[PacketFence-users] Frequent haproxy portal segfaults

[Cristian Mammoli via PacketFence-users]

Hi, multiple times a day haproxy-portal segfaults. I had to configure a 
"watchdog" to restart it:


dmesg:
[313974.875103] haproxy[1983]: segfault at 581d9e1d ip 560257f6d1d2 
sp 7ffca504d770 error 4 in haproxy[560257ed2000+101000]
[314296.013258] haproxy[11239]: segfault at 3575a81d ip 55b7354e91d2 
sp 7ffebde0a0b0 error 4 in haproxy[55b73544e000+101000]
[345500.600770] haproxy[5437]: segfault at 395181d ip 5584036e01d2 
sp 7ffdde48cc00 error 4 in haproxy[558403645000+101000]
[347232.808143] haproxy[11087]: segfault at a1f31e1d ip 5605a1cc51d2 
sp 7fff45eb6a00 error 4 in haproxy[5605a1c2a000+101000]
[347611.306720] haproxy[17569]: segfault at f75a0e1d ip 55a8f73341d2 
sp 7ffc724dc360 error 4 in haproxy[55a8f7299000+101000]
[347909.722693] haproxy[18572]: segfault at cc7b781d ip 557acc5461d2 
sp 7ffef0991110 error 4 in haproxy[557acc4ab000+101000]


journalctl -u packetfence-haproxy-portal.service:
Jun 05 09:41:27 srvpf.apra.it systemd[1]: Starting PacketFence HAProxy 
Load Balancer for the captive portal...
Jun 05 09:41:29 srvpf.apra.it packetfence[17557]: WARN pfcmd.pl(17557): 
requesting member ips for an undefined interface... 
(pf::cluster::members_ips)
Jun 05 09:41:29 srvpf.apra.it packetfence[17557]: WARN pfcmd.pl(17557): 
requesting member ips for an undefined interface... 
(pf::cluster::members_ips)
Jun 05 09:41:29 srvpf.apra.it packetfence[17557]: WARN pfcmd.pl(17557): 
requesting member ips for an undefined interface... 
(pf::cluster::members_ips)
Jun 05 09:41:29 srvpf.apra.it packetfence[17557]: WARN pfcmd.pl(17557): 
requesting member ips for an undefined interface... 
(pf::cluster::members_ips)

Jun 05 09:41:29 srvpf.apra.it pfcmd[17557]: service|command
Jun 05 09:41:29 srvpf.apra.it pfcmd[17557]: haproxy-portal|config generated
Jun 05 09:41:29 srvpf.apra.it systemd[1]: Started PacketFence HAProxy 
Load Balancer for the captive portal.
Jun 05 09:41:29 srvpf.apra.it haproxy-systemd-wrapper[17564]: 
haproxy-systemd-wrapper: executing /usr/sbin/haproxy -f 
/usr/local/pf/var/conf/haproxy-portal.conf -p /usr/local/pf/var/run/
Jun 05 09:41:47 srvpf.apra.it haproxy-systemd-wrapper[17564]: 
haproxy-systemd-wrapper: exit, haproxy RC=0


cat /etc/redhat-release
CentOS Linux release 7.5.1804 (Core)

cat /usr/local/pf/conf/pf-release
PacketFence 8.0.1

yum info haproxy
Loaded plugins: fastestmirror, langpacks
Loading mirror speeds from cached hostfile
 * base: it.centos.contactlab.it
 * extras: it.centos.contactlab.it
 * updates: it.centos.contactlab.it
Installed Packages
Name    : haproxy
Arch    : x86_64
Version : 1.6.11
Release : 1.2
Size    : 3.1 M
Repo    : installed
From repo   : packetfence


--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] interfaces does not show up - network.conf is empty

[Annibal Abreu via PacketFence-users]

Hi,

I am trying to use PF only as a Radius Server, but all requests are
rejected.

Thus, it seems to be working.

I have just realized that there is no interface showing up in the web
interface.

network.conf is EMPTY

I am using CENTOS 7

How do I stop all packetfence processes and start it again?

How to make PF to recognize interfaces?


