Re: [PacketFence-users] Why pfsso restarts itself recently ?
Hi Semaan, Thank you very much. After gave the file execute privilege with chmod + x, I successfully restarted pfsso service. Hope the new patch can fix the restart issue. I??ll keep an eye on it recently. Thank you again. BTW below is what I executed just now: # mv /usr/local/pf/bin/pfhttpd /usr/local/pf/bin/pfhttpd.bak20171222 # curl https://support.inverse.ca/~jsemaan/pfhttpd-2841> /usr/local/pf/bin/pfhttpd # chmod +x /usr/local/pf/bin/pfhttpd # systemctl restart packetfence-pfsso [root@pf-wensi ~]# journalctl -u packetfence-pfsso --since="5 minutes ago" -- Logs begin at ?? 2017-12-21 14:20:15 CST, end at ?? 2017-12-22 21:34:44 CST. -- 12?? 22 21:34:30 pf-wensi systemd[1]: Stopping PacketFence PFSSO Service... 12?? 22 21:34:30 pf-wensi systemd[1]: Starting PacketFence PFSSO Service... 12?? 22 21:34:30 pf-wensi pfhttpd[30107]: Activating privacy features... done. 12?? 22 21:34:30 pf-wensi pfhttpd[30107]: Using configuration set log level: INFO 12?? 22 21:34:30 pf-wensi pfhttpd[30107]: Using configured statsd protocol: udp 12?? 22 21:34:30 pf-wensi pfhttpd[30107]: Using configured prefix: pfsso 12?? 22 21:34:30 pf-wensi pfsso[30107]: t=2017-12-22T21:34:30+0800 lvl=dbug msg="Resource is not valid anymore. Was loaded at 0001-01-01 00:00: 12?? 22 21:34:30 pf-wensi pfsso[30107]: t=2017-12-22T21:34:30+0800 lvl=dbug msg="Resource is not valid anymore. Was loaded at 0001-01-01 00:00: 12?? 22 21:34:30 pf-wensi pfsso[30107]: t=2017-12-22T21:34:30+0800 lvl=dbug msg="Resource is not valid anymore. Was loaded at 0001-01-01 00:00: 12?? 22 21:34:30 pf-wensi pfhttpd[30107]: http://localhost:8777 12?? 22 21:34:30 pf-wensi systemd[1]: Started PacketFence PFSSO Service. -- Original -- From: packetfence-users <packetfence-users@lists.sourceforge.net> Date: ,12?? 22,2017 10:20 To: packetfence-users <packetfence-users@lists.sourceforge.net>, Julien Semaan <jsem...@inverse.ca> Cc: Yan <1136723...@qq.com> Subject: Re: [PacketFence-users] Why pfsso restarts itself recently ? Hi Semaan, I tried below steps on my backup pf server as you said but with no luck...When I issue "systemctl restart packetfence-pfsso" it failed. Below is related logs. Appreciate your reply. [root@pf-wensi ~]# mv /usr/local/pf/bin/pfhttpd /usr/local/pf/bin/pfhttpd.bak20171222 [root@pf-wensi ~]# curl https://support.inverse.ca/~jsemaan/pfhttpd-2841> /usr/local/pf/bin/pfhttpd % Total% Received % Xferd Average Speed TimeTime Time Current Dload Upload Total SpentLeft Speed 100 18.5M 100 18.5M0 0 1068k 0 0:00:17 0:00:17 --:--:-- 1396k [root@pf-wensi ~]# systemctl restart packetfence-pfsso Job for packetfence-pfsso.service failed because the control process exited with error code. See "systemctl status packetfence-pfsso.service" and "journalctl -xe" for details. [root@pf-wensi ~]# systemctl status packetfence-pfsso.service ?? packetfence-pfsso.service - PacketFence PFSSO Service Loaded: loaded (/usr/lib/systemd/system/packetfence-pfsso.service; enabled; vendor preset: disabled) Active: failed (Result: start-limit) since ?? 2017-12-22 09:58:24 CST; 1min 7s ago Process: 8423 ExecStart=/usr/local/pf/bin/pfhttpd -conf /usr/local/pf/conf/caddy-services/pfsso.conf -log-name pfsso (code=exited, status=203/EXEC) Main PID: 8423 (code=exited, status=203/EXEC) 12?? 22 09:58:23 pf-wensi systemd[1]: Failed to start PacketFence PFSSO Service. 12?? 22 09:58:23 pf-wensi systemd[1]: Unit packetfence-pfsso.service entered failed state. 12?? 22 09:58:23 pf-wensi systemd[1]: packetfence-pfsso.service failed. 12?? 22 09:58:24 pf-wensi systemd[1]: packetfence-pfsso.service holdoff time over, scheduling restart. 12?? 22 09:58:24 pf-wensi systemd[1]: start request repeated too quickly for packetfence-pfsso.service 12?? 22 09:58:24 pf-wensi systemd[1]: Failed to start PacketFence PFSSO Service. 12?? 22 09:58:24 pf-wensi systemd[1]: Unit packetfence-pfsso.service entered failed state. 12?? 22 09:58:24 pf-wensi systemd[1]: packetfence-pfsso.service failed. Hint: Some lines were ellipsized, use -l to show in full. packetfence.log Dec 22 10:00:51 pf-wensi pfhttpd: http://localhost:8777 Dec 22 10:00:51 pf-wensi pfsso[9309]: t=2017-12-22T10:00:51+0800 lvl=dbug msg="Resource is not valid anymore. Was loaded at 0001-01-01 00:00:00 + UTC" pid=9309 PfconfigObject=element|interfaces::management_network Dec 22 10:00:51 pf-wensi pfsso[9309]: t=2017-12-22T10:00:51+0800 lvl=dbug msg="Resource is not valid anymore. Was loaded at 0001-01-01 00:00:00 + UTC" pid=9309 PfconfigObject=keys|config::Firewall_SSO Dec 22 10:00:51 pf-wensi pfsso[9309]: t=2017-12-22T10:00:51+0800 lvl=dbug msg="Resource is not valid anymore. Was loaded at 0001-01-01 00:00:00 + UTC" pid=9309 Dec 22
Re: [PacketFence-users] Why pfsso restarts itself recently ?
