[PacketFence-users] Packetfence cluster upgrade
Hello Fabrice, can you point on the doc so I can plan an upgrade of my cluster? thank you LT ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
[PacketFence-users] cluster - slow node
Hello to all, been here before with diferent email, but long time no posto in here. I have a pf cluster version 7.3.0 and I check my second node is quite slow : 'WSREP_LOCAL_RECV_QUEUE_AVG', '3.192620' 'WSREP_FLOW_CONTROL_SENT', '1' What can be done do improve this? more resources on the hardware? best regards, LT ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
[PacketFence-users] Activation email - Forbidden
Hi all, after I received the activation email and click on that url, the result on the webpage is Forbidden Something related with permissions about that subnet? regards LT -- Learn the latest--Visual Studio 2012, SharePoint 2013, SQL 2012, more! Discover the easy way to master current and previous Microsoft technologies and advance your career. Get an incredible 1,500+ hours of step-by-step tutorial videos with LearnDevNow. Subscribe today and save! http://pubads.g.doubleclick.net/gampad/clk?id=58040911iu=/4140/ostg.clktrk___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
Re: [PacketFence-users] Activation email - Forbidden
Found it Thanks LT Citando luis torres luistor...@netc.pt: Hi all, after I received the activation email and click on that url, the result on the webpage is Forbidden Something related with permissions about that subnet? regards LT -- Learn the latest--Visual Studio 2012, SharePoint 2013, SQL 2012, more! Discover the easy way to master current and previous Microsoft technologies and advance your career. Get an incredible 1,500+ hours of step-by-step tutorial videos with LearnDevNow. Subscribe today and save! http://pubads.g.doubleclick.net/gampad/clk?id=58040911iu=/4140/ostg.clktrk___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
Re: [PacketFence-users] Activation email - Forbidden
you are perfectly correct. srry many thanks LT Citando Derek Wuelfrath dwuelfr...@inverse.ca: Please search the list before posting new messages. It is not the first question that you ask that was already answered. See post: sponsor registration 403 error Thanks... Cheers! dw. -- Derek Wuelfrath dwuelfr...@inverse.ca :: +1.514.447.4918 (x110) :: www.inverse.ca[1] Inverse inc. :: Leaders behind SOGo (www.sogo.nu[2]) and PacketFence (www.packetfence.org[3]) On 2013-08-28, at 5:58 AM, luis torres luistor...@netc.pt wrote: Hi all, after I received the activation email and click on that url, the result on the webpage is Forbidden Something related with permissions about that subnet? regards LT -- Learn the latest--Visual Studio 2012, SharePoint 2013, SQL 2012, more! Discover the easy way to master current and previous Microsoft technologies and advance your career. Get an incredible 1,500+ hours of step-by-step tutorial videos with LearnDevNow. Subscribe today and save! http://pubads.g.doubleclick.net/gampad/clk?id=58040911iu=/4140/ostg.clktrk___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users Ligações: - [1] http://www.inverse.ca/ [2] http://www.sogo.nu/ [3] http://www.packetfence.org/ -- Learn the latest--Visual Studio 2012, SharePoint 2013, SQL 2012, more! Discover the easy way to master current and previous Microsoft technologies and advance your career. Get an incredible 1,500+ hours of step-by-step tutorial videos with LearnDevNow. Subscribe today and save! http://pubads.g.doubleclick.net/gampad/clk?id=58040911iu=/4140/ostg.clktrk___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
Re: [PacketFence-users] Dhcp and Route Networks
Ok mates, just added a new interface ( eth1) on my PF server, and put it as registration interface so it can be as dhcp server. However I had to manually setup the gateway on the ifcfg-eth1. However, now in the captive-portal, cant see the Register button..., What Im missing? LT Citando Jason Frisvold xenoph...@godshell.com: luis torres wrote: Yes, Im using in a routed network. PF is in router 1 , while the client PC and vlan for registration are on router 2. on the vlan 333 , I setup ip helper-address pointing to 10.1.2.170 which is the eth0. eth0 is... the management interface? If so, there's a dhcp listener there, but not for handling dhcp requests. You also need to have a helper-address pointing to the registration interface on your packetfence server as well. In other words, you need to have multiple interfaces on the packetfence server connected to the router. You can get away with just the management and registration interfaces set up. isolation needs to exist, but doesn't have to connect anywhere if you're not using it. Hope this helps LT -- --- Jason 'XenoPhage' Frisvold xenoph...@godshell.com --- Any sufficiently advanced magic is indistinguishable from technology.\ - Niven's Inverse of Clarke's Third Law -- Introducing Performance Central, a new site from SourceForge and AppDynamics. Performance Central is your source for news, insights, analysis and resources for efficient Application Performance Management. Visit us today! http://pubads.g.doubleclick.net/gampad/clk?id=48897511iu=/4140/ostg.clktrk ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.nethttps://lists.sourceforge.net/lists/listinfo/packetfence-users -- Learn the latest--Visual Studio 2012, SharePoint 2013, SQL 2012, more! Discover the easy way to master current and previous Microsoft technologies and advance your career. Get an incredible 1,500+ hours of step-by-step tutorial videos with LearnDevNow. Subscribe today and save! http://pubads.g.doubleclick.net/gampad/clk?id=58040911iu=/4140/ostg.clktrk___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
Re: [PacketFence-users] node attributes
Francis, didnt work it for me :( however with this , it worked when I change the Role whatever the status are: my $catid = nodecategory_lookup($luisteste-{category}); if ($previous_node_ref-{status} ne $node_ref-{status}) { # Node has been registered or deregistered reevaluate_access($mac, node_modify); } elsif ($catid ne $node_ref-{category_id}) { # Node has been registered or deregistered reevaluate_access($mac, node_modify); } } The problem is when I dont chosse any role ( maybe null value on the var ) and it gaves me this error on the log ( however it works pretty cool puting the switch interface on vlan 1): Aug 24 23:28:18 httpd.admin(0) ERROR: Use of uninitialized value in string ne at /usr/local/pf/html/pfappserver/lib/pfappserver/Model/Node.pm line 277. (pfappserver::__ANON__) LT Citando luis torres luistor...@netc.pt: Cool, Thanks Francis. I will try e LT Citando Francis Lachapelle flachape...@inverse.ca: Hi Luis On 2013-08-23, at 4:56 AM, luis torres luistor...