subject:"Re\: \[PacketFence\-users\] Packetfence config related fallback plan"

Re: [PacketFence-users] Packetfence config related fallback plan

2022-04-15 Thread Zammit, Ludovic via PacketFence-users

Hello,

You could check if everything is in order in packetfence with 
/usr/local/pf/bin/pfcmd checkup

You could also post your /usr/local/pf/var/conf/haproxy-db.conf

Thanks,

Ludovic Zammit
Product Support Engineer Principal

Cell: +1.613.670.8432
Akamai Technologies - Inverse
145 Broadway
Cambridge, MA 02142
Connect with Us:   
    
  
  


> On Apr 15, 2022, at 7:22 AM, Misbah Hussaini  wrote:
> 
> Thanks for that tip Fabrice, yes indeed the host entry was missing from the 
> pf.conf file under the database section but it was there in pfconfig.conf. 
> 
> I have added it to pf.conf and ran below commands, I will observe to identify 
> if this brings a difference. 
> 
> systemctl restart packetfence-config
> /usr/local/pf/bin/pfcmd configreload
> /usr/local/pf/bin/pfcmd service pf restart
> Is there a script to perform health check on galera cluster nodes?
> 
> Regards
> 
> 
> On Fri, 15 Apr 2022 at 05:22, Fabrice Durand  > wrote:
> probably a misconfiguration issue.
> https://www.packetfence.org/doc/PacketFence_Clustering_Guide.html#_packetfence_configuration_modification_first_server_only
>  
> 
> 
> Notice host=127.0.0.1
> 
> if you forgot that then it means that each server will use the local database 
> instance to insert and it will result with table lock.
> 
> Le jeu. 14 avr. 2022 à 14:22, Zammit, Ludovic via PacketFence-users 
>  > a écrit :
> Hello Misbah,
> 
> We only an issue with chunk = ‘8192’ for EAP TLS and not EAP PEAP.
> 
> I way too big to cover your entire cluster config on the mailing list, I will 
> suggest you to take some consulting hours with Akamai and we will do a sanity 
> check on your cluster to see why the database would disconnect.
> 
> Thanks,
> 
> Ludovic Zammit
> Product Support Engineer Principal
> 
> Cell: +1.613.670.8432
> Akamai Technologies - Inverse
> 145 Broadway
> Cambridge, MA 02142
> Connect with Us:     
>   
> 
>   
> 
>   
> 
>   
> 
> 
>> On Apr 13, 2022, at 7:14 PM, Misbah Hussaini > > wrote:
>> 
>> Hello Ludovic,
>> 
>> Again we had an outage and this time it looks like DB had some sort of 
>> locking issues. The temp fix was to restart the mariadb service. I'm running 
>> PF 11.2 with 3 nodes cluster doing 802.1x and mac auth and I see below 
>> messages in packetfence.log at the time when the problem began and these 
>> messages continued till DB was restarted.
>> 
>> Packetfence.log:
>> 
>> Apr 13 21:47:12 NAC1 pfqueue[3025858]: pfqueue(3025858) ERROR: [mac:unknown] 
>> Database query failed with non retryable error: Lock wait timeout exceeded; 
>> try restarting transaction (errno: 1205) [INSERT INTO `node` ( `autoreg`, 
>> `bandwidth_balance`, `bypass_role_id`, `bypass_vlan`, `category_id`, 
>> `computername`, `detect_date`, `device_class`, `device_manufacturer`, 
>> `device_score`, `device_type`, `device_version`, `dhcp6_enterprise`, 
>> `dhcp6_fingerprint`, `dhcp_fingerprint`, `dhcp_vendor`, `last_arp`, 
>> `last_dhcp`, `last_seen`, `lastskip`, `mac`, `machine_account`, `notes`, 
>> `pid`, `regdate`, `sessionid`, `status`, `tenant_id`, `time_balance`, 
>> `unregdate`, `user_agent`, `voip`) VALUES ( ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, 
>> ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ? ) ON DUPLICATE 
>> KEY UPDATE `last_dhcp` = ?, `tenant_id` = ?]{no, NULL, NULL, , NULL, 
>> SEPC4143C97B434, 2021-12-23 14:27:33, VoIP Device, Cisco Systems, Inc, 76, 
>> Cisco IP Phone CP-7945G, , , , 1,66,6,3,15,150,35, Cisco Systems, Inc. IP 
>> Phone CP-7945G, -00-00 00:00:00, 2022-04-13 21:46:21, 2021-12-24 
>> 20:10:12, -00-00 00:00:00, c4:14:3c:97:b4:34, NULL, , default, 
>> -00-00 00:00:00, , unreg, 1, NULL, -00-00 00:00:00, , no, 2022-04-13 
>> 21:46:21, 1} (pf::dal::db_execute)
>> Apr 13 21:47:12 NAC1 pfqu

Re: [PacketFence-users] Packetfence config related fallback plan

2022-04-15 Thread Misbah Hussaini via PacketFence-users

Thanks for that tip Fabrice, yes indeed the host entry was missing from the
pf.conf file under the database section but it was there in pfconfig.conf.

I have added it to pf.conf and ran below commands, I will observe to
identify if this brings a difference.

systemctl restart packetfence-config
/usr/local/pf/bin/pfcmd configreload

/usr/local/pf/bin/pfcmd service pf restart

Is there a script to perform health check on galera cluster nodes?


Regards


On Fri, 15 Apr 2022 at 05:22, Fabrice Durand  wrote:

> probably a misconfiguration issue.
>
> https://www.packetfence.org/doc/PacketFence_Clustering_Guide.html#_packetfence_configuration_modification_first_server_only
>
> Notice host=127.0.0.1
>
> if you forgot that then it means that each server will use the local
> database instance to insert and it will result with table lock.
>
> Le jeu. 14 avr. 2022 à 14:22, Zammit, Ludovic via PacketFence-users <
> packetfence-users@lists.sourceforge.net> a écrit :
>
>> Hello Misbah,
>>
>> We only an issue with chunk = ‘8192’ for EAP TLS and not EAP PEAP.
>>
>> I way too big to cover your entire cluster config on the mailing list, I
>> will suggest you to take some consulting hours with Akamai and we will do a
>> sanity check on your cluster to see why the database would disconnect.
>>
>> Thanks,
>>
>> *Ludovic Zammit*
>> *Product Support Engineer Principal*
>> *Cell:* +1.613.670.8432
>> Akamai Technologies - Inverse
>> 145 Broadway
>> Cambridge, MA 02142
>> Connect with Us:  
>>  
>> 
>> 
>>
>> On Apr 13, 2022, at 7:14 PM, Misbah Hussaini 
>> wrote:
>>
>> Hello Ludovic,
>>
>> Again we had an outage and this time it looks like DB had some sort of
>> locking issues. The temp fix was to restart the mariadb service. I'm
>> running PF 11.2 with 3 nodes cluster doing 802.1x and mac auth and I see
>> below messages in packetfence.log at the time when the problem began and
>> these messages continued till DB was restarted.
>>
>> *Packetfence.log:*
>>
>> *Apr 13 21:47:12 NAC1 pfqueue[3025858]: pfqueue(3025858) ERROR:
>> [mac:unknown] Database query failed with non retryable error: Lock wait
>> timeout exceeded; try restarting transaction (errno: 1205) [INSERT INTO
>> `node` ( `autoreg`, `bandwidth_balance`, `bypass_role_id`, `bypass_vlan`,
>> `category_id`, `computername`, `detect_date`, `device_class`,
>> `device_manufacturer`, `device_score`, `device_type`, `device_version`,
>> `dhcp6_enterprise`, `dhcp6_fingerprint`, `dhcp_fingerprint`, `dhcp_vendor`,
>> `last_arp`, `last_dhcp`, `last_seen`, `lastskip`, `mac`, `machine_account`,
>> `notes`, `pid`, `regdate`, `sessionid`, `status`, `tenant_id`,
>> `time_balance`, `unregdate`, `user_agent`, `voip`) VALUES ( ?, ?, ?, ?, ?,
>> ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?,
>> ?, ? ) ON DUPLICATE KEY UPDATE `last_dhcp` = ?, `tenant_id` = ?]{no, NULL,
>> NULL, , NULL, SEPC4143C97B434, 2021-12-23 14:27:33, VoIP Device, Cisco
>> Systems, Inc, 76, Cisco IP Phone CP-7945G, , , , 1,66,6,3,15,150,35, Cisco
>> Systems, Inc. IP Phone CP-7945G, -00-00 00:00:00, 2022-04-13 21:46:21,
>> 2021-12-24 20:10:12, -00-00 00:00:00, c4:14:3c:97:b4:34, NULL, ,
>> default, -00-00 00:00:00, , unreg, 1, NULL, -00-00 00:00:00, , no,
>> 2022-04-13 21:46:21, 1} (pf::dal::db_execute)*
>> *Apr 13 21:47:12 NAC1 pfqueue[3025858]: pfqueue(3025858) ERROR:
>> [mac:unknown] Unable to modify node 'c4:14:3c:97:b4:34
>> (pf::node::node_modify)*
>> Apr 13 21:47:28 NAC1 pfqueue[3028686]: pfqueue(3028686) WARN:
>> [mac:00:11:22:33:44:55] Unable to pull accounting history for device
>> 00:11:22:33:44:55. The history set doesn't exist yet.
>> (pf::accounting_events_history::latest_mac_history)
>> Apr 13 21:47:38 NAC1 pfqueue[3028686]: pfqueue(3028686) WARN:
>> [mac:00:11:22:33:44:55] Unable to pull accounting history for device
>> 00:11:22:33:44:55. The history set doesn't exist yet.
>> (pf::accounting_events_history::latest_mac_history)
>> Apr 13 21:47:42 NAC1 pfqueue[3028686]: pfqueue(3028686) WARN:
>> [mac:00:11:22:33:44:55] Unable to pull accounting history for device
>> 00:11:22:33:44:55. The history set doesn't exist yet.
>> (pf::accounting_events_history::latest_mac_history)
>> Apr 13 21:47:52 NAC1 pfqueue[3028686]: pfqueue(3028686) WARN:
>> [mac:00:11:22:33:44:55] Unable to pull accounting history for device
>> 00:11:22:33:44:55. The history set doesn't exist yet.
>> (pf::accounting_events_history::latest_mac_history)
>> Apr 13 21:47:53 NAC1 packetfence[3029093]: pfperl-api(2533174) INFO:
>> Using 300 resolution threshold (pf::pfcron::task::cluster_check::run)
>> Apr 13 21:47:53 NAC1 packetfence[3029094]: pfperl-api(2828317) INFO:
>> processed 0 security_events during security_event maintenance
>> (1649872073.11399 164987207

Re: [PacketFence-users] Packetfence config related fallback plan

2022-04-14 Thread Fabrice Durand via PacketFence-users

probably a misconfiguration issue.
https://www.packetfence.org/doc/PacketFence_Clustering_Guide.html#_packetfence_configuration_modification_first_server_only

Notice host=127.0.0.1

if you forgot that then it means that each server will use the local
database instance to insert and it will result with table lock.

Le jeu. 14 avr. 2022 à 14:22, Zammit, Ludovic via PacketFence-users <
packetfence-users@lists.sourceforge.net> a écrit :