Hi Semaan, I tried below steps on my backup pf server as you said but with no luck...When I issue "systemctl restart packetfence-pfsso" it failed. Below is related logs. Appreciate your reply. [root@pf-wensi ~]# mv /usr/local/pf/bin/pfhttpd /usr/local/pf/bin/pfhttpd.bak20171222 [root@pf-wensi ~]# curl https://support.inverse.ca/~jsemaan/pfhttpd-2841> /usr/local/pf/bin/pfhttpd % Total% Received % Xferd Average Speed TimeTime Time Current Dload Upload Total SpentLeft Speed 100 18.5M 100 18.5M0 0 1068k 0 0:00:17 0:00:17 --:--:-- 1396k [root@pf-wensi ~]# systemctl restart packetfence-pfsso Job for packetfence-pfsso.service failed because the control process exited with error code. See "systemctl status packetfence-pfsso.service" and "journalctl -xe" for details. [root@pf-wensi ~]# systemctl status packetfence-pfsso.service ?? packetfence-pfsso.service - PacketFence PFSSO Service Loaded: loaded (/usr/lib/systemd/system/packetfence-pfsso.service; enabled; vendor preset: disabled) Active: failed (Result: start-limit) since ?? 2017-12-22 09:58:24 CST; 1min 7s ago Process: 8423 ExecStart=/usr/local/pf/bin/pfhttpd -conf /usr/local/pf/conf/caddy-services/pfsso.conf -log-name pfsso (code=exited, status=203/EXEC) Main PID: 8423 (code=exited, status=203/EXEC) 12?? 22 09:58:23 pf-wensi systemd[1]: Failed to start PacketFence PFSSO Service. 12?? 22 09:58:23 pf-wensi systemd[1]: Unit packetfence-pfsso.service entered failed state. 12?? 22 09:58:23 pf-wensi systemd[1]: packetfence-pfsso.service failed. 12?? 22 09:58:24 pf-wensi systemd[1]: packetfence-pfsso.service holdoff time over, scheduling restart. 12?? 22 09:58:24 pf-wensi systemd[1]: start request repeated too quickly for packetfence-pfsso.service 12?? 22 09:58:24 pf-wensi systemd[1]: Failed to start PacketFence PFSSO Service. 12?? 22 09:58:24 pf-wensi systemd[1]: Unit packetfence-pfsso.service entered failed state. 12?? 22 09:58:24 pf-wensi systemd[1]: packetfence-pfsso.service failed. Hint: Some lines were ellipsized, use -l to show in full. packetfence.log Dec 22 10:00:51 pf-wensi pfhttpd: http://localhost:8777 Dec 22 10:00:51 pf-wensi pfsso[9309]: t=2017-12-22T10:00:51+0800 lvl=dbug msg="Resource is not valid anymore. Was loaded at 0001-01-01 00:00:00 + UTC" pid=9309 PfconfigObject=element|interfaces::management_network Dec 22 10:00:51 pf-wensi pfsso[9309]: t=2017-12-22T10:00:51+0800 lvl=dbug msg="Resource is not valid anymore. Was loaded at 0001-01-01 00:00:00 + UTC" pid=9309 PfconfigObject=keys|config::Firewall_SSO Dec 22 10:00:51 pf-wensi pfsso[9309]: t=2017-12-22T10:00:51+0800 lvl=dbug msg="Resource is not valid anymore. Was loaded at 0001-01-01 00:00:00 + UTC" pid=9309 Dec 22 10:00:51 pf-wensi pfhttpd: Using configured prefix: pfsso Dec 22 10:00:51 pf-wensi pfhttpd: Using configured statsd protocol: udp Dec 22 10:00:51 pf-wensi pfhttpd: Using configuration set log level: INFO Dec 22 10:00:51 pf-wensi pfhttpd: Activating privacy features... done. -- Original -- From: packetfence-users <packetfence-users@lists.sourceforge.net> Date: ,12?? 21,2017 23:48 To: Julien Semaan <jsem...@inverse.ca>, packetfence-users <packetfence-users@lists.sourceforge.net> Cc: Yan <1136723...@qq.com> Subject: Re: [PacketFence-users] Why pfsso restarts itself recently ? Hi Semaan, My pf version is 7.3. My config file is as below. I just use syslog feature to send ip user mapping info to palo alto firewall. I don??t need to do sso via PF. /usr/local/pf/conf/firewall_sso.con [172.23.4.14] transport=syslog categories=default,employees vsys=1 networks=172.0.0.0/8,10.97.0.0/16 port=443 cache_updates=0 username_format=$username type=PaloAlto cache_timeout=0 [172.22.3.13] transport=syslog categories=default,employees vsys=1 networks=172.24.0.0/16 cache_timeout=0 port=443 cache_updates=0 username_format=$username type=PaloAlto #[192.168.1.254] #type=FortiGate #password=s3cr3t #port=1813 #[192.168.1.253] #type=PaloAlto #key= # Specific to the PaloAlto firewall , you must use a username and password to fetch the key to use (see PaloAlto documentation). -- Original -- From: Julien Semaan <jsem...@inverse.ca> Date: ,12?? 21,2017 23:36 To: Yan <1136723...@qq.com>, packetfence-users <packetfence-users@lists.sourceforge.net> Subject: Re: [PacketFence-users] Why pfsso restarts itself recently ? I have a theory of what could be happening. Seems like the formatting of the usernames might be causing issueswith multiple firewalls which you do seems to have. Could you send me your /usr/local/pf/conf/firewall_sso.conf (with obfuscated secrets obviously) Regards, -- Julien semaanjsem...@in
Re: [PacketFence-users] Why pfsso restarts itself recently ?
