• Recent
    • Unsolved
    • Tags
    • Popular
    • Users
    • Groups
    • Search
    • Register
    • Login

    Users, not machines at the Active Directory.

    Scheduled Pinned Locked Moved
    General Problems
    5
    32
    6.0k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      jacoboren
      last edited by Sebastian Roth

      Hi,

      @Sebastian-Roth

      I saw that I have php7 and php5 maybe is a mismatch here? Right? Need to remove php7.1*

      This is my output of :

       dpkg -l | grep php
      
      ii  libapache2-mod-php7.1                      7.1.6-1~ubuntu16.04.1+deb.sury.org+1                        amd64        server-side, HTML-embedded scripting language (Apache 2 module)
      ii  php-common                                 1:52+deb.sury.org~xenial+1                                  all          Common files for PHP packages
      ii  php-gettext                                1.0.11-2+deb.sury.org~xenial+1                              all          read gettext MO files directly, without requiring anything other than PHP
      ii  php-ldap                                   1:7.1+53~ubuntu16.04.1+deb.sury.org+1                       all          LDAP module for PHP [default]
      ii  php-pear                                   1:1.10.4+submodules+notgz-1~ubuntu16.04.1+deb.sury.org+1    all          PEAR Base System
      ii  php-xml                                    1:7.1+52+deb.sury.org~xenial+1                              all          DOM, SimpleXML, WDDX, XML, and XSL module for PHP [default]
      ii  php5.6-common                              5.6.31-1~ubuntu16.04.1+deb.sury.org+1                       amd64        documentation, examples and common module for PHP
      ii  php5.6-ldap                                5.6.31-1~ubuntu16.04.1+deb.sury.org+1                       amd64        LDAP module for PHP
      ii  php7.1                                     7.1.6-1~ubuntu16.04.1+deb.sury.org+1                        all          server-side, HTML-embedded scripting language (metapackage)
      ii  php7.1-bcmath                              7.1.6-1~ubuntu16.04.1+deb.sury.org+1                        amd64        Bcmath module for PHP
      ii  php7.1-cli                                 7.1.6-1~ubuntu16.04.1+deb.sury.org+1                        amd64        command-line interpreter for the PHP scripting language
      ii  php7.1-common                              7.1.6-1~ubuntu16.04.1+deb.sury.org+1                        amd64        documentation, examples and common module for PHP
      ii  php7.1-curl                                7.1.6-1~ubuntu16.04.1+deb.sury.org+1                        amd64        CURL module for PHP
      ii  php7.1-fpm                                 7.1.6-1~ubuntu16.04.1+deb.sury.org+1                        amd64        server-side, HTML-embedded scripting language (FPM-CGI binary)
      ii  php7.1-gd                                  7.1.6-1~ubuntu16.04.1+deb.sury.org+1                        amd64        GD module for PHP
      ii  php7.1-json                                7.1.6-1~ubuntu16.04.1+deb.sury.org+1                        amd64        JSON module for PHP
      ii  php7.1-ldap                                7.1.6-1~ubuntu16.04.1+deb.sury.org+1                        amd64        LDAP module for PHP
      ii  php7.1-mbstring                            7.1.6-1~ubuntu16.04.1+deb.sury.org+1                        amd64        MBSTRING module for PHP
      ii  php7.1-mcrypt                              7.1.6-1~ubuntu16.04.1+deb.sury.org+1                        amd64        libmcrypt module for PHP
      ii  php7.1-mysql                               7.1.6-1~ubuntu16.04.1+deb.sury.org+1                        amd64        MySQL module for PHP
      ii  php7.1-opcache                             7.1.6-1~ubuntu16.04.1+deb.sury.org+1                        amd64        Zend OpCache module for PHP
      ii  php7.1-readline                            7.1.6-1~ubuntu16.04.1+deb.sury.org+1                        amd64        readline module for PHP
      ii  php7.1-xml                                 7.1.6-1~ubuntu16.04.1+deb.sury.org+1                        amd64        DOM, SimpleXML, WDDX, XML, and XSL module for PHP
      

      @george1421

      Changed from “cn=” to “ou=” without success.