> Hello Misbah,
>
> We only an issue with chunk = ‘8192’ for EAP TLS and not EAP PEAP.
>
> I way too big to cover your entire cluster config on the mailing list, I
> will suggest you to take some consulting hours with Akamai and we will do a
> sanity check on your cluster to see why the database would disconnect.
>
> Thanks,
>
> *Ludovic Zammit*
> *Product Support Engineer Principal*
> *Cell:* +1.613.670.8432
> Akamai Technologies - Inverse
> 145 Broadway
> Cambridge, MA 02142
> Connect with Us:  
>  
> 
> 
>
> On Apr 13, 2022, at 7:14 PM, Misbah Hussaini 
> wrote:
>
> Hello Ludovic,
>
> Again we had an outage and this time it looks like DB had some sort of
> locking issues. The temp fix was to restart the mariadb service. I'm
> running PF 11.2 with 3 nodes cluster doing 802.1x and mac auth and I see
> below messages in packetfence.log at the time when the problem began and
> these messages continued till DB was restarted.
>
> *Packetfence.log:*
>
> *Apr 13 21:47:12 NAC1 pfqueue[3025858]: pfqueue(3025858) ERROR:
> [mac:unknown] Database query failed with non retryable error: Lock wait
> timeout exceeded; try restarting transaction (errno: 1205) [INSERT INTO
> `node` ( `autoreg`, `bandwidth_balance`, `bypass_role_id`, `bypass_vlan`,
> `category_id`, `computername`, `detect_date`, `device_class`,
> `device_manufacturer`, `device_score`, `device_type`, `device_version`,
> `dhcp6_enterprise`, `dhcp6_fingerprint`, `dhcp_fingerprint`, `dhcp_vendor`,
> `last_arp`, `last_dhcp`, `last_seen`, `lastskip`, `mac`, `machine_account`,
> `notes`, `pid`, `regdate`, `sessionid`, `status`, `tenant_id`,
> `time_balance`, `unregdate`, `user_agent`, `voip`) VALUES ( ?, ?, ?, ?, ?,
> ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?,
> ?, ? ) ON DUPLICATE KEY UPDATE `last_dhcp` = ?, `tenant_id` = ?]{no, NULL,
> NULL, , NULL, SEPC4143C97B434, 2021-12-23 14:27:33, VoIP Device, Cisco
> Systems, Inc, 76, Cisco IP Phone CP-7945G, , , , 1,66,6,3,15,150,35, Cisco
> Systems, Inc. IP Phone CP-7945G, -00-00 00:00:00, 2022-04-13 21:46:21,
> 2021-12-24 20:10:12, -00-00 00:00:00, c4:14:3c:97:b4:34, NULL, ,
> default, -00-00 00:00:00, , unreg, 1, NULL, -00-00 00:00:00, , no,
> 2022-04-13 21:46:21, 1} (pf::dal::db_execute)*
> *Apr 13 21:47:12 NAC1 pfqueue[3025858]: pfqueue(3025858) ERROR:
> [mac:unknown] Unable to modify node 'c4:14:3c:97:b4:34
> (pf::node::node_modify)*
> Apr 13 21:47:28 NAC1 pfqueue[3028686]: pfqueue(3028686) WARN:
> [mac:00:11:22:33:44:55] Unable to pull accounting history for device
> 00:11:22:33:44:55. The history set doesn't exist yet.
> (pf::accounting_events_history::latest_mac_history)
> Apr 13 21:47:38 NAC1 pfqueue[3028686]: pfqueue(3028686) WARN:
> [mac:00:11:22:33:44:55] Unable to pull accounting history for device
> 00:11:22:33:44:55. The history set doesn't exist yet.
> (pf::accounting_events_history::latest_mac_history)
> Apr 13 21:47:42 NAC1 pfqueue[3028686]: pfqueue(3028686) WARN:
> [mac:00:11:22:33:44:55] Unable to pull accounting history for device
> 00:11:22:33:44:55. The history set doesn't exist yet.
> (pf::accounting_events_history::latest_mac_history)
> Apr 13 21:47:52 NAC1 pfqueue[3028686]: pfqueue(3028686) WARN:
> [mac:00:11:22:33:44:55] Unable to pull accounting history for device
> 00:11:22:33:44:55. The history set doesn't exist yet.
> (pf::accounting_events_history::latest_mac_history)
> Apr 13 21:47:53 NAC1 packetfence[3029093]: pfperl-api(2533174) INFO: Using
> 300 resolution threshold (pf::pfcron::task::cluster_check::run)
> Apr 13 21:47:53 NAC1 packetfence[3029094]: pfperl-api(2828317) INFO:
> processed 0 security_events during security_event maintenance
> (1649872073.11399 1649872073.12087)
> (pf::security_event::security_event_maintenance)
> Apr 13 21:47:53 NAC1 packetfence[3029094]: pfperl-api(2828317) INFO:
> processed 0 security_events during security_event maintenance
> (1649872073.12281 1649872073.12537)
> (pf::security_event::security_event_maintenance)
> Apr 13 21:47:53 NAC1 packetfence[3029095]: pfperl-api(2426219) INFO:
> getting security_events triggers for accounting cleanup
> (pf::accounting::acct_maintenance)
> Apr 13 21:47:53 NAC1 packetfence[3029093]: pfperl-api(2533174) INFO: All
> cluster members are running the same configuration version
> (pf::pfcron::task::c

Re: [PacketFence-users] Packetfence config related fallback plan

2022-04-14 Thread Misbah Hussaini via PacketFence-users

Hello Ludovic,

Its already added as a switch and have been working fine for past 1 month
but with few endpoints. When I googled this message, freeradius support
list suggested to increase the max server count, which I did, and the issue
was resolved. The concern I have is whether there are other such parameters
which needs to be fine tuned for Production.

Also, the config change you suggested for Fingerbank-collector doesnt
seemsto have worked. Currently im unmonitoring fingerbank using below
command but I know it wont survive service restart or server reboots.

#monit unmonitor packetfence-fingerbank-collectod

On Wed, 13 Apr 2022, 17:11 Zammit, Ludovic,  wrote:

> Hello,
>
> It looks like 192.168.254.14 is trying to ask for an authentication. Add
> it as the switch.
>
> Thanks,
>
> *Ludovic Zammit*
> *Product Support Engineer Principal*
> *Cell:* +1.613.670.8432
> Akamai Technologies - Inverse
> 145 Broadway
> Cambridge, MA 02142
> Connect with Us:  
>  
> 
> 
>
> On Apr 12, 2022, at 3:02 AM, Misbah Hussaini 
> wrote:
>
> Thanks Ludovic, I'm testing this config change.
>
> Meanwhile, I checked the radius log when the issue of auth occurred for us
> and I found below lines. As I mentioned earlier, I increased the max
> threads to a higher value in radius.conf file and the issue was resolved
> and auth started working. Does everybody have to increase this value in
> Production? I'm asking especially because we are planning to increase the
> number of devices (by another 250) and perhaps then I need to use a much
> higher value to avoid recurrence of this problem.
>
> Apr  7 10:06:23 NAC1 auth[36]: Ignoring request to auth address
> 192.168.197.90 port 1812 bound to server packetfence from unknown client
> 192.168.254.14 port 1645 proto udp
> Apr  7 10:06:25 NAC1 auth[36]: rlm_sql (sql): No connections available
> and at max connection limit
> Apr  7 10:06:25 NAC1 auth[36]: Ignoring request to auth address
> 192.168.197.90 port 1812 bound to server packetfence from unknown client
> 192.168.254.14 port 1645 proto udp
> Apr  7 10:06:26 NAC1 auth[36]: rlm_sql (sql): No connections available
> and at max connection limit
> Apr  7 10:06:26 NAC1 auth[36]: Ignoring request to auth address
> 192.168.197.90 port 1812 bound to server packetfence from unknown client
> 192.168.254.14 port 1645 proto udp
> Apr  7 10:06:28 NAC1 auth[36]: rlm_sql (sql): No connections available
> and at max connection limit
> Apr  7 10:06:28 NAC1 auth[36]: Ignoring request to auth address
> 192.168.197.90 port 1812 bound to server packetfence from unknown client
> 192.168.254.14 port 1645 proto udp
> Apr  7 10:06:30 NAC1 auth[36]: rlm_sql (sql): No connections available
> and at max connection limit
> Apr  7 10:06:30 NAC1 auth[36]: Ignoring request to auth address
> 192.168.197.90 port 1812 bound to server packetfence from unknown client
> 192.168.254.14 port 1645 proto udp
> Apr  7 10:06:37 NAC1 auth[36]: rlm_sql (sql): No connections available
> and at max connection limit
> Apr  7 10:06:37 NAC1 auth[36]: Ignoring request to auth address
> 192.168.197.90 port 1812 bound to server packetfence from unknown client
> 192.168.254.28 port 1645 proto udp
> Apr  7 10:06:42 NAC1 auth[36]: rlm_sql (sql): No connections available
> and at max connection limit
> Apr  7 10:06:42 NAC1 auth[36]: Ignoring request to auth address
> 192.168.197.90 port 1812 bound to server packetfence from unknown client
> 192.168.254.28 port 1645 proto udp
> Apr  7 10:06:57 NAC1 auth[36]: rlm_sql (sql): No connections available
> and at max connection limit
> Apr  7 10:06:57 NAC1 auth[36]: Ignoring request to auth address
> 192.168.197.90 port 1812 bound to server packetfence from unknown client
> 192.168.254.13 port 1645 proto udp
> Apr  7 10:07:02 NAC1 auth[36]: rlm_sql (sql): No connections available
> and at max connection limit
> Apr  7 10:07:02 NAC1 auth[36]: Ignoring request to auth address
> 192.168.197.90 port 1812 bound to server packetfence from unknown client
> 192.168.254.13 port 1645 proto udp
> Apr  7 10:07:04 NAC1 auth[36]: rlm_sql (sql): No connections available
> and at max connection limit
> Apr  7 10:07:04 NAC1 auth[36]: Ignoring request to auth address
> 192.168.197.90 port 1812 bound to server packetfence from unknown client
> 192.168.254.23 port 1645 proto udp
> Apr  7 10:07:07 NAC1 auth[36]: rlm_sql (sql): No connections available
> and at max connection limit
> Apr  7 10:07:07 NAC1 auth[36]: Ignoring request to auth address
> 192.168.197.90 port 1812 bound to server packetfence from unknown client
> 192.168.254.13 port 1645 proto udp
> Apr  7 10:07:09 NAC1 auth[36]: rlm_sql (sql): No connections available
> and a