Ah, I think I might guess what is happening, the new file is lacking the executable bit. Do this before restarting the process: # chmod +x /usr/local/pf/bin/pfhttpd On 2017-12-22 07:33 AM, Julien Semaan via PacketFence-users wrote: Hi Yan, Could you do it again, but then, providing the output of this command after doing it so I have more context # journalctl -u packetfence-pfsso --since="5 minutes ago" Thanks, -- Julien Semaan jsem...@inverse.ca :: +1 (866) 353-6153 *155 ::www.inverse.ca Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence (www.packetfence.org) On 2017-12-21 09:20 PM, Yan wrote: Hi Semaan, I tried below steps on my backup pf server as you said but with no luck...When I issue "systemctl restart packetfence-pfsso" it failed. Below is related logs. Appreciate your reply. [root@pf-wensi ~]# mv /usr/local/pf/bin/pfhttpd /usr/local/pf/bin/pfhttpd.bak20171222 [root@pf-wensi ~]# curl https://support.inverse.ca/~jsemaan/pfhttpd-2841> /usr/local/pf/bin/pfhttpd ?0?2 % Total ?0?2 ?0?2% Received % Xferd ?0?2Average Speed ?0?2 Time ?0?2 ?0?2Time ?0?2 ?0?2 Time ?0?2Current ?0?2 ?0?2 ?0?2 ?0?2 ?0?2 ?0?2 ?0?2 ?0?2 ?0?2 ?0?2 ?0?2 ?0?2 ?0?2 ?0?2 ?0?2 ?0?2 ?0?2Dload ?0?2Upload ?0?2 Total ?0?2 Spent ?0?2 ?0?2Left ?0?2Speed 100 18.5M ?0?2100 18.5M ?0?2 ?0?20 ?0?2 ?0?2 0 ?0?21068k ?0?20 ?0?20:00:17 ?0?20:00:17 --:--:-- 1396k [root@pf-wensi ~]# systemctl restart packetfence-pfsso Job for packetfence-pfsso.service failed because the control process exited with error code. See "systemctl status packetfence-pfsso.service" and "journalctl -xe" for details. [root@pf-wensi ~]# systemctl status packetfence-pfsso.service ?? packetfence-pfsso.service - PacketFence PFSSO Service ?0?2 ?0?2Loaded: loaded (/usr/lib/systemd/system/packetfence-pfsso.service; enabled; vendor preset: disabled) ?0?2 ?0?2Active: failed (Result: start-limit) since ?? 2017-12-22 09:58:24 CST; 1min 7s ago ?0?2 Process: 8423 ExecStart=/usr/local/pf/bin/pfhttpd -conf /usr/local/pf/conf/caddy-services/pfsso.conf -log-name pfsso (code=exited, status=203/EXEC) ?0?2Main PID: 8423 (code=exited, status=203/EXEC) 12?? 22 09:58:23 pf-wensi systemd[1]: Failed to start PacketFence PFSSO Service. 12?? 22 09:58:23 pf-wensi systemd[1]: Unit packetfence-pfsso.service entered failed state. 12?? 22 09:58:23 pf-wensi systemd[1]: packetfence-pfsso.service failed. 12?? 22 09:58:24 pf-wensi systemd[1]: packetfence-pfsso.service holdoff time over, scheduling restart. 12?? 22 09:58:24 pf-wensi systemd[1]: start request repeated too quickly for packetfence-pfsso.service 12?? 22 09:58:24 pf-wensi systemd[1]: Failed to start PacketFence PFSSO Service. 12?? 22 09:58:24 pf-wensi systemd[1]: Unit packetfence-pfsso.service entered failed state. 12?? 22 09:58:24 pf-wensi systemd[1]: packetfence-pfsso.service failed. Hint: Some lines were ellipsized, use -l to show in full. packetfence.log Dec 22 10:00:51 pf-wensi pfhttpd: http://localhost:8777 Dec 22 10:00:51 pf-wensi pfsso[9309]: t=2017-12-22T10:00:51+0800 lvl=dbug msg="Resource is not valid anymore. Was loaded at 0001-01-01 00:00:00 + UTC" pid=9309 PfconfigObject=element|interfaces::management_network Dec 22 10:00:51 pf-wensi pfsso[9309]: t=2017-12-22T10:00:51+0800 lvl=dbug msg="Resource is not valid anymore. Was loaded at 0001-01-01 00:00:00 + UTC" pid=9309 PfconfigObject=keys|config::Firewall_SSO Dec 22 10:00:51 pf-wensi pfsso[9309]: t=2017-12-22T10:00:51+0800 lvl=dbug msg="Resource is not valid anymore. Was loaded at 0001-01-01 00:00:00 + UTC" pid=9309 Dec 22 10:00:51 pf-wensi pfhttpd: Using configured prefix: pfsso Dec 22 10:00:51 pf-wensi pfhttpd: Using configured statsd protocol: udp Dec 22 10:00:51 pf-wensi pfhttpd: Using configuration set log level: INFO Dec 22 10:00:51 pf-wensi pfhttpd: Activating privacy features... done. -- Original -- *From:* packetfence-users <packetfence-users@lists.sourceforge.net> *Date:* ,12?? 21,2017 23:48 *To:* Julien Semaan <jsem...@inverse.ca>, packetfence-users <packetfence-users@lists.sourceforge.net> *Cc:* Yan <1136723...@qq.com> *Subject:* Re: [PacketFence-users] Why pfsso restarts itself recently ? Hi Semaan, My pf version is 7.3. My config file is as below. I just use syslog feature to send ip user mapping info to palo alto firewall. I don??t need to do sso via PF. /usr/local/pf/conf/firewall_sso.con [172.23.4.14] transport=syslog categories=default,employees vsys=1 networks=172.0.0.0/8,10.97.0.0/16 port=443 cache_updates=0 username_format=$username type=PaloAlto cache_timeout=0 [172.22.3.13] transport=syslog categories=default,employees vsys=1 networks=172.24.0.0/16 cache_timeout=0 port=443 cache_updates=0 username_format=$username type=PaloAlto #[192.168.1.254] #type=FortiGate #password=s3cr3t #port=1813 #[192.168.1.253] #type=Pa
Re: [PacketFence-users] Why pfsso restarts itself recently ?
