• Recent
  • Unsolved
  • Tags
  • Popular
  • Users
  • Groups
  • Search
  • Register
  • Login
  • Recent
  • Unsolved
  • Tags
  • Popular
  • Users
  • Groups
  • Search
  • Register
  • Login

FOG Client on a Mac

Scheduled Pinned Locked Moved
Mac Problems
3
15
3.4k
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • H
    hancocza
    last edited by Sep 15, 2017, 1:03 PM

    Hello,

    I have been trying to install the FOG Client on an iMac that I have running Sierra (10.12.6). It installs fine using the mono SmartInstaller.exe command without any switches. However, I need to specify that the client uses HTTPS for connections. I tried using the -h switch coupled with the --server= switch, but the installer fails at Pinning Server.

    As a work around on PCs, I edit the settings.json file to turn the https switch on. Trying to do that on a Mac so far has not been doable. The file is locked, even when trying to edit from root. I’m hoping to find a solution to this.

    My FOG Server is running 1.5.0 RC-9, client is the latest version.

    Thanks,
    Zach

    1 Reply Last reply Reply Quote 0
    • T
      Tom Elliott
      last edited by Sep 15, 2017, 2:19 PM

      Is your fogserver installed with the --force-https switch?

      Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG! Get in contact with me (chat bubble in the top right corner) if you want to join in.

      Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

      Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

      1 Reply Last reply Reply Quote 0
      • T
        Tom Elliott
        last edited by Sep 15, 2017, 2:20 PM

        Specifically:

        -S --force-https Force HTTPS for all comunication

        You would run:

        ./installfog.sh -Sy as needed.

        Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG! Get in contact with me (chat bubble in the top right corner) if you want to join in.

        Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

        Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

        1 Reply Last reply Reply Quote 0
        • H
          hancocza
          last edited by Sep 15, 2017, 2:24 PM

          Hey Tom,

          My FOG server setup is setup to use https. On PC the https switch works fine, have about 200 computers able to install it and communicate with the server. It’s when I try with the same switch on Mac that i have the issue. Granted, when installing on PC i use the MSI installer with switches, not the SmartInstaller.

          1 Reply Last reply Reply Quote 0
          • S
            Sebastian Roth Moderator
            last edited by Sebastian Roth Sep 17, 2017, 8:58 AM Sep 17, 2017, 2:55 PM

            @hancocza The HTTPS part of FOG/fog-client is still kind of new and not many people have used it so there might be an issue though the fog-client code is backed by a test framework. But let’s see what we can figure out first.

            • What OS/version is your FOG server running on?
            • Did you let FOG setup the apache config for you or did you set it up yourself?
            • Can you access http://x.x.x.x/fog/management/other/ca.cert.der using your browser (note this is a HTTP URL!)?

            Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

            Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

            H 1 Reply Last reply Sep 18, 2017, 12:25 PM Reply Quote 0
            • H
              hancocza @Sebastian Roth
              last edited by Sep 18, 2017, 12:25 PM

              @sebastian-roth I am running FOG on Ubuntu 16.04 LTS, Fog version is 1.5.0-RC9. I let FOG setup the apache config on it’s own using the https switch in the installer, but then afterwards I changed the hostname to reflect the FQDN of our server, not the IP Address. Also, I pointed the apache config to a different location for certificates for the Web GUI over SSL. I am also able to access the ca.cert.der file using http.

              1 Reply Last reply Reply Quote 0
              • S
                Sebastian Roth Moderator
                last edited by Sebastian Roth Sep 18, 2017, 8:28 AM Sep 18, 2017, 2:27 PM

                @hancocza said in FOG Client on a Mac:

                Also, I pointed the apache config to a different location for certificates for the Web GUI over SSL.

                Well, that is an issue I suppose. The CA (cert) you use does not have the “FOG CA” string in it that the client looks for… The SSL implementation of FOG is made to work out of the box as a self-signed piece but we haven’t made it ready for businesses having their own CA yet. Which cert is your ca.cert.der, it’s that of your company, right?

                Changing the settings.json is a nice hack on windows but I think we should get it right in the first place.

                Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

                Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

                H 1 Reply Last reply Sep 18, 2017, 2:36 PM Reply Quote 0
                • H
                  hancocza @Sebastian Roth
                  last edited by Sep 18, 2017, 2:36 PM

                  @sebastian-roth
                  I only use the CA for the Web GUI. I edited the etc\apache2\sites-enabled\001fog file to point to my company’s CA Cert. The ca.cert.der is still fog’s original cert, which i left in place because at the start of my switch to SSL, moving them caused issues with the SSL version of FOG Client. When I left the original certificates in place and edited the 001fog.conf file to point to the custom ones instead, the client works with SSL. On Windows, I no longer have to change the settings.json file, installing it with the switches works. It’s just on Mac OS that it doesn’t work with the switches.