-bash-4.2# ifconfig
eth0: flags=4163  mtu 1500
inet 206.81.10.58  netmask 255.255.240.0  broadcast 206.81.15.255
inet6 fe80::1874:21ff:fe53:eec1  prefixlen 64  scopeid 0x20
ether 1a:74:21:53:ee:c1  txqueuelen 1000  (Ethernet)
RX packets 9329  bytes 1159788 (1.1 MiB)
RX errors 0  dropped 0  overruns 0  frame 0
TX packets 8378  bytes 1623150 (1.5 MiB)
TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73  mtu 65536
inet 127.0.0.1  netmask 255.0.0.0
inet6 ::1  prefixlen 128  scopeid 0x10
loop  txqueuelen 1000  (Local Loopback)
RX packets 14305923  bytes 2728806397 (2.5 GiB)
RX errors 0  dropped 0  overruns 0  frame 0
TX packets 14305923  bytes 2728806397 (2.5 GiB)
TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

Annibal
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] Configuration with AD DHCP or Router DHCP

[AdvBaxter via PacketFence-users]

Hi,

 

In my existing network,  im plan just run DHCP on router (high end router).
Is it necessary for me to create AD(for radius authentication)  or just skip
AD and use packetfence instead. Since packetfence have freeradius in step by
step configuration (out of band deployment). 

 

 

Thank you.

--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] Could not write namespace config::PfDefault to L2 cache

[Annibal Abreu via PacketFence-users]

Hi

I have already installed PF8 ok.

However, I had to reinstall and now I am getting this message, and can not
start configurator.

Annibal
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] pf 7.4 to 8.01 upgrade

[Will Halsall via PacketFence-users]

Hi Folks

After upgrading to PF 8.01 the Auditing page is no longer being updated See 
below:

>From the packetfence.log and radius.log everything looks OK and all is working 
>but the audit page is still blank

Could you give me a clue as to where to start to solve the problem please?


[cid:image001.png@01D3FBF5.D3C7EAD0]




[http://fcot5.farn-ct.ac.uk/Email_Signature_Open_Events.jpg] 


This message is intended only for the use of the person(s) to
whom it is addressed, and may contain privileged and confidential information.
If it has come to you in error, please contact the sender as soon as possible,
and note that you must take no action based on the content, nor must you copy,
distribute, or show the content to any other person.


In accordance with its legal obligations, Farnborough College of
Technology reserves the right to monitor the content of e-mails sent and
received, but will not do so routinely.
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] eduroam+packetfence with openldap authentication

[jabang konate via PacketFence-users]

hi fabrice

any update for this issue?

On Thu, May 31, 2018 at 4:41 PM, jabang konate 
wrote:

> hi fabrice.
>
> i already try the code and it work well.
> i try with limit 1 node per user with DEFAULT role.
>
> but i have something strange.
>
> when user rejected/denied by the packetfence, i saw user will be in REJECT
> role.
> and then i try to deregister the first device from nodes tab, then i try
> again with my second device with REJECT role and i still can't connect with
> my network and still with REJECT role.
> i must configure manual in nodes tab to apply role DEFAULT to my REJECT
> device, and then try to reconnect again to get acess to network.
>
> is it normal ?
>
> here my packetfence log.
>
>
>
>
>
> On Wed, May 30, 2018 at 7:42 PM, Fabrice Durand via PacketFence-users <
> packetfence-users@lists.sourceforge.net> wrote:
>
>> Hello Jabang,
>>
>> thanks for testing it.
>>
>> Also for the limitation, i did some work on that not a long time ago and
>> it should be fixed by https://patch-diff.githubuserc
>> ontent.com/raw/inverse-inc/packetfence/pull/3236.diff
>>
>> Can you test it too and let me know.
>>
>> Regards
>>
>> Fabrice
>>
>>
>>
>> Le 2018-05-30 à 00:23, jabang konate via PacketFence-users a écrit :
>>
>> hi fabrice
>> thanks a lot and great work.
>>
>> now i can login with my local realm and remote realm from other
>> university.
>>
>> i have  another question,is it possible to limit device node per user in
>> eduroam?
>> i try with default role to limit 2 devices, but when third devices login
>> with the same username , user can still login but with blank role in
>> packetfence web.
>>
>>
>>
>>
>>
>>
>> On Tue, May 29, 2018 at 11:36 PM, Fabrice Durand via PacketFence-users <
>> packetfence-users@lists.sourceforge.net> wrote:
>>
>>> Hello Jabang,
>>>
>>> can you try that:
>>>
>>> https://github.com/inverse-inc/packetfence/compare/fix/eduro
>>> am_standalone.diff
>>>
>>> Regards
>>>
>>> Fabrice
>>>
>>>
>>>
>>> Le 2018-05-25 à 03:50, jabang konate via PacketFence-users a écrit :
>>>
>>> hi fabrice,
>>> ok i will wait for patch
>>>
>>> thank you
>>>
>>> On Fri, May 25, 2018 at 1:33 AM, Fabrice Durand via PacketFence-users <
>>> packetfence-users@lists.sourceforge.net> wrote:
>>>
 Ok there is a bug, i need to fix it.