Hi Yan, Could you do it again, but then, providing the output of this command after doing it so I have more context # journalctl -u packetfence-pfsso --since="5 minutes ago" Thanks, -- Julien Semaan jsem...@inverse.ca :: +1 (866) 353-6153 *155 ::www.inverse.ca Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence (www.packetfence.org) On 2017-12-21 09:20 PM, Yan wrote: Hi Semaan, I tried below steps on my backup pf server as you said but with no luck...When I issue "systemctl restart packetfence-pfsso" it failed. Below is related logs. Appreciate your reply. [root@pf-wensi ~]# mv /usr/local/pf/bin/pfhttpd /usr/local/pf/bin/pfhttpd.bak20171222 [root@pf-wensi ~]# curl https://support.inverse.ca/~jsemaan/pfhttpd-2841> /usr/local/pf/bin/pfhttpd ?0?2 % Total ?0?2 ?0?2% Received % Xferd ?0?2Average Speed ?0?2 Time ?0?2 ?0?2Time ?0?2 ?0?2 Time ?0?2Current ?0?2 ?0?2 ?0?2 ?0?2 ?0?2 ?0?2 ?0?2 ?0?2 ?0?2 ?0?2 ?0?2 ?0?2 ?0?2 ?0?2 ?0?2 ?0?2 ?0?2Dload ?0?2Upload ?0?2 Total ?0?2 Spent ?0?2 ?0?2Left ?0?2Speed 100 18.5M ?0?2100 18.5M ?0?2 ?0?20 ?0?2 ?0?2 0 ?0?21068k ?0?20 ?0?20:00:17 ?0?20:00:17 --:--:-- 1396k [root@pf-wensi ~]# systemctl restart packetfence-pfsso Job for packetfence-pfsso.service failed because the control process exited with error code. See "systemctl status packetfence-pfsso.service" and "journalctl -xe" for details. [root@pf-wensi ~]# systemctl status packetfence-pfsso.service ?? packetfence-pfsso.service - PacketFence PFSSO Service ?0?2 ?0?2Loaded: loaded (/usr/lib/systemd/system/packetfence-pfsso.service; enabled; vendor preset: disabled) ?0?2 ?0?2Active: failed (Result: start-limit) since ?? 2017-12-22 09:58:24 CST; 1min 7s ago ?0?2 Process: 8423 ExecStart=/usr/local/pf/bin/pfhttpd -conf /usr/local/pf/conf/caddy-services/pfsso.conf -log-name pfsso (code=exited, status=203/EXEC) ?0?2Main PID: 8423 (code=exited, status=203/EXEC) 12?? 22 09:58:23 pf-wensi systemd[1]: Failed to start PacketFence PFSSO Service. 12?? 22 09:58:23 pf-wensi systemd[1]: Unit packetfence-pfsso.service entered failed state. 12?? 22 09:58:23 pf-wensi systemd[1]: packetfence-pfsso.service failed. 12?? 22 09:58:24 pf-wensi systemd[1]: packetfence-pfsso.service holdoff time over, scheduling restart. 12?? 22 09:58:24 pf-wensi systemd[1]: start request repeated too quickly for packetfence-pfsso.service 12?? 22 09:58:24 pf-wensi systemd[1]: Failed to start PacketFence PFSSO Service. 12?? 22 09:58:24 pf-wensi systemd[1]: Unit packetfence-pfsso.service entered failed state. 12?? 22 09:58:24 pf-wensi systemd[1]: packetfence-pfsso.service failed. Hint: Some lines were ellipsized, use -l to show in full. packetfence.log Dec 22 10:00:51 pf-wensi pfhttpd: http://localhost:8777 Dec 22 10:00:51 pf-wensi pfsso[9309]: t=2017-12-22T10:00:51+0800 lvl=dbug msg="Resource is not valid anymore. Was loaded at 0001-01-01 00:00:00 + UTC" pid=9309 PfconfigObject=element|interfaces::management_network Dec 22 10:00:51 pf-wensi pfsso[9309]: t=2017-12-22T10:00:51+0800 lvl=dbug msg="Resource is not valid anymore. Was loaded at 0001-01-01 00:00:00 + UTC" pid=9309 PfconfigObject=keys|config::Firewall_SSO Dec 22 10:00:51 pf-wensi pfsso[9309]: t=2017-12-22T10:00:51+0800 lvl=dbug msg="Resource is not valid anymore. Was loaded at 0001-01-01 00:00:00 + UTC" pid=9309 Dec 22 10:00:51 pf-wensi pfhttpd: Using configured prefix: pfsso Dec 22 10:00:51 pf-wensi pfhttpd: Using configured statsd protocol: udp Dec 22 10:00:51 pf-wensi pfhttpd: Using configuration set log level: INFO Dec 22 10:00:51 pf-wensi pfhttpd: Activating privacy features... done. -- Original -- *From:* packetfence-users <packetfence-users@lists.sourceforge.net> *Date:* ,12?? 21,2017 23:48 *To:* Julien Semaan <jsem...@inverse.ca>, packetfence-users <packetfence-users@lists.sourceforge.net> *Cc:* Yan <1136723...@qq.com> *Subject:* Re: [PacketFence-users] Why pfsso restarts itself recently ? Hi Semaan, My pf version is 7.3. My config file is as below. I just use syslog feature to send ip user mapping info to palo alto firewall. I don??t need to do sso via PF. /usr/local/pf/conf/firewall_sso.con [172.23.4.14] transport=syslog categories=default,employees vsys=1 networks=172.0.0.0/8,10.97.0.0/16 port=443 cache_updates=0 username_format=$username type=PaloAlto cache_timeout=0 [172.22.3.13] transport=syslog categories=default,employees vsys=1 networks=172.24.0.0/16 cache_timeout=0 port=443 cache_updates=0 username_format=$username type=PaloAlto #[192.168.1.254] #type=FortiGate #password=s3cr3t #port=1813 #[192.168.1.253] #type=PaloAlto #key= # Specific to the PaloAlto firewall , you must use a username and password to fetch the key to use (see PaloAlto documentation). -- Original -- *From:* Julien Semaan <jsem...@inverse.ca&g
Re: [PacketFence-users] Why pfsso restarts itself recently ?