Re: [PacketFence-users] Packetfence config related fallback plan

2022-04-14 Thread Zammit, Ludovic via PacketFence-users

Hello Misbah,

We only an issue with chunk = ‘8192’ for EAP TLS and not EAP PEAP.

I way too big to cover your entire cluster config on the mailing list, I will 
suggest you to take some consulting hours with Akamai and we will do a sanity 
check on your cluster to see why the database would disconnect.

Thanks,

Ludovic Zammit
Product Support Engineer Principal

Cell: +1.613.670.8432
Akamai Technologies - Inverse
145 Broadway
Cambridge, MA 02142
Connect with Us:   
    
  
  


> On Apr 13, 2022, at 7:14 PM, Misbah Hussaini  wrote:
> 
> Hello Ludovic,
> 
> Again we had an outage and this time it looks like DB had some sort of 
> locking issues. The temp fix was to restart the mariadb service. I'm running 
> PF 11.2 with 3 nodes cluster doing 802.1x and mac auth and I see below 
> messages in packetfence.log at the time when the problem began and these 
> messages continued till DB was restarted.
> 
> Packetfence.log:
> 
> Apr 13 21:47:12 NAC1 pfqueue[3025858]: pfqueue(3025858) ERROR: [mac:unknown] 
> Database query failed with non retryable error: Lock wait timeout exceeded; 
> try restarting transaction (errno: 1205) [INSERT INTO `node` ( `autoreg`, 
> `bandwidth_balance`, `bypass_role_id`, `bypass_vlan`, `category_id`, 
> `computername`, `detect_date`, `device_class`, `device_manufacturer`, 
> `device_score`, `device_type`, `device_version`, `dhcp6_enterprise`, 
> `dhcp6_fingerprint`, `dhcp_fingerprint`, `dhcp_vendor`, `last_arp`, 
> `last_dhcp`, `last_seen`, `lastskip`, `mac`, `machine_account`, `notes`, 
> `pid`, `regdate`, `sessionid`, `status`, `tenant_id`, `time_balance`, 
> `unregdate`, `user_agent`, `voip`) VALUES ( ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, 
> ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ? ) ON DUPLICATE 
> KEY UPDATE `last_dhcp` = ?, `tenant_id` = ?]{no, NULL, NULL, , NULL, 
> SEPC4143C97B434, 2021-12-23 14:27:33, VoIP Device, Cisco Systems, Inc, 76, 
> Cisco IP Phone CP-7945G, , , , 1,66,6,3,15,150,35, Cisco Systems, Inc. IP 
> Phone CP-7945G, -00-00 00:00:00, 2022-04-13 21:46:21, 2021-12-24 
> 20:10:12, -00-00 00:00:00, c4:14:3c:97:b4:34, NULL, , default, -00-00 
> 00:00:00, , unreg, 1, NULL, -00-00 00:00:00, , no, 2022-04-13 21:46:21, 
> 1} (pf::dal::db_execute)
> Apr 13 21:47:12 NAC1 pfqueue[3025858]: pfqueue(3025858) ERROR: [mac:unknown] 
> Unable to modify node 'c4:14:3c:97:b4:34 (pf::node::node_modify)
> Apr 13 21:47:28 NAC1 pfqueue[3028686]: pfqueue(3028686) WARN: 
> [mac:00:11:22:33:44:55] Unable to pull accounting history for device 
> 00:11:22:33:44:55. The history set doesn't exist yet. 
> (pf::accounting_events_history::latest_mac_history)
> Apr 13 21:47:38 NAC1 pfqueue[3028686]: pfqueue(3028686) WARN: 
> [mac:00:11:22:33:44:55] Unable to pull accounting history for device 
> 00:11:22:33:44:55. The history set doesn't exist yet. 
> (pf::accounting_events_history::latest_mac_history)
> Apr 13 21:47:42 NAC1 pfqueue[3028686]: pfqueue(3028686) WARN: 
> [mac:00:11:22:33:44:55] Unable to pull accounting history for device 
> 00:11:22:33:44:55. The history set doesn't exist yet. 
> (pf::accounting_events_history::latest_mac_history)
> Apr 13 21:47:52 NAC1 pfqueue[3028686]: pfqueue(3028686) WARN: 
> [mac:00:11:22:33:44:55] Unable to pull accounting history for device 
> 00:11:22:33:44:55. The history set doesn't exist yet. 
> (pf::accounting_events_history::latest_mac_history)
> Apr 13 21:47:53 NAC1 packetfence[3029093]: pfperl-api(2533174) INFO: Using 
> 300 resolution threshold (pf::pfcron::task::cluster_check::run)
> Apr 13 21:47:53 NAC1 packetfence[3029094]: pfperl-api(2828317) INFO: 
> processed 0 security_events during security_event maintenance 
> (1649872073.11399 1649872073.12087)  
> (pf::security_event::security_event_maintenance)
> Apr 13 21:47:53 NAC1 packetfence[3029094]: pfperl-api(2828317) INFO: 
> processed 0 security_events during security_event maintenance 
> (1649872073.12281 1649872073.12537)  
> (pf::security_event::security_event_maintenance)
> Apr 13 21:47:53 NAC1 packetfence[3029095]: pfperl-api(2426219) INFO: getting 
> security_events triggers for accounting cleanup 
> (pf::accounting::acct_maintenance)
> Apr 13 21:47:53 NAC1 packetfence[3029093]: pfperl-api(2533174) INFO: All 
> cluster members are running the same configuration version 
> (pf::pfcron::task::cluster_check::run)
> Apr 13 21:48:03 NAC1 pfqueue[3025858]: pfqueue(3025858) ERROR: [mac:unknown] 
> Database query failed with non retryable error: Lock wait timeout exceeded; 
> try restarting transaction (errno: 1205) [INSERT INTO `node` ( `autoreg`, 
> `bandwidth_balance`, `bypass_role_id`, `bypass_vlan`, `category_id`, 
> `computername`, `detect_date`, `device_class`, `device_manufacturer`, 
> `device_score`, `

Re: [PacketFence-users] Packetfence config related fallback plan

2022-04-14 Thread Misbah Hussaini via PacketFence-users

Thanks Ludovic, I'm testing this config change.