@netc.pt wrote: Found it but my skill as dev are #$%# :) Im trying to excecute the function update on Node.pm eveytime I change the Role of the node. I include this code on it: if ($result) { if ($previous_node_ref-{status} ne $node_ref-{status}) { # Node has been registered or deregistered reevaluate_access($mac, node_modify); } elsif ($luisteste-{category} ne $node_ref-{category}) { # Node has been registered or deregistered reevaluate_access($mac, node_modify); $status = $STATUS::INTERNAL_SERVER_ERROR; $result = $teste; } But I cant find how can I compare the db result with the actual Role form field ( hope you understand ) I made this patch that we'll probably integrate in the next release. You can try it if you want. It reevaluates the network access if the node status changed or if the role changed *and* the node was *not* registered through 802.1X : diff --git a/html/pfappserver/lib/pfappserver/Model/Node.pm b/html/pfappserver/lib/pfappserver/Model/Node.pm index 1385869..4e620dc 100644 --- a/html/pfappserver/lib/pfappserver/Model/Node.pm +++ b/html/pfappserver/lib/pfappserver/Model/Node.pm @@ -230,7 +230,7 @@ sub update { my ($status, $result) = ($STATUS::OK); my $previous_node_ref; - $previous_node_ref = node_attributes($mac); + $previous_node_ref = node_view($mac); if ($previous_node_ref-{status} ne $node_ref-{status}) { # Status was modified my $option; @@ -247,8 +247,11 @@ sub update { $result = node_modify($mac, %{$node_ref}); } if ($result) { - if ($previous_node_ref-{status} ne $node_ref-{status}) { + my $isDot1x = defined($previous_node_ref-{last_dot1x_username}) length($previous_node_ref-{last_dot1x_username}) 0; + if ($previous_node_ref-{status} ne $node_ref-{status} || + $previous_node_ref-{category_id} ne $node_ref-{category_id} !$isDot1x) { # Node has been registered or deregistered + # or the role has changed and is not currently using 802.1X reevaluate_access($mac, node_modify); } } LT Citando Jason Frisvold xenoph...@godshell.com: luis torres wrote: Hi mates, what node_attributes($mac); resturns? Contextually speaking, it returns the node attributes for the mac address you provide. It shouldn't be that hard to find the function definition and get a definitive answer. cheers LT -- flachape...@inverse.ca :: +1.514.755.3640 :: http://www.inverse.ca Inverse :: Leaders behind SOGo (http://sogo.nu) and PacketFence (http://packetfence.org) -- Introducing Performance Central, a new site from SourceForge and AppDynamics. Performance Central is your source for news, insights, analysis and resources for efficient Application Performance Management. Visit us today! http://pubads.g.doubleclick.net/gampad/clk?id=48897511iu=/4140/ostg.clktrk ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.nethttps://lists.sourceforge.net/lists/listinfo/packetfence-users -- Introducing Performance Central, a new site from SourceForge and AppDynamics. Performance Central is your source for news, insights, analysis and resources for efficient Application Performance Management. Visit us today! http://pubads.g.doubleclick.net/gampad/clk?id=48897511iu=/4140/ostg.clktrk___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https
Re: [PacketFence-users] node attributes
Found it but my skill as dev are #$%# :) Im trying to excecute the function update on Node.pm eveytime I change the Role of the node. I include this code on it: if ($result) { if ($previous_node_ref-{status} ne $node_ref-{status}) { # Node has been registered or deregistered reevaluate_access($mac, node_modify); } elsif ($luisteste-{category} ne /$node_ref-{category}/) { # Node has been registered or deregistered reevaluate_access($mac, node_modify); $status = $STATUS::INTERNAL_SERVER_ERROR; $result = $teste; } But I cant find how can I compare the db result with the actual Role form field ( hope you understand ) LT Citando Jason Frisvold xenoph...@godshell.com: luis torres wrote: Hi mates, what node_attributes($mac); resturns? Contextually speaking, it returns the node attributes for the mac address you provide. It shouldn't be that hard to find the function definition and get a definitive answer. cheers LT -- --- Jason 'XenoPhage' Frisvold xenoph...@godshell.com --- Any sufficiently advanced magic is indistinguishable from technology.\ - Niven's Inverse of Clarke's Third Law -- Introducing Performance Central, a new site from SourceForge and AppDynamics. Performance Central is your source for news, insights, analysis and resources for efficient Application Performance Management. Visit us today! http://pubads.g.doubleclick.net/gampad/clk?id=48897511iu=/4140/ostg.clktrk ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.nethttps://lists.sourceforge.net/lists/listinfo/packetfence-users -- Introducing Performance Central, a new site from SourceForge and AppDynamics. Performance Central is your source for news, insights, analysis and resources for efficient Application Performance Management. Visit us today! http://pubads.g.doubleclick.net/gampad/clk?id=48897511iu=/4140/ostg.clktrk___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
Re: [PacketFence-users] Dhcp and Route Networks
ok so, I going to put the router interface wheres PF is connected, in trunk mode and giving it another iP on a diff subnet. This will work as registration..., my question is, doesnt it need to be on the same vlan id as the client pc ? LT Citando Jason Frisvold xenoph...@godshell.com: luis torres wrote: Yes, Im using in a routed network. PF is in router 1 , while the client PC and vlan for registration are on router 2. on the vlan 333 , I setup ip helper-address pointing to 10.1.2.170 which is the eth0. eth0 is... the management interface? If so, there's a dhcp listener there, but not for handling dhcp requests. You also need to have a helper-address pointing to the registration interface on your packetfence server as well. In other words, you need to have multiple interfaces on the packetfence server connected to the router. You can get away with just the management and registration interfaces set up. isolation needs to exist, but doesn't have to connect anywhere if you're not using it. Hope this helps LT -- --- Jason 'XenoPhage' Frisvold xenoph...@godshell.com --- Any sufficiently advanced magic is indistinguishable from technology.\ - Niven's Inverse of Clarke's Third Law -- Introducing Performance Central, a new site from SourceForge and AppDynamics. Performance Central is your source for news, insights, analysis and resources for efficient Application Performance Management. Visit us today! http://pubads.g.doubleclick.net/gampad/clk?id=48897511iu=/4140/ostg.clktrk ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.nethttps://lists.sourceforge.net/lists/listinfo/packetfence-users -- Introducing Performance Central, a new site from SourceForge and AppDynamics. Performance Central is your source for news, insights, analysis and resources for efficient Application Performance Management. Visit us today! http://pubads.g.doubleclick.net/gampad/clk?id=48897511iu=/4140/ostg.clktrk___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
Re: [PacketFence-users] node attributes