Hi Semaan, My pf version is 7.3. My config file is as below. I just use syslog feature to send ip user mapping info to palo alto firewall. I don??t need to do sso via PF. /usr/local/pf/conf/firewall_sso.con [172.23.4.14] transport=syslog categories=default,employees vsys=1 networks=172.0.0.0/8,10.97.0.0/16 port=443 cache_updates=0 username_format=$username type=PaloAlto cache_timeout=0 [172.22.3.13] transport=syslog categories=default,employees vsys=1 networks=172.24.0.0/16 cache_timeout=0 port=443 cache_updates=0 username_format=$username type=PaloAlto #[192.168.1.254] #type=FortiGate #password=s3cr3t #port=1813 #[192.168.1.253] #type=PaloAlto #key= # Specific to the PaloAlto firewall , you must use a username and password to fetch the key to use (see PaloAlto documentation). -- Original -- From: Julien Semaan <jsem...@inverse.ca> Date: ,12?? 21,2017 23:36 To: Yan <1136723...@qq.com>, packetfence-users <packetfence-users@lists.sourceforge.net> Subject: Re: [PacketFence-users] Why pfsso restarts itself recently ? I have a theory of what could be happening. Seems like the formatting of the usernames might be causing issueswith multiple firewalls which you do seems to have. Could you send me your /usr/local/pf/conf/firewall_sso.conf (with obfuscated secrets obviously) Regards, -- Julien semaanjsem...@inverse.ca :: +1 (866) 353-6153 *155 :: www.inverse.caInverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence (www.packetfence.org) On 2017-12-21 10:24 AM, Yan wrote: It??s the latestversion, V7.3. --Original -- From: Julien Semaan <jsem...@inverse.ca> Date: ,12?? 21,2017 23:23 To: packetfence-users <packetfence-users@lists.sourceforge.net> Cc: Yan <1136723...@qq.com> Subject: Re: [PacketFence-users] Why pfsso restarts itself recently ? Hi Yan, Could you provide your PacketFence version? Thanks -- Julien semaanjsem...@inverse.ca :: +1 (866) 353-6153 *155 :: www.inverse.caInverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence (www.packetfence.org) On 2017-12-21 09:56 AM, Yan via PacketFence-users wrote: Hi Fabrice, Just after I sent out the mail, pfsso restarted again. I checked a long time to detect the exact stop time but not found any obvious log said pfsso stop. But I found below suspisious logs that might related to pfsso restart, and the time is very related to alert time. -- Original -- From: packetfence-users <packetfence-users@lists.sourceforge.net> Date: ,12?? 21,2017 21:36 To: packetfence-users <packetfence-users@lists.sourceforge.net> Cc: Fabrice Durand <fdur...@inverse.ca> Subject: Re: [PacketFence-users] Why pfsso restarts itself recently ? Hello Yan, can you have a look in journalctl when pfsso restart ? (and give me the log please) Regards Fabrice Le 2017-12-21 ?? 08:26, Yan via PacketFence-users a ??crit : Hi users, Recently the pfsso service on our PF system always shutting down suddenly and then about one or two minutes it start again without any help. Below is our monitor log from zabbix. Why would pf restart pfsso automatically ? There's no issue with other features so I don't know if I should do anything ? --Check
Re: [PacketFence-users] Why pfsso restarts itself recently ?
Glad to hear that. Thank you so much. Waiting for your good news. -- Original -- From: Julien Semaan <jsem...@inverse.ca> Date: ,12?? 21,2017 23:51 To: Yan <1136723...@qq.com>, packetfence-users <packetfence-users@lists.sourceforge.net> Subject: Re: [PacketFence-users] Why pfsso restarts itself recently ? Hi Yan, That config confirms my theory, having user/IP mapping sent to your firewall is what we call SSO in PacketFence so you're technicallydoing it. I've opened the following Github issue to track this problem: https://github.com/inverse-inc/packetfence/issues/2847 I should be able to provide resolution before the end of the weekand will update the mailing list + the Github issue Best Regards, -- Julien semaanjsem...@inverse.ca :: +1 (866) 353-6153 *155 :: www.inverse.caInverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence (www.packetfence.org) On 2017-12-21 10:48 AM, Yan wrote: Hi Semaan, My pf version is7.3. My config file is as below. I just use syslog feature tosend ip user mapping info to palo alto firewall. I don??t need todo sso via PF. /usr/local/pf/conf/firewall_sso.con [172.23.4.14] transport=syslog categories=default,employees vsys=1 networks=172.0.0.0/8,10.97.0.0/16 port=443 cache_updates=0 username_format=$username type=PaloAlto cache_timeout=0 [172.22.3.13] transport=syslog categories=default,employees vsys=1 networks=172.24.0.0/16 cache_timeout=0 port=443 cache_updates=0 username_format=$username type=PaloAlto #[192.168.1.254] #type=FortiGate #password=s3cr3t #port=1813 #[192.168.1.253] #type=PaloAlto #key= # Specific tothe PaloAlto firewall , you must use a username and passwordto fetch the key to use (see PaloAlto documentation). --Original -- From: Julien Semaan <jsem...@inverse.ca> Date: ,12?? 21,2017 23:36 To: Yan <1136723...@qq.com>, packetfence-users <packetfence-users@lists.sourceforge.net> Subject: Re: [PacketFence-users] Why pfsso restarts itself recently ? I have a theory of what could be happening. Seems like the formatting of the usernames might be causing issues with multiple firewalls which you do seems to have. Could you send me your /usr/local/pf/conf/firewall_sso.conf (with obfuscated secrets obviously) Regards, -- Julien semaanjsem...@inverse.ca :: +1 (866) 353-6153 *155 :: www.inverse.caInverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence (www.packetfence.org) On 2017-12-21 10:24 AM, Yan wrote: It??s thelatest version, V7.3. -- Original -- From: Julien Semaan <jsem...@inverse.ca> Date: ,12?? 21,2017 23:23 To: packetfence-users <packetfence-users@lists.sourceforge.net> Cc: Yan <1136723...@qq.com> Subject: Re: [PacketFence-users] Why pfsso restarts itself recently ? Hi Yan, Could you provide your PacketFence version? Thanks -- Julien semaanjsem...@inverse.ca :: +1 (866) 353-6153 *155 :: www.inverse.caInverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence (www.packetfence.org) On 2017-12-21 09:56 AM, Yan via PacketFence-users wrote: Hi Fabrice, Just after I sent out the mail, pfsso restarted again. I checked a long time to detect the exact stop time but not found any obvious log said pfsso stop. But I found below suspisious logs that might related to pfsso restart,
Re: [PacketFence-users] Why pfsso restarts itself recently ?
