• Recent
    • Unsolved
    • Tags
    • Popular
    • Users
    • Groups
    • Search
    • Register
    • Login

    AD credentials disappears

    Scheduled Pinned Locked Moved Solved
    FOG Problems
    2
    8
    569
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • K
      kAs1m
      last edited by

      Hello! I’m trying to automate the process of joining into domain for new PC’s, so I’ve created a group in fog web ui, named AD, and added my domain admin credentials in Active Directory section of the group:
      3dfb99e5-40c8-4a62-9637-8e8a192091d1-image.png

      After I clicking Update, everything seems fine, and credentials still here, but if I go to, for example, Hosts page and then back to groups, list all groups, and selecting my AD group, the credentials isn’t here anymore…
      a921612d-a9c2-4427-ab0a-d588746bb2aa-image.png

      Fog ver. is 1.5.7

      1 Reply Last reply Reply Quote 0
      • S
        Sebastian Roth Moderator
        last edited by

        @kAs1m Groups work different in FOG than you expect. Search the forums for “persistent groups” to read more on this topics.

        Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

        Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

        1 Reply Last reply Reply Quote 0
        • K
          kAs1m
          last edited by

          I think I understands now, but is there a way to quick reg host and auto join domain?

          1 Reply Last reply Reply Quote 0
          • K
            kAs1m
            last edited by kAs1m

            I’ve solved it myself.
            Now quick reg applies AD settings to host.
            Add AD settings in web ui:
            Settings - Fog Settings - Active Directory Defaults
            Then replace code in /var/www/fog/lib/reg-task/registration.class.php
            With this:
            https://www.pastiebin.com/5d6c4867436bc

            Do not forget to chown www-data:www-data /var/www/fog/lib/reg-task/registration.class.php
            after.

            PS
            And one more thing, maybe someone needs it. If you have multiple admins in your organisation and some of them have just support rights, but not domain admins, you cant hide all ad admin passwords from viewing it in the web ui:
            find this code in /var/www/fog/lib/pages/fogconfigurationpage.class.php :
            default:
            $type .= ‘<input type=“password” name=“${service_id}” value="’
            . ‘${service_value}" autocomplete=“off” class=’
            . ‘“form-control” id=“${service_name}”/>’;

            and replace it with this:
            default:
            $type .= ‘<input type=“password” name=“${service_id}” value="’
            . ‘" autocomplete=“off” class=’
            . ‘“form-control” id=“${service_name}”/>’;

            also find this code in /var/www/fog/lib/fog/fogpage.class.php :
            ) => sprintf(
            ‘<div class=“input-group”>’
            . ‘<input id=“adPassword” class=“form-control” type=’
            . '“password” ’
            . ‘name=“domainpassword” value=“%s” autocomplete=“off”/>’
            . ‘</div>’,
            $ADPass
            ),

            and replace with this:
            ) => sprintf(
            ‘<div class=“input-group”>’
            . ‘<input id=“adPassword” class=“form-control” type=’
            . '“password” ’
            . ‘name=“domainpassword” value=“%s” autocomplete=“off”/>’
            . ‘</div>’,
            ‘#hidden’//$ADPass
            ),

            Also, do
            mv /var/www/fog/lib/db/mysqldump.class.php /var/www/fog/lib/db/mysqldump.class.php.bak
            to prevent from backing up whole mysql db/

            1 Reply Last reply Reply Quote 0
            • S
              Sebastian Roth Moderator
              last edited by

              @kAs1m Great to see you figured this out yourself so quickly! We might consider adding your code change on lib/reg-task/registration.class.php to the official code. Thanks for sharing this!

              We know that passwords displayed in the web UI can be a problem in some organizations where different people need to use it. One pretty active user proposed this same thing and created a plugin for that: https://forums.fogproject.org/topic/9624/control-access-plugin (see if that might be helpful for you as well - maybe in combination with the LDAP plugin too)

              Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

              Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

              K 1 Reply Last reply Reply Quote 0
              • K
                kAs1m @Sebastian Roth
                last edited by

                @Sebastian-Roth Thanks, I think many lazy admins will appreciate full automatic reg process.

                PS
                Also, I forgot to comment out this section in /var/www/fog/lib/fog/fogpage.class.php:
                /sprintf(
                ‘<label for=“adEnabled”>%s</label>’,
                _(‘Join Domain after deploy’)
                ) => sprintf( //#hidden
                ‘<input id=“adEnabled” type=“checkbox” name=“domain”%s/>’,
                (
                $useAD ?
                ’ checked’ :
                ‘’
                )
                ),                /

                This will remove “Join Domain after deploy” checkbox from web ui compleatly(else you’ll notice that you can see AD admin pwd, if you create new host, check this checkbox and click show password button)

                1 Reply Last reply Reply Quote 0
                • S
                  Sebastian Roth Moderator
                  last edited by

                  @kAs1m Have your read about the Access Control Plugin?? I don’t think it’s wise to add those manual adjustments to the web UI code as this will be overwritten every time you update to a new FOG version.

                  Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

                  Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

                  K 1 Reply Last reply Reply Quote 0
                  • K
                    kAs1m @Sebastian Roth
                    last edited by kAs1m

                    @Sebastian-Roth Didn’t has time, sorry. The whole PLUGIN thing was actually new to me, so now after quick navigation in settings, I’ve explored PLUGINSYS checkbox. 😃 Thank you, now I’ll sped some time to investigate all of the “mainline” plugins. Thank you for advising me to use this plugin.

                    PS
                    Aaan,d I could’t find any functionality that I’ve implemented, also the whole thing seems not working, because I couldn’t restrict Support role from accessing “Access Controls”, where they can revert everything back.
                    I also reported to this topic about last problem: /topic/10918/access-control-plugin/10

                    1 Reply Last reply Reply Quote 1
                    • 1 / 1
                    • First post
                      Last post

                    224

                    Online

                    11.6k

                    Users

                    17.1k

                    Topics

                    154.6k

                    Posts
                    Copyright © 2012-2024 FOG Project