Cool, Thanks Francis. I will try LT Citando Francis Lachapelle flachape...@inverse.ca: Hi Luis On 2013-08-23, at 4:56 AM, luis torres luistor...@netc.pt wrote: Found it but my skill as dev are #$%# :) Im trying to excecute the function update on Node.pm eveytime I change the Role of the node. I include this code on it: if ($result) { if ($previous_node_ref-{status} ne $node_ref-{status}) { # Node has been registered or deregistered reevaluate_access($mac, node_modify); } elsif ($luisteste-{category} ne $node_ref-{category}) { # Node has been registered or deregistered reevaluate_access($mac, node_modify); $status = $STATUS::INTERNAL_SERVER_ERROR; $result = $teste; } But I cant find how can I compare the db result with the actual Role form field ( hope you understand ) I made this patch that we'll probably integrate in the next release. You can try it if you want. It reevaluates the network access if the node status changed or if the role changed *and* the node was *not* registered through 802.1X : diff --git a/html/pfappserver/lib/pfappserver/Model/Node.pm b/html/pfappserver/lib/pfappserver/Model/Node.pm index 1385869..4e620dc 100644 --- a/html/pfappserver/lib/pfappserver/Model/Node.pm +++ b/html/pfappserver/lib/pfappserver/Model/Node.pm @@ -230,7 +230,7 @@ sub update { my ($status, $result) = ($STATUS::OK); my $previous_node_ref; - $previous_node_ref = node_attributes($mac); + $previous_node_ref = node_view($mac); if ($previous_node_ref-{status} ne $node_ref-{status}) { # Status was modified my $option; @@ -247,8 +247,11 @@ sub update { $result = node_modify($mac, %{$node_ref}); } if ($result) { - if ($previous_node_ref-{status} ne $node_ref-{status}) { + my $isDot1x = defined($previous_node_ref-{last_dot1x_username}) length($previous_node_ref-{last_dot1x_username}) 0; + if ($previous_node_ref-{status} ne $node_ref-{status} || + $previous_node_ref-{category_id} ne $node_ref-{category_id} !$isDot1x) { # Node has been registered or deregistered + # or the role has changed and is not currently using 802.1X reevaluate_access($mac, node_modify); } } LT Citando Jason Frisvold xenoph...@godshell.com: luis torres wrote: Hi mates, what node_attributes($mac); resturns? Contextually speaking, it returns the node attributes for the mac address you provide. It shouldn't be that hard to find the function definition and get a definitive answer. cheers LT -- flachape...@inverse.ca :: +1.514.755.3640 :: http://www.inverse.ca Inverse :: Leaders behind SOGo (http://sogo.nu) and PacketFence (http://packetfence.org) -- Introducing Performance Central, a new site from SourceForge and AppDynamics. Performance Central is your source for news, insights, analysis and resources for efficient Application Performance Management. Visit us today! http://pubads.g.doubleclick.net/gampad/clk?id=48897511iu=/4140/ostg.clktrk ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.nethttps://lists.sourceforge.net/lists/listinfo/packetfence-users -- Introducing Performance Central, a new site from SourceForge and AppDynamics. Performance Central is your source for news, insights, analysis and resources for efficient Application Performance Management. Visit us today! http://pubads.g.doubleclick.net/gampad/clk?id=48897511iu=/4140/ostg.clktrk___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
Re: [PacketFence-users] Dhcp and Route Networks
Yes, Im using in a routed network. PF is in router 1 , while the client PC and vlan for registration are on router 2. on the vlan 333 , I setup ip helper-address pointing to 10.1.2.170 which is the eth0. Hope this helps LT Citando Jason Frisvold xenoph...@godshell.com: luis torres wrote: It cant cause its a fake interface. The vlan 761 in not in this router..., if I dont setup the eth0.761 the dhcp wont start at all Can you please describe your network setup? It sounds like you're trying to do this in a routed environment which means you'll be using dhcp helpers to get the dhcp requests to the packetfence server. LT -- --- Jason 'XenoPhage' Frisvold xenoph...@godshell.com --- Any sufficiently advanced magic is indistinguishable from technology.\ - Niven's Inverse of Clarke's Third Law -- Introducing Performance Central, a new site from SourceForge and AppDynamics. Performance Central is your source for news, insights, analysis and resources for efficient Application Performance Management. Visit us today! http://pubads.g.doubleclick.net/gampad/clk?id=48897511iu=/4140/ostg.clktrk ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.nethttps://lists.sourceforge.net/lists/listinfo/packetfence-users -- Introducing Performance Central, a new site from SourceForge and AppDynamics. Performance Central is your source for news, insights, analysis and resources for efficient Application Performance Management. Visit us today! http://pubads.g.doubleclick.net/gampad/clk?id=48897511iu=/4140/ostg.clktrk___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
[PacketFence-users] node attributes
Hi mates, what node_attributes($mac); resturns? cheers LT -- Introducing Performance Central, a new site from SourceForge and AppDynamics. Performance Central is your source for news, insights, analysis and resources for efficient Application Performance Management. Visit us today! http://pubads.g.doubleclick.net/gampad/clk?id=48897511iu=/4140/ostg.clktrk___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
[PacketFence-users] Dhcp and Route Networks
Hi list, heres my problem ..., have my PF in a routed network and I want to manage the ips of a registration network that is in another router. heres my confs: networks: [10.2.20.0] dns=10.2.20.251 dhcp_start=10.2.20.10 gateway=10.2.20.251 domain-name=vlan-registration.estradas.pt named=enabled dhcp_max_lease_time=30 dhcpd=enabled type=vlan-isolation netmask=255.255.255.0 dhcp_end=10.2.20.246 dhcp_default_lease_time=30 pf.conf: [interface eth0.761] enforcement=vlan ip=10.2.20.251 type=internal mask=255.255.255.0 [interface eth0] ip=10.1.2.170 type=management mask=255.255.255.0 dhcp.conf: subnet 10.2.20.0 netmask 255.255.255.0 { option routers 10.2.20.251; option subnet-mask 255.255.255.0; option domain-name vlan-isolation.estradas.pt; option domain-name-servers 10.2.20.251; range 10.2.20.10 10.2.20.246; default-lease-time 30; max-lease-time 30; } The problem is this, the dhcp process is listening on the vlan id 761 , but the dhcp resquests are arriving via eth0 ( 10.1.2.170) which is my management interface: /usr/sbin/dhcpd -lf /usr/local/pf/var/dhcpd/dhcpd.leases -cf /usr/local/pf/var/conf/dhcpd.conf -pf /usr/local/pf/var/run/dhcpd.pid eth0.761 how can I put pf listening on the eth0 besides the eth0.761? Manually it works, but everytime I restart PF I have to reconfigure it manually again. Regards LT -- Introducing Performance Central, a new site from SourceForge and AppDynamics. Performance Central is your source for news, insights, analysis and resources for efficient Application Performance Management. Visit us today! http://pubads.g.doubleclick.net/gampad/clk?id=48897511iu=/4140/ostg.clktrk___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
