Open kartoflarz opened 6 years ago
It looks to be a dns issue. We probably have to raise TTL when the device ask for the fqdn of the portal.
After investigation the ttl returned by pfdns is set to 0 (too short). The fix will be to set a ttl of 60s when the device ask for the fqdn of the portal.
OK, the ttl fix is in maintenance, you can run pf-maint.pl to fetch the new pfdns binary and make a try.
Thank you for your help. For now I can't do that. We are in full swing of very important event for 600 participants :) I wish I could tell you for which huge international organization I work for, you would be impressed where Packetfence is used :) I'll get back to that later and make a test. Thank you very much.
Hello, again. Finally I have some time to check it. I made a fresh install of pf 8.1. Did you fix it in that version ? Because it's the same, still doesn't work. Or should I fallow with you instruction above ?
Is it go/coredns/plugin/pfdns/pfdns.go from the list ? How to patch only that one file ? :)
The following are going to be patched addons/pf-maint.pl conf/haproxy-db.conf.example conf/monitoring/statsd.d/packetfence.conf.example conf/radiusd/eduroam.example conf/radiusd/packetfence-cli.example conf/radiusd/packetfence-tunnel.example conf/radiusd/packetfence.example conf/realm.conf.defaults conf/systemd/packetfence-httpd.aaa.service conf/systemd/packetfence-httpd.admin.service conf/systemd/packetfence-httpd.collector.service conf/systemd/packetfence-httpd.parking.service conf/systemd/packetfence-httpd.portal.service conf/systemd/packetfence-httpd.proxy.service conf/systemd/packetfence-httpd.webservices.service debian/rules go/api-frontend/aaa/authorization.go go/api-frontend/aaa/authorization_test.go go/coredns/plugin/pfdns/pfdns.go go/db/db.go go/dhcp/config.go go/dhcp/main.go go/dhcp/pool.go go/dhcp/rawClient.go go/dhcp/server.go go/dhcp/serverif.go go/dhcp/utils.go go/vendor/vendor.json html/captive-portal/lib/captiveportal/PacketFence/Controller/DeviceRegistration.pm html/captive-portal/lib/captiveportal/PacketFence/Controller/WirelessProfile.pm html/captive-portal/lib/captiveportal/PacketFence/DynamicRouting/Application.pm html/captive-portal/lib/captiveportal/PacketFence/DynamicRouting/Module/Authentication.pm html/captive-portal/lib/captiveportal/PacketFence/DynamicRouting/Module/Authentication/Login.pm html/captive-portal/lib/captiveportal/PacketFence/DynamicRouting/Module/Authentication/Null.pm html/captive-portal/lib/captiveportal/PacketFence/DynamicRouting/Module/Choice.pm html/captive-portal/lib/captiveportal/PacketFence/DynamicRouting/Module/TLSEnrollment.pm html/captive-portal/lib/captiveportal/PacketFence/Form/Authentication.pm html/captive-portal/lib/captiveportal/Role/MultiSource.pm html/captive-portal/templates/wireless-profile-tls.xml html/pfappserver/lib/pfappserver/Form/Config/Profile.pm html/pfappserver/lib/pfappserver/Form/Config/Provisioning/mobileconfig.pm html/pfappserver/lib/pfappserver/Form/Config/Source/Eduroam.pm html/pfappserver/lib/pfappserver/Form/Config/Source/SMS.pm html/pfappserver/lib/pfappserver/Form/Node/Create/Import.pm html/pfappserver/lib/pfappserver/Model/Services.pm html/pfappserver/lib/pfappserver/PacketFence/Controller/Node.pm html/pfappserver/root/graph/dashboard.tt html/pfappserver/root/node/search.tt html/pfappserver/root/pfqueue/cluster.tt html/pfappserver/root/pfqueue/index.tt html/pfappserver/root/pfqueue/stats.inc lib/pf/Authentication/Source/SMSSource.pm lib/pf/Authentication/Source/TwilioSource.pm lib/pf/ConfigStore/Source.pm lib/pf/Switch.pm lib/pf/Switch/ArubaSwitch.pm lib/pf/Switch/Brocade.pm lib/pf/Switch/Cisco/Catalyst_2950.pm lib/pf/Switch/Cisco/WLC.pm lib/pf/Switch/HP/Controller_MSM710.pm lib/pf/Switch/ThreeCom.pm lib/pf/Switch/Ubiquiti/Unifi.pm lib/pf/UnifiedApi.pm lib/pf/UnifiedApi/SearchBuilder/Nodes.pm lib/pf/accounting.pm lib/pf/api/can_fork.pm lib/pf/constants/syslog.pm lib/pf/dhcp/processor_v4.pm lib/pf/factory/condition/access_filter.pm lib/pf/fingerbank.pm lib/pf/lookup/person.pm lib/pf/parking.pm lib/pf/radius.pm lib/pf/registration.pm lib/pf/role.pm lib/pf/services/manager/netdata.pm lib/pf/task/person_lookup.pm lib/pf/util/webapi.pm lib/pf/web/util.pm lib/pfconfig/namespaces/FilterEngine/AccessScopes.pm lib/pfconfig/namespaces/config/Pf.pm lib/pfconfig/namespaces/interfaces.pm lib/pfconfig/namespaces/resource/network_config.pm raddb/mods-config/perl/packetfence-multi-domain.pm raddb/policy.d/packetfence
@kartoflarz
sbin/pfdns
is a compiled binary so it won't appear in this list but when you apply pf-maint, you'll have the option of patching the binaries in a second step.
You can know something was changed in pfdns (and thus its binary), by seeing the following file has been changed: go/coredns/plugin/pfdns/pfdns.go
Hope that helps
OK, patches applied. Only one error on one pach but not ralated to my problem i think (I use Centos 7):
Now time for testing on laptops and phones. I'll let you know soon.
Ok, all seems to be good. What now ? Will you add that option to stable realease ? Do I have patch each new installation ? Thanku you.
This will indeed be in the next official stable release (8.2)
Helo,
I would like to share “bugs” which I’ve experienced with the version 8.0.1. I was using version 6.5 with works perfect. Now I’m trying to migrate to version 8.0.1 but it doesn’t seem to work well.
My implementation is inline with 2 inside vlans (inline mode) and outside eth0 interface (management). I’ve tried fresh installation on Centos 7 and the ZEN version, both shows the same 2 problems which I noticed:
I think that this is something related to DNS, apache service?
Sory if descriptions are not in details, just want to let you know about the problems in inline mode. Need to go back to 6.5 which works excellent in inline mode.