Re: [PacketFence-users] Why pfsso restarts itself recently ?

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Hi Semaan,
Thank you very much. After gave the file execute privilege with chmod + x, I successfully restarted pfsso service. Hope the new patch can fix the restart issue. I’ll keep an eye on it recently. Thank you again.

BTW below is what I executed just now:
# mv /usr/local/pf/bin/pfhttpd /usr/local/pf/bin/pfhttpd.bak20171222
# curl https://support.inverse.ca/~jsemaan/pfhttpd-2841> /usr/local/pf/bin/pfhttpd
# chmod +x /usr/local/pf/bin/pfhttpd
# systemctl restart packetfence-pfsso

[root@pf-wensi ~]# journalctl -u packetfence-pfsso --since="5 minutes ago"
-- Logs begin at 四 2017-12-21 14:20:15 CST, end at 五 2017-12-22 21:34:44 CST. --
12月 22 21:34:30 pf-wensi systemd[1]: Stopping PacketFence PFSSO Service...
12月 22 21:34:30 pf-wensi systemd[1]: Starting PacketFence PFSSO Service...
12月 22 21:34:30 pf-wensi pfhttpd[30107]: Activating privacy features... done.
12月 22 21:34:30 pf-wensi pfhttpd[30107]: Using configuration set log level: INFO
12月 22 21:34:30 pf-wensi pfhttpd[30107]: Using configured statsd protocol: udp
12月 22 21:34:30 pf-wensi pfhttpd[30107]: Using configured prefix: pfsso
12月 22 21:34:30 pf-wensi pfsso[30107]: t=2017-12-22T21:34:30+0800 lvl=dbug msg="Resource is not valid anymore. Was loaded at 0001-01-01 00:00:
12月 22 21:34:30 pf-wensi pfsso[30107]: t=2017-12-22T21:34:30+0800 lvl=dbug msg="Resource is not valid anymore. Was loaded at 0001-01-01 00:00:
12月 22 21:34:30 pf-wensi pfsso[30107]: t=2017-12-22T21:34:30+0800 lvl=dbug msg="Resource is not valid anymore. Was loaded at 0001-01-01 00:00:
12月 22 21:34:30 pf-wensi pfhttpd[30107]: http://localhost:8777
12月 22 21:34:30 pf-wensi systemd[1]: Started PacketFence PFSSO Service.

------------------ Original ------------------
From: packetfence-users <pac...@li...>
Date: 周五,12月 22,2017 10:20
To: packetfence-users <pac...@li...>, Julien Semaan <js...@in...>
Cc: Yan <113...@qq...>
Subject: Re: [PacketFence-users] Why pfsso restarts itself recently ?

Hi Semaan,

I tried below steps on my backup pf server as you said but with no luck...When I issue "systemctl restart packetfence-pfsso" it failed. Below is related logs. Appreciate your reply.

[root@pf-wensi ~]# mv /usr/local/pf/bin/pfhttpd /usr/local/pf/bin/pfhttpd.bak20171222
[root@pf-wensi ~]# curl https://support.inverse.ca/~jsemaan/pfhttpd-2841> /usr/local/pf/bin/pfhttpd
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100 18.5M  100 18.5M    0     0  1068k      0  0:00:17  0:00:17 --:--:-- 1396k
[root@pf-wensi ~]# systemctl restart packetfence-pfsso
Job for packetfence-pfsso.service failed because the control process exited with error code. See "systemctl status packetfence-pfsso.service" and "journalctl -xe" for details.

[root@pf-wensi ~]# systemctl status packetfence-pfsso.service

● packetfence-pfsso.service - PacketFence PFSSO Service

   Loaded: loaded (/usr/lib/systemd/system/packetfence-pfsso.service; enabled; vendor preset: disabled)

   Active: failed (Result: start-limit) since 五 2017-12-22 09:58:24 CST; 1min 7s ago

  Process: 8423 ExecStart=/usr/local/pf/bin/pfhttpd -conf /usr/local/pf/conf/caddy-services/pfsso.conf -log-name pfsso (code=exited, status=203/EXEC)

 Main PID: 8423 (code=exited, status=203/EXEC)

12月 22 09:58:23 pf-wensi systemd[1]: Failed to start PacketFence PFSSO Service.

12月 22 09:58:23 pf-wensi systemd[1]: Unit packetfence-pfsso.service entered failed state.

12月 22 09:58:23 pf-wensi systemd[1]: packetfence-pfsso.service failed.

12月 22 09:58:24 pf-wensi systemd[1]: packetfence-pfsso.service holdoff time over, scheduling restart.

12月 22 09:58:24 pf-wensi systemd[1]: start request repeated too quickly for packetfence-pfsso.service

12月 22 09:58:24 pf-wensi systemd[1]: Failed to start PacketFence PFSSO Service.

12月 22 09:58:24 pf-wensi systemd[1]: Unit packetfence-pfsso.service entered failed state.

12月 22 09:58:24 pf-wensi systemd[1]: packetfence-pfsso.service failed.