Re: [PacketFence-users] Dhcp and Route Networks
It cant cause its a fake interface. The vlan 761 in not in this router..., if I dont setup the eth0.761 the dhcp wont start at all LT Citando Derek Wuelfrath dwuelfr...@inverse.ca: Point the ip helper to the eth0.761 ip address ? Derek -- Derek Wuelfrath dwuelfr...@inverse.ca :: +1.514.447.4918 (x110) :: www.inverse.ca[1] Inverse inc. :: Leaders behind SOGo (www.sogo.nu[2]) and PacketFence (www.packetfence.org[3]) On 2013-08-21, at 7:01 AM, luis torres luistor...@netc.pt wrote: Hi list, heres my problem ..., have my PF in a routed network and I want to manage the ips of a registration network that is in another router. heres my confs: networks: [10.2.20.0] dns=10.2.20.251 dhcp_start=10.2.20.10 gateway=10.2.20.251 domain-name=vlan-registration.estradas.pt[4] named=enabled dhcp_max_lease_time=30 dhcpd=enabled type=vlan-isolation netmask=255.255.255.0 dhcp_end=10.2.20.246 dhcp_default_lease_time=30 pf.conf: [interface eth0.761] enforcement=vlan ip=10.2.20.251 type=internal mask=255.255.255.0 [interface eth0] ip=10.1.2.170 type=management mask=255.255.255.0 dhcp.conf: subnet 10.2.20.0 netmask 255.255.255.0 { option routers 10.2.20.251; option subnet-mask 255.255.255.0; option domain-name vlan-isolation.estradas.pt[5]; option domain-name-servers 10.2.20.251; range 10.2.20.10 10.2.20.246; default-lease-time 30; max-lease-time 30; } The problem is this, the dhcp process is listening on the vlan id 761 , but the dhcp resquests are arriving via eth0 ( 10.1.2.170) which is my management interface: /usr/sbin/dhcpd -lf /usr/local/pf/var/dhcpd/dhcpd.leases -cf /usr/local/pf/var/conf/dhcpd.conf -pf /usr/local/pf/var/run/dhcpd.pid eth0.761 how can I put pf listening on the eth0 besides the eth0.761? Manually it works, but everytime I restart PF I have to reconfigure it manually again. Regards LT -- Introducing Performance Central, a new site from SourceForge and AppDynamics. Performance Central is your source for news, insights, analysis and resources for efficient Application Performance Management. Visit us today! http://pubads.g.doubleclick.net/gampad/clk?id=48897511iu=/4140/ostg.clktrk___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users Ligações: - [1] http://www.inverse.ca/ [2] http://www.sogo.nu/ [3] http://www.packetfence.org/ [4] http://vlan-registration.estradas.pt [5] http://vlan-isolation.estradas.pt -- Introducing Performance Central, a new site from SourceForge and AppDynamics. Performance Central is your source for news, insights, analysis and resources for efficient Application Performance Management. Visit us today! http://pubads.g.doubleclick.net/gampad/clk?id=48897511iu=/4140/ostg.clktrk___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
[PacketFence-users] role and vlan update
Hi mates, sorry to ask this again, but Im stuck on this..., when I change the role on a node, it doesnt update the vlan. however it works manually with the command : /usr/local/pf/bin/pfcmd node edit 00:0b:5d:23:02:4d pid=admin,status=GSI Seems some issue with the Node.pm on the update function regards, Luis Torres -- Introducing Performance Central, a new site from SourceForge and AppDynamics. Performance Central is your source for news, insights, analysis and resources for efficient Application Performance Management. Visit us today! http://pubads.g.doubleclick.net/gampad/clk?id=48897511iu=/4140/ostg.clktrk___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
Re: [PacketFence-users] captive portal - need manual
Another thing, just setup my registration vlan to 333 and in the routers cisco I added the ip helper-address to the PF address. Activated the services dhcp and dns on PF. Now I can see the dhcp requests on pf via tcpdump, but the laptop doesnt gain IP. Any help pls? regards LT Citando Fabrice DURAND fdur...@inverse.ca: Hello, in the registration vlan packetfence is the dhcp server and the dns server, so eatch time you try to go on any website the dns will answer the packetfence´s registration ip address. regards Fabrice Le 2013-08-16 10:29, luis torres a écrit : Hi mates, Newbie here. Need some help setting up de captive portal. How can a host in a registration vlan, automaticly be redirected to the captive portal ? regards, LT -- Get 100% visibility into Java/.NET code with AppDynamics Lite! It's a free troubleshooting tool designed for production. Get down to code-level detail for bottlenecks, with 2% overhead. Download for free and get started troubleshooting in minutes. http://pubads.g.doubleclick.net/gampad/clk?id=48897031iu=/4140/ostg.clktrk ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.nethttps://lists.sourceforge.net/lists/listinfo/packetfence-users -- Fabrice Durand fdur...@inverse.ca :: +1.514.447.4918 (x135) :: www.inverse.ca[1] Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence (http://packetfence.org) Ligações: - [1] http://www.inverse.ca -- Get 100% visibility into Java/.NET code with AppDynamics Lite! It's a free troubleshooting tool designed for production. Get down to code-level detail for bottlenecks, with 2% overhead. Download for free and get started troubleshooting in minutes. http://pubads.g.doubleclick.net/gampad/clk?id=48897031iu=/4140/ostg.clktrk___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
[PacketFence-users] captive portal - need manual
Hi mates, Newbie here. Need some help setting up de captive portal. How can a host in a registration vlan, automaticly be redirected to the captive portal ? regards, LT -- Get 100% visibility into Java/.NET code with AppDynamics Lite! It's a free troubleshooting tool designed for production. Get down to code-level detail for bottlenecks, with 2% overhead. Download for free and get started troubleshooting in minutes. http://pubads.g.doubleclick.net/gampad/clk?id=48897031iu=/4140/ostg.clktrk___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
Re: [PacketFence-users] captive portal - need manual
Thank you Fabrice LT Citando Fabrice DURAND fdur...@inverse.ca: Hello, in the registration vlan packetfence is the dhcp server and the dns server, so eatch time you try to go on any website the dns will answer the packetfence´s registration ip address. regards Fabrice Le 2013-08-16 10:29, luis torres a écrit : Hi mates, Newbie here. Need some help setting up de captive portal. How can a host in a registration vlan, automaticly be redirected to the captive portal ? regards, LT -- Get 100% visibility into Java/.NET code with AppDynamics Lite! It's a free troubleshooting tool designed for production. Get down to code-level detail for bottlenecks, with 2% overhead. Download for free and get started troubleshooting in minutes. http://pubads.g.doubleclick.net/gampad/clk?id=48897031iu=/4140/ostg.clktrk ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.nethttps://lists.sourceforge.net/lists/listinfo/packetfence-users -- Fabrice Durand fdur...@inverse.ca :: +1.514.447.4918 (x135) :: www.inverse.ca[1] Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence (http://packetfence.org) Ligações: - [1] http://www.inverse.ca -- Get 100% visibility into Java/.NET code with AppDynamics Lite! It's a free troubleshooting tool designed for production. Get down to code-level detail for bottlenecks, with 2% overhead. Download for free and get started troubleshooting in minutes. http://pubads.g.doubleclick.net/gampad/clk?id=48897031iu=/4140/ostg.clktrk___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
