• Recent
  • Unsolved
  • Tags
  • Popular
  • Users
  • Groups
  • Search
  • Register
  • Login
  • Recent
  • Unsolved
  • Tags
  • Popular
  • Users
  • Groups
  • Search
  • Register
  • Login

Does LDAPS work during iPXE menu login?

Scheduled Pinned Locked Moved
General
5
10
909
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • D
    DBCountMan
    last edited by Dec 16, 2022, 4:49 PM

    I have LDAP configured properly for logging into the FOG UI as well as authentication during the IPXE menu login. I’m trying to add security layers to the FOG server and environment. I ran wireshark to see how FOG sends LDAP credentials, and it appears to send them clear text over HTTP. If I use LDAPS, will FOG still send those clear credentials via HTTP or will it be secure?

    G 1 Reply Last reply Dec 18, 2022, 12:56 PM Reply Quote 0
    • G
      george1421 Moderator @DBCountMan
      last edited by Dec 18, 2022, 12:56 PM

      @brakcounty The code support switching to ldaps by adjusting the port number, I suspect that bit won’t work as advertised. I don’t think that element was ever tested. The reason why I say that is to make it work it needs an LDAP certificate installed.

      Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG!

      D B 2 Replies Last reply Dec 21, 2022, 5:33 PM Reply Quote 0
      • D
        DBCountMan @george1421
        last edited by Dec 21, 2022, 5:33 PM

        @george1421 So the alternative would be to use SSL and embed the cert into the ipxe kernel right? I saw a post about this topic and a post pointed to this link https://wiki.fogproject.org/wiki/index.php?title=Upgrade_to_trunk about the latest build already has SSL set up? I’d just have to run installfog.sh -s and HTTPS would be working for the web gui as well as ipxe?

        G 1 Reply Last reply Dec 21, 2022, 8:56 PM Reply Quote 0
        • G
          george1421 Moderator @DBCountMan
          last edited by Dec 21, 2022, 8:56 PM

          @brakcounty said in Does LDAPS work during iPXE menu login?:

          and HTTPS would be working for the web gui as well as ipxe?

          That would minimize the risk of clear text being browsable when interacting with the web interface, but not LDAP. That is its own critter.

          Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG!

          D 1 Reply Last reply Dec 22, 2022, 2:02 PM Reply Quote 0
          • D
            DBCountMan @george1421
            last edited by Dec 22, 2022, 2:02 PM

            @george1421 I ran wireshark while pxe booting fog and logging in to the ipxe menu, saw that the creds were sent via HTTP, not LDAP. So I should upgrade to the latest trunk using the -s switch and all will be SSL? I’d still have to compile the ipxe kernel with a cert or is that done during setup?

            1 Reply Last reply Reply Quote 0
            • S
              Sebastian Roth Moderator
              last edited by Dec 22, 2022, 3:29 PM

              @brakcounty said in Does LDAPS work during iPXE menu login?:

              I’d still have to compile the ipxe kernel with a cert or is that done during setup?

              The FOG installer does this for you.

              Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

              Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

              D 2 Replies Last reply Dec 22, 2022, 4:11 PM Reply Quote 1
              • D
                DBCountMan @Sebastian Roth
                last edited by Dec 22, 2022, 4:11 PM

                @sebastian-roth Game changer! Thanks! I’m testing the dev-branch install right now on a vm.

                1 Reply Last reply Reply Quote 0
                • D
                  DBCountMan @Sebastian Roth
                  last edited by DBCountMan Dec 22, 2022, 11:18 AM Dec 22, 2022, 4:11 PM

                  @sebastian-roth One more question (I hope this is the last one) if I want to set up a trust between my prod environment and the cert that FOG is using, where can I find the FOG cert on the file system?

                  L 1 Reply Last reply Dec 23, 2022, 11:43 PM Reply Quote 0
                  • L
                    lukebarone @DBCountMan
                    last edited by Dec 23, 2022, 11:43 PM

                    @brakcounty According to the installer code, it’s in $sslpath/CA/*. It also appears in your /opt/fog/.fogsettings file, under sslpath=.

                    By default, the installer drops it all into /opt/fog/snapins/ssl (lib/common/functions.sh L#1879)

                    1 Reply Last reply Reply Quote 1
                    • B
                      BeigeFoods @george1421
                      last edited by May 13, 2023, 10:05 AM

                      @george1421 said in Does LDAPS work during iPXE menu login?: mcdvoice

                      @brakcounty The code support switching to ldaps by adjusting the port number, I suspect that bit won’t work as advertised. I don’t think that element was ever tested. The reason why I say that is to make it work it needs an LDAP certificate installed.

                      Good one. Thanks for sharing a nice piece of info.

                      1 Reply Last reply Reply Quote 0
                      • 1 / 1
                      • First post
                        Last post

                      170

                      Online

                      12.1k

                      Users

                      17.3k

                      Topics

                      155.3k

                      Posts
                      Copyright © 2012-2024 FOG Project