Active Directory Mac OS X

Nicolas Bricet

Hello,

I have a concern for my Imac integrate into my Active Directory with the SVN version 7827.

My machines rename well but integration with Active Direcrory not done. The computer detects that he must do well and restarts but nothing happens.

------------------------------------------------------------------------------^M
--------------------------------Authentication--------------------------------^M
------------------------------------------------------------------------------^M
 25/05/2016 11:03 Client-Info Version: 0.10.6^M
 25/05/2016 11:03 Client-Info OS:      Mac^M
 25/05/2016 11:03 Middleware::Authentication Waiting for authentication timeout to pass^M
 25/05/2016 11:05 Middleware::Communication Download: http://@IP/fog/management/other/ssl/srvpublic.crt^M
 25/05/2016 11:05 Data::RSA FOG Server CA cert found^M
 25/05/2016 11:05 Middleware::Authentication Cert OK^M
 25/05/2016 11:05 Middleware::Communication POST URL: http://@IP/fog/management/index.php?sub=requestClientInfo&authorize&newService^M
 25/05/2016 11:05 Middleware::Response Success^M

------------------------------------------------------------------------------^M
--------------------------------HostnameChanger-------------------------------^M
------------------------------------------------------------------------------^M
 25/05/2016 11:05 Client-Info Client Version: 0.10.6^M
 25/05/2016 11:05 Client-Info Client OS:      Mac^M
 25/05/2016 11:05 Client-Info Server Version: 7827^M
 25/05/2016 11:05 Middleware::Response Success^M
 25/05/2016 11:05 HostnameChanger Checking Hostname^M
 25/05/2016 11:05 HostnameChanger Hostname is correct^M
 25/05/2016 11:05 Power Creating shutdown command in 60 seconds^M
 25/05/2016 11:05 Bus {
  "self": true,
  "channel": "Power",
  "data": "{\n  \"action\": \"request\",\n  \"period\": 60,\n  \"options\": 2,\n  \"command\": \"-r +0 \\\"Host joined to Active Directory, restart required\\\"\",\n  \"message\": \"This computer needs to perform maintenance.\"\n}"

Do you have an idea to solve this problem?

I thank you in advance.
Cordially.

Tom Elliott

Mind trying to update to latest first and see if the issue is more properly addressed yet?

I’m also seeing it’s saying that it joined AD and it’s waiting for a restart. Is it not rebooting? Is it continuously joining AD?

Is the host setup for “Perform changes even when users are logged on?”

Nicolas Bricet

Yes the command is allowed if users are connected.

The computer restarts well but the computer does not integrate in the Active Directory and after it reboots every three minutes because it fails to incorporate the machine.

I am sure that this domain account is working to integrate computers and I can not find LOG could explain to me where the error occurred.

Tom Elliott

@Nicolas-Bricet What I’m asking is not whether or not the host is joining, the messages you gave us seem to prove that they are working. I’m asking if you reboot the client, does it show that it is now joined?

Nicolas Bricet

I tried to restart the client by:
sudo launchctl unload -w /Library/LaunchDaemons/org.freeghost.daemon.plist
sudo launchctl load -w /Library/LaunchDaemons/org.freeghost.daemon.plist

After a few seconds it detects that the machine must incorporate the active directory but on reboot nothing was done

Should we make specific settings for Imac for integrating machines into Active Direcory?

By testing manually on my Imac I did aps worries to reach the area with the same information entered in the FOG interface (domain login + password + authorized way of “OU”)

Joe Schmitt

@Nicolas-Bricet what version of OS X? Is it Yosemite?

Nicolas Bricet

@Jbob Yes

Joe Schmitt

Yosemite has a bug with launchd where daemons don’t receive PATH. This is affecting our OS X domain binding code. Next version of the client should patch this.

Wayne Workman

@Jbob and when Apple patches it, will the client still work?

Joe Schmitt

@Wayne-Workman yep. The patch is to have the smart installer dump the path to the settings file, and then the daemon will use that as PATH. While it can become out-of-date if the user updated path, it should be good enough until Yosemite is fixed.

Nicolas Bricet

Thank you for your answer. The current client he works well on dernieère version of Mac OS X (El Capitan) or should also expect a future version of the client?

Nicolas Bricet

@Joe-Schmitt
Hello

We can work around the problem without waiting for the client update?
I just tested with version “El Capitan” I have the same worries.

Thank you for your help.
Have a good day.

Joe Schmitt

@Nicolas-Bricet possibly… How many Mac’s do you have with the FOG Service installed on?

Nicolas Bricet

Hello,

Nothing on a single iMac with version “El captain” in order to make a master to deploy it in a room of 15 computers.
I have the same worries as Yosemite, it detects that the computer must integrate the area but after restarting it does not and it integrates done this repeatedly.

Thank you for your help, good day.

Nicolas Bricet

@Joe-Schmitt
Hello,

So it was not until the next version of the client, I can not do anything in the meantime?

Have a good day.
Cordially.

Joe Schmitt

@Nicolas-Bricet if you manually stop the service you can apply the patch.

Once stopped, edit /opt/fog-service/fog.daemon
Add the line

eval `/usr/libexec/path_helper -s`

right after the #!/bin/bash line.

The next time the service is started, it should join the domain properly.

Nicolas Bricet

Hello,

That still does not work, here is the file that I modified and the LOG file when it tries to integrate the computer Actire Directory.
There always comes aps, the computer reboots again.

Meci advance.
Cordially.