Re: [PacketFence-users] Roles with vlan update
However if I issue the command: /usr/local/pf/bin/pfcmd node edit 00:0b:5d:23:02:4d pid=admin,category=GSI it changes the vlan. Quite similiar to this that I open before: http://www.mail-archive.com/packetfence-users@lists.sourceforge.net/msg04213.html cheers LT Citando luis torres luistor...@netc.pt: Hi, Im in a brande fresh 4.0.4 install and everytime I change the Role of a Node, it doesnt update for the new vlan. What it could be? thanks LT -- Get 100% visibility into Java/.NET code with AppDynamics Lite! It's a free troubleshooting tool designed for production. Get down to code-level detail for bottlenecks, with 2% overhead. Download for free and get started troubleshooting in minutes. http://pubads.g.doubleclick.net/gampad/clk?id=48897031iu=/4140/ostg.clktrk___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
[PacketFence-users] Roles with vlan update
Hi, Im in a brande fresh 4.0.4 install and everytime I change the Role of a Node, it doesnt update for the new vlan. What it could be? thanks LT -- Get 100% visibility into Java/.NET code with AppDynamics Lite! It's a free troubleshooting tool designed for production. Get down to code-level detail for bottlenecks, with 2% overhead. Download for free and get started troubleshooting in minutes. http://pubads.g.doubleclick.net/gampad/clk?id=48897031iu=/4140/ostg.clktrk___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
[PacketFence-users] Node Status change
Hi list, is it possible to change de Node status original names ( registered, unreg, pend, grace) ? thanks LT -- Get 100% visibility into Java/.NET code with AppDynamics Lite It's a free troubleshooting tool designed for production Get down to code-level detail for bottlenecks, with 2% overhead. Download for free and get started troubleshooting in minutes. http://p.sf.net/sfu/appdyn_d2d_ap2___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
[PacketFence-users] Node Deletion
Hi mates, I want to delete a node but it always gives me the error: Jun 03 16:27:26 httpd.admin(0) WARN: 00:0b:5d:23:02:4d has an open locationlog entry. Node deletion prohibited (pf::node::node_delete) how can I do it? thanks LT -- Get 100% visibility into Java/.NET code with AppDynamics Lite It's a free troubleshooting tool designed for production Get down to code-level detail for bottlenecks, with 2% overhead. Download for free and get started troubleshooting in minutes. http://p.sf.net/sfu/appdyn_d2d_ap2___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
Re: [PacketFence-users] highest priority violation for MAC is 1200001
Fixed. thank you LT Citando luis torres luistor...@netc.pt: Hi list, reinstalled everything, but now with 4.0.1, everytime I try to change vlans it gives me the log: httpd.admin(0) INFO: highest priority violation for 00:0b:5d:23:02:4d is 121. Target VLAN for violation: registration (753) (pf::vlan::getViolationVlan) And it stays on the same vlan, and opens a violation on the Node. What I should looking for? many thanks LT -- Introducing AppDynamics Lite, a free troubleshooting tool for Java/.NET Get 100% visibility into your production application - at no cost. Code-level diagnostics for performance bottlenecks with 2% overhead Download for free and get started troubleshooting in minutes. http://p.sf.net/sfu/appdyn_d2d_ap1___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
Re: [PacketFence-users] ERROR: Database issue: (on Node Status change)
Hi Don , still on 4.0.0 .., sorry about the lame question, but how I upgrade to 4.0.1 ? cause the new release only said: This release only fixes various bugs and doesn’t need the database schema to be modified. Simply update the file /usr/local/pf/conf/currently-at to match the new release number. cheers LT Citando Don Greer don.gr...@dptlabs.com: Luis, Are you running 4.0.0 or 4.0.1? There was a bug in 4.0.0 that prevented it from populating the class DB. Been there, done that, haven’t had the problem since I upgraded. Don FROM:luis torres [mailto:luistor...@netc.pt] SENT: Thursday, May 23, 2013 8:59 AM TO: packetfence-users SUBJECT: [PacketFence-users] ERROR: Database issue: (on Node Status change) Hi list, when I change from from grace to Registered: May 23 14:52:25 httpd.admin(0) INFO: grace expired on violation 121 for node 00:0b:5d:23:02:4d (pf::violation::violation_add) May 23 14:52:25 httpd.admin(0) WARN: database query failed with: Cannot add or update a child row: a foreign key constraint fails (`pf`.`violation`, CONSTRAINT `0_61` FOREIGN KEY (`vid`) REFERENCES `class` (`vid`) ON DELETE CASCADE ON UPDATE CASCADE). (errno: 1452), will try again (pf::db::db_query_execute) May 23 14:52:25 httpd.admin(0) WARN: database query failed with: Cannot add or update a child row: a foreign key constraint fails (`pf`.`violation`, CONSTRAINT `0_61` FOREIGN KEY (`vid`) REFERENCES `class` (`vid`) ON DELETE CASCADE ON UPDATE CASCADE). (errno: 1452), will try again (pf::db::db_query_execute) May 23 14:52:25 httpd.admin(0) WARN: database query failed with: Cannot add or update a child row: a foreign key constraint fails (`pf`.`violation`, CONSTRAINT `0_61` FOREIGN KEY (`vid`) REFERENCES `class` (`vid`) ON DELETE CASCADE ON UPDATE CASCADE). (errno: 1452), will try again (pf::db::db_query_execute) May 23 14:52:25 httpd.admin(0) ERROR: Database issue: We tried 3 times to serve query violation_add_sql called from pf::violation::violation_add and we failed. Is the database running? (pf::db::db_query_execute) May 23 14:52:25 httpd.admin(0) INFO: re-evaluating access for node 00:0b:5d:23:02:4d (node_modify called) (pf::enforcement::reevaluate_access) May 23 14:52:25 httpd.admin(0) INFO: 00:0b:5d:23:02:4d is currentlog connected at 10.2.253.2 ifIndex 10115 in VLAN 223 (pf::enforcement::_should_we_reassign_vlan) May 23 14:52:25 httpd.admin(0) INFO: MAC: 00:0b:5d:23:02:4d, PID: admin, Status: reg. Returned VLAN: 223 (pf::vlan::fetchVlanForNode) What could it be? thanks LT -- Try New Relic Now We'll Send You this Cool Shirt New Relic is the only SaaS-based application performance monitoring service that delivers powerful full stack analytics. Optimize and monitor your browser, app, servers with just a few lines of code. Try New Relic and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_may___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
Re: [PacketFence-users] ERROR: Database issue: (on Node Status change)