 Le 2018-05-24 à 11:33, jabang konate via PacketFence-users a écrit :

 hi fabrice.

 10.18.23.60 is ip National Roaming Operator  eduroam in my Country.

 attach my eduroam config file.


 On Thu, May 24, 2018 at 7:43 PM, Fabrice Durand via PacketFence-users <
 packetfence-users@lists.sourceforge.net> wrote:

> What is 10.18.23.60 ?
>
> can you share with me your file /usr/local/pf/raddb/sites-enabled/eduroam
> ?
>
> Le 2018-05-24 à 00:46, jabang konate via PacketFence-users a écrit :
>
> Hi fabrice,
> today i try again with my packetfence.
>
> in packetfence-tunnel configuration i change configuration like
> this,
>if (update) {
> update control {
> &MS-CHAP-Use-NTLM-Auth := No
> }
> }
>  }
> because from the output i don't see "ok", and then now i can login
> with my ldap account but with port 1812 in my access point, but not using
> port 11812.
> if i'm using 11812 my request always forward to Realm eduroam my home
> server, and not forward the request to packetfence virtual server
> (sites-enabled/packetfence then site-enabled/packetfence-tunnel) as
> you said in scenario 1.
>
> (1) Thu May 24 11:06:15 2018: Debug: suffix: Checking for suffix after
> "@"
> (1) Thu May 24 11:06:15 2018: Debug: suffix: Looking up realm "
> xyz.ac.id" for User-Name = "testu...@xyz.ac.id"
> (1) Thu May 24 11:06:15 2018: Debug: suffix: Found realm "xyz.ac.id"
> (1) Thu May 24 11:06:15 2018: Debug: suffix: Adding Stripped-User-Name
> = "testuser"
> (1) Thu May 24 11:06:15 2018: Debug: suffix: Adding Realm = "xyz.ac.id
> "
> (1) Thu May 24 11:06:15 2018: Debug: suffix: Authentication realm is
> LOCAL
> (1) Thu May 24 11:06:15 2018: Debug: [suffix] = ok
> (1) Thu May 24 11:06:15 2018: Debug: ntdomain: Request already has
> destination realm set.  Ignoring
> (1) Thu May 24 11:06:15 2018: Debug: [ntdomain] = noop
> (1) Thu May 24 11:06:15 2018: Debug: if (User-Name =~ /@/) {
> (1) Thu May 24 11:06:15 2018: Debug: if (User-Name =~ /@/)  -> TRUE
> (1) Thu May 24 11:06:15 2018: Debug: if (User-Name =~ /@/)  {
> (1) Thu May 24 11:06:15 2018: Debug:   update control {
> (1) Thu May 24 11:06:15 2018: Debug:   } # update control = noop
> (1) Thu May 24 11:06:15 2018: Debug: } # if (User-Name =~ /@/)  =
> noop
> (1) Thu May 24 11:06:15 2018: Debug: ... skipping else: Preceding
> "if" was taken
> (1) Thu May 24 11:06:15 2018: Debug: eap: Request is su

[PacketFence-users] Cant Connect to AD - Failed to join domain: failed to connect to AD: Client not found in Kerberos database

[Matthew Knott via PacketFence-users]

Hi,

Hoping someone can help be with this Error.

When trying to Connect to a Windows 2008R2 Level Domain, I receive this Error 
in the Web GUI.

Failed to join domain: failed to connect to AD: Client not found in Kerberos 
database

And can see the Following in the Packetfence.log

Jun  5 05:32:48 auqldrv00nac1ai packetfence_httpd.aaa: httpd.aaa(13719) INFO: 
[mac:00:04:f2:86:1e:a6] Password validation failed for cisco: passwords don't 
match (pf::password::validate_password)
Jun  5 05:32:48 auqldrv00nac1ai packetfence_httpd.aaa: httpd.aaa(13719) ERROR: 
[mac:00:04:f2:86:1e:a6] Error binding '80090308: LdapErr: DSID-0C0903D9, 
comment: AcceptSecurityContext error, data 52e, v2580
Jun  5 05:32:48 auqldrv00nac1ai packetfence_httpd.aaa: httpd.aaa(13719) WARN: 
[mac:00:04:f2:86:1e:a6] [JBSAD] Unable to connect to ldap.jbssa.com.au 
(pf::Authentication::Source::LDAPSource::_connect)
Jun  5 05:32:48 auqldrv00nac1ai packetfence_httpd.aaa: httpd.aaa(13719) ERROR: 
[mac:00:04:f2:86:1e:a6] [JBSAD] Unable to connect to any LDAP server 
(pf::Authentication::Source::LDAPSource::_connect)
Jun  5 05:32:48 auqldrv00nac1ai packetfence_httpd.aaa: httpd.aaa(13719) ERROR: 
[mac:00:04:f2:86:1e:a6] unable to read password file 
'/usr/local/pf/conf/admin.conf' 
(pf::Authentication::Source::HtpasswdSource::authenticate)