      Thanks guys.

      1 Reply Last reply Reply Quote 0
      • S
        Sebastian Roth Moderator
        last edited by

        @jacoboren said in Users, not machines at the Active Directory.:

        php7.1-ldap

        So this was installed already I suppose and has been used all the time. I think you can safely remove php5.6-common and php5.6-ldap but make sure it does not remove other packages when you do this!

        Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

        Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

        1 Reply Last reply Reply Quote 0
        • J
          jacoboren
          last edited by Sebastian Roth

          @Sebastian-Roth this is the output now:

           dpkg -l | grep php
          ii  libapache2-mod-php7.1                      7.1.6-1~ubuntu16.04.1+deb.sury.org+1                        amd64        server-side, HTML-embedded scripting language (Apache 2 module)
          ii  php-common                                 1:52+deb.sury.org~xenial+1                                  all          Common files for PHP packages
          ii  php-gettext                                1.0.11-2+deb.sury.org~xenial+1                              all          read gettext MO files directly, without requiring anything other than PHP
          ii  php-ldap                                   1:7.1+53~ubuntu16.04.1+deb.sury.org+1                       all          LDAP module for PHP [default]
          ii  php-pear                                   1:1.10.4+submodules+notgz-1~ubuntu16.04.1+deb.sury.org+1    all          PEAR Base System
          ii  php-xml                                    1:7.1+52+deb.sury.org~xenial+1                              all          DOM, SimpleXML, WDDX, XML, and XSL module for PHP [default]
          ii  php7.1                                     7.1.6-1~ubuntu16.04.1+deb.sury.org+1                        all          server-side, HTML-embedded scripting language (metapackage)
          ii  php7.1-bcmath                              7.1.6-1~ubuntu16.04.1+deb.sury.org+1                        amd64        Bcmath module for PHP
          ii  php7.1-cli                                 7.1.6-1~ubuntu16.04.1+deb.sury.org+1                        amd64        command-line interpreter for the PHP scripting language
          ii  php7.1-common                              7.1.6-1~ubuntu16.04.1+deb.sury.org+1                        amd64        documentation, examples and common module for PHP
          ii  php7.1-curl                                7.1.6-1~ubuntu16.04.1+deb.sury.org+1                        amd64        CURL module for PHP
          ii  php7.1-fpm                                 7.1.6-1~ubuntu16.04.1+deb.sury.org+1                        amd64        server-side, HTML-embedded scripting language (FPM-CGI binary)
          ii  php7.1-gd                                  7.1.6-1~ubuntu16.04.1+deb.sury.org+1                        amd64        GD module for PHP
          ii  php7.1-json                                7.1.6-1~ubuntu16.04.1+deb.sury.org+1                        amd64        JSON module for PHP
          ii  php7.1-ldap                                7.1.6-1~ubuntu16.04.1+deb.sury.org+1                        amd64        LDAP module for PHP
          ii  php7.1-mbstring                            7.1.6-1~ubuntu16.04.1+deb.sury.org+1                        amd64        MBSTRING module for PHP
          ii  php7.1-mcrypt                              7.1.6-1~ubuntu16.04.1+deb.sury.org+1                        amd64        libmcrypt module for PHP
          ii  php7.1-mysql                               7.1.6-1~ubuntu16.04.1+deb.sury.org+1                        amd64        MySQL module for PHP
          ii  php7.1-opcache                             7.1.6-1~ubuntu16.04.1+deb.sury.org+1                        amd64        Zend OpCache module for PHP
          ii  php7.1-readline                            7.1.6-1~ubuntu16.04.1+deb.sury.org+1                        amd64        readline module for PHP
          ii  php7.1-xml                                 7.1.6-1~ubuntu16.04.1+deb.sury.org+1                        amd64        DOM, SimpleXML, WDDX, XML, and XSL module for PHP
          

          But still now working…

          1 Reply Last reply Reply Quote 0
          • J
            jacoboren
            last edited by

            This is my output on FOG right now.