Im now on 4.0.1 , but after the upgrade, when editing the Node, gives me the error: May 26 18:55:19 httpd.admin(0) INFO: loading Net::MAC::Vendor cache from /usr/local/pf/conf/oui.txt (pf::util::load_oui) May 26 18:55:21 httpd.admin(0) ERROR: Caught exception in pfappserver::Controller::Node-view Can't locate object method process via package pfappserver::Form::Node at /usr/local/pf/html/pfappserver/lib/pfappserver/Controller/Node.pm line 134. (pfappserver::Controller::Root::end) LT Citando Don Greer don.gr...@dptlabs.com: Luis, Are you running 4.0.0 or 4.0.1? There was a bug in 4.0.0 that prevented it from populating the class DB. Been there, done that, haven’t had the problem since I upgraded. Don FROM:luis torres [mailto:luistor...@netc.pt] SENT: Thursday, May 23, 2013 8:59 AM TO: packetfence-users SUBJECT: [PacketFence-users] ERROR: Database issue: (on Node Status change) Hi list, when I change from from grace to Registered: May 23 14:52:25 httpd.admin(0) INFO: grace expired on violation 121 for node 00:0b:5d:23:02:4d (pf::violation::violation_add) May 23 14:52:25 httpd.admin(0) WARN: database query failed with: Cannot add or update a child row: a foreign key constraint fails (`pf`.`violation`, CONSTRAINT `0_61` FOREIGN KEY (`vid`) REFERENCES `class` (`vid`) ON DELETE CASCADE ON UPDATE CASCADE). (errno: 1452), will try again (pf::db::db_query_execute) May 23 14:52:25 httpd.admin(0) WARN: database query failed with: Cannot add or update a child row: a foreign key constraint fails (`pf`.`violation`, CONSTRAINT `0_61` FOREIGN KEY (`vid`) REFERENCES `class` (`vid`) ON DELETE CASCADE ON UPDATE CASCADE). (errno: 1452), will try again (pf::db::db_query_execute) May 23 14:52:25 httpd.admin(0) WARN: database query failed with: Cannot add or update a child row: a foreign key constraint fails (`pf`.`violation`, CONSTRAINT `0_61` FOREIGN KEY (`vid`) REFERENCES `class` (`vid`) ON DELETE CASCADE ON UPDATE CASCADE). (errno: 1452), will try again (pf::db::db_query_execute) May 23 14:52:25 httpd.admin(0) ERROR: Database issue: We tried 3 times to serve query violation_add_sql called from pf::violation::violation_add and we failed. Is the database running? (pf::db::db_query_execute) May 23 14:52:25 httpd.admin(0) INFO: re-evaluating access for node 00:0b:5d:23:02:4d (node_modify called) (pf::enforcement::reevaluate_access) May 23 14:52:25 httpd.admin(0) INFO: 00:0b:5d:23:02:4d is currentlog connected at 10.2.253.2 ifIndex 10115 in VLAN 223 (pf::enforcement::_should_we_reassign_vlan) May 23 14:52:25 httpd.admin(0) INFO: MAC: 00:0b:5d:23:02:4d, PID: admin, Status: reg. Returned VLAN: 223 (pf::vlan::fetchVlanForNode) What could it be? thanks LT -- Try New Relic Now We'll Send You this Cool Shirt New Relic is the only SaaS-based application performance monitoring service that delivers powerful full stack analytics. Optimize and monitor your browser, app, servers with just a few lines of code. Try New Relic and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_may___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
[PacketFence-users] switch editing
Hi, everytime I edit a switch on packetfence, it gives me an error on packetfence.log: httpd.admin(0) ERROR: Use of uninitialized value $value in string eq at /usr/share/perl5/vendor_perl/HTML/FormHandler/Widget/Field/Select.pm line 90. cheers LT -- Try New Relic Now We'll Send You this Cool Shirt New Relic is the only SaaS-based application performance monitoring service that delivers powerful full stack analytics. Optimize and monitor your browser, app, servers with just a few lines of code. Try New Relic and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_may___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
Re: [PacketFence-users] Vlan enforcement
Hi Francis, thank you for your support. Im afraid its still doesnt work as expected..., same behavior. Heres the packetfence.log. For a Reg or Unreg Status: May 23 09:40:21 httpd.admin(0) INFO: loading Net::MAC::Vendor cache from /usr/local/pf/conf/oui.txt (pf::util::load_oui) May 23 09:42:43 httpd.admin(0) INFO: loading Net::MAC::Vendor cache from /usr/local/pf/conf/oui.txt (pf::util::load_oui) May 23 09:42:50 httpd.admin(0) INFO: re-evaluating access for node 00:0b:5d:23:02:4d (manage_deregister called) (pf::enforcement::reevaluate_access) May 23 09:42:50 httpd.admin(0) INFO: 00:0b:5d:23:02:4d is currentlog connected at 10.2.253.2 ifIndex 10115 in VLAN 223 (pf::enforcement::_should_we_reassign_vlan) May 23 09:42:51 httpd.admin(0) INFO: MAC: 00:0b:5d:23:02:4d is of status unreg; belongs into registration VLAN (pf::vlan::getRegistrationVlan) May 23 09:42:51 httpd.admin(0) INFO: VLAN reassignment required for 00:0b:5d:23:02:4d (current VLAN = 223 but should be in VLAN 333) (pf::enforcement::_should_we_reassign_vlan) May 23 09:42:51 httpd.admin(0) INFO: switch port for 00:0b:5d:23:02:4d is 10.2.253.2 ifIndex 10115 connection type: Wired MAC Auth (pf::enforcement::_vlan_reevaluation) May 23 09:42:54 pfsetvlan(21) INFO: local (127.0.0.1) trap for switch 10.2.253.2 (main::parseTrap) May 23 09:42:54 pfsetvlan(1) INFO: nb of items in queue: 1; nb of threads running: 0 (main::startTrapHandlers) May 23 09:42:54 pfsetvlan(1) INFO: reAssignVlan trap received on 10.2.253.2 ifIndex 10115 (main::handleTrap) May 23 09:42:54 pfsetvlan(1) WARN: Until CoA is implemented we will bounce the port on VLAN re-assignment traps for MAC-Auth (pf::SNMP::handleReAssignVlanTrapForWiredMacAuth) May 23 09:42:59 pfsetvlan(1) INFO: finished (main::cleanupAfterThread) May 23 09:43:16 pf::WebAPI(2466) INFO: handling radius autz request: from switch_ip = 10.2.253.2, connection_type = Ethernet-NoEAP mac = 00:0b:5d:23:02:4d, port = 50015, username = 000b5d23024d (pf::radius::authorize) May 23 09:43:16 pf::WebAPI(2466) INFO: MAC: 00:0b:5d:23:02:4d is of status unreg; belongs into registration VLAN (pf::vlan::getRegistrationVlan) May 23 09:43:16 pf::WebAPI(2466) WARN: Role-based Network Access Control is not supported on network device type pf::SNMP::Cisco::Catalyst_3560G. (pf::SNMP::supportsRoleBasedEnforcement) For Pending or Grace status: Only this May 23 09:44:17 httpd.admin(0) INFO: loading Net::MAC::Vendor cache from /usr/local/pf/conf/oui.txt (pf::util::load_oui) Cheers, LT Citando Francis Lachapelle flachape...@inverse.ca: Hi Luis On 2013-05-20, at 7:03 AM, luis torres luistor...@netc.pt wrote: trought the browser , in nodes section, I can only enforce vlans on a specific node , between Register or Unregiste, Grace and Pending doesnt do nothing..., however if I give the cmd (/usr/local/pf/bin/pfcmd node edit 00:0b:5d:23:02:4d pid=admin,status=grace) on the linux with root user, it works perfectly. I committed a fix yesterday : https://github.com/inverse-inc/packetfence/commit/27ca8615999265099dc5e00b4fe5cd4c33991ddd It will be integrated to 4.0.2. Thanks, Francis -- flachape...@inverse.ca :: +1.514.755.3640 :: http://www.inverse.ca Inverse :: Leaders behind SOGo (http://sogo.nu) and PacketFence (http://packetfence.org) -- Try New Relic Now We'll Send You this Cool Shirt New Relic is the only SaaS-based application performance monitoring service that delivers powerful full stack analytics. Optimize and monitor your browser, app, servers with just a few lines of code. Try New Relic and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_may ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.nethttps://lists.sourceforge.net/lists/listinfo/packetfence-users -- Try New Relic Now We'll Send You this Cool Shirt New Relic is the only SaaS-based application performance monitoring service that delivers powerful full stack analytics. Optimize and monitor your browser, app, servers with just a few lines of code. Try New Relic and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_may___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