Meanwhile, I checked the radius log when the issue of auth occurred for us
and I found below lines. As I mentioned earlier, I increased the max
threads to a higher value in radius.conf file and the issue was resolved
and auth started working. Does everybody have to increase this value in
Production? I'm asking especially because we are planning to increase the
number of devices (by another 250) and perhaps then I need to use a much
higher value to avoid recurrence of this problem.

Apr  7 10:06:23 NAC1 auth[36]: Ignoring request to auth address
192.168.197.90 port 1812 bound to server packetfence from unknown client
192.168.254.14 port 1645 proto udp
Apr  7 10:06:25 NAC1 auth[36]: rlm_sql (sql): No connections available
and at max connection limit
Apr  7 10:06:25 NAC1 auth[36]: Ignoring request to auth address
192.168.197.90 port 1812 bound to server packetfence from unknown client
192.168.254.14 port 1645 proto udp
Apr  7 10:06:26 NAC1 auth[36]: rlm_sql (sql): No connections available
and at max connection limit
Apr  7 10:06:26 NAC1 auth[36]: Ignoring request to auth address
192.168.197.90 port 1812 bound to server packetfence from unknown client
192.168.254.14 port 1645 proto udp
Apr  7 10:06:28 NAC1 auth[36]: rlm_sql (sql): No connections available
and at max connection limit
Apr  7 10:06:28 NAC1 auth[36]: Ignoring request to auth address
192.168.197.90 port 1812 bound to server packetfence from unknown client
192.168.254.14 port 1645 proto udp
Apr  7 10:06:30 NAC1 auth[36]: rlm_sql (sql): No connections available
and at max connection limit
Apr  7 10:06:30 NAC1 auth[36]: Ignoring request to auth address
192.168.197.90 port 1812 bound to server packetfence from unknown client
192.168.254.14 port 1645 proto udp
Apr  7 10:06:37 NAC1 auth[36]: rlm_sql (sql): No connections available
and at max connection limit
Apr  7 10:06:37 NAC1 auth[36]: Ignoring request to auth address
192.168.197.90 port 1812 bound to server packetfence from unknown client
192.168.254.28 port 1645 proto udp
Apr  7 10:06:42 NAC1 auth[36]: rlm_sql (sql): No connections available
and at max connection limit
Apr  7 10:06:42 NAC1 auth[36]: Ignoring request to auth address
192.168.197.90 port 1812 bound to server packetfence from unknown client
192.168.254.28 port 1645 proto udp
Apr  7 10:06:57 NAC1 auth[36]: rlm_sql (sql): No connections available
and at max connection limit
Apr  7 10:06:57 NAC1 auth[36]: Ignoring request to auth address
192.168.197.90 port 1812 bound to server packetfence from unknown client
192.168.254.13 port 1645 proto udp
Apr  7 10:07:02 NAC1 auth[36]: rlm_sql (sql): No connections available
and at max connection limit
Apr  7 10:07:02 NAC1 auth[36]: Ignoring request to auth address
192.168.197.90 port 1812 bound to server packetfence from unknown client
192.168.254.13 port 1645 proto udp
Apr  7 10:07:04 NAC1 auth[36]: rlm_sql (sql): No connections available
and at max connection limit
Apr  7 10:07:04 NAC1 auth[36]: Ignoring request to auth address
192.168.197.90 port 1812 bound to server packetfence from unknown client
192.168.254.23 port 1645 proto udp
Apr  7 10:07:07 NAC1 auth[36]: rlm_sql (sql): No connections available
and at max connection limit
Apr  7 10:07:07 NAC1 auth[36]: Ignoring request to auth address
192.168.197.90 port 1812 bound to server packetfence from unknown client
192.168.254.13 port 1645 proto udp
Apr  7 10:07:09 NAC1 auth[36]: rlm_sql (sql): No connections available
and at max connection limit
Apr  7 10:07:09 NAC1 auth[36]: Ignoring request to auth address
192.168.197.90 port 1812 bound to server packetfence from unknown client
192.168.254.23 port 1645 proto udp
Apr  7 10:07:12 NAC1 auth[36]: rlm_sql (sql): No connections available
and at max connection limit
Apr  7 10:07:12 NAC1 auth[36]: Ignoring request to auth address
192.168.197.90 port 1812 bound to server packetfence from unknown client
192.168.254.13 port 1645 proto udp



Regards
Misbah


On Mon, 11 Apr 2022 at 17:19, Zammit, Ludovic  wrote:

> Hello,
>
> You can disable the TCP FB Collector analyzing:
>
> You can disable the TCP fingerprinting by doing
>
>
> # systemctl edit packetfence-fingerbank-collector.service
>
>
> In the editor that opens, add:
>
>
> [Service]
>
> Environment=COLLECTOR_DISABLE_TCP_HANDLER=true
>
>
> Close the editor, then do:
>
>
> # systemctl daemon-reload
>
> # systemctl restart packetfence-fingerbank-collector
>
>
> Thanks,
>
> *Ludovic Zammit*
> *Product Support Engineer Principal*
> *Cell:* +1.613.670.8432
> Akamai Technologies - Inverse
> 145 Broadway
> Cambridge, MA 02142
> Connect with Us:  
>  
> 
> 
>
> On Apr 1

Re: [PacketFence-users] Packetfence config related fallback plan

2022-04-14 Thread Misbah Hussaini via PacketFence-users

Hello Ludovic,

Again we had an outage and this time it looks like DB had some sort of
locking issues. The temp fix was to restart the mariadb service. I'm
running PF 11.2 with 3 nodes cluster doing 802.1x and mac auth and I see
below messages in packetfence.log at the time when the problem began and
these messages continued till DB was restarted.

