AD join works with legacy client fails with new client

Joseph Hales · Nov 28, 2017, 2:40 PM

Running Version 1.4.4
SVN Revision: 6077 (checkout says 6078 but management page still says 6077)
Ubuntu Server 14.04.3 all updates current
Client
Windows 10 running FOG client
[Log Follows]

11/28/2017 1:40 PM Main Overriding exception handling
 11/28/2017 1:40 PM Main Bootstrapping Zazzles
 11/28/2017 1:40 PM Controller Initialize
 11/28/2017 1:40 PM Controller Start

 11/28/2017 1:40 PM Service Starting service
 11/28/2017 1:40 PM Bus Became bus server
 11/28/2017 1:40 PM Bus Emmiting message on channel: Status
 11/28/2017 1:40 PM Service Invoking early JIT compilation on needed binaries

------------------------------------------------------------------------------
--------------------------------Authentication--------------------------------
------------------------------------------------------------------------------
 11/28/2017 1:40 PM Client-Info Version: 0.11.12
 11/28/2017 1:40 PM Client-Info OS:      Windows
 11/28/2017 1:40 PM Middleware::Authentication Waiting for authentication timeout to pass
 11/28/2017 1:40 PM Middleware::Communication Download: http://10.200.10.150/fog/management/other/ssl/srvpublic.crt
 11/28/2017 1:40 PM Data::RSA FOG Server CA cert found
 11/28/2017 1:40 PM Middleware::Authentication Cert OK
 11/28/2017 1:40 PM Middleware::Communication POST URL: http://10.200.10.150/fog/management/index.php?sub=requestClientInfo&authorize&newService
 11/28/2017 1:40 PM Middleware::Response Success
 11/28/2017 1:40 PM Middleware::Authentication Authenticated


 11/28/2017 1:40 PM Middleware::Communication URL: http://10.200.10.150/fog/management/index.php?sub=requestClientInfo&configure&newService&json
 11/28/2017 1:40 PM Middleware::Response Success
 11/28/2017 1:40 PM Middleware::Communication URL: http://10.200.10.150/fog/management/index.php?sub=requestClientInfo&mac=D8:9E:F3:10:F0:96&newService&json
 11/28/2017 1:40 PM Middleware::Response Success
 11/28/2017 1:40 PM Middleware::Communication URL: http://10.200.10.150/fog/service/getversion.php?clientver&newService&json
 11/28/2017 1:40 PM Middleware::Communication URL: http://10.200.10.150/fog/service/getversion.php?newService&json

 11/28/2017 1:40 PM Service Creating user agent cache
 11/28/2017 1:40 PM Middleware::Response Invalid time
 11/28/2017 1:40 PM Middleware::Response No Printers
 11/28/2017 1:40 PM Middleware::Response Module is disabled globally on the FOG server
 11/28/2017 1:40 PM Service Initializing modules

------------------------------------------------------------------------------
---------------------------------ClientUpdater--------------------------------
------------------------------------------------------------------------------
 11/28/2017 1:40 PM Client-Info Client Version: 0.11.12
 11/28/2017 1:40 PM Client-Info Client OS:      Windows
 11/28/2017 1:40 PM Client-Info Server Version: 1.4.4
 11/28/2017 1:40 PM Middleware::Response Success
------------------------------------------------------------------------------


------------------------------------------------------------------------------
----------------------------------TaskReboot----------------------------------
------------------------------------------------------------------------------
 11/28/2017 1:40 PM Client-Info Client Version: 0.11.12
 11/28/2017 1:40 PM Client-Info Client OS:      Windows
 11/28/2017 1:40 PM Client-Info Server Version: 1.4.4
 11/28/2017 1:40 PM Middleware::Response Success
------------------------------------------------------------------------------


------------------------------------------------------------------------------
--------------------------------HostnameChanger-------------------------------
------------------------------------------------------------------------------
 11/28/2017 1:40 PM Client-Info Client Version: 0.11.12
 11/28/2017 1:40 PM Client-Info Client OS:      Windows
 11/28/2017 1:40 PM Client-Info Server Version: 1.4.4
 11/28/2017 1:40 PM Middleware::Response Success
 11/28/2017 1:40 PM HostnameChanger Checking Hostname
 11/28/2017 1:40 PM HostnameChanger Hostname is correct
 11/28/2017 1:40 PM HostnameChanger Attempting to join domain
 11/28/2017 1:40 PM HostnameChanger Logon failure: unknown username or bad password, code =  1326
------------------------------------------------------------------------------

Note older windows 7 machines running the legacy client do not show this error.

Joseph Hales · Nov 28, 2017, 8:57 PM

@Joe-Schmitt @Sebastian-Roth ok entered the ad password again for the new client cleared and re checked it for the problematic host and it is now working. When the new client first came out was the entry always plain text or did that get added in a later SVN maybe i had it encrypted from before?

Sebastian Roth · Nov 28, 2017, 7:53 PM

@joseph-hales said in AD join works with legacy client fails with new client:

Logon failure: unknown username or bad password, code = 1326

Well the message seems pretty clear. I know you are saying that it works with the legacy client but possibly there is some kind of special character in your password that was not escaped in the legacy client but is now in the new fog-client?! Just an idea.

Sebastian Roth · Nov 28, 2017, 7:54 PM

@joseph-hales said in AD join works with legacy client fails with new client:

Middleware::Response Invalid time

This is the other thing I noticed. Though I don’t know all the client code this kind of sounds like there could be a time mismatch between Windows server (AD) and client?!

Joseph Hales · Nov 28, 2017, 2:26 PM

@Sebastian-Roth Both client, fog server, and domain controller time settings match including time zone. My server password isn’t unusually exotic it is just Uppercase and lower case letters and numbers no special characters.

Joe Schmitt · Nov 28, 2017, 2:41 PM

@Sebastian-Roth @Joseph-Hales theinvalid time comes from creating the user-cache, specifically the auto log out time.

The client logs show the error:

11/28/2017 1:40 PM HostnameChanger Logon failure: unknown username or bad password, code = 1326

So the credentials are not set correctly on the server. A couple ideas:

Is the AD password field for the new client filled in (the legacy client uses a different field)
Are you placing the FOGCrypt version of the password in field? The new client does NOT use FOGCrypt, and the password should be entered plain-text.

If you are sure both are correct, I can provide instructions how to use the client’s debugger to find the exact issue.

Joseph Hales · Nov 28, 2017, 8:57 PM

@Joe-Schmitt @Sebastian-Roth ok entered the ad password again for the new client cleared and re checked it for the problematic host and it is now working. When the new client first came out was the entry always plain text or did that get added in a later SVN maybe i had it encrypted from before?

Joe Schmitt · Nov 28, 2017, 9:08 PM

@Joseph-Hales the new client always shipped with plain text passwords as the security model is fundamentally different.

AD join works with legacy client fails with new client

166

12.0k

17.3k

155.2k