            0_1500991379328_my_print_ldap2.jpg

            Tom ElliottT 2 Replies Last reply Reply Quote 0
            • Tom ElliottT
              Tom Elliott @jacoboren
              last edited by

              @jacoboren Remove the ger\ from yoru Admin Group.

              Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG! Get in contact with me (chat bubble in the top right corner) if you want to join in.

              Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

              Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

              1 Reply Last reply Reply Quote 0
              • Tom ElliottT
                Tom Elliott @jacoboren
                last edited by

                @jacoboren Change Search Base DN so you only have the dc= elements (just a guess.)

                Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG! Get in contact with me (chat bubble in the top right corner) if you want to join in.

                Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

                Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

                1 Reply Last reply Reply Quote 1
                • J
                  jacoboren
                  last edited by

                  Hi guys, @Tom-Elliott @Sebastian-Roth @george1421

                  I still having a thinking that something on the ldap integration with the OS can cause problems…so what I did it?

                  Rebuild again on the step that doesn’t have any installation to fecth OS to Ldap, I though that some libs are creating conflict on this issue.

                  So from now I only have the plugin installed, and follow everything that we talked before, I still without working…

                  My FOG version is 1.4.3. What I am missing here? Any clue?

                  0_1501160389971_my_print_ldap3.jpg

                  dpkg -l | grep php

                  ii libapache2-mod-php7.1 7.1.6-1~ubuntu16.04.1+deb.sury.org+1 amd64 server-side, HTML-embedded scripting language (Apache 2 module)
                  ii php-common 1:52+deb.sury.org~xenial+1 all Common files for PHP packages
                  ii php-gettext 1.0.11-2+deb.sury.org~xenial+1 all read gettext MO files directly, without requiring anything other than PHP
                  ii php-pear 1:1.10.4+submodules+notgz-1~ubuntu16.04.1+deb.sury.org+1 all PEAR Base System
                  ii php-xml 1:7.1+52+deb.sury.org~xenial+1 all DOM, SimpleXML, WDDX, XML, and XSL module for PHP [default]
                  ii php7.1 7.1.6-1~ubuntu16.04.1+deb.sury.org+1 all server-side, HTML-embedded scripting language (metapackage)
                  ii php7.1-bcmath 7.1.6-1~ubuntu16.04.1+deb.sury.org+1 amd64 Bcmath module for PHP
                  ii php7.1-cli 7.1.6-1~ubuntu16.04.1+deb.sury.org+1 amd64 command-line interpreter for the PHP scripting language
                  ii php7.1-common 7.1.6-1~ubuntu16.04.1+deb.sury.org+1 amd64 documentation, examples and common module for PHP
                  ii php7.1-curl 7.1.6-1~ubuntu16.04.1+deb.sury.org+1 amd64 CURL module for PHP
                  ii php7.1-fpm 7.1.6-1~ubuntu16.04.1+deb.sury.org+1 amd64 server-side, HTML-embedded scripting language (FPM-CGI binary)
                  ii php7.1-gd 7.1.6-1~ubuntu16.04.1+deb.sury.org+1 amd64 GD module for PHP
                  ii php7.1-json 7.1.6-1~ubuntu16.04.1+deb.sury.org+1 amd64 JSON module for PHP
                  ii php7.1-ldap 7.1.6-1~ubuntu16.04.1+deb.sury.org+1 amd64 LDAP module for PHP
                  ii php7.1-mbstring 7.1.6-1~ubuntu16.04.1+deb.sury.org+1 amd64 MBSTRING module for PHP
                  ii php7.1-mcrypt 7.1.6-1~ubuntu16.04.1+deb.sury.org+1 amd64 libmcrypt module for PHP
                  ii php7.1-mysql 7.1.6-1~ubuntu16.04.1+deb.sury.org+1 amd64 MySQL module for PHP
                  ii php7.1-opcache 7.1.6-1~ubuntu16.04.1+deb.sury.org+1 amd64 Zend OpCache module for PHP
                  ii php7.1-readline 7.1.6-1~ubuntu16.04.1+deb.sury.org+1 amd64 readline module for PHP
                  ii php7.1-xml 7.1.6-1~ubuntu16.04.1+deb.sury.org+1 amd64 DOM, SimpleXML, WDDX, XML, and XSL module for PHP