                  1 Reply Last reply Reply Quote 0
                  • S
                    Sebastian Roth Moderator
                    last edited by Sep 18, 2017, 6:05 PM

                    @hancocza From my point of view (not being the original developer of the fog-client code) I’d say that the usual way in SSL terms would be to generate a so called sub CA and let that be signed from your main company CA. Put that sub CA certificate and key in the right places, re-run the installer and let it create webserver cert and key from that “custom” sub CA. What you’d have to take care of when generating that sub CA is that it has the correct issuer and subject string:

                    openssl x509 -in /var/www/fog/management/other/ca.cert.pem -text -noout
                    Certificate:
                        Data:
                            Version: 3 (0x2)
                            Serial Number:
                                b2:19:a9:4d:35:bd:a6:f7
                        Signature Algorithm: sha512WithRSAEncryption
                            Issuer: CN=FOG Server CA
                            Validity
                                Not Before: Feb  3 21:17:05 2017 GMT
                                Not After : Feb  1 21:17:05 2027 GMT
                            Subject: CN=FOG Server CA
                            Subject Public Key Info:
                                Public Key Algorithm: rsaEncryption
                                    Public-Key: (4096 bit)
                    ...
                    

                    Note that CN=FOG Server CA.

                    I’ll try to look into testing the fog-client on a Mac OS machine I have access too sometimes. But can’t promise when that will be.

                    Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

                    Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

                    H 1 Reply Last reply Sep 18, 2017, 6:34 PM Reply Quote 0
                    • H
                      hancocza @Sebastian Roth
                      last edited by Sep 18, 2017, 6:34 PM

                      @sebastian-roth said in FOG Client on a Mac:
                      No rush, I leave for a two week vacation tomorrow and it’s not a immediate issue. Thanks!

                      1 Reply Last reply Reply Quote 0
                      • S
                        Sebastian Roth Moderator
                        last edited by Sep 18, 2017, 7:34 PM

                        @hancocza Are you able to create a proper sub CA at all?

                        Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

                        Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

                        H 1 Reply Last reply Sep 19, 2017, 12:29 PM Reply Quote 0
                        • H
                          hancocza @Sebastian Roth
                          last edited by Sep 19, 2017, 12:29 PM

                          @sebastian-roth I’m not sure how to do that. We’ve talked about it before on this forum, re-rolling the client, but then i found if i leave the certs that the client looks for in their normal place, and then use the company’s certs for just the web server, it works fine, at least for PC clients which is a majority of what we have. Because of that and the fact that we only have like 5 iMacs, I haven’t really messed with it.

                          1 Reply Last reply Reply Quote 0
                          • S
                            Sebastian Roth Moderator
                            last edited by Sep 19, 2017, 7:49 PM

                            @hancocza Looking into this in more detail I found out that our current fog-client is not able to handle sub/intermediate CAs. Although this would be the proper way to integrate custom CAs we can’t do this yet.

                            So back to your problem I reckon that your company CA cert is not known in the Mac OS X mono keychain and that’s why pinning fails. Did you import the CA cert to your Windows install? Should do this in Mac OS X as well.

                            Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

                            Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

                            H 1 Reply Last reply Sep 20, 2017, 1:54 AM Reply Quote 0
                            • H
                              hancocza @Sebastian Roth
                              last edited by Sep 20, 2017, 1:54 AM

                              @sebastian-roth I didn’t import it on any installs that I’ve done. It always just installs the certificate that is on the server. I believe it’s called srvpublic or something like that, in the SSL folder.

                              1 Reply Last reply Reply Quote 0
                              • S
                                Sebastian Roth Moderator
                                last edited by Sebastian Roth Sep 20, 2017, 1:24 AM Sep 20, 2017, 7:16 AM

                                @hancocza Most probably your windows PCs have the CA certificate (imported) that was used to sign the other certificates. To be more concrete - the .NET keystore has the right CA cert to verify the other certs. But probably the Mac OS X mono keystore doesn’t!

                                Edit: Which version of mono did you install and which version of Mac OS X do you use?

                                Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

                                Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

                                1 Reply Last reply Reply Quote 0
                                • 1 / 1
                                1 / 1
                                • First post
                                  13/15
                                  Last post

                                155

                                Online

                                12.0k

                                Users

                                17.3k

                                Topics

                                155.2k

                                Posts
                                Copyright © 2012-2024 FOG Project