#!/bin/bash
eval `/usr/libexec/path_helper -s`
▒~@~K
function startDaemon() {
        /opt/fog-service/control.sh start
        tail -f /dev/null &
        wait $!
}
▒~@~K
▒~@~K
function killDaemon() {
        /opt/fog-service/control.sh stop
        exit 0
}
▒~@~K
trap killDaemon SIGTERM
trap killDaemon SIGKill
▒~@~K
startDaemon;

------------------------------------------------------------------------------^M
--------------------------------HostnameChanger-------------------------------^M
------------------------------------------------------------------------------^M
 07/06/2016 09:52 Client-Info Client Version: 0.10.6^M
 07/06/2016 09:52 Client-Info Client OS:      Mac^M
 07/06/2016 09:52 Client-Info Server Version: 7937^M
 07/06/2016 09:52 Middleware::Response Success^M
 07/06/2016 09:52 HostnameChanger Checking Hostname^M
 07/06/2016 09:52 HostnameChanger Hostname is correct^M
 07/06/2016 09:52 Power Creating shutdown command in 60 seconds^M
 07/06/2016 09:52 Bus {
  "self": true,
  "channel": "Power",
  "data": "{\n  \"action\": \"request\",\n  \"period\": 60,\n  \"options\": 2,\n  \"command\": \"-r +0 \\\"Host joined to Active Directory, restart required\\\"\",\n  \"message\": \"This computer needs to perform maintenance.\"\n}"
}^M
 07/06/2016 09:52 Bus Emmiting message on channel: Power^M
------------------------------------------------------------------------------^M
^M
 07/06/2016 09:52 Service Power operation being requested, checking back in 30 seconds^M
 07/06/2016 09:53 Service Power operation being requested, checking back in 30 seconds^M
 07/06/2016 09:53 Power Creating shutdown request^M
 07/06/2016 09:53 Power Parameters: -r +0 "Host joined to Active Directory, restart required"^M
 07/06/2016 09:53 Bus {
  "self": true,
  "channel": "Power",
  "data": "{\n  \"action\": \"shuttingdown\"\n}"
}^M
 07/06/2016 09:53 Bus Emmiting message on channel: Power^M
 07/06/2016 09:53 Service Power operation being requested, checking back in 30 seconds^M
 07/06/2016 09:53 Controller Stop^M
 07/06/2016 09:53 Service Stop requested^M
 07/06/2016 09:53 Bus {
  "self": true,
  "channel": "Status",
  "data": "{\n  \"action\": \"unload\"\n}"
}^M
 07/06/2016 09:53 Bus Emmiting message on channel: Status^M
 07/06/2016 09:55 Main Overriding exception handling^M
 07/06/2016 09:55 Main Bootstrapping Zazzles^M
 07/06/2016 09:55 Controller Initialize^M
 07/06/2016 09:55 Entry Creating obj^M
 07/06/2016 09:55 Controller Start^M
^M
 07/06/2016 09:55 Service Starting service^M
 07/06/2016 09:55 Bus Became bus server^M
 07/06/2016 09:55 Bus {
  "self": true,
  "channel": "Status",
  "data": "{\n  \"action\": \"load\"\n}"
}^M
 07/06/2016 09:55 Bus Emmiting message on channel: Status^M
^M
------------------------------------------------------------------------------^M
--------------------------------Authentication--------------------------------^M
------------------------------------------------------------------------------^M
 07/06/2016 09:55 Client-Info Version: 0.10.6^M
 07/06/2016 09:55 Client-Info OS:      Mac^M
 07/06/2016 09:55 Middleware::Authentication Waiting for authentication timeout to pass^M
 07/06/2016 09:55 Middleware::Communication Download: http://@IP/fog/management/other/ssl/srvpublic.crt^M
 07/06/2016 09:55 Middleware::Communication ERROR: Could not download file^M
 07/06/2016 09:55 Middleware::Communication ERROR: Error: ConnectFailure (Network is unreachable)^M
 07/06/2016 09:55 Middleware::Authentication ERROR: Could not authenticate^M
 07/06/2016 09:55 Middleware::Authentication ERROR: Could not find file "/opt/fog-service/tmp/public.cer".^M
^M
------------------------------------------------------------------------------^M
--------------------------------Authentication--------------------------------^M
------------------------------------------------------------------------------^M
 07/06/2016 09:55 Client-Info Version: 0.10.6^M
 07/06/2016 09:55 Client-Info OS:      Mac^M
 07/06/2016 09:55 Middleware::Authentication Waiting for authentication timeout to pass^M
 07/06/2016 09:56 Controller Stop^M
 07/06/2016 09:56 Service Stop requested^M
 07/06/2016 09:56 Middleware::Authentication ERROR: Could not authenticate^M
 07/06/2016 09:56 Middleware::Authentication ERROR: ^M
 07/06/2016 09:56 Bus {
  "self": true,
  "channel": "Status",
  "data": "{\n  \"action\": \"unload\"\n}"

Tom S

@Nicolas-Bricet Just out of curiosity: could you try adding the device to the domain using just the admins name so:
administrator
not
domain\administrator
OS X sometimes does not like the appending of the domain. Along with the above recommendation could you please remove any OU settings you may have entered into FOG. This is for testing purposes, if it works then we can get started seeing why things went wrong. If this does not work I will send you a copy of a script to try to see if it can be done at all. I will try and test tomorrow at work on my domain.

Good luck and please post your results!

-T

Joe Schmitt

v0.11.0 is released and should address some of the issues with Mac domain binding. Can you test when you get a chance?

Nicolas Bricet

@Joe-Schmitt

Hello,

That makes 10 days that could not make fasting test (being on several sites).
The solution Tom S. has not worked.
Possibility to have the final customer without reinstalling the latest version of SVN please?.

Thank you in advance, good day.
Cordially.