Hi Yan, Turns out the issue was easier to replicate than expected and even better, the fix was easier than expected. I've uploaded a new binary with the fix here: https://support.inverse.ca/~jsemaan/pfhttpd Here is how to apply the fix: # mv /usr/local/pf/bin/pfhttpd /usr/local/pf/bin/pfhttpd.bak # curl https://support.inverse.ca/~jsemaan/pfhttpd-2841 > /usr/local/pf/bin/pfhttpd # systemctl restart packetfence-pfsso If it fails to start, revert to the previous pfhttpd and let me know the errors in journalctl This will be part of 7.4 so no need to worry about it for your future upgrade Best Regards, -- Julien Semaan jsem...@inverse.ca :: +1 (866) 353-6153 *155 ::www.inverse.ca Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence (www.packetfence.org) On 2017-12-21 10:53 AM, Yan wrote: Glad to hear that. Thank you so much. Waiting for your good news. -- Original -- *From:* Julien Semaan <jsem...@inverse.ca> *Date:* ,12?? 21,2017 23:51 *To:* Yan <1136723...@qq.com>, packetfence-users <packetfence-users@lists.sourceforge.net> *Subject:* Re: [PacketFence-users] Why pfsso restarts itself recently ? Hi Yan, That config confirms my theory, having user/IP mapping sent to your firewall is what we call SSO in PacketFence so you're technically doing it. I've opened the following Github issue to track this problem: https://github.com/inverse-inc/packetfence/issues/2847 I should be able to provide resolution before the end of the week and will update the mailing list + the Github issue Best Regards, -- Julien semaanjsem...@inverse.ca :: +1 (866) 353-6153 *155 ::www.inverse.caInverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence (www.packetfence.org) On 2017-12-21 10:48 AM, Yan wrote: Hi Semaan, My pf version is 7.3. My config file is as below. I just use syslog feature to send ip user mapping info to palo alto firewall. I don??t need to do sso via PF. /usr/local/pf/conf/firewall_sso.con [172.23.4.14] transport=syslog categories=default,employees vsys=1 networks=172.0.0.0/8,10.97.0.0/16 port=443 cache_updates=0 username_format=$username type=PaloAlto cache_timeout=0 [172.22.3.13] transport=syslog categories=default,employees vsys=1 networks=172.24.0.0/16 cache_timeout=0 port=443 cache_updates=0 username_format=$username type=PaloAlto #[192.168.1.254] #type=FortiGate #password=s3cr3t #port=1813 #[192.168.1.253] #type=PaloAlto #key= # Specific to the PaloAlto firewall , you must use a username and password to fetch the key to use (see PaloAlto documentation). -- Original -- *From:* Julien Semaan <jsem...@inverse.ca> *Date:* ,12?? 21,2017 23:36 *To:* Yan <1136723...@qq.com>, packetfence-users <packetfence-users@lists.sourceforge.net> *Subject:* Re: [PacketFence-users] Why pfsso restarts itself recently ? I have a theory of what could be happening. Seems like the formatting of the usernames might be causing issues with multiple firewalls which you do seems to have. Could you send me your /usr/local/pf/conf/firewall_sso.conf (with obfuscated secrets obviously) Regards, -- Julien semaanjsem...@inverse.ca :: +1 (866) 353-6153 *155 ::www.inverse.caInverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence (www.packetfence.org) On 2017-12-21 10:24 AM, Yan wrote: It??s the latest version, V7.3. -- Original -- *From:* Julien Semaan <jsem...@inverse.ca> *Date:* ,12?? 21,2017 23:23 *To:* packetfence-users <packetfence-users@lists.sourceforge.net> *Cc:* Yan <1136723...@qq.com> *Subject:* Re: [PacketFence-users] Why pfsso restarts itself recently ? Hi Yan, Could you provide your PacketFence version? Thanks -- Julien semaanjsem...@inverse.ca :: +1 (866) 353-6153 *155 ::www.inverse.caInverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence (www.packetfence.org) On 2017-12-21 09:56 AM, Yan via PacketFence-users wrote: Hi Fabrice, Just after I sent out the mail, pfsso restarted again. I checked a long time to detect the exact stop time but not found any obvious log said pfsso stop. But I found below suspisious logs that might related to pfsso restart, and the time is very related to alert time. -- Original -- *From:* packetfence-users <packetfence-users@lists.sourceforge.net> *Date:* ,12?? 21,2017 21:36 *To:* packetfence-users <packetfence-users@lists.sourceforge.net> *Cc:* Fabrice Durand <fdur...@inverse.ca> *Subject:* Re: [PacketFence-users] Why pfsso restarts itself recently ? Hello Yan, can you have a look in journalctl when pfsso restart ? (and give me the log please) Regards Fabrice Le 2017-12-21 ?? 08:26, Yan via PacketFence-users a ??crit : Hi users, Recently the pfsso service on our PF system always shutting down suddenly and then about one or two minutes it start
Re: [PacketFence-users] Why pfsso restarts itself recently ?
