FOG client on CentOS can't authenticate/not working
-
I see the same problem on Fedora 27, which uses the same mono repo as CentOS 7.
-
@mechalas You’ve probably searched the forums and found similar posts like this: https://forums.fogproject.org/topic/10788/authentication-error-could-not-authenticate-value-cannot-be-null
We see this happing with broken Mono certificate stores. Try uninstalling the client, removing Mono and installing an older Mono build, and then installing the client.
-
@Sebastian-Roth Nope, I was searching on other terms and hadn’t seen this one yet.
I’ll give it a shot.
-
@mechalas Keeping my fingers crossed you can solve it this way. Our fog-client developer has talked about hoping to fix this issue by using different means of storing the certificates on the client but he’s way to busy to work on this project and I am fairly sure a new fog-client version with such a huge change won’t come any time soon. Just so you know.
-
Doing a build from source (or will, once I get the proxy server issues resolved with the build package). Will post an update when I have one.
Having a native client, or at least one written in a high-level language that’s native to Linux, would be nice. Is there a spec for the client API?
-
@mechalas What high-level language have you got in mind? I’d think that re-implementing the whole client is a lot more work than trying to fix work around the certificate store stuff.
-
@Sebastian-Roth Probably Python since it has widespread support. Honestly, I don’t even need the full client. I just need the host renamer and the task manager for scheduling reboots. (And I can survive without the latter. I am using Fog in a small lab environment with only a few dozen clients).
I tried a source build of Mono 3.10 which is the version mentioned in the links above but the source build failed on a missing symbol that is internal to the mono package which was not encouraging. Deep dives into mono source builds is not where I want to be spending my time.
Is it possible to just fix the cert store by copying it from a working Ubuntu system? I know very little about mono.
-
@mechalas I can see where you are headed and I do agree that digging much deeper into building Mono from source can be a huge drain of time and effort without knowing the outcome.
There is no full API/call documentation on the client-server communication but the full source code of fog-client and it’s library (called zazzles) is available as reference implementation. But I’d guess it’s just as much a huge effort to get this implemented.
Should we try and focus on fixing the cert store issue? Although it might need a little more effort for you to get into .NET language it’s still way easier than building a new client from scratch I reckon.
I will try to contact the main fog-client developer to get some hints on the exact cert store issue and maybe find some more time to work with you on fixing this. I have done a little bit of fog-client development and know come of the culprits. So I guess we can get to fix this.
-
I am an experienced C# developer so .NET isn’t the hangup. I just prefer solutions that are natively supported by the environment they run in. There is less complexity, and less complexity means fewer problems such as this one.
That being said, I’d rather get this working on mono since that’s what’s currently distributed and supported. So, yes, any hints the client developer might have would be greatly appreciated.
-
@mechalas Sorry for the long delay. Took a fair while till I found the time to work on this for a couple of hours straight. After some intense digging I may have found out how to fix the issue, though I am still not absolutely sure why this fails on some Mono installations but works on others and on Windows.
Seems like newer Mono versions do some more validity checking on the certificates that are in the store and don’t return the FOG CA certificate for us. I found a quick way to read the full certificate store and manually match the one we are looking for. That’s not a perfect solution but it’s enough to give it a try and see if I am on the right track with this. I tested this on CentOS 7 and it works with a fixed fog-client library. See below.
Download Zazzles_fixed_Linux.dll, stop FOGService (
systemctl stop FOGService
), rename /opt/fog-service/Zazzles.dll and put the new Zazzles.dll in place. Then start the FOGService again and watch the log.Edit: Fixed the path…
-
Thanks, @Sebastian-Roth. I will try this out.
-
This worked! Thank you so much for the debugging and the resolution.
FOG has been a huge boon to our lab, and getting this last, niggling issue resolved is very much appreciated.
-
@mechalas Thanks for testing and reporting back! Feeling relieved that we have this one nailed down as I had expected it to be a way bigger mess when I started to work on this.
Though still I need to figure out why the normal cert store Find function wouldn’t return the FOG certificates. You said you know C#. Do you think you’d find a bit of time to help investigate on the root cause of this? I can send you a code sample that is very easy to build. It’s help me a lot as I probably won’t get to dig into this again myself in the next couple of days and I’d love to get this finished and properly fixed.
-
@Sebastian-Roth I just realized I never responded to this. Ooops!
I would be happy to look at this if you are still up for it.
-
@mechalas Nice to see you’re still around! I remember having looked into this for quite a while but then decided I’d just use the cert store search as implemented to fix this. It’s working great and I don’t see any drawbacks. We have moved forward and released new fog-client versions since then.
Nevertheless there are new things to look at and figure out. It would be really great if you’d help us on the fog-client.