• Recent
  • Unsolved
  • Tags
  • Popular
  • Users
  • Groups
  • Search
  • Register
  • Login
  • Recent
  • Unsolved
  • Tags
  • Popular
  • Users
  • Groups
  • Search
  • Register
  • Login

hostnamechanger access denied

Scheduled Pinned Locked Moved Solved
FOG Problems
5
24
7.0k
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • K
    kickers56
    last edited by May 31, 2016, 9:34 AM

    Hi,
    I am using the new client version 0.10.6 with the latest trunk as of last week and within the log file it gives me access denied error

    specifically:
    Hostnamechanger Checking hostname
    Hostnamechanger Hostname is correct
    Hostnamechanger Access Denied, code = 5

    This is the first time I imaged and deployed since upgrading the same system from 1.2.0 using legacy client (which was working fine for joining domain) I manually, through windows joined the domain just to check the username and password were correct for joining and they are. I think I did all the usual things like making sure the service is activated everywhere (which kept the settings from 1.2.0) and not using fogcrypt etc (as thats for the legacy client). Just a bit stuck as to what to try as not much info I can find on the new client.

    Thanks

    1 Reply Last reply Reply Quote 0
    • K
      kickers56
      last edited by May 31, 2016, 9:59 AM

      Just as added info

      when checking this

      http://<fog_ip>/fog/service/hostname.php?mac=<my_mac>

      it returns my ADDom fine and the username fine (with the domain before the password automatically) but the ADPass= is empty and thats it nothing else after, I know it won’t show the password but wanted to check that is correct? Because access denied seems to me the username or password is wrong, but I have entered it many times now, and it does join if I do it manually through windows

      1 Reply Last reply Reply Quote 0
      • T
        Tom Elliott
        last edited by May 31, 2016, 10:41 AM

        Your ADPassword field needs to be set. Type the plaintext password for the account that is trying to associate to the domain and it will encrypt it.

        Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG! Get in contact with me (chat bubble in the top right corner) if you want to join in.

        Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

        Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

        1 Reply Last reply Reply Quote 0
        • T
          Tom Elliott
          last edited by May 31, 2016, 10:42 AM

          This also, I’m just guessing, what you’re seeing for the legacy URL. The new client accesses the information by:

          http://<fog_ip>/fog/service/hostname.php?mac=<my_mac>&newService&json

          Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG! Get in contact with me (chat bubble in the top right corner) if you want to join in.

          Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

          Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

          1 Reply Last reply Reply Quote 0
          • K
            kickers56
            last edited by May 31, 2016, 10:52 AM

            Thanks,

            Using the http://<fog_ip>/fog/service/hostname.php?mac=<my_mac>&newService&json in the browser shows the correct ADPass now. All seems fine except maybe this has two slashes, is that ok (mercia is the domain name and scmmacadmin is the correct user)?

            “ADUser”:“mercia\scmmacadmin”

            T 1 Reply Last reply May 31, 2016, 11:19 AM Reply Quote 0
            • K
              kickers56
              last edited by May 31, 2016, 10:56 AM

              Sorry forgot to mention it still isn’t working, in the fog log it still says access denied.

              Thanks for the help.

              1 Reply Last reply Reply Quote 0
              • K
                kickers56
                last edited by May 31, 2016, 10:59 AM

                It won’t post the two slashes, so to be clears its between mercia and scmmacadmin there are two slashes not one.

                1 Reply Last reply Reply Quote 0
                • T
                  Tom Elliott @kickers56
                  last edited by May 31, 2016, 11:19 AM

                  @kickers56 What version of FOG are you running?

                  The 2 slashes is fine, but you should NOT be able to discern ANY data out of the url.

                  Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG! Get in contact with me (chat bubble in the top right corner) if you want to join in.

                  Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

                  Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

                  1 Reply Last reply Reply Quote 0
                  • K
                    kickers56
                    last edited by May 31, 2016, 1:01 PM

                    Well thats what I thought actually the version is 7845

                    I can even read the password unencypted as is from the browser which obviously is bad. Why would it be doing that?

                    1 Reply Last reply Reply Quote 0
                    • F
                      falko Moderator
                      last edited by falko May 31, 2016, 7:52 AM May 31, 2016, 1:25 PM

                      I am also seeing this issue, on 7945.
                      Seems intermittent though, as I deployed an image to a machine in the office and to virtualbox and they were fine. But I am now in an IT suite and have just seen this access denied code 5 in one of the logs

                      T 1 Reply Last reply May 31, 2016, 1:33 PM Reply Quote 0
                      • T
                        Tom Elliott @falko
                        last edited by May 31, 2016, 1:33 PM

                        @falko Find the related host and and reset encrypted data. You’re not seeing unencrypted data in the browser though, correct?

                        Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG! Get in contact with me (chat bubble in the top right corner) if you want to join in.