Hi Yan, That config confirms my theory, having user/IP mapping sent to your firewall is what we call SSO in PacketFence so you're technically doing it. I've opened the following Github issue to track this problem: https://github.com/inverse-inc/packetfence/issues/2847 I should be able to provide resolution before the end of the week and will update the mailing list + the Github issue Best Regards, -- Julien Semaan jsem...@inverse.ca :: +1 (866) 353-6153 *155 ::www.inverse.ca Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence (www.packetfence.org) On 2017-12-21 10:48 AM, Yan wrote: Hi Semaan, My pf version is 7.3. My config file is as below. I just use syslog feature to send ip user mapping info to palo alto firewall. I don??t need to do sso via PF. /usr/local/pf/conf/firewall_sso.con [172.23.4.14] transport=syslog categories=default,employees vsys=1 networks=172.0.0.0/8,10.97.0.0/16 port=443 cache_updates=0 username_format=$username type=PaloAlto cache_timeout=0 [172.22.3.13] transport=syslog categories=default,employees vsys=1 networks=172.24.0.0/16 cache_timeout=0 port=443 cache_updates=0 username_format=$username type=PaloAlto #[192.168.1.254] #type=FortiGate #password=s3cr3t #port=1813 #[192.168.1.253] #type=PaloAlto #key= # Specific to the PaloAlto firewall , you must use a username and password to fetch the key to use (see PaloAlto documentation). -- Original -- *From:* Julien Semaan <jsem...@inverse.ca> *Date:* ,12?? 21,2017 23:36 *To:* Yan <1136723...@qq.com>, packetfence-users <packetfence-users@lists.sourceforge.net> *Subject:* Re: [PacketFence-users] Why pfsso restarts itself recently ? I have a theory of what could be happening. Seems like the formatting of the usernames might be causing issues with multiple firewalls which you do seems to have. Could you send me your /usr/local/pf/conf/firewall_sso.conf (with obfuscated secrets obviously) Regards, -- Julien semaanjsem...@inverse.ca :: +1 (866) 353-6153 *155 ::www.inverse.caInverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence (www.packetfence.org) On 2017-12-21 10:24 AM, Yan wrote: It??s the latest version, V7.3. -- Original -- *From:* Julien Semaan <jsem...@inverse.ca> *Date:* ,12?? 21,2017 23:23 *To:* packetfence-users <packetfence-users@lists.sourceforge.net> *Cc:* Yan <1136723...@qq.com> *Subject:* Re: [PacketFence-users] Why pfsso restarts itself recently ? Hi Yan, Could you provide your PacketFence version? Thanks -- Julien semaanjsem...@inverse.ca :: +1 (866) 353-6153 *155 ::www.inverse.caInverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence (www.packetfence.org) On 2017-12-21 09:56 AM, Yan via PacketFence-users wrote: Hi Fabrice, Just after I sent out the mail, pfsso restarted again. I checked a long time to detect the exact stop time but not found any obvious log said pfsso stop. But I found below suspisious logs that might related to pfsso restart, and the time is very related to alert time. -- Original -- *From:* packetfence-users <packetfence-users@lists.sourceforge.net> *Date:* ,12?? 21,2017 21:36 *To:* packetfence-users <packetfence-users@lists.sourceforge.net> *Cc:* Fabrice Durand <fdur...@inverse.ca> *Subject:* Re: [PacketFence-users] Why pfsso restarts itself recently ? Hello Yan, can you have a look in journalctl when pfsso restart ? (and give me the log please) Regards Fabrice Le 2017-12-21 ?? 08:26, Yan via PacketFence-users a ??crit : Hi users, Recently the pfsso service on our PF system always shutting down suddenly and then about one or two minutes it start again without any help. Below is our monitor log from zabbix. Why would pf restart pfsso automatically ? There's no issue with other features so I don't know if I should do anything ? --Check out the vibrant tech community on one of the world's mostengaging tech sites, Slashdot.org!http://sdm.link/slashdot ___PacketFence-users mailing listPacketFence-users@lists.sourceforge.nethttps://lists.sourceforge.net/lists/listinfo/packetfence-users -- Fabrice durandfdur...@inverse.ca :: +1.514.447.4918 (x135) ::www.inverse.caInverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence (http://packetfence.org) This body part will be downloaded on demand. This body part will be downloaded on demand. -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
Re: [PacketFence-users] Why pfsso restarts itself recently ?
