NAS-Port-Type = Virtual
> (747) Mon Dec 13 19:08:16 2021: Debug: NAS-IP-Address = 192.168.254.40
> (747) Mon Dec 13 19:08:16 2021: Debug: # Executing section authorize from
> file /usr/local/pf/raddb/sites-enabled/packetfence
> (747) Mon Dec 13 19:08:16 2021: Debug: authorize {
> (747) Mon Dec 13 19:08:16 2021: Debug: policy
> packetfence-nas-ip-address {
> (747) Mon Dec 13 19:08:16 2021: Debug: if (!NAS-IP-Address ||
> NAS-IP-Address == "0.0.0.0"){
> (747) Mon Dec 13 19:08:16 2021: Debug: if (!NAS-IP-Address ||
> NAS-IP-Address == "0.0.0.0") -> FALSE
> (747) Mon Dec 13 19:08:16 2021: Debug: } # policy
> packetfence-nas-ip-address = notfound
> (747) Mon Dec 13 19:08:16 2021: Debug: update {
> (747) Mon Dec 13 19:08:16 2021: Debug: EXPAND
> %{Packet-Src-IP-Address}
> (747) Mon Dec 13 19:08:16 2021: Debug: --> 192.168.254.40
> (747) Mon Dec 13 19:08:16 2021: Debug: EXPAND
> %{Packet-Dst-IP-Address}
> (747) Mon Dec 13 19:08:16 2021: Debug: --> 192.168.197.90
> (747) Mon Dec 13 19:08:16 2021: Debug: EXPAND %l
> (747) Mon Dec 13 19:08:16 2021: Debug: --> 1639408096
> (747) Mon Dec 13 19:08:16 2021: Debug: } # update = noop
> (747) Mon Dec 13 19:08:16 2021: Debug: policy
> packetfence-set-realm-if-machine {
> (747) Mon Dec 13 19:08:16 2021: Debug: if (User-Name =~
> /host\/([a-z0-9_-]*)[\.](.*)/i) {
> (747) Mon Dec 13 19:08:16 2021: Debug: if (User-Name =~
> /host\/([a-z0-9_-]*)[\.](.*)/i) -> FALSE
> (747) Mon Dec 13 19:08:16 2021: Debug: } # policy
> packetfence-set-realm-if-machine = noop
> (747) Mon Dec 13 19:08:16 2021: Debug: policy
> packetfence-balanced-key-policy {
> (747) Mon Dec 13 19:08:16 2021: Debug: if (
> && ( =~ /^(.*)(.)$/i)) {
> (747) Mon Dec 13 19:08:16 2021: Debug: if (
> && ( =~ /^(.*)(.)$/i)) -> FALSE
> (747) Mon Dec 13 19:08:16 2021: Debug: else {
> (747) Mon Dec 13 19:08:16 2021: Debug: update {
> (747) Mon Dec 13 19:08:16 2021: Debug: EXPAND
> %{md5:%{Calling-Station-Id}%{User-Name}}
> (747) Mon Dec 13 19:08:16 2021: Debug: -->
> 7674cdd55c6099b093d1b9dcdda01825
> (747) Mon Dec 13 19:08:16 2021: Debug: EXPAND
> %{md5:%{Calling-Station-Id}%{User-Name}}
> (747) Mon Dec 13 19:08:16 2021: Debug: -->
> 7674cdd55c6099b093d1b9dcdda01825
> (747) Mon Dec 13 19:08:16 2021: Debug: } # update = noop
> (747) Mon Dec 13 19:08:16 2021: Debug: } # else = noop
> (747) Mon Dec 13 19:08:16 2021: Debug: } # policy
> packetfence-balanced-key-policy = noop
> (747) Mon Dec 13 19:08:16 2021: Debug: policy
> packetfence-set-tenant-id {
> (747) Mon Dec 13 19:08:16 2021: Debug: if (!NAS-IP-Address ||
> NAS-IP-Address == "0.0.0.0"){
> (747) Mon Dec 13 19:08:16 2021: Debug: if (!NAS-IP-Address ||
> NAS-IP-Address == "0.0.0.0") -> FALSE
> (747) Mon Dec 13 19:08:16 2021: Debug: if (
> "%{%{control:PacketFence-Tenant-Id}:-0}" == "0") {
> (747) Mon Dec 13 19:08:16 2021: Debug: EXPAND
> %{%{control:PacketFence-Tenant-Id}:-0}
>
[PacketFence-users] Determine enforcement mode
Hello, I ran the configurator quiet some time back and dont remember which enforcement mode I selected. Is there a way to determine the enforcement mode and make changes to it, e.g: switching between vlan mode to inline, etc. Regards Misbah ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
[PacketFence-users] Cisco 2960X - Unable to grant privileged CLI Access
Hello,
I'm trying to configure CLI access for admins via PF. I'm so far able to
make the admins login to the switch CLI, however when they try to enter
enable mode they receive "% Error in Authentication" message.
I tried and checked the radius.log which shows a successful authentication.
I have also enabled the checkbox on the switch config to allow cli access.
I understand that I need to send Cisco-AVPair for privileged access to work
but dunno where it is set.
Can someone pls help to grant the enable mode access on the switch via PF
Freeradius.
Below is the log from raddebug.