                        Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

                        Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

                        F 1 Reply Last reply May 31, 2016, 1:41 PM Reply Quote 0
                        • F
                          falko Moderator @Tom Elliott
                          last edited by falko May 31, 2016, 7:42 AM May 31, 2016, 1:41 PM

                          @Tom-Elliott
                          With this, I can see the AD password…
                          http://<fog_ip>/fog/service/hostname.php?mac=<my_mac>&newService&json

                          1 Reply Last reply Reply Quote 0
                          • T
                            Tom Elliott
                            last edited by May 31, 2016, 1:48 PM

                            Alright, I’m trying to understand, why are we accessing using hostname.php? 0.10.6 does not make a call to this link. At least not that I’m aware of ( @joe-schmitt let me know if I’m wrong?)

                            It’s most likely left there for debugging purposes, though I will most likely need to get this corrected.

                            Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG! Get in contact with me (chat bubble in the top right corner) if you want to join in.

                            Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

                            Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

                            1 Reply Last reply Reply Quote 0
                            • K
                              kickers56
                              last edited by Jun 1, 2016, 8:40 AM

                              So thank you the query through the browser now shows “Not allowed here” so no more information being visible.

                              Regards the other problem I am having, I upgraded to latest trunk today (7953) and still having the same problem with Access denied on windows 7 and FOG Server ubuntu 14.04


                              --------------------------------HostnameChanger-------------------------------

                              01/06/2016 09:26 Client-Info Client Version: 0.10.6
                              01/06/2016 09:26 Client-Info Client OS: Windows
                              01/06/2016 09:26 Client-Info Server Version: 7953
                              01/06/2016 09:26 Middleware::Response Success
                              01/06/2016 09:26 HostnameChanger Checking Hostname
                              01/06/2016 09:26 HostnameChanger Hostname is correct
                              01/06/2016 09:26 HostnameChanger Access Denied, code = 5

                              Also if I change the AD password to anything else on FOG server it then issues a logon failure unknown username or password, So it knows the username and password is correct.

                              Is this something to do with how my FOG server is set up or my AD?

                              Thanks for any help, if it is my AD I just don’t know what to change as I can manually join the domain and it used to work with the legacy client.

                              Q T 2 Replies Last reply Jun 1, 2016, 8:55 AM Reply Quote 0
                              • Q
                                Quazz Moderator @kickers56
                                last edited by Jun 1, 2016, 8:55 AM

                                @kickers56 Sounds like permission issues to me. That’s generally what Access Denied leads to anyway.

                                I’m curious why it was looking for access when it already states the hostname to be correct already, though.

                                1 Reply Last reply Reply Quote 0
                                • K
                                  kickers56
                                  last edited by Jun 1, 2016, 9:00 AM

                                  What is it that the new client does different to the legacy client (as that worked). I am not in charge of our AD directly so will see about what permissions I have on my credentials and post back when I know more.

                                  Q 1 Reply Last reply Jun 1, 2016, 9:01 AM Reply Quote 0
                                  • Q
                                    Quazz Moderator @kickers56
                                    last edited by Jun 1, 2016, 9:01 AM

                                    @kickers56 Is it possible they altered something behind the screens concerning AD?

                                    K 1 Reply Last reply Jun 1, 2016, 9:09 AM Reply Quote 0
                                    • K
                                      kickers56 @Quazz
                                      last edited by Jun 1, 2016, 9:09 AM

                                      @Quazz I am now in the process of asking and will report back, thanks

                                      1 Reply Last reply Reply Quote 0
                                      • K
                                        kickers56
                                        last edited by Jun 1, 2016, 9:56 AM

                                        So my account has permissions to join machines but cannot create new accounts, or take them off presumably. Would this cause a problem with the new client? Would it be trying to remove and then create the account on the AD again? There shouldn’t be a problem if I can manually join through Windows right?

                                        1 Reply Last reply Reply Quote 0
                                        • T
                                          Tom Elliott @kickers56
                                          last edited by Jun 1, 2016, 10:12 AM

                                          @kickers56 I’m not 100% sure on how things work, but if the account that’s doing the domain joining is NOT allowed to view information from the AD server to verify if it is joined or not, I imagine this might be one of the things a person may see. Again, I’m not 100% sure but it seems to point this way to me.

                                          Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG! Get in contact with me (chat bubble in the top right corner) if you want to join in.

                                          Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

                                          Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

                                          1 Reply Last reply Reply Quote 1
                                          • 1
                                          • 2
                                          • 1 / 2
                                          1 / 2
                                          • First post
                                            5/24
                                            Last post

                                          220

                                          Online

                                          12.0k

                                          Users

                                          17.3k

                                          Topics

                                          155.2k

                                          Posts
                                          Copyright © 2012-2024 FOG Project