@Alois Please try the following commands:

sudo su - apt-get install php7.2-mysql phpenmod mysqli systemctl restart apache2 systemctl restart php7.2-fpm

@JB2019 please paste the contents of your install log. it should be located, from the base directory of the install files, in /bin/error_logs/foginstall.log

Another solution is to have a fog snapin schedule a PDQ Deploy package or packages. That snapin would run at the end of the deployment process to trigger PDQ Deploy to push out what ever is in the package group. You would also setup PDQ Deploy for on demand application pushes. This method will require the paid for version of PDQ Deploy but the paid for version is well worth the price because of the additional features you get over the free version.

@processor said:

Hi Sebastien, I just did the test again and put the new ini files create the FTP error and put back the original 1.5.5 ini file correct it.

So are you saying that using the 1.5.6 inits is causing the FTP issue but using the 1.5.5 inits you don’t get the FTP error but the UUID issue?!??!

Well we changed the FTP username from fog to fogproject from 1.5.5 to 1.5.6 but that is not hardcoded in the inits and shouldn’t cause this issue I think. You might still try updating to 1.5.6 to see if that fixes the problem.

@Sebastian-Roth Thank you very much. It worked. Now everything is ok.

@Pi0tR Nice find! It’s interesting it states “Invalid TCP packet for current connection state” as this is the first packet (only SYN flag) of a TCP three way handshake and therefore surely the connection does not exist yet.

@ianabc Had a bit more time to look into this now. You have missed one important point here. You need to manually create a new TaskType (web UI -> main menu -> TaskTypes -> Create New Task Type) and name that trusty-install - exactly the name of the task that is used in lib/hooks/boottask.hook.php (line 73). As soon as you’ve created this task type you should see it in Host -> Basic Tasks (or Host -> Basic Tasks -> Advanced Tasks if you’ve checked the “Is Advanced” checkbox when creating it!).

Now you can schedule this task type for any client or group and when it boots up it uses the arguments you set in lib/hooks/boottask.hook.php (line 83 to 93). But only if the names match. So if you name your new task bababoo you need to have that in your lib/hooks/boottask.hook.php line 73 as well.

@Pi0tR Lets start a new thread since your issues are different at this point. New topic - new problem.

@Miodog This is for 1.5.5 version.
But you can do a workaround:

go to FOG_DIRECTORY/lib/plugin/ldap/hooks Do a copy of ldappluginhook.hook.php #cp ldappluginhook.hook.php ldappluginhook.hook.php.ori Lets go to edit one line of the code: # vim ldappluginhook.hook.php /** * Sets our user type to filter from user list * * @param mixed $arguments the item to adjust * * @return void */ public function setTypeFilter($arguments) { $arguments['types'] = array(990,991); } Change the line: $arguments['types'] = array(990,991);

To:

$arguments['types'] = array(991);

With this change you can see the local users and LDAP admin users

@george1421 Nice work George!!

@barachd Have you read my post about there being a bug within the Linux client implementation. See further down in this topic.

I guess what do you mean nothing happens?

Do you see it transfer vmlinuz ?
Is vmlinuz in /tftpboot/os/lubuntu directory?

If the menu is executing correctly it should transfer both vmlinuz and initrd.lz. It might not boot, but it should transfer the files.

If the menu is not executing at all, did you remember to fill out the description field in the ipxe menu config for that ipxe entry?

Thanks All!..

Solution has worked perfectly!

Hello @Fernando-Gietz,

thanks for the awesome help and support, it works now as needed.

Is there something I should be aware or edit in our openLDAP implementation to make the plugin work correctly without editing the /var/www/[html/]fog/lib/plugin/ldap/class/ldap.class.php file?

Ciao,
Antonio

@Sebastian-Roth It appears the UEFI Network boot selection is not available. Only the PXE option from Legacy works.

Amidst me trying to load different pxe binaries onto the server, I rm -rf /*'ed in root, so I destroyed the server by accident. Just made a new one and thankfully I have a PC with the existing image in tact with no modifications.

Is there a more in-depth guide to setting iPXE binaries? I was messing around with custom fog.local parameters using all sorts of iPXE commands I found on their site. It’s definitely getting the changes, but I can’t tell if it can’t load the bootloaders or if it the bootloaders can’t find windows.

Good evening, I’m configuring the FOG Project on several remote networks and so far it’s been a success.
I did the FOG Master in a DMZ network and in the other distinct networks I did the FOG Storage doing the replication of all the images of machines inside the FOG Storage.
The boot checks the FOG Master the PXE and after that it does the entire cloning process inside the network itself, thus avoiding bandwidth consumption and competition with other services.

@george1421 Thank you very much for the help, and surprised by the quick response that great work do you congratulations.

@andrewhancock91 yes

@mpmackenna said in Unable to build FOS:

Unfortunately, that is the only output I receive. The screen just hangs with the print statement displayed and never progresses past that statement.

Well that’s a perfect start to get into debugging where exactly it hangs. Simply add more of those efi_printk further down that function and possibly as well in sub functions called by efi_main. In other models we often saw issues with PCI initialization. You’ll see that code a bit further down.

@astrugatch Thanks for pointing us to JAMF as example for CA/cert management with clients. It’s been a while but I had this on my list of things to do/check and now I got to it.

JAMF can be setup to use different CAs/certs: https://docs.jamf.com/10.0.0/jamf-pro/administrator-guide/PKI_Certificates.html

That page led me to the so called Simple Certificate Enrollment Protocol (SCEP) which does handle some of the things that come with certificates. But the initial problem of establishing a CA trust is still the same - described in section 5.5:

Before any transaction begins, end entities have to get the CA (and possibly RA) certificate(s) first. Since the requester may have no CA certificates or CA public keys at all, this message can not be encrypted and the response must be authenticated by out-of-band means.
[…]
If the requester does not have a certificate path to a trusted CA certificate, this fingerprint may be used to verify the certificate, by some positive out-of-band means, such as a phone call.

Let’s assume the situation where the clients already trust the built-in self-signed FOG server certificate. We could use that to establish a trusted communication channel and send the new CA certificate to the clients and tell them to install and trust it. Definitely a possible route. But what about clients that are switched off at that moment? We would need allow clients to use both CA trusts over a period of time till all of them have moved to the new one. This is definitely possible but complex to implement and I wouldn’t find the time although I find it interesting and challenging.

Trying to digg a little deeper if and how JAMF has solved the above mentioned trust problem when moving from one CA to another I found those notes in the manual:

Note: By default, Jamf Pro uses the signing and CA certificates for the Jamf Pro built-in CA. You must replace these certificates with the ones for the external CA when you initially set up the integration.

and

Note: If you need to make changes to your organizational or third-party CA in Jamf Pro, it is recommended that you contact your Jamf account representative. Changes to the PKI could lead to re-enrolling the mobile devices in your environment.

Now let’s look at the other situation where no clients have been pinned to the FOG server yet. If you re-compile the client to check on a different name in the CA cert you can happily use external CA certs without an issue.