Hey,
not he swap warning and reject messages cames across the day. I’ve add a swap
file on the three nodes now it looks like the issue with swap is solved. But
the Reject messages are still there.
Each Day another switch random.
Grüße aus der Grünen Hölle / Regards from the Green Hell
i. A.
Hi All
I have a question regarding the configuration of Packet Fence
First, what I am wanting to do.
We have multiple VLANs within our infrastructure we are only interested in
using PF in one of these and that is the management network for our switches. I
have set up a test VLAN with one
Hello,
I did not change anything in iptables.conf.
We have a VMware environment so I can restore the "old" VM every time. Please
find the do-upgrade.sh output below:
Here are the last lines of the output, than the system is not available via
network anymore:
Setting packetfence.target as the
Hi Dennis,
We are not clustered and get swap warnings occasionally, but I haven’t noticed
clients unable to connect during those events. They only seem to happen one a
day during non-peak times. I’ll take a look at our logs to see if we are seeing
the rejected authentications too. We used the
Hello Matthies,
can you provide the radius debug section where you can see the call to
ntlm_auth ?
Regards
Fabrice
Le lun. 24 oct. 2022 à 11:29, Matthies, Heiko via PacketFence-users <
packetfence-users@lists.sourceforge.net> a écrit :
> Hello,
>
>
>
> I troubleshooted this issue a little
I opened following issue https://github.com/inverse-inc/packetfence/issues/7298
Nicolas Quiniou-Briand
Product Support Engineer
[cid:image001.png@01D8E7C1.27AE7A40]
Office: +33156696210
Akamai Technologies
145 Broadway
Cambridge, MA 02142
Connect with Us:
Hello Regimantas,
alright, sorry for the delayed response.
So let's follow these steps and see what happens on the switch.
First edit this file (/usr/local/pf/raddb/mods-config/files/authorize) and
add at the end (replace 02-00-00-00-00-00-00 by the mac address of the
device you are testing
Hello Nicolas,
another information which maybe useful to you. After I logged into the GUI and
tried to rejoin my domain, the same issue (timeout) occurs. I think the system
tries to reinsert the ruleset from the v12 iptables.conf and bricks the system
doing so.
Kind Regards,
Heiko Matthies
Hello,
Thanks for your feedback.
> This line is uncommented in production as we used the haproxy dashboard in
> the past. I don't think this would break the upgrade process.
I agree but I just want to confirm something.
I think I found root cause of your issue. I will open an issue sooner and
Hello Nicolas,
I compared the current iptables.conf with the iptables.conf.example and found
only one difference:
#-A input-management-if --protocol tcp --match tcp --dport 1025 --jump ACCEPT
This line is uncommented in production as we used the haproxy dashboard in the
past. I don't think this
Hello Nicolas,
I suppose, Michael will provide the needed logs and information for you. As we
have still not upgraded our main packetfence instance, I could reproduce the
issue if needed. Just hit me up, if you need further information about this
issue.
Kind regards,
Heiko Matthies
Hi,
I'm trying to work out how to get PacketFence to send a CoA to an
Aerohive (XIQ) AP after a guest registers and is approved by sponsor. I
have the AP switch object configured to map by switch role, which sends
a Filter-ID I can match on. If I disconnect and reconnect (and clear
auth
Hello,
Thanks.
Could you answer my second question regarding customization of iptables.conf ?
Nicolas Quiniou-Briand
Product Support Engineer
[cid:image001.png@01D8E7AF.9ABD2610]
Office: +33156696210
Akamai Technologies
145 Broadway
Cambridge, MA 02142
Connect with Us:
Hello Michael,
Just to clarify, I only need output of `do-upgrade.sh` script during a failed
upgrade.
Could you answer my second question regarding customization of iptables.conf ?
Nicolas Quiniou-Briand
Product Support Engineer
[cid:image001.png@01D8E788.37EA7370]
Office: +33156696210
Hello,
I am not in the office today. I can provide all of these logs in ~8 hours. Even
a remote support to collect all required logs is fine for me.
Best regards
Michael Weber
From: Quiniou-Briand, Nicolas
Sent: Monday, October 24, 2022 8:47:25 AM
To:
Hello,
I would like to take a look on this issue.
As far as I know, the message:
#v+
chain DOCKER in table filter is incompatible, use 'nft' instead
#v-
doesn't stop upgrade and appears on all upgrades.
1. Could you provide me logs (in private) of your upgrade (using do-upgrade.sh)
?
2. Could
Hey All,
at the moment i get a lot of REJECT errors:
I can't identifie why, but her is a part from my Packetfence.log, which shows
This WARN a lot of times:
Oct 24 08:29:10 pf4 packetfence[306923]: -e(306923) WARN: Use of uninitialized
value $port in addition (+) at
17 matches
Mail list logo