*Packetfence.log:*

*Apr 13 21:47:12 NAC1 pfqueue[3025858]: pfqueue(3025858) ERROR:
[mac:unknown] Database query failed with non retryable error: Lock wait
timeout exceeded; try restarting transaction (errno: 1205) [INSERT INTO
`node` ( `autoreg`, `bandwidth_balance`, `bypass_role_id`, `bypass_vlan`,
`category_id`, `computername`, `detect_date`, `device_class`,
`device_manufacturer`, `device_score`, `device_type`, `device_version`,
`dhcp6_enterprise`, `dhcp6_fingerprint`, `dhcp_fingerprint`, `dhcp_vendor`,
`last_arp`, `last_dhcp`, `last_seen`, `lastskip`, `mac`, `machine_account`,
`notes`, `pid`, `regdate`, `sessionid`, `status`, `tenant_id`,
`time_balance`, `unregdate`, `user_agent`, `voip`) VALUES ( ?, ?, ?, ?, ?,
?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?,
?, ? ) ON DUPLICATE KEY UPDATE `last_dhcp` = ?, `tenant_id` = ?]{no, NULL,
NULL, , NULL, SEPC4143C97B434, 2021-12-23 14:27:33, VoIP Device, Cisco
Systems, Inc, 76, Cisco IP Phone CP-7945G, , , , 1,66,6,3,15,150,35, Cisco
Systems, Inc. IP Phone CP-7945G, -00-00 00:00:00, 2022-04-13 21:46:21,
2021-12-24 20:10:12, -00-00 00:00:00, c4:14:3c:97:b4:34, NULL, ,
default, -00-00 00:00:00, , unreg, 1, NULL, -00-00 00:00:00, , no,
2022-04-13 21:46:21, 1} (pf::dal::db_execute)*
*Apr 13 21:47:12 NAC1 pfqueue[3025858]: pfqueue(3025858) ERROR:
[mac:unknown] Unable to modify node 'c4:14:3c:97:b4:34
(pf::node::node_modify)*
Apr 13 21:47:28 NAC1 pfqueue[3028686]: pfqueue(3028686) WARN:
[mac:00:11:22:33:44:55] Unable to pull accounting history for device
00:11:22:33:44:55. The history set doesn't exist yet.
(pf::accounting_events_history::latest_mac_history)
Apr 13 21:47:38 NAC1 pfqueue[3028686]: pfqueue(3028686) WARN:
[mac:00:11:22:33:44:55] Unable to pull accounting history for device
00:11:22:33:44:55. The history set doesn't exist yet.
(pf::accounting_events_history::latest_mac_history)
Apr 13 21:47:42 NAC1 pfqueue[3028686]: pfqueue(3028686) WARN:
[mac:00:11:22:33:44:55] Unable to pull accounting history for device
00:11:22:33:44:55. The history set doesn't exist yet.
(pf::accounting_events_history::latest_mac_history)
Apr 13 21:47:52 NAC1 pfqueue[3028686]: pfqueue(3028686) WARN:
[mac:00:11:22:33:44:55] Unable to pull accounting history for device
00:11:22:33:44:55. The history set doesn't exist yet.
(pf::accounting_events_history::latest_mac_history)
Apr 13 21:47:53 NAC1 packetfence[3029093]: pfperl-api(2533174) INFO: Using
300 resolution threshold (pf::pfcron::task::cluster_check::run)
Apr 13 21:47:53 NAC1 packetfence[3029094]: pfperl-api(2828317) INFO:
processed 0 security_events during security_event maintenance
(1649872073.11399 1649872073.12087)
(pf::security_event::security_event_maintenance)
Apr 13 21:47:53 NAC1 packetfence[3029094]: pfperl-api(2828317) INFO:
processed 0 security_events during security_event maintenance
(1649872073.12281 1649872073.12537)
(pf::security_event::security_event_maintenance)
Apr 13 21:47:53 NAC1 packetfence[3029095]: pfperl-api(2426219) INFO:
getting security_events triggers for accounting cleanup
(pf::accounting::acct_maintenance)
Apr 13 21:47:53 NAC1 packetfence[3029093]: pfperl-api(2533174) INFO: All
cluster members are running the same configuration version
(pf::pfcron::task::cluster_check::run)
*Apr 13 21:48:03 NAC1 pfqueue[3025858]: pfqueue(3025858) ERROR:
[mac:unknown] Database query failed with non retryable error: Lock wait
timeout exceeded; try restarting transaction (errno: 1205) [INSERT INTO
`node` *( `autoreg`, `bandwidth_balance`, `bypass_role_id`, `bypass_vlan`,
`category_id`, `computername`, `detect_date`, `device_class`,
`device_manufacturer`, `device_score`, `device_type`, `device_version`,
`dhcp6_enterprise`, `dhcp6_fingerprint`, `dhcp_fingerprint`, `dhcp_vendor`,
`last_arp`, `last_dhcp`, `last_seen`, `lastskip`, `mac`, `machine_account`,
`notes`, `pid`, `regdate`, `sessionid`, `status`, `tenant_id`,
`time_balance`, `unregdate`, `user_agent`, `voip`) VALUES ( ?, ?, ?, ?, ?,
?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?,
?, ? ) ON DUPLICATE KEY UPDATE `last_dhcp` = ?, `tenant_id` = ?]{no, NULL,
NULL, , NULL, Admin-PC, 2021-12-22 14:45:32, Windows OS, Dell Inc., 78,
Microsoft Windows Kernel 10.0, 10.0, , ,
1,3,6,15,31,33,43,44,46,47,119,121,249,252, MSFT 5.0, -00-00 00:00:00,
2022-04-13 21:47:12, 2022-04-13 21:45:43, -00-00 00:00:00,
98:90:96:cb:a3:02, NULL, , default, -00-00 00:00:00, , unreg, 1, NULL,
-00-00 00:00:00, , no, 2022-04-13 21:47:12, 1} (pf::dal::db_execute)
*Apr 13 21:48:03 NAC1 pfqueue[3025858]: pfqueue(3025858) ERROR:
[mac:unknown] Unable to modify node '98:90:96:

Re: [PacketFence-users] Packetfence config related fallback plan

2022-04-14 Thread Zammit, Ludovic via PacketFence-users

Hello,

It looks like 192.168.254.14 is trying to ask for an authentication. Add it as 
the switch.

