Re: [PacketFence-users] Expiration and Mass Deregister
Hi team, OK - tried the pfcmd method which didnt work for me... I have had a bit of a go at the code to make it work as it wasn't adding entries to ipset correctly (inline, I know there have been issues with this in the past) which may have broken something. I've now written a perl script that I run via cron: #!/usr/bin/perl ## script to unregister all hosts - run this by cron at end of lesson. ## 1 - set all nodes' status to unreg in DB ## 2 - flush reg ipset table. ## DB bit: use DBI; my $dbServer=127.0.0.1; my $uid=root; my $pwd=password1withacapitalP; my $db=pf; my $dsn = DBI:mysql:database=$db;host=$dbServer; my $dbHandle = DBI-connect($dsn, $uid, $pwd) or die Cannot log into $dbServer\n; my $query = UPDATE pf.node SET status='unreg'; my $qHandle = $dbHandle-prepare ($query); $qHandle-execute (); $dbHandle-disconnect; ## ipset bit: `/usr/sbin/ipset flush pfsession_Reg_10.15.228.0`; Early indications suggest this works... thanks, Jim Potter Network Manager Oasis Brislington (formerly Brislington Enterprise College) On 25 May 2015 at 11:06, Nathan, Josh josh.nat...@bfacademy.de wrote: Oh, I did forget to mention! If we unregister too many people at a time, we have to restart the PacketFence service. Not sure what the conflict is, but running that command a couple hundred times corrupts one of the running files or something, and then nothing can register until it's restarted. We really only do a mass deregister once a week, so we do it in the middle of the night, and then restart the services. But I don't know if that issue persists with newer versions of PacketFence, and I've only ever run PacketFence on Centos 6.x. Thanks, Joshua Nathan IT Administrator Black Forest Academy +49 (0) 7626-916123 On Mon, May 25, 2015 at 12:02 PM, Nathan, Josh josh.nat...@bfacademy.de wrote: We do something similar to this, actually. However, while we used to run a query against the database, something changed with the upgrade to 4.0 that caused that to stop working. They'd be listed as unregistered in the database, but still have access. I was able to put together a pfcmd command that would do it, though. Here's what I have: /usr/local/pf/bin/pfcmd node edit [mac address] status=unreg,unregdate=[datetime in YearMonthDayHourMinuteSecond format] We use a Perl script to generate the list of Mac addresses, and then loop through them with this command. Thanks, Joshua Nathan IT Administrator Black Forest Academy +49 (0) 7626-916123 On Sun, May 24, 2015 at 4:04 PM, Jason 'XenoPhage' Frisvold xenoph...@godshell.com wrote: On May 22, 2015, at 18:17, Mr J Potter jpotter...@because.org.uk wrote: Hi Jason, Did you find a way of doing this? I need to deregister all users periodically (plan is 7 times a day), and being able to do this via cron would be great. There's no built-in way to do this easily, but you can manipulate the database and perform the same process. Just build a query that finds the devices you're looking to deregister and then put them all in a state of unregistered. That said, it may be worth re-thinking things a little. The automatic mechanisms within Packetfence are pretty good. You can probably set the timers for 7 days and have the system handle this for you. thanks, Jim Pott Jason 'XenoPhage' Frisvold xenoph...@godshell.com -- One dashboard for servers and applications across Physical-Virtual-Cloud Widest out-of-the-box monitoring support with 50+ applications Performance metrics, stats and reports that give you Actionable Insights Deep dive visibility with transaction tracing using APM Insight. http://ad.doubleclick.net/ddm/clk/290420510;117567292;y ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users -- One dashboard for servers and applications across Physical-Virtual-Cloud Widest out-of-the-box monitoring support with 50+ applications Performance metrics, stats and reports that give you Actionable Insights Deep dive visibility with transaction tracing using APM Insight. http://ad.doubleclick.net/ddm/clk/290420510;117567292;y ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users -- One dashboard for servers and applications across Physical-Virtual-Cloud Widest out-of-the-box monitoring support with 50+ applications Performance metrics, stats and reports that give you Actionable Insights Deep dive visibility with transaction tracing using APM Insight.