Re: [PacketFence-users] Vlan enforcement
Hi Francis, this is also what happen when change the Node Status from Grace to Registered May 23 11:56:57 httpd.admin(0) INFO: loading Net::MAC::Vendor cache from /usr/local/pf/conf/oui.txt (pf::util::load_oui) May 23 11:57:13 httpd.admin(0) INFO: grace expired on violation 121 for node 00:0b:5d:23:02:4d (pf::violation::violation_add) May 23 11:57:13 httpd.admin(0) WARN: database query failed with: Cannot add or update a child row: a foreign key constraint fails (`pf`.`violation`, CONSTRAINT `0_61` FOREIGN KEY (`vid`) REFERENCES `class` (`vid`) ON DELETE CASCADE ON UPDATE CASCADE). (errno: 1452), will try again (pf::db::db_query_execute) May 23 11:57:13 httpd.admin(0) WARN: database query failed with: Cannot add or update a child row: a foreign key constraint fails (`pf`.`violation`, CONSTRAINT `0_61` FOREIGN KEY (`vid`) REFERENCES `class` (`vid`) ON DELETE CASCADE ON UPDATE CASCADE). (errno: 1452), will try again (pf::db::db_query_execute) May 23 11:57:13 httpd.admin(0) WARN: database query failed with: Cannot add or update a child row: a foreign key constraint fails (`pf`.`violation`, CONSTRAINT `0_61` FOREIGN KEY (`vid`) REFERENCES `class` (`vid`) ON DELETE CASCADE ON UPDATE CASCADE). (errno: 1452), will try again (pf::db::db_query_execute) May 23 11:57:13 httpd.admin(0) ERROR: Database issue: We tried 3 times to serve query violation_add_sql called from pf::violation::violation_add and we failed. Is the database running? (pf::db::db_query_execute) May 23 11:57:13 httpd.admin(0) INFO: re-evaluating access for node 00:0b:5d:23:02:4d (manage_register called) (pf::enforcement::reevaluate_access) May 23 11:57:13 httpd.admin(0) INFO: 00:0b:5d:23:02:4d is currentlog connected at 10.2.253.2 ifIndex 10115 in VLAN 333 (pf::enforcement::_should_we_reassign_vlan) May 23 11:57:13 httpd.admin(0) INFO: MAC: 00:0b:5d:23:02:4d, PID: admin, Status: reg. Returned VLAN: 223 (pf::vlan::fetchVlanForNode) May 23 11:57:13 httpd.admin(0) INFO: VLAN reassignment required for 00:0b:5d:23:02:4d (current VLAN = 333 but should be in VLAN 223) (pf::enforcement::_should_we_reassign_vlan) May 23 11:57:13 httpd.admin(0) INFO: switch port for 00:0b:5d:23:02:4d is 10.2.253.2 ifIndex 10115 connection type: Wired MAC Auth (pf::enforcement::_vlan_reevaluation) May 23 11:57:17 pfsetvlan(21) INFO: local (127.0.0.1) trap for switch 10.2.253.2 (main::parseTrap) May 23 11:57:17 pfsetvlan(1) INFO: nb of items in queue: 1; nb of threads running: 0 (main::startTrapHandlers) May 23 11:57:17 pfsetvlan(1) INFO: reAssignVlan trap received on 10.2.253.2 ifIndex 10115 (main::handleTrap) May 23 11:57:17 pfsetvlan(1) WARN: Until CoA is implemented we will bounce the port on VLAN re-assignment traps for MAC-Auth (pf::SNMP::handleReAssignVlanTrapForWiredMacAuth) May 23 11:57:21 pfsetvlan(1) INFO: finished (main::cleanupAfterThread) May 23 11:57:39 pf::WebAPI(3916) INFO: handling radius autz request: from switch_ip = 10.2.253.2, connection_type = Ethernet-NoEAP mac = 00:0b:5d:23:02:4d, port = 50015, username = 000b5d23024d (pf::radius::authorize) May 23 11:57:39 pf::WebAPI(3916) INFO: MAC: 00:0b:5d:23:02:4d, PID: admin, Status: reg. Returned VLAN: 223 (pf::vlan::fetchVlanForNode) May 23 11:57:39 pf::WebAPI(3916) WARN: Role-based Network Access Control is not supported on network device type pf::SNMP::Cisco::Catalyst_3560G. (pf::SNMP::supportsRoleBasedEnforcement) Cheers LT Citando Francis Lachapelle flachape...@inverse.ca: Hi Luis On 2013-05-20, at 7:03 AM, luis torres luistor...@netc.pt wrote: trought the browser , in nodes section, I can only enforce vlans on a specific node , between Register or Unregiste, Grace and Pending doesnt do nothing..., however if I give the cmd (/usr/local/pf/bin/pfcmd node edit 00:0b:5d:23:02:4d pid=admin,status=grace) on the linux with root user, it works perfectly. I committed a fix yesterday : https://github.com/inverse-inc/packetfence/commit/27ca8615999265099dc5e00b4fe5cd4c33991ddd It will be integrated to 4.0.2. Thanks, Francis -- flachape...@inverse.ca :: +1.514.755.3640 :: http://www.inverse.ca Inverse :: Leaders behind SOGo (http://sogo.nu) and PacketFence (http://packetfence.org) -- Try New Relic Now We'll Send You this Cool Shirt New Relic is the only SaaS-based application performance monitoring service that delivers powerful full stack analytics. Optimize and monitor your browser, app, servers with just a few lines of code. Try New Relic and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_may ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.nethttps://lists.sourceforge.net/lists/listinfo/packetfence-users -- Try New Relic Now We'll Send You this Cool Shirt New Relic is the only SaaS-based application performance
Re: [PacketFence-users] Vlan enforcement
Francis, Ignore my two last messages ..., its working now. I did forgot to remove the NodeBak.pm from the dir. Cheers LT Citando luis torres luistor...@netc.pt: Hi Francis, this is also what happen when change the Node Status from Grace to Registered May 23 11:56:57 httpd.admin(0) INFO: loading Net::MAC::Vendor cache from /usr/local/pf/conf/oui.txt (pf::util::load_oui) May 23 11:57:13 httpd.admin(0) INFO: grace expired on violation 121 for node 00:0b:5d:23:02:4d (pf::violation::violation_add) May 23 11:57:13 httpd.admin(0) WARN: database query failed with: Cannot add or update a child row: a foreign key constraint fails (`pf`.`violation`, CONSTRAINT `0_61` FOREIGN KEY (`vid`) REFERENCES `class` (`vid`) ON DELETE CASCADE ON UPDATE CASCADE). (errno: 1452), will try again (pf::db::db_query_execute) May 23 11:57:13 httpd.admin(0) WARN: database query failed with: Cannot add or update a child row: a foreign key constraint fails (`pf`.`violation`, CONSTRAINT `0_61` FOREIGN KEY (`vid`) REFERENCES `class` (`vid`) ON DELETE CASCADE ON UPDATE CASCADE). (errno: 1452), will try again (pf::db::db_query_execute) May 23 11:57:13 httpd.admin(0) WARN: database query failed with: Cannot add or update a child row: a foreign key constraint fails (`pf`.