Thanks,

Ludovic Zammit
Product Support Engineer Principal

Cell: +1.613.670.8432
Akamai Technologies - Inverse
145 Broadway
Cambridge, MA 02142
Connect with Us:   
    
  
  


> On Apr 12, 2022, at 3:02 AM, Misbah Hussaini  wrote:
> 
> Thanks Ludovic, I'm testing this config change.
> 
> Meanwhile, I checked the radius log when the issue of auth occurred for us 
> and I found below lines. As I mentioned earlier, I increased the max threads 
> to a higher value in radius.conf file and the issue was resolved and auth 
> started working. Does everybody have to increase this value in Production? 
> I'm asking especially because we are planning to increase the number of 
> devices (by another 250) and perhaps then I need to use a much higher value 
> to avoid recurrence of this problem.
> 
> Apr  7 10:06:23 NAC1 auth[36]: Ignoring request to auth address 
> 192.168.197.90 port 1812 bound to server packetfence from unknown client 
> 192.168.254.14 port 1645 proto udp
> Apr  7 10:06:25 NAC1 auth[36]: rlm_sql (sql): No connections available 
> and at max connection limit
> Apr  7 10:06:25 NAC1 auth[36]: Ignoring request to auth address 
> 192.168.197.90 port 1812 bound to server packetfence from unknown client 
> 192.168.254.14 port 1645 proto udp
> Apr  7 10:06:26 NAC1 auth[36]: rlm_sql (sql): No connections available 
> and at max connection limit
> Apr  7 10:06:26 NAC1 auth[36]: Ignoring request to auth address 
> 192.168.197.90 port 1812 bound to server packetfence from unknown client 
> 192.168.254.14 port 1645 proto udp
> Apr  7 10:06:28 NAC1 auth[36]: rlm_sql (sql): No connections available 
> and at max connection limit
> Apr  7 10:06:28 NAC1 auth[36]: Ignoring request to auth address 
> 192.168.197.90 port 1812 bound to server packetfence from unknown client 
> 192.168.254.14 port 1645 proto udp
> Apr  7 10:06:30 NAC1 auth[36]: rlm_sql (sql): No connections available 
> and at max connection limit
> Apr  7 10:06:30 NAC1 auth[36]: Ignoring request to auth address 
> 192.168.197.90 port 1812 bound to server packetfence from unknown client 
> 192.168.254.14 port 1645 proto udp
> Apr  7 10:06:37 NAC1 auth[36]: rlm_sql (sql): No connections available 
> and at max connection limit
> Apr  7 10:06:37 NAC1 auth[36]: Ignoring request to auth address 
> 192.168.197.90 port 1812 bound to server packetfence from unknown client 
> 192.168.254.28 port 1645 proto udp
> Apr  7 10:06:42 NAC1 auth[36]: rlm_sql (sql): No connections available 
> and at max connection limit
> Apr  7 10:06:42 NAC1 auth[36]: Ignoring request to auth address 
> 192.168.197.90 port 1812 bound to server packetfence from unknown client 
> 192.168.254.28 port 1645 proto udp
> Apr  7 10:06:57 NAC1 auth[36]: rlm_sql (sql): No connections available 
> and at max connection limit
> Apr  7 10:06:57 NAC1 auth[36]: Ignoring request to auth address 
> 192.168.197.90 port 1812 bound to server packetfence from unknown client 
> 192.168.254.13 port 1645 proto udp
> Apr  7 10:07:02 NAC1 auth[36]: rlm_sql (sql): No connections available 
> and at max connection limit
> Apr  7 10:07:02 NAC1 auth[36]: Ignoring request to auth address 
> 192.168.197.90 port 1812 bound to server packetfence from unknown client 
> 192.168.254.13 port 1645 proto udp
> Apr  7 10:07:04 NAC1 auth[36]: rlm_sql (sql): No connections available 
> and at max connection limit
> Apr  7 10:07:04 NAC1 auth[36]: Ignoring request to auth address 
> 192.168.197.90 port 1812 bound to server packetfence from unknown client 
> 192.168.254.23 port 1645 proto udp
> Apr  7 10:07:07 NAC1 auth[36]: rlm_sql (sql): No connections available 
> and at max connection limit
> Apr  7 10:07:07 NAC1 auth[36]: Ignoring request to auth address 
> 192.168.197.90 port 1812 bound to server packetfence from unknown client 
> 192.168.254.13 port 1645 proto udp
> Apr  7 10:07:09 NAC1 auth[36]: rlm_sql (sql): No connections available 
> and at max connection limit
> Apr  7 10:07:09 NAC1 auth[36]: Ignoring request to auth address 
> 192.168.197.90 port 1812 bound to server packetfence from unknown client 
> 192.168.254.23 port 1645 proto udp
> Apr  7 10:07:12 NAC1 auth[36]: rlm_sql (sql): No connections available 
> and at max connection limit
> Apr  7 10:07:12 NAC1 auth[36]: Ignoring request to auth address 
> 192.168.197.90 port 1812 bound to server packetfence from unknown client 
> 192.168.254.13 port 1645 proto udp
> 
> 
> 
> Regards
> Misbah
> 
> 
> On Mon, 11 Apr 2022 at 17:19, Zammit, Ludovic  > wrote:
> Hello,
> 
> You can disable the

Re: [PacketFence-users] Packetfence config related fallback plan

2022-04-11 Thread Zammit, Ludovic via PacketFence-users

Hello,

You can disable the TCP FB Collector analyzing:

You can disable the TCP fingerprinting by doing


# systemctl edit packetfence-fingerbank-collector.service


In the editor that opens, add:


[Service]

Environment=COLLECTOR_DISABLE_TCP_HANDLER=true


Close the editor, then do:


# systemctl daemon-reload

# systemctl restart packetfence-fingerbank-collector


Thanks,

Ludovic Zammit
Product Support Engineer Principal

Cell: +1.613.670.8432
Akamai Technologies - Inverse
145 Broadway
Cambridge, MA 02142
Connect with Us:   
    
  
  


> On Apr 11, 2022, at 2:51 AM, Misbah Hussaini  wrote:
> 
> Hello,
> 
> We are currently doing only wired 802.1x & MAC auth, the server config is  
> 
> Intel(R) Xeon(R) CPU E5-2407 v2 @ 2.40GHz 
> 16GB RAM (Free RAM - 8GB)
> Running Debian X64.
> 
> Also, I would like to disable the packetfence-fingerbank-collector from monit 
> config as it is generating too many zombie processes alerts, I guess the 
> monit config is managed by pfcmd geenratemonitconfig but I dunno how to 
> disable specifically fingerbank-collector.
> 
> Regards
> Misbah
> 
> 
> On Sat, 9 Apr 2022 at 00:23, Zammit, Ludovic  > wrote:
> Hello Misbah,
> 
> I highly doubt that you would cap a cluster capacity with only 250 devices 
> registered.
> 
> You have an ongoing issue that need to be fixed.
> 
> What’s the spec on the PF servers? Are you doing 802.1x or Mac authentication 
> ? Wired ? Wireless?
> 
> We have cluster of 3 running 10 000 unique radius authentication without 
> choking.
> 
> Thanks,
> 
> Ludovic Zammit
> Product Support Engineer Principal
> 
> Cell: +1.613.670.8432
> Akamai Technologies - Inverse
> 145 Broadway
> Cambridge, MA 02142
> Connect with Us:     
>   
> 
>   
> 
>   
> 
>   
> 
> 
>> On Apr 7, 2022, at 4:18 AM, Misbah Hussaini via PacketFence-users 
>> > > wrote:
>> 
>> Hello,
>> 
>> Firstly, I'm happy with the way Packetfence is working in the environment. A 
>> big thanks to the team for the project and awesome documentation. I have 
>> configured Packetfence in a 3 node cluster and registered 250+ devices so 
>> far.
>> 
>> I faced a problem with the radius server reaching the max connections limit 
>> and most of the users were disconnected while I fixed the problem (had to 
>> increase the max spare servers to a high value in radius.conf). I was 
>> optimistic with the cluster setup, thinking I should not be facing downtime 
>> issues but didn't realize that a config issue could lead to a blackout. 
>> 
>> Now, this leads me to wonder if there is a way in which I could have 
>> decreased the downtime for the end users while we fixed the problem in the 
>> config. Also, I would appreciate highlighting any other Production related 
>> settings that need to be fine tuned to avoid such instances in future..
>> 
>> 
>> Regards
>> Misbah
>> ___
>> PacketFence-users mailing list
>> PacketFence-users@lists.sourceforge.net 
>> 
>> https://urldefense.com/v3/__https://lists.sourceforge.net/lists/listinfo/packetfence-users__;!!GjvTz_vk!HgrKFaieZq5jctGQKZZFOfERw1Xxn-35gkE2_VNs6FiuvQnK4pMpdGzvoWG00YjT$
>>  
>> 
>>  
> 