It??s the latest version, V7.3. -- Original -- From: Julien Semaan <jsem...@inverse.ca> Date: ,12?? 21,2017 23:23 To: packetfence-users <packetfence-users@lists.sourceforge.net> Cc: Yan <1136723...@qq.com> Subject: Re: [PacketFence-users] Why pfsso restarts itself recently ? Hi Yan, Could you provide your PacketFence version? Thanks -- Julien semaanjsem...@inverse.ca :: +1 (866) 353-6153 *155 :: www.inverse.caInverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence (www.packetfence.org) On 2017-12-21 09:56 AM, Yan via PacketFence-users wrote: Hi Fabrice, Just after I sent out the mail, pfsso restarted again. I checked a long time to detect the exact stop time but not found any obvious log said pfsso stop. But I found below suspisious logs that might related to pfsso restart, and the time is very related to alert time. --Original -- From: packetfence-users <packetfence-users@lists.sourceforge.net> Date: ,12?? 21,2017 21:36 To: packetfence-users <packetfence-users@lists.sourceforge.net> Cc: Fabrice Durand <fdur...@inverse.ca> Subject: Re: [PacketFence-users] Why pfsso restarts itself recently ? Hello Yan, can you have a look in journalctl when pfsso restart ? (and give me the log please) Regards Fabrice Le 2017-12-21 ?? 08:26, Yan via PacketFence-users a ??crit : Hi users, Recently the pfsso service on our PF system always shutting down suddenly and then about one or two minutes it start again without any help. Below is our monitor log from zabbix. Why would pf restart pfsso automatically ? There's no issue with other features so I don't know if I should do anything ? --Check out the vibrant tech community on one of the world's mostengaging tech sites, Slashdot.org! http://sdm.link/slashdot ___PacketFence-users mailing listPacketFence-users@lists.sourceforge.nethttps://lists.sourceforge.net/lists/listinfo/packetfence-users -- Fabrice durandfdur...@inverse.ca :: +1.514.447.4918 (x135) :: www.inverse.caInverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence (http://packetfence.org) This body part will be downloaded on demand. This body part will be downloaded on demand.-- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
Re: [PacketFence-users] Why pfsso restarts itself recently ?
I have a theory of what could be happening. Seems like the formatting of the usernames might be causing issues with multiple firewalls which you do seems to have. Could you send me your /usr/local/pf/conf/firewall_sso.conf (with obfuscated secrets obviously) Regards, -- Julien Semaan jsem...@inverse.ca :: +1 (866) 353-6153 *155 ::www.inverse.ca Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence (www.packetfence.org) On 2017-12-21 10:24 AM, Yan wrote: It??s the latest version, V7.3. -- Original -- *From:* Julien Semaan <jsem...@inverse.ca> *Date:* ,12?? 21,2017 23:23 *To:* packetfence-users <packetfence-users@lists.sourceforge.net> *Cc:* Yan <1136723...@qq.com> *Subject:* Re: [PacketFence-users] Why pfsso restarts itself recently ? Hi Yan, Could you provide your PacketFence version? Thanks -- Julien semaanjsem...@inverse.ca :: +1 (866) 353-6153 *155 ::www.inverse.caInverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence (www.packetfence.org) On 2017-12-21 09:56 AM, Yan via PacketFence-users wrote: Hi Fabrice, Just after I sent out the mail, pfsso restarted again. I checked a long time to detect the exact stop time but not found any obvious log said pfsso stop. But I found below suspisious logs that might related to pfsso restart, and the time is very related to alert time. -- Original -- *From:* packetfence-users <packetfence-users@lists.sourceforge.net> *Date:* ,12?? 21,2017 21:36 *To:* packetfence-users <packetfence-users@lists.sourceforge.net> *Cc:* Fabrice Durand <fdur...@inverse.ca> *Subject:* Re: [PacketFence-users] Why pfsso restarts itself recently ? Hello Yan, can you have a look in journalctl when pfsso restart ? (and give me the log please) Regards Fabrice Le 2017-12-21 ?? 08:26, Yan via PacketFence-users a ??crit : Hi users, Recently the pfsso service on our PF system always shutting down suddenly and then about one or two minutes it start again without any help. Below is our monitor log from zabbix. Why would pf restart pfsso automatically ? There's no issue with other features so I don't know if I should do anything ? --Check out the vibrant tech community on one of the world's mostengaging tech sites, Slashdot.org!http://sdm.link/slashdot ___PacketFence-users mailing listPacketFence-users@lists.sourceforge.nethttps://lists.sourceforge.net/lists/listinfo/packetfence-users -- Fabrice durandfdur...@inverse.ca :: +1.514.447.4918 (x135) ::www.inverse.caInverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence (http://packetfence.org) This body part will be downloaded on demand. This body part will be downloaded on demand. -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
Re: [PacketFence-users] Why pfsso restarts itself recently ?
Hi Yan, Could you provide your PacketFence version? Thanks -- Julien Semaan jsem...@inverse.ca :: +1 (866) 353-6153 *155 ::www.inverse.ca Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence (www.packetfence.org) On 2017-12-21 09:56 AM, Yan via PacketFence-users wrote: Hi Fabrice, Just after I sent out the mail, pfsso restarted again. I checked a long time to detect the exact stop time but not found any obvious log said pfsso stop. But I found below suspisious logs that might related to pfsso restart, and the time is very related to alert time. -- Original -- *From:* packetfence-users <packetfence-users@lists.sourceforge.net> *Date:* ,12?? 21,2017 21:36 *To:* packetfence-users <packetfence-users@lists.sourceforge.net> *Cc:* Fabrice Durand <fdur...@inverse.ca> *Subject:* Re: [PacketFence-users] Why pfsso restarts itself recently ? Hello Yan, can you have a look in journalctl when pfsso restart ? (and give me the log please) Regards Fabrice Le 2017-12-21 ?? 08:26, Yan via PacketFence-users a ??crit : Hi users, Recently the pfsso service on our PF system always shutting down suddenly and then about one or two minutes it start again without any help. Below is our monitor log from zabbix. Why would pf restart pfsso automatically ? There's no issue with other features so I don't know if I should do anything ? --Check out the vibrant tech community on one of the world's mostengaging tech sites, Slashdot.org!http://sdm.link/slashdot ___PacketFence-users mailing listPacketFence-users@lists.sourceforge.nethttps://lists.sourceforge.net/lists/listinfo/packetfence-users -- Fabrice durandfdur...@inverse.ca :: +1.514.447.4918 (x135) ::www.inverse.caInverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence (http://packetfence.org) This body part will be downloaded on demand. This body part will be downloaded on demand. -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users