• Recent
    • Unsolved
    • Tags
    • Popular
    • Users
    • Groups
    • Search
    • Register
    • Login

    hostnamechanger access denied

    Scheduled Pinned Locked Moved Solved
    FOG Problems
    5
    24
    7.0k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • K
      kickers56
      last edited by

      Hi,
      I am using the new client version 0.10.6 with the latest trunk as of last week and within the log file it gives me access denied error

      specifically:
      Hostnamechanger Checking hostname
      Hostnamechanger Hostname is correct
      Hostnamechanger Access Denied, code = 5

      This is the first time I imaged and deployed since upgrading the same system from 1.2.0 using legacy client (which was working fine for joining domain) I manually, through windows joined the domain just to check the username and password were correct for joining and they are. I think I did all the usual things like making sure the service is activated everywhere (which kept the settings from 1.2.0) and not using fogcrypt etc (as thats for the legacy client). Just a bit stuck as to what to try as not much info I can find on the new client.

      Thanks

      1 Reply Last reply Reply Quote 0
      • K
        kickers56
        last edited by

        Just as added info

        when checking this

        http://<fog_ip>/fog/service/hostname.php?mac=<my_mac>

        it returns my ADDom fine and the username fine (with the domain before the password automatically) but the ADPass= is empty and thats it nothing else after, I know it won’t show the password but wanted to check that is correct? Because access denied seems to me the username or password is wrong, but I have entered it many times now, and it does join if I do it manually through windows

        1 Reply Last reply Reply Quote 0
        • Tom ElliottT
          Tom Elliott
          last edited by

          Your ADPassword field needs to be set. Type the plaintext password for the account that is trying to associate to the domain and it will encrypt it.

          Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG! Get in contact with me (chat bubble in the top right corner) if you want to join in.

          Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

          Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

          1 Reply Last reply Reply Quote 0
          • Tom ElliottT
            Tom Elliott
            last edited by

            This also, I’m just guessing, what you’re seeing for the legacy URL. The new client accesses the information by:

            http://<fog_ip>/fog/service/hostname.php?mac=<my_mac>&newService&json

            Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG! Get in contact with me (chat bubble in the top right corner) if you want to join in.

            Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

            Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

            1 Reply Last reply Reply Quote 0
            • K
              kickers56
              last edited by

              Thanks,

              Using the http://<fog_ip>/fog/service/hostname.php?mac=<my_mac>&newService&json in the browser shows the correct ADPass now. All seems fine except maybe this has two slashes, is that ok (mercia is the domain name and scmmacadmin is the correct user)?

              “ADUser”:“mercia\scmmacadmin”

              Tom ElliottT 1 Reply Last reply Reply Quote 0
              • K
                kickers56
                last edited by

                Sorry forgot to mention it still isn’t working, in the fog log it still says access denied.

                Thanks for the help.

                1 Reply Last reply Reply Quote 0
                • K
                  kickers56
                  last edited by

                  It won’t post the two slashes, so to be clears its between mercia and scmmacadmin there are two slashes not one.

                  1 Reply Last reply Reply Quote 0
                  • Tom ElliottT
                    Tom Elliott @kickers56
                    last edited by

                    @kickers56 What version of FOG are you running?

                    The 2 slashes is fine, but you should NOT be able to discern ANY data out of the url.

                    Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG! Get in contact with me (chat bubble in the top right corner) if you want to join in.

                    Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

                    Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

                    1 Reply Last reply Reply Quote 0
                    • K
                      kickers56
                      last edited by

                      Well thats what I thought actually the version is 7845

                      I can even read the password unencypted as is from the browser which obviously is bad. Why would it be doing that?

                      1 Reply Last reply Reply Quote 0
                      • falkoF
                        falko Moderator
                        last edited by falko

                        I am also seeing this issue, on 7945.
                        Seems intermittent though, as I deployed an image to a machine in the office and to virtualbox and they were fine. But I am now in an IT suite and have just seen this access denied code 5 in one of the logs

                        Tom ElliottT 1 Reply Last reply Reply Quote 0
                        • Tom ElliottT
                          Tom Elliott @falko
                          last edited by

                          @falko Find the related host and and reset encrypted data. You’re not seeing unencrypted data in the browser though, correct?

