Active Directory after image deployment not working.
-
@astrugatch On the one hand side this is a great idea! You just need to keep in mind that if you install FOG with HTTPS the generated certificate will have the IP address as common name (CN) and the current FOG client is not happy connecting to the hostname then. Just something I stumbled upon recently and thought I might share this here just in case.
-
@Sebastian-Roth
Good to know. I’m using FOG with HTTP so it hasn’t been an issue (I’ve moved it several times as virtual environments shifted). It might be worth looking into adding a feature in the installer to ask for the DNS name of the machine so it can generate the cert with that as the CN rather than the machine’s IP. -
@astrugatch When it asks for the IP Address, I believe it validates that it is actually an IP (from the FOG Installer.)
That said, a neat trick you can do, however, is one the
/opt/fog/.fogsettingsis generated, modify theipaddress="<ip>"line to use your hostname. It should use that information for the public certificate generation. -
If I change that setting how do I force it to generate a new cert? Do I just run the installer again?
-
@astrugatch Yes, as it’s signed by the CA, it shouldn’t have any issues. Though you may need to have it initially recreate the private cert as it likely created it using the IP. Just a good to know thing for the future. (Particularly on fresh installs.) It would mean, however, that you’d have to update all your clients which could prove problematic in general.
Could be simpler just to remove the IP checking during fresh install. Or, maybe we could add a Hostname item as an inline option (or add to the /opt/fog/.fogsettings file of course) the builds a cert using the IP and allows an alternate name within the cert using the hostname.
Of course this is just thoughts being spewed out sorry.
-
-
I can always deploy a new client via GroupPolicy so that doesn’t scare me from making the change. I’ll probably hold off for now only because it’s not a huge issue to stay on http for me.
I think adding a hostname item would be great and it would make FOG much more portable and secure to make https the default
-
@Sebastian-Roth
I saw the change in GitHub but didn’t dig too deep. If you fill out these values during a clean setup does it make default FOG to https? -
@astrugatch said in Active Directory after image deployment not working.:
If you fill out these values during a clean setup does it make default FOG to https?
What do you mean by that? What values? Clean setup?
-
If I am installing FOG for the first time (as opposed to upgrading) and I enter the DNS name as part of the new installer and having the CA generate a cert with the DNS/hostname does HTTPS become the default.
-
@astrugatch said in Active Directory after image deployment not working.:
If I am installing FOG for the first time (as opposed to upgrading) and I enter the DNS name as part of the new installer and having the CA generate a cert with the DNS/hostname does HTTPS become the default.
Ahh, now I get you. No haven’t changed the default to be HTTPS as it would involve compiling the iPXE binaries as well. Think that is the next step. I will consider removing the iPXE binaries from the repo and simply rely on compiling them on each install altogether. iPXE code is usually fairly stable. What do you think @Tom-Elliott ?