(747) Mon Dec 13 19:08:16 2021: Debug: Received Access-Request Id 20 from
10.141.254.40:1645 to 192.168.197.90:1812 length 81
(747) Mon Dec 13 19:08:16 2021: Debug: User-Name = "testuser123"
(747) Mon Dec 13 19:08:16 2021: Debug: User-Password = "cleartextpassword"
(747) Mon Dec 13 19:08:16 2021: Debug: NAS-Port = 2
(747) Mon Dec 13 19:08:16 2021: Debug: NAS-Port-Id = "tty2"
(747) Mon Dec 13 19:08:16 2021: Debug: NAS-Port-Type = Virtual
(747) Mon Dec 13 19:08:16 2021: Debug: NAS-IP-Address = 192.168.254.40
(747) Mon Dec 13 19:08:16 2021: Debug: # Executing section authorize from
file /usr/local/pf/raddb/sites-enabled/packetfence
(747) Mon Dec 13 19:08:16 2021: Debug: authorize {
(747) Mon Dec 13 19:08:16 2021: Debug: policy
packetfence-nas-ip-address {
(747) Mon Dec 13 19:08:16 2021: Debug: if (!NAS-IP-Address ||
NAS-IP-Address == "0.0.0.0"){
(747) Mon Dec 13 19:08:16 2021: Debug: if (!NAS-IP-Address ||
NAS-IP-Address == "0.0.0.0") -> FALSE
(747) Mon Dec 13 19:08:16 2021: Debug: } # policy
packetfence-nas-ip-address = notfound
(747) Mon Dec 13 19:08:16 2021: Debug: update {
(747) Mon Dec 13 19:08:16 2021: Debug: EXPAND %{Packet-Src-IP-Address}
(747) Mon Dec 13 19:08:16 2021: Debug: --> 192.168.254.40
(747) Mon Dec 13 19:08:16 2021: Debug: EXPAND %{Packet-Dst-IP-Address}
(747) Mon Dec 13 19:08:16 2021: Debug: --> 192.168.197.90
(747) Mon Dec 13 19:08:16 2021: Debug: EXPAND %l
(747) Mon Dec 13 19:08:16 2021: Debug: --> 1639408096
(747) Mon Dec 13 19:08:16 2021: Debug: } # update = noop
(747) Mon Dec 13 19:08:16 2021: Debug: policy
packetfence-set-realm-if-machine {
(747) Mon Dec 13 19:08:16 2021: Debug: if (User-Name =~
/host\/([a-z0-9_-]*)[\.](.*)/i) {
(747) Mon Dec 13 19:08:16 2021: Debug: if (User-Name =~
/host\/([a-z0-9_-]*)[\.](.*)/i) -> FALSE
(747) Mon Dec 13 19:08:16 2021: Debug: } # policy
packetfence-set-realm-if-machine = noop
(747) Mon Dec 13 19:08:16 2021: Debug: policy
packetfence-balanced-key-policy {
(747) Mon Dec 13 19:08:16 2021: Debug: if (
&& ( =~ /^(.*)(.)$/i)) {
(747) Mon Dec 13 19:08:16 2021: Debug: if (
&& ( =~ /^(.*)(.)$/i)) -> FALSE
(747) Mon Dec 13 19:08:16 2021: Debug: else {
(747) Mon Dec 13 19:08:16 2021: Debug: update {
(747) Mon Dec 13 19:08:16 2021: Debug: EXPAND
%{md5:%{Calling-Station-Id}%{User-Name}}
(747) Mon Dec 13 19:08:16 2021: Debug: -->
7674cdd55c6099b093d1b9dcdda01825
(747) Mon Dec 13 19:08:16 2021: Debug: EXPAND
%{md5:%{Calling-Station-Id}%{User-Name}}
(747) Mon Dec 13 19:08:16 2021: Debug: -->
7674cdd55c6099b093d1b9dcdda01825
(747) Mon Dec 13 19:08:16 2021: Debug: } # update = noop
(747) Mon Dec 13 19:08:16 2021: Debug: } # else = noop
(747) Mon Dec 13 19:08:16 2021: Debug: } # policy
packetfence-balanced-key-policy = noop
(747) Mon Dec 13 19:08:16 2021: Debug: policy packetfence-set-tenant-id
{
(747) Mon Dec 13 19:08:16 2021: Debug: if (!NAS-IP-Address ||
NAS-IP-Address == "0.0.0.0"){
(747) Mon Dec 13 19:08:16 2021: Debug: if (!NAS-IP-Address ||
NAS-IP-Address == "0.0.0.0") -> FALSE
(747) Mon Dec 13 19:08:16 2021: Debug: if (
"%{%{control:PacketFence-Tenant-Id}:-0}" == "0") {
(747) Mon Dec 13 19:08:16 2021: Debug: EXPAND
%{%{control:PacketFence-Tenant-Id}:-0}
(747) Mon Dec 13 19:08:16 2021: Debug: --> 0
(747) Mon Dec 13 19:08:16 2021: Debug: if (
"%{%{control:PacketFence-Tenant-Id}:-0}" == "0") -> TRUE
(747) Mon Dec 13 19:08:16 2021: Debug: if (
"%{%{control:PacketFence-Tenant-Id}:-0}" == "0") {
(747) Mon Dec 13 19:08:16 2021: Debug: update control {
(747) Mon Dec 13 19:08:16 2021: Debug: EXPAND %{User-Name}
(747) Mon Dec 13 19:08:16 2021: Debug: --> testuser123
(747) Mon Dec 13 19:08:16 2021: Debug: SQL-User-Name set to
'testuser123'
(747) Mon Dec 13 19:08:16 2021: Debug: Executing select query:
SELECT IFNULL((SELECT tenant_id FROM radius_nas WHERE nasname =
'192.168.254.40'), 0)
(747) Mon Dec 13 19:08:16 2021: Debug: EXPAND %{sql: SELECT
IFNULL((SELECT tenant_id FROM radius_nas WHERE nasname =
'%{NAS-IP-Address}'), 0)}
(747) Mon Dec 13 19:08:16 2021: Debug: --> 1
(747) Mon Dec 13 19:08:16 2021: Debug: } # update control = noop
(747) Mon Dec 13