Hint: Some lines were ellipsized, use -l to show in full.

packetfence.log
Dec 22 10:00:51 pf-wensi pfhttpd: http://localhost:8777
Dec 22 10:00:51 pf-wensi pfsso[9309]: t=2017-12-22T10:00:51+0800 lvl=dbug msg="Resource is not valid anymore. Was loaded at 0001-01-01 00:00:00 +0000 UTC" pid=9309 PfconfigObject=element|interfaces::management_network
Dec 22 10:00:51 pf-wensi pfsso[9309]: t=2017-12-22T10:00:51+0800 lvl=dbug msg="Resource is not valid anymore. Was loaded at 0001-01-01 00:00:00 +0000 UTC" pid=9309 PfconfigObject=keys|config::Firewall_SSO
Dec 22 10:00:51 pf-wensi pfsso[9309]: t=2017-12-22T10:00:51+0800 lvl=dbug msg="Resource is not valid anymore. Was loaded at 0001-01-01 00:00:00 +0000 UTC" pid=9309
Dec 22 10:00:51 pf-wensi pfhttpd: Using configured prefix: pfsso
Dec 22 10:00:51 pf-wensi pfhttpd: Using configured statsd protocol: udp
Dec 22 10:00:51 pf-wensi pfhttpd: Using configuration set log level: INFO
Dec 22 10:00:51 pf-wensi pfhttpd: Activating privacy features... done.

------------------ Original ------------------
From: packetfence-users <pac...@li...>
Date: 周四,12月 21,2017 23:48
To: Julien Semaan <js...@in...>, packetfence-users <pac...@li...>
Cc: Yan <113...@qq...>
Subject: Re: [PacketFence-users] Why pfsso restarts itself recently ?

Hi Semaan,
My pf version is 7.3. My config file is as below. I just use syslog feature to send ip user mapping info to palo alto firewall. I don’t need to do sso via PF.

/usr/local/pf/conf/firewall_sso.con
[172.23.4.14]
transport=syslog
categories=default,employees
vsys=1
networks=172.0.0.0/8,10.97.0.0/16
port=443
cache_updates=0
username_format=$username
type=PaloAlto
cache_timeout=0

[172.22.3.13]
transport=syslog
categories=default,employees
vsys=1
networks=172.24.0.0/16
cache_timeout=0
port=443
cache_updates=0
username_format=$username
type=PaloAlto
#[192.168.1.254]
#type=FortiGate
#password=s3cr3t
#port=1813
#[192.168.1.253]
#type=PaloAlto
#key=
# Specific to the PaloAlto firewall , you must use a username and password to fetch the key to use (see PaloAlto documentation).

------------------ Original ------------------
From: Julien Semaan <js...@in...>
Date: 周四,12月 21,2017 23:36
To: Yan <113...@qq...>, packetfence-users <pac...@li...>
Subject: Re: [PacketFence-users] Why pfsso restarts itself recently ?

              I have a theory of what could be happening.

    Seems like the formatting of the usernames might be causing issues    with multiple firewalls which you do seems to have.

    Could you send me your /usr/local/pf/conf/firewall_sso.conf (with    obfuscated secrets obviously)

    Regards,

    -- Julien Sem...@in...  ::  +1 (866) 353-6153 *155  ::  www.inverse.caInverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence (www.packetfence.org)     

    On 2017-12-21 10:24 AM, Yan wrote:

          It’s the latest        version, V7.3.

                  ------------------            Original ------------------
                      From: Julien Semaan <js...@in...>
            Date: 周四,12月 21,2017 23:23
            To: packetfence-users              <pac...@li...>
            Cc: Yan <113...@qq...>
            Subject: Re: [PacketFence-users] Why pfsso              restarts itself recently ?

        Hi Yan,

        Could you provide your PacketFence version?

        Thanks

        -- Julien Sem...@in...  ::  +1 (866) 353-6153 *155  ::  www.inverse.caInverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence (www.packetfence.org)         

        On 2017-12-21 09:56 AM, Yan via          PacketFence-users wrote:

                                                            Hi                  Fabrice,

                Just                  after I sent out the mail, pfsso restarted again. I                  checked a long time to detect the exact stop time but                  not found any obvious log said pfsso stop. But I found                  below suspisious logs that might related to pfsso                  restart, and the time is very related to alert time.

                                  ------------------                    Original ------------------
                                      From: packetfence-users <pac...@li...>
                    Date: 周四,12月 21,2017 21:36
                    To: packetfence-users <pac...@li...>
                    Cc: Fabrice Durand <fd...@in...>
                    Subject: Re: [PacketFence-users] Why                      pfsso restarts itself recently ?

Hello Yan,

can you have a look in journalctl when pfsso restart                  ? (and give me the log please)

Regards

Fabrice

                Le 2017-12-21 à 08:26, Yan                  via PacketFence-users a écrit :

                                                                            Hi users,

                      Recently                          the pfsso service on our PF system always                          shutting down suddenly and then about one or                          two minutes it start again without any help.                          Below is our monitor log from zabbix. Why                          would pf restart pfsso automatically ? There's                          no issue with other features so I don't know                          if I should do anything ?

                      ------------------------------------------------------------------------------Check out the vibrant tech community on one of the world's mostengaging tech sites, Slashdot.org! http://sdm.link/slashdot                      

                      _______________________________________________PacketFence-users mailing lis...@li...://lists.sourceforge.net/lists/listinfo/packetfence-users                                        
                    -- Fabrice Dur...@in... ::  +1.514.447.4918 (x135) ::  www.inverse.caInverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence (http://packetfence.org)                   

              This body part will be downloaded on demand.              

              This body part will be downloaded on demand.