• Recent
  • Unsolved
  • Tags
  • Popular
  • Users
  • Groups
  • Search
  • Register
  • Login
  • Recent
  • Unsolved
  • Tags
  • Popular
  • Users
  • Groups
  • Search
  • Register
  • Login

Invalid Token.dat with Deep Freeze

Scheduled Pinned Locked Moved
General Problems
3
7
758
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • P
    PCF24
    last edited by Feb 6, 2024, 7:11 AM

    Hello everyone,
    We would like to install software on the student computers in the future. Unfortunately we have a problem with the FOG Client Token. We use Deep Freeze as protection software. This software does not allow changes to be retained on the hard drive. After a restart, all changes to the operating system are reset.
    The token.dat is also reset and the FOG client can no longer communicate with the server. Invalid Token.dat appears in the log.
    If we go to “Reset Encryption Data” on the host in the FOG server, it works again.
    Can you switch off token renewal on the client?
    Or perhaps you can simply use the FOG API to automatically “Reset Encryption Data” on all clients every DAY.
    Or can you switch off the checking of the token?
    Thanks in advance.
    Heinz

    T 1 Reply Last reply Feb 6, 2024, 11:59 AM Reply Quote 0
    • T
      Tom Elliott @PCF24
      last edited by Feb 6, 2024, 11:59 AM

      @PCF24 The whole point of the “token” is to ensure the system is a “known” device from fogs perspective. This way it’s a 2 way trust between the FOG server and the FOG client.

      Since there’s exchange of information such as Hostname, AD join, Printer installs, Snapins, etc…, we wouldn’t want that being exchanged in plain text to just any ol’ system.

      If you configure your base image to have all the software/drivers/printers, necessary, then work with Deep Freeze, you shouldn’t need the FOG Client on the image at all.

      Just my 2 cents.

      The whole point of the Client is to allow changes using the UI. Since you’re using a system to prevent changes the FOG Client (in my opinion) is basically pointless to have on your machines.

      Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG! Get in contact with me (chat bubble in the top right corner) if you want to join in.

      Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

      Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

      P 1 Reply Last reply Feb 6, 2024, 2:15 PM Reply Quote 0
      • P
        PCF24 @Tom Elliott
        last edited by Feb 6, 2024, 2:15 PM

        @Tom-Elliott
        Thank you very much for your reply.
        The Fog Client definitely makes sense for software distribution. The image is rolled out once, after which the software should be kept up to date via the software distribution. This means that the software on the computers is more up-to-date and you hardly have to do any work. This is how we currently do it with a different software distribution. But I would like to use the software distribution from FOG.

        I just don’t understand why the FOG client has to update the token every time the computer starts.
        If the Fog Client only did this once at the very beginning (first commissioning), security would also be guaranteed. The Token.dat is currently updated every time a user logs in.
        Even with Windows you can define that the computer account should not be updated so that the computer does not fall out of the domain. Otherwise Deep Freeze would not work at all in a Windows domain.
        If necessary, I have to move the FOGClient to an unprotected partition. But that would be a lot of work with 1500 computers.

        Is there perhaps a way that I could automatically run “Reset Encryption Data”. That would save me a lot of work.
        Thanks

        T 1 Reply Last reply Feb 6, 2024, 2:21 PM Reply Quote 0
        • T
          Tom Elliott @PCF24
          last edited by Feb 6, 2024, 2:21 PM

          @PCF24 you could create a trigger I suppose, or a crontab that runs form the fog server to clear all the hosts sec token data. I can’t give you the exact commands but that would do the trick. Maybe somebody with more backend knowledge of the mysql and sending queries as part of the shell script could help out a lot more?

          Not that I couldn’t figure it out, but I’m unable to at the moment.

          Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG! Get in contact with me (chat bubble in the top right corner) if you want to join in.

          Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

          Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

          P 1 Reply Last reply Feb 6, 2024, 2:58 PM Reply Quote 0
          • P
            PCF24 @Tom Elliott
            last edited by Feb 6, 2024, 2:58 PM

            @Tom-Elliott
            Something like that would be extremely helpful to me. I don’t know enough about the backend. Maybe some of you have more information about this.
            Thanks

            1 Reply Last reply Reply Quote 0
            • P
              PCF24
              last edited by Feb 7, 2024, 6:16 AM

              Hello everyone,
              I would also pay for the effort if one of you sent me a script that I could run via crontab.
              Thanks

              R 1 Reply Last reply Feb 27, 2024, 9:06 PM Reply Quote 0
              • R
                rodluz Developer @PCF24
                last edited by Feb 27, 2024, 9:06 PM

                @PCF24 Here is a quick and dirty script to reset all your hosts.
                I tested it with two hosts and it is working for me. I don’t want to reset all my hosts.

                You will have to paste your FOG server IP, FOG user api token, and FOG settings api token to the script.
                You will also need to install jq in your FOG server.
                Debian base: sudo apt install jq. RHEL based: sudo dnf install jq

                #!/bin/bash

server_ip="http://10.10.10.10"
fog_user_token="PASTE_YOUR_USER_API_TOKEN_HERE"
fog_api_token="PASTE_YOUR_FOG_SETTINGS_API_TOKEN_HERE"

all_hosts=$(curl -S -s -X GET -H 'content-type: application/json' -H "fog-user-token: $fog_user_token" -H "fog-api-token: $fog_api_token" $server_ip/fog/host/ | jq '.hosts[]')
all_ids=$(echo "$all_hosts" | jq '.id')
all_ids=${all_ids//\"/}

for host_id in $all_ids
do
        curl -S -s -o /dev/null -H "fog-user-token: $fog_user_token" -H "fog-api-token: $fog_api_token" -X PUT -d '{"pub_key":""}' $server_ip/fog/host/$host_id/edit
        curl -S -s -o /dev/null -H "fog-user-token: $fog_user_token" -H "fog-api-token: $fog_api_token" -X PUT -d '{"sec_tok":""}' $server_ip/fog/host/$host_id/edit
        curl -S -s -o /dev/null -H "fog-user-token: $fog_user_token" -H "fog-api-token: $fog_api_token" -X PUT -d '{"sec_time":"0000-00-00 00:00:00"}' $server_ip/fog/host/$host_id/edit
done

                Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG! Get in contact with me (chat bubble in the top right corner) if you want to join in.

                Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

                Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

                1 Reply Last reply Reply Quote 0
                • 1 / 1
                • First post
                  Last post

                184

                Online

                12.1k

                Users

                17.3k

                Topics

                155.3k

                Posts
                Copyright © 2012-2024 FOG Project