• Recent
  • Unsolved
  • Tags
  • Popular
  • Users
  • Groups
  • Search
  • Register
  • Login
  • Recent
  • Unsolved
  • Tags
  • Popular
  • Users
  • Groups
  • Search
  • Register
  • Login

Problem with FOG Service …

Scheduled Pinned Locked Moved Unsolved
FOG Problems
5
14
524
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • J
    JJ Fullmer Testers @Laurent
    last edited by Oct 24, 2024, 12:53 PM

    @Laurent said in Problem with FOG Service …:

    I use an encrypted password because I don’t want other fog users to see my password in plain text

    I would recommend using a separate domain admin account rather than any 1 user’s domain account. Partly because of the issue you describe (though that’s not something that can be seen in the web gui) but also so that it’s a password that won’t expire with a user leaving and it’s a password that can be rotated without affecting other services.

    Just my 2 cents.

    Have you tried the FogApi powershell module? It's pretty cool IMHO
    https://github.com/darksidemilk/FogApi
    https://fogapi.readthedocs.io/en/latest/
    https://www.powershellgallery.com/packages/FogApi
    https://forums.fogproject.org/topic/12026/powershell-api-module

    S L I 3 Replies Last reply Oct 24, 2024, 1:00 PM Reply Quote 2
    • S
      sideone @JJ Fullmer
      last edited by Oct 24, 2024, 1:00 PM

      @Laurent we’re on FOG 1.6, but I think its the same as 1.5.10. FOG doesn’t let you see the AD password once input, but I’d echo @JJ-Fullmer’s point of using a specific account

      0cc2591b-e35b-49a1-b0b3-bfc145d92609-image.png

      L 1 Reply Last reply Oct 24, 2024, 1:45 PM Reply Quote 1
      • L
        Laurent @JJ Fullmer
        last edited by Oct 24, 2024, 1:34 PM

        @JJ-Fullmer

        thanks Tom Elliott for your answer. The fog service I used until now (for fog versions 1.5.7 and 1.5.9) used encrypted passwords, and everything worked perfectly.

        the problem is that if I don’t encrypt my password, other fog users will be able to see it, and it’s an administrator account of my domain (Active Directory) !

        Is there a way to get around this problem?

        T 1 Reply Last reply Oct 24, 2024, 1:59 PM Reply Quote 0
        • L
          Laurent @sideone
          last edited by Oct 24, 2024, 1:45 PM

          @sideone
          you are absolutely right, we can’t see the password anymore !!! you just have to leave the host and come back in, and the password is hidden!!

          For me, it was still visible because I hadn’t left the host…

          Are you on version 1.6? where can I download it to test? any feedback on this version?

          J 1 Reply Last reply Oct 24, 2024, 1:53 PM Reply Quote 0
          • J
            JJ Fullmer Testers @Laurent
            last edited by Oct 24, 2024, 1:53 PM

            @Laurent https://docs.fogproject.org/en/latest/installation/server/install-fog-server/#choosing-a-fog-version

            Essentially, instead of checking out the stable branch and doing a git pull and running the installer, you check-out the working-1.6 branch, do a git pull and run the installer.

            It’s still in “beta” but I believe we’re very close to releasing it as the new stable version.

            It’s a whole new ui it’s pretty great. Lots of feature and security enhancement in the backend, faster search results in a universal search tool, cool stuff like that.

            Have you tried the FogApi powershell module? It's pretty cool IMHO
            https://github.com/darksidemilk/FogApi
            https://fogapi.readthedocs.io/en/latest/
            https://www.powershellgallery.com/packages/FogApi
            https://forums.fogproject.org/topic/12026/powershell-api-module

            L 1 Reply Last reply Oct 24, 2024, 2:09 PM Reply Quote 0
            • T
              Tom Elliott @Laurent
              last edited by Oct 24, 2024, 1:59 PM

              @Laurent The information is stored encrypted in the db + the transfer of information is encrypted between the client and the machine.

              The only time the password is clear to any user is when you initially enter it in the field.

              Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG! Get in contact with me (chat bubble in the top right corner) if you want to join in.

              Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

              Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

              1 Reply Last reply Reply Quote 1
              • L
                Laurent @JJ Fullmer
                last edited by Oct 24, 2024, 2:09 PM

                @JJ-Fullmer

                Top, that’s great news! Congrates !

                1 Reply Last reply Reply Quote 0
                • I
                  iljared98 @JJ Fullmer
                  last edited by Oct 24, 2024, 3:55 PM

                  @JJ-Fullmer
                  In our environment we just use a service account that has delegated rights to create / delete computer objects and domain join, it doesn’t have access to anything else. No need for domain admin in that case.

                  S J 2 Replies Last reply Oct 25, 2024, 6:56 AM Reply Quote 1
                  • S
                    sideone @iljared98
                    last edited by Oct 25, 2024, 6:56 AM

                    @iljared98 this is what we do too.

                    1 Reply Last reply Reply Quote 0
                    • J
                      JJ Fullmer Testers @iljared98
                      last edited by Oct 28, 2024, 1:03 PM

                      @iljared98 I don’t suppose you’d be willing to share more on this config? What specific rights you gave the service account, did you have to do this whole thing https://support.microsoft.com/en-us/topic/kb5008383-active-directory-permissions-updates-cve-2021-42291-536d5555-ffba-4248-a60e-d6cbc849cde1 related to this whole thing https://support.microsoft.com/en-us/topic/kb5020276-netjoin-domain-join-hardening-changes-2b65a0f3-1f4c-42ef-ac0f-1caaf421baf8 ?

                      I’ve previously attempted to create a standard user with such permissions, but I hadn’t tried a service account, that’s a grand idea. I would love to document the creation of a least privilege service account for fog domain operations.

                      Have you tried the FogApi powershell module? It's pretty cool IMHO
                      https://github.com/darksidemilk/FogApi
                      https://fogapi.readthedocs.io/en/latest/
                      https://www.powershellgallery.com/packages/FogApi
                      https://forums.fogproject.org/topic/12026/powershell-api-module

                      1 Reply Last reply Reply Quote 0
                      • 1 / 1
                      1 / 1
                      • First post
                        14/14
                        Last post

                      178

                      Online

                      12.1k

                      Users

                      17.3k

                      Topics

                      155.3k

                      Posts
                      Copyright © 2012-2024 FOG Project