smime.p7s
Description: S/MIME cryptographic signature
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Packetfence config related fallback plan

2022-04-11 Thread Misbah Hussaini via PacketFence-users

Hello,

We are currently doing only wired 802.1x & MAC auth, the server config is

Intel(R) Xeon(R) CPU E5-2407 v2 @ 2.40GHz
16GB RAM (Free RAM - 8GB)
Running Debian X64.

Also, I would like to disable the packetfence-fingerbank-collector from
monit config as it is generating too many zombie processes alerts, I guess
the monit config is managed by pfcmd geenratemonitconfig but I dunno how to
disable specifically fingerbank-collector.

Regards
Misbah


On Sat, 9 Apr 2022 at 00:23, Zammit, Ludovic  wrote:

> Hello Misbah,
>
> I highly doubt that you would cap a cluster capacity with only 250 devices
> registered.
>
> You have an ongoing issue that need to be fixed.
>
> What’s the spec on the PF servers? Are you doing 802.1x or Mac
> authentication ? Wired ? Wireless?
>
> We have cluster of 3 running 10 000 unique radius authentication without
> choking.
>
> Thanks,
>
> *Ludovic Zammit*
> *Product Support Engineer Principal*
> *Cell:* +1.613.670.8432
> Akamai Technologies - Inverse
> 145 Broadway
> Cambridge, MA 02142
> Connect with Us:  
>  
> 
> 
>
> On Apr 7, 2022, at 4:18 AM, Misbah Hussaini via PacketFence-users <
> packetfence-users@lists.sourceforge.net> wrote:
>
> Hello,
>
> Firstly, I'm happy with the way Packetfence is working in the environment.
> A big thanks to the team for the project and awesome documentation. I have
> configured Packetfence in a 3 node cluster and registered 250+ devices so
> far.
>
> I faced a problem with the radius server reaching the max connections
> limit and most of the users were disconnected while I fixed the problem
> (had to increase the max spare servers to a high value in radius.conf). I
> was optimistic with the cluster setup, thinking I should not be facing
> downtime issues but didn't realize that a config issue could lead to a
> blackout.
>
> Now, this leads me to wonder if there is a way in which I could have
> decreased the downtime for the end users while we fixed the problem in the
> config. Also, I would appreciate highlighting any other Production related
> settings that need to be fine tuned to avoid such instances in future..
>
>
> Regards
> Misbah
> ___
> PacketFence-users mailing list
> PacketFence-users@lists.sourceforge.net
>
> https://urldefense.com/v3/__https://lists.sourceforge.net/lists/listinfo/packetfence-users__;!!GjvTz_vk!HgrKFaieZq5jctGQKZZFOfERw1Xxn-35gkE2_VNs6FiuvQnK4pMpdGzvoWG00YjT$
>
>
>
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Packetfence config related fallback plan

2022-04-08 Thread Zammit, Ludovic via PacketFence-users

Hello Misbah,

I highly doubt that you would cap a cluster capacity with only 250 devices 
registered.

You have an ongoing issue that need to be fixed.

What’s the spec on the PF servers? Are you doing 802.1x or Mac authentication ? 
Wired ? Wireless?

We have cluster of 3 running 10 000 unique radius authentication without 
choking.

Thanks,

Ludovic Zammit
Product Support Engineer Principal

Cell: +1.613.670.8432
Akamai Technologies - Inverse
145 Broadway
Cambridge, MA 02142
Connect with Us:   
    
  
  


> On Apr 7, 2022, at 4:18 AM, Misbah Hussaini via PacketFence-users 
>  wrote:
> 
> Hello,
> 
> Firstly, I'm happy with the way Packetfence is working in the environment. A 
> big thanks to the team for the project and awesome documentation. I have 
> configured Packetfence in a 3 node cluster and registered 250+ devices so far.
> 
> I faced a problem with the radius server reaching the max connections limit 
> and most of the users were disconnected while I fixed the problem (had to 
> increase the max spare servers to a high value in radius.conf). I was 
> optimistic with the cluster setup, thinking I should not be facing downtime 
> issues but didn't realize that a config issue could lead to a blackout. 
> 
> Now, this leads me to wonder if there is a way in which I could have 
> decreased the downtime for the end users while we fixed the problem in the 
> config. Also, I would appreciate highlighting any other Production related 
> settings that need to be fine tuned to avoid such instances in future..
> 
> 
> Regards
> Misbah
> ___
> PacketFence-users mailing list
> PacketFence-users@lists.sourceforge.net
> https://urldefense.com/v3/__https://lists.sourceforge.net/lists/listinfo/packetfence-users__;!!GjvTz_vk!HgrKFaieZq5jctGQKZZFOfERw1Xxn-35gkE2_VNs6FiuvQnK4pMpdGzvoWG00YjT$
>  



smime.p7s
Description: S/MIME cryptographic signature
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Packetfence config related fallback plan

Re: [PacketFence-users] Packetfence config related fallback plan

Re: [PacketFence-users] Packetfence config related fallback plan

Re: [PacketFence-users] Packetfence config related fallback plan

Re: [PacketFence-users] Packetfence config related fallback plan

Re: [PacketFence-users] Packetfence config related fallback plan

Re: [PacketFence-users] Packetfence config related fallback plan

Re: [PacketFence-users] Packetfence config related fallback plan

Re: [PacketFence-users] Packetfence config related fallback plan

Re: [PacketFence-users] Packetfence config related fallback plan

Re: [PacketFence-users] Packetfence config related fallback plan

11 matches

Site Navigation

Mail list logo

Footer information