Re: [PacketFence-users] Expiration and Mass Deregister
Mr J Potter jpotter...@because.org.uk wrote: I need to deregister all users periodically (plan is 7 times a day), Seven times PER DAY?!?!? Are you selling web ads on your captive portal pages with that many views??? -Arthur - Arthur Emerson III Email: emer...@msmc.edu Network Administrator InterNIC: AE81 Mount Saint Mary College MaBell: (845) 561-0800 Ext. 3109 330 Powell Ave.Fax:(845) 562-6762 Newburgh, NY 12550SneakerNet: Aquinas Hall Room 11 -- One dashboard for servers and applications across Physical-Virtual-Cloud Widest out-of-the-box monitoring support with 50+ applications Performance metrics, stats and reports that give you Actionable Insights Deep dive visibility with transaction tracing using APM Insight. http://ad.doubleclick.net/ddm/clk/290420510;117567292;y ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
Re: [PacketFence-users] Expiration and Mass Deregister
Oh, I did forget to mention! If we unregister too many people at a time, we have to restart the PacketFence service. Not sure what the conflict is, but running that command a couple hundred times corrupts one of the running files or something, and then nothing can register until it's restarted. We really only do a mass deregister once a week, so we do it in the middle of the night, and then restart the services. But I don't know if that issue persists with newer versions of PacketFence, and I've only ever run PacketFence on Centos 6.x. Thanks, Joshua Nathan IT Administrator Black Forest Academy +49 (0) 7626-916123 On Mon, May 25, 2015 at 12:02 PM, Nathan, Josh josh.nat...@bfacademy.de wrote: We do something similar to this, actually. However, while we used to run a query against the database, something changed with the upgrade to 4.0 that caused that to stop working. They'd be listed as unregistered in the database, but still have access. I was able to put together a pfcmd command that would do it, though. Here's what I have: /usr/local/pf/bin/pfcmd node edit [mac address] status=unreg,unregdate=[datetime in YearMonthDayHourMinuteSecond format] We use a Perl script to generate the list of Mac addresses, and then loop through them with this command. Thanks, Joshua Nathan IT Administrator Black Forest Academy +49 (0) 7626-916123 On Sun, May 24, 2015 at 4:04 PM, Jason 'XenoPhage' Frisvold xenoph...@godshell.com wrote: On May 22, 2015, at 18:17, Mr J Potter jpotter...@because.org.uk wrote: Hi Jason, Did you find a way of doing this? I need to deregister all users periodically (plan is 7 times a day), and being able to do this via cron would be great. There's no built-in way to do this easily, but you can manipulate the database and perform the same process. Just build a query that finds the devices you're looking to deregister and then put them all in a state of unregistered. That said, it may be worth re-thinking things a little. The automatic mechanisms within Packetfence are pretty good. You can probably set the timers for 7 days and have the system handle this for you. thanks, Jim Pott Jason 'XenoPhage' Frisvold xenoph...@godshell.com -- One dashboard for servers and applications across Physical-Virtual-Cloud Widest out-of-the-box monitoring support with 50+ applications Performance metrics, stats and reports that give you Actionable Insights Deep dive visibility with transaction tracing using APM Insight. http://ad.doubleclick.net/ddm/clk/290420510;117567292;y ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users -- One dashboard for servers and applications across Physical-Virtual-Cloud Widest out-of-the-box monitoring support with 50+ applications Performance metrics, stats and reports that give you Actionable Insights Deep dive visibility with transaction tracing using APM Insight. http://ad.doubleclick.net/ddm/clk/290420510;117567292;y___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
Re: [PacketFence-users] Expiration and Mass Deregister
We do something similar to this, actually. However, while we used to run a query against the database, something changed with the upgrade to 4.0 that caused that to stop working. They'd be listed as unregistered in the database, but still have access. I was able to put together a pfcmd command that would do it, though. Here's what I have: /usr/local/pf/bin/pfcmd node edit [mac address] status=unreg,unregdate=[datetime in YearMonthDayHourMinuteSecond format] We use a Perl script to generate the list of Mac addresses, and then loop through them with this command. Thanks, Joshua Nathan IT Administrator Black Forest Academy +49 (0) 7626-916123 On Sun, May 24, 2015 at 4:04 PM, Jason 'XenoPhage' Frisvold xenoph...@godshell.com wrote: On May 22, 2015, at 18:17, Mr J Potter jpotter...