`violation`, CONSTRAINT `0_61` FOREIGN KEY (`vid`) REFERENCES `class` (`vid`) ON DELETE CASCADE ON UPDATE CASCADE). (errno: 1452), will try again (pf::db::db_query_execute) May 23 11:57:13 httpd.admin(0) ERROR: Database issue: We tried 3 times to serve query violation_add_sql called from pf::violation::violation_add and we failed. Is the database running? (pf::db::db_query_execute) May 23 11:57:13 httpd.admin(0) INFO: re-evaluating access for node 00:0b:5d:23:02:4d (manage_register called) (pf::enforcement::reevaluate_access) May 23 11:57:13 httpd.admin(0) INFO: 00:0b:5d:23:02:4d is currentlog connected at 10.2.253.2 ifIndex 10115 in VLAN 333 (pf::enforcement::_should_we_reassign_vlan) May 23 11:57:13 httpd.admin(0) INFO: MAC: 00:0b:5d:23:02:4d, PID: admin, Status: reg. Returned VLAN: 223 (pf::vlan::fetchVlanForNode) May 23 11:57:13 httpd.admin(0) INFO: VLAN reassignment required for 00:0b:5d:23:02:4d (current VLAN = 333 but should be in VLAN 223) (pf::enforcement::_should_we_reassign_vlan) May 23 11:57:13 httpd.admin(0) INFO: switch port for 00:0b:5d:23:02:4d is 10.2.253.2 ifIndex 10115 connection type: Wired MAC Auth (pf::enforcement::_vlan_reevaluation) May 23 11:57:17 pfsetvlan(21) INFO: local (127.0.0.1) trap for switch 10.2.253.2 (main::parseTrap) May 23 11:57:17 pfsetvlan(1) INFO: nb of items in queue: 1; nb of threads running: 0 (main::startTrapHandlers) May 23 11:57:17 pfsetvlan(1) INFO: reAssignVlan trap received on 10.2.253.2 ifIndex 10115 (main::handleTrap) May 23 11:57:17 pfsetvlan(1) WARN: Until CoA is implemented we will bounce the port on VLAN re-assignment traps for MAC-Auth (pf::SNMP::handleReAssignVlanTrapForWiredMacAuth) May 23 11:57:21 pfsetvlan(1) INFO: finished (main::cleanupAfterThread) May 23 11:57:39 pf::WebAPI(3916) INFO: handling radius autz request: from switch_ip = 10.2.253.2, connection_type = Ethernet-NoEAP mac = 00:0b:5d:23:02:4d, port = 50015, username = 000b5d23024d (pf::radius::authorize) May 23 11:57:39 pf::WebAPI(3916) INFO: MAC: 00:0b:5d:23:02:4d, PID: admin, Status: reg. Returned VLAN: 223 (pf::vlan::fetchVlanForNode) May 23 11:57:39 pf::WebAPI(3916) WARN: Role-based Network Access Control is not supported on network device type pf::SNMP::Cisco::Catalyst_3560G. (pf::SNMP::supportsRoleBasedEnforcement) Cheers LT Citando Francis Lachapelle flachape...@inverse.ca: Hi Luis On 2013-05-20, at 7:03 AM, luis torres luistor...@netc.pt wrote: trought the browser , in nodes section, I can only enforce vlans on a specific node , between Register or Unregiste, Grace and Pending doesnt do nothing..., however if I give the cmd (/usr/local/pf/bin/pfcmd node edit 00:0b:5d:23:02:4d pid=admin,status=grace) on the linux with root user, it works perfectly. I committed a fix yesterday : https://github.com/inverse-inc/packetfence/commit/27ca8615999265099dc5e00b4fe5cd4c33991ddd It will be integrated to 4.0.2. Thanks, Francis -- flachape...@inverse.ca :: +1.514.755.3640 :: http://www.inverse.ca Inverse :: Leaders behind SOGo (http://sogo.nu) and PacketFence (http://packetfence.org) -- Try New Relic Now We'll Send You this Cool Shirt New Relic is the only SaaS-based application performance monitoring service that delivers powerful full stack analytics. Optimize and monitor your browser, app, servers with just a few lines of code. Try New Relic and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_may ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.nethttps://lists.sourceforge.net/lists/listinfo
[PacketFence-users] ERROR: Database issue: (on Node Status change)
Hi list, when I change from from grace to Registered: May 23 14:52:25 httpd.admin(0) INFO: grace expired on violation 121 for node 00:0b:5d:23:02:4d (pf::violation::violation_add) May 23 14:52:25 httpd.admin(0) WARN: database query failed with: Cannot add or update a child row: a foreign key constraint fails (`pf`.`violation`, CONSTRAINT `0_61` FOREIGN KEY (`vid`) REFERENCES `class` (`vid`) ON DELETE CASCADE ON UPDATE CASCADE). (errno: 1452), will try again (pf::db::db_query_execute) May 23 14:52:25 httpd.admin(0) WARN: database query failed with: Cannot add or update a child row: a foreign key constraint fails (`pf`.`violation`, CONSTRAINT `0_61` FOREIGN KEY (`vid`) REFERENCES `class` (`vid`) ON DELETE CASCADE ON UPDATE CASCADE). (errno: 1452), will try again (pf::db::db_query_execute) May 23 14:52:25 httpd.admin(0) WARN: database query failed with: Cannot add or update a child row: a foreign key constraint fails (`pf`.`violation`, CONSTRAINT `0_61` FOREIGN KEY (`vid`) REFERENCES `class` (`vid`) ON DELETE CASCADE ON UPDATE CASCADE). (errno: 1452), will try again (pf::db::db_query_execute) May 23 14:52:25 httpd.admin(0) ERROR: Database issue: We tried 3 times to serve query violation_add_sql called from pf::violation::violation_add and we failed. Is the database running? (pf::db::db_query_execute) May 23 14:52:25 httpd.admin(0) INFO: re-evaluating access for node 00:0b:5d:23:02:4d (node_modify called) (pf::enforcement::reevaluate_access) May 23 14:52:25 httpd.admin(0) INFO: 00:0b:5d:23:02:4d is currentlog connected at 10.2.253.2 ifIndex 10115 in VLAN 223 (pf::enforcement::_should_we_reassign_vlan) May 23 14:52:25 httpd.admin(0) INFO: MAC: 00:0b:5d:23:02:4d, PID: admin, Status: reg. Returned VLAN: 223 (pf::vlan::fetchVlanForNode) What could it be? thanks LT -- Try New Relic Now We'll Send You this Cool Shirt New Relic is the only SaaS-based application performance monitoring service that delivers powerful full stack analytics. Optimize and monitor your browser, app, servers with just a few lines of code. Try New Relic and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_may___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
[PacketFence-users] Cisco Vlan Enforcement
Hi again, weird stuff..., sometimes when I manualy regist the node on the node section, it puts the node on the wrong vlan (Mac detection) and it shows me as registered. What I should look for? thanks LT -- AlienVault Unified Security Management (USM) platform delivers complete security visibility with the essential security capabilities. Easily and efficiently configure, manage, and operate all of your security controls from a single console and one unified framework. Download a free trial. http://p.sf.net/sfu/alienvault_d2d___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
[PacketFence-users] Vlan enforcement
Hi, trought the browser , in nodes section, I can only enforce vlans on a specific node , between Register or Unregiste, Grace and Pending doesnt do nothing..., however if I give the cmd (/usr/local/pf/bin/pfcmd node edit 00:0b:5d:23:02:4d pid=admin,status=grace) on the linux with root user, it works perfectly. Any ideias? thanks LT -- AlienVault Unified Security Management (USM) platform delivers complete security visibility with the essential security capabilities. Easily and efficiently configure, manage, and operate all of your security controls from a single console and one unified framework. Download a free trial. http://p.sf.net/sfu/alienvault_d2d___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users