Looking in the log.winbind file in /chroots/JBXAD/var/log/sambaJBXAD I can see 
the Following

[2018/05/31 06:22:43.266435,  0] ../lib/util/become_daemon.c:124(daemon_ready)
  STATUS=daemon 'winbindd' finished starting up and ready to serve connections
[2018/05/31 06:22:43.409235,  0] 
../source3/librpc/crypto/gse.c:214(gse_context_init)
  Failed to initialize kerberos context! (Included profile directory could not 
be read)
[2018/05/31 22:23:12.606100,  0] 
../source3/winbindd/winbindd.c:281(winbindd_sig_term_handler)
  Got sig[15] terminate (is_parent=0)
[2018/05/31 22:23:12.607356,  0] 
../source3/winbindd/winbindd.c:281(winbindd_sig_term_handler)
  Got sig[15] terminate (is_parent=1)

Wbinfo -u  returns a list of users

ntlm_auth --username=mk.adm
Password:
NT_STATUS_OK: The operation completed successfully. (0x0)


Also Works.
NTP is in Sync

Yet I still can't perform 802.1x Auth nor can I Use AD as a Authentication 
Source.

Anyone have any Idea's

Thanks
In advance

Matthew



Matthew Knott
IT Network & Security Administrator
E. matthew.kn...@jbssa.com.au

[JBS Australia]
T.  07 3810 2269
M.  0477733185
F.  07 3816 0535




JBS Australia
1 Lock Way, Riverview QLD 4303
P.O. Box 139 Booval Qld 4304


jbssa.com.au  .  
LinkedIn



Important Notice:

The contents of this electronic message and any attachments are intended only 
for the addressee and may contain legally privileged or confidential 
information. They may be only used for the purposes for which they were 
supplied. If you are not the addressee, you are notified that any transmission, 
distribution, downloading, printing or photocopying of the contents of this 
message or attachments is strictly prohibited. Any privilege and/or 
confidentiality attached to this message and attachments is not waived, lost or 
destroyed by reason of mistaken delivery to you. If you have received this 
message in error you should notify the sender by return e-mail or telephone +61 
7 3810 2100, and destroy all copies of the message and any attachments.
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] interfaces does not show up - network.conf is empty

[Annibal Abreu via PacketFence-users]

Hi,

I just reinstall and now everything is fine.

thanks.

Annibal Hoeschl Abreu
+55 (48) 3879.1652
+55 (48) 988.284.491





On Sun, Jun 3, 2018 at 9:48 AM, Annibal Abreu 
wrote:

> Hi,
>
> I am trying to use PF only as a Radius Server, but all requests are
> rejected.
>
> Thus, it seems to be working.
>
> I have just realized that there is no interface showing up in the web
> interface.
>
> network.conf is EMPTY
>
> I am using CENTOS 7
>
> How do I stop all packetfence processes and start it again?
>
> How to make PF to recognize interfaces?
>
>
> -bash-4.2# ifconfig
> eth0: flags=4163  mtu 1500
> inet 206.81.10.58  netmask 255.255.240.0  broadcast 206.81.15.255
> inet6 fe80::1874:21ff:fe53:eec1  prefixlen 64  scopeid 0x20
> ether 1a:74:21:53:ee:c1  txqueuelen 1000  (Ethernet)
> RX packets 9329  bytes 1159788 (1.1 MiB)
> RX errors 0  dropped 0  overruns 0  frame 0
> TX packets 8378  bytes 1623150 (1.5 MiB)
> TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
>
> lo: flags=73  mtu 65536
> inet 127.0.0.1  netmask 255.0.0.0
> inet6 ::1  prefixlen 128  scopeid 0x10
> loop  txqueuelen 1000  (Local Loopback)
> RX packets 14305923  bytes 2728806397 (2.5 GiB)
> RX errors 0  dropped 0  overruns 0  frame 0
> TX packets 14305923  bytes 2728806397 (2.5 GiB)
> TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
>
> Annibal
>
>
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users