                          Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG! Get in contact with me (chat bubble in the top right corner) if you want to join in.

                          Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

                          Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

                          falkoF 1 Reply Last reply Reply Quote 0
                          • falkoF
                            falko Moderator @Tom Elliott
                            last edited by falko

                            @Tom-Elliott
                            With this, I can see the AD password…
                            http://<fog_ip>/fog/service/hostname.php?mac=<my_mac>&newService&json

                            1 Reply Last reply Reply Quote 0
                            • Tom ElliottT
                              Tom Elliott
                              last edited by

                              Alright, I’m trying to understand, why are we accessing using hostname.php? 0.10.6 does not make a call to this link. At least not that I’m aware of ( @joe-schmitt let me know if I’m wrong?)

                              It’s most likely left there for debugging purposes, though I will most likely need to get this corrected.

                              Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG! Get in contact with me (chat bubble in the top right corner) if you want to join in.

                              Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

                              Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

                              1 Reply Last reply Reply Quote 0
                              • K
                                kickers56
                                last edited by

                                So thank you the query through the browser now shows “Not allowed here” so no more information being visible.

                                Regards the other problem I am having, I upgraded to latest trunk today (7953) and still having the same problem with Access denied on windows 7 and FOG Server ubuntu 14.04


                                --------------------------------HostnameChanger-------------------------------

                                01/06/2016 09:26 Client-Info Client Version: 0.10.6
                                01/06/2016 09:26 Client-Info Client OS: Windows
                                01/06/2016 09:26 Client-Info Server Version: 7953
                                01/06/2016 09:26 Middleware::Response Success
                                01/06/2016 09:26 HostnameChanger Checking Hostname
                                01/06/2016 09:26 HostnameChanger Hostname is correct
                                01/06/2016 09:26 HostnameChanger Access Denied, code = 5

                                Also if I change the AD password to anything else on FOG server it then issues a logon failure unknown username or password, So it knows the username and password is correct.

                                Is this something to do with how my FOG server is set up or my AD?

                                Thanks for any help, if it is my AD I just don’t know what to change as I can manually join the domain and it used to work with the legacy client.

                                Q Tom ElliottT 2 Replies Last reply Reply Quote 0
                                • Q
                                  Quazz Moderator @kickers56
                                  last edited by

                                  @kickers56 Sounds like permission issues to me. That’s generally what Access Denied leads to anyway.

                                  I’m curious why it was looking for access when it already states the hostname to be correct already, though.

                                  1 Reply Last reply Reply Quote 0
                                  • K
                                    kickers56
                                    last edited by

                                    What is it that the new client does different to the legacy client (as that worked). I am not in charge of our AD directly so will see about what permissions I have on my credentials and post back when I know more.

                                    Q 1 Reply Last reply Reply Quote 0
                                    • Q
                                      Quazz Moderator @kickers56
                                      last edited by

                                      @kickers56 Is it possible they altered something behind the screens concerning AD?

                                      K 1 Reply Last reply Reply Quote 0
                                      • K
                                        kickers56 @Quazz
                                        last edited by

                                        @Quazz I am now in the process of asking and will report back, thanks

                                        1 Reply Last reply Reply Quote 0
                                        • K
                                          kickers56
                                          last edited by

                                          So my account has permissions to join machines but cannot create new accounts, or take them off presumably. Would this cause a problem with the new client? Would it be trying to remove and then create the account on the AD again? There shouldn’t be a problem if I can manually join through Windows right?

                                          1 Reply Last reply Reply Quote 0
                                          • Tom ElliottT
                                            Tom Elliott @kickers56
                                            last edited by

                                            @kickers56 I’m not 100% sure on how things work, but if the account that’s doing the domain joining is NOT allowed to view information from the AD server to verify if it is joined or not, I imagine this might be one of the things a person may see. Again, I’m not 100% sure but it seems to point this way to me.

                                            Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG! Get in contact with me (chat bubble in the top right corner) if you want to join in.

                                            Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

                                            Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

                                            1 Reply Last reply Reply Quote 1
                                            • 1
                                            • 2
                                            • 1 / 2
                                            • First post
                                              Last post

                                            205

                                            Online

                                            12.0k

                                            Users

                                            17.3k

                                            Topics

                                            155.2k

                                            Posts
                                            Copyright © 2012-2024 FOG Project