Client not authenticating

virtualdxs

The client seems to not even want to authenticate to the server. Client is RHEL7, fully updated, as is the server. Client is on Mono 5.18.1.0 installed using the instructions from the wiki.

I don’t even know where to begin; the log is full of errors. This excerpt seems to cover most of it:

------------------------------------------------------------------------------^M
----------------------------------UserTracker---------------------------------^M
------------------------------------------------------------------------------^M
 3/19/2019 12:17 PM Client-Info Client Version: 0.11.16^M
 3/19/2019 12:17 PM Client-Info Client OS:      Linux^M
 3/19/2019 12:17 PM Client-Info Server Version: 1.5.5^M
 3/19/2019 12:17 PM Middleware::Response ERROR: Unable to get subsection^M
 3/19/2019 12:17 PM Middleware::Response ERROR: Object reference not set to an instance of an object^M
 3/19/2019 12:17 PM Service Sleeping for 112 seconds^M
 3/19/2019 12:19 PM Middleware::Communication URL: http://fog.pe111.pelb/fog/management/index.php?sub=requestClientInfo&configure&newService&json^M
 3/19/2019 12:19 PM Middleware::Response Success^M
 3/19/2019 12:19 PM Middleware::Communication URL: http://fog.pe111.pelb/fog/management/index.php?sub=requestClientInfo&mac=00:50:56:85:D5:A6&newService&json^M
 3/19/2019 12:19 PM Middleware::Authentication Waiting for authentication timeout to pass^M
 3/19/2019 12:19 PM Middleware::Communication Download: http://fog.pe111.pelb/fog/management/other/ssl/srvpublic.crt^M
 3/19/2019 12:19 PM Middleware::Authentication ERROR: Could not authenticate^M
 3/19/2019 12:19 PM Middleware::Authentication ERROR: Value cannot be null.
Parameter name: authority^M
 3/19/2019 12:19 PM Middleware::Response Success^M
 3/19/2019 12:19 PM Middleware::Communication URL: http://fog.pe111.pelb/fog/service/getversion.php?clientver&newService&json^M
 3/19/2019 12:19 PM Middleware::Communication URL: http://fog.pe111.pelb/fog/service/getversion.php?newService&json^M
^M
 3/19/2019 12:19 PM Service Creating user agent cache^M
 3/19/2019 12:19 PM Middleware::Response ERROR: Unable to get subsection^M
 3/19/2019 12:19 PM Middleware::Response ERROR: Object reference not set to an instance of an object^M
 3/19/2019 12:19 PM Middleware::Response ERROR: Unable to get subsection^M
 3/19/2019 12:19 PM Middleware::Response ERROR: Object reference not set to an instance of an object^M
 3/19/2019 12:19 PM Middleware::Response ERROR: Unable to get subsection^M
 3/19/2019 12:19 PM Middleware::Response ERROR: Object reference not set to an instance of an object^M
^M

How can I fix this?

Sebastian Roth

@virtualdxs This is caused by a faulty certificate store in the Mono installation on your client. For a little bit more information read through this and the linked topics in that thread as well: https://forums.fogproject.org/topic/13000/fog-client-on-centos-can-t-authenticate-not-working

I am aware of this being a real issue but I can’t seem to find the time to work myself into this and get it fixed properly.

virtualdxs

I highly doubt I could get my boss to approve running a 5-year-old version of Mono to get this working. I would like to second the idea that a native client is far better, but I can live with Mono if I can at least use the latest stable version.

I was considering using Puppet/Bolt to handle hostnames, reboots, etc. but Puppet has no way to automatically provision and deprovision as would be needed for this.

Sebastian Roth

@virtualdxs I dislike the idea of having to use an old Mono version just as well. But seems like we have to put some work into this to get the fog-client fixed to run with newer versions. The original developer of this piece of FOG is not with us anymore and so we as a whole FOG community are left to it. I have done a little bit of work on this part of the code in the past but working this one out will take considerable more time and effort - time which I have not found in the last two weeks! Would be great to see other people joining in so we could work on this together.

Sebastian Roth

@virtualdxs After some intense digging I may have found out how to fix the issue, though I am still not absolutely sure why this fails on some Mono installations but works on others and on Windows. Seems like newer Mono versions do some more validity checking on the certificates that are in the store and don’t return the FOG CA certificate for us. I found a quick way to read the full certificate store and manually match the one we are looking for. That’s not a perfect solution but it’s enough to give it a try and see if I am on the right track with this. I tested this on CentOS 7 and it works with a fixed fog-client library. See below.

Download Zazzles_fixed_Linux.dll, stop FOGService (systemctl stop FOGService), rename /opt/fog-service/Zazzles.dll and put the new Zazzles.dll in place. Then start the FOGService again and watch the log.

Edit: Fixed the path…

virtualdxs

That patch fixed it on my box. Thanks! Will this make it into mainline anytime soon?

Sebastian Roth

@virtualdxs Definitely will make it into the official build as soon as I find a bit more time to properly fix this.