@because.org.uk wrote: Hi Jason, Did you find a way of doing this? I need to deregister all users periodically (plan is 7 times a day), and being able to do this via cron would be great. There's no built-in way to do this easily, but you can manipulate the database and perform the same process. Just build a query that finds the devices you're looking to deregister and then put them all in a state of unregistered. That said, it may be worth re-thinking things a little. The automatic mechanisms within Packetfence are pretty good. You can probably set the timers for 7 days and have the system handle this for you. thanks, Jim Pott Jason 'XenoPhage' Frisvold xenoph...@godshell.com -- One dashboard for servers and applications across Physical-Virtual-Cloud Widest out-of-the-box monitoring support with 50+ applications Performance metrics, stats and reports that give you Actionable Insights Deep dive visibility with transaction tracing using APM Insight. http://ad.doubleclick.net/ddm/clk/290420510;117567292;y ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users -- One dashboard for servers and applications across Physical-Virtual-Cloud Widest out-of-the-box monitoring support with 50+ applications Performance metrics, stats and reports that give you Actionable Insights Deep dive visibility with transaction tracing using APM Insight. http://ad.doubleclick.net/ddm/clk/290420510;117567292;y___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
Re: [PacketFence-users] Expiration and Mass Deregister
On May 22, 2015, at 18:17, Mr J Potter jpotter...@because.org.uk wrote: Hi Jason, Did you find a way of doing this? I need to deregister all users periodically (plan is 7 times a day), and being able to do this via cron would be great. There's no built-in way to do this easily, but you can manipulate the database and perform the same process. Just build a query that finds the devices you're looking to deregister and then put them all in a state of unregistered. That said, it may be worth re-thinking things a little. The automatic mechanisms within Packetfence are pretty good. You can probably set the timers for 7 days and have the system handle this for you. thanks, Jim Pott Jason 'XenoPhage' Frisvold xenoph...@godshell.com -- One dashboard for servers and applications across Physical-Virtual-Cloud Widest out-of-the-box monitoring support with 50+ applications Performance metrics, stats and reports that give you Actionable Insights Deep dive visibility with transaction tracing using APM Insight. http://ad.doubleclick.net/ddm/clk/290420510;117567292;y ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
Re: [PacketFence-users] Expiration and Mass Deregister
Hi Jason, Did you find a way of doing this? I need to deregister all users periodically (plan is 7 times a day), and being able to do this via cron would be great. thanks, Jim Potter Network Manager Oasis Brislington (formerly Brislington Enterprise College) On 31 May 2014 at 00:02, Jason Frisvold xenoph...@godshell.com wrote: Greetings! With the previous NAC solution we had, we would periodically purge the database of all users of specific classes. Packetfence is supposed to handle all of that programatically through expiration. However, I'm not sure that's happening properly. I'm not entirely certain how to debug the problem, either. I clearly have nodes with locationlog entries that are far older than the settings I have in expiration, as well as nodes with no locationlog entries that are far older than the node lifetime. In the meantime, as I'm trying to debug the problem, I need to deregister an entire class of user. How do I go about that? While I can use the CLI pfcmd tool to get a list of all of these users, I don't see a way to change the registration value for a node via the CLI. Nor do I see a way to mass deregister via the GUI beyond the select all, choose deregister from the dropdown menu. That would work, but you can only choose a single page worth of entries, and I have a LOT of pages... Thanks! -- --- Jason 'XenoPhage' Frisvold xenoph...@godshell.com --- Any sufficiently advanced magic is indistinguishable from technology.\ - Niven's Inverse of Clarke's Third Law -- Time is money. Stop wasting it! Get your web API in 5 minutes. www.restlet.com/download http://p.sf.net/sfu/restlet ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users -- One dashboard for servers and applications across Physical-Virtual-Cloud Widest out-of-the-box monitoring support with 50+ applications Performance metrics, stats and reports that give you Actionable Insights Deep dive visibility with transaction tracing using APM Insight. http://ad.doubleclick.net/ddm/clk/290420510;117567292;y___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