                  Tom ElliottT george1421G 2 Replies Last reply Reply Quote 0
                  • Tom ElliottT
                    Tom Elliott @jacoboren
                    last edited by

                    @jacoboren Is your domain actually:

                    ger.corp.inte.com or is it gerglb.inte.com?

                    Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG! Get in contact with me (chat bubble in the top right corner) if you want to join in.

                    Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

                    Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

                    1 Reply Last reply Reply Quote 0
                    • Tom ElliottT
                      Tom Elliott
                      last edited by

                      Do your groups actually reside in a created OU called workers?

                      Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG! Get in contact with me (chat bubble in the top right corner) if you want to join in.

                      Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

                      Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

                      1 Reply Last reply Reply Quote 0
                      • Tom ElliottT
                        Tom Elliott
                        last edited by

                        To my knowledge, searching shouldn’t include spaces (so Domain Admins) might be a problem.

                        I’ve not tested if this is indeed the case or not, just trying to think outside the box.

                        Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG! Get in contact with me (chat bubble in the top right corner) if you want to join in.

                        Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

                        Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

                        1 Reply Last reply Reply Quote 0
                        • george1421G
                          george1421 Moderator @jacoboren
                          last edited by george1421

                          @jacoboren Right as Tom said.

                          In the OU workers, you must have a group called “Domain Admins”. And only users in that group will be allowed to login to the fog server.

                          If DNS name resolution is working correctly on your fog server you can use the gergbl.inte.com dns name, if dns client is not setup on fog server then you will need to use the IP address here.

                          Also when you try to login using ldap and access fails, debug messages should be posted to the Apache error log. If you tail that file we may have a better understanding of what is failing.

                          Also change your search scope to subtree and below

                          Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG!

                          1 Reply Last reply Reply Quote 0
                          • J
                            jacoboren
                            last edited by

                            Thanks for your effort @Tom-Elliott ,

                            This is a dedicated server for who wants to add to the AD so I changed, but I tried before with both of them.

                            ou=workers is correct.

                            “Admin group” means the group that the user: “ad_yoalbuke” belongs right on the AD? If yes is write down with spaces so i need to add backslash “” ?

                            Thanks!

                            george1421G 1 Reply Last reply Reply Quote 0
                            • george1421G
                              george1421 Moderator @jacoboren
                              last edited by

                              @jacoboren said in Users, not machines at the Active Directory.:

                              “Admin group” means the group that the user: “ad_yoalbuke” belongs right on the AD?

                              This means that “ad_yoalbuke” must be a member of the “Domain Admins” group that is located in this path: ou=workers,dc=ger,dc=corp,dc=inte,dc=com

                              I do have to question your ldap path. Based on your ldap server its domain is inte.com. So I would think your ldap root would be dc=inte,dc=com and not dc=ger,dc=corp,dc=inte,dc=com. My brain is telling me that dc=ger,dc=corp are probably OUs off of your dc=inte,dc=com ldap root.

                              I know that was hard to follow. So let me try again. Me just guessing I think this path is wrong:
                              ou=workers,dc=ger,dc=corp,dc=inte,dc=com
                              It should read:
                              ou=workers,ou=ger,ou=corp,dc=inte,dc=com

                              But I don’t know how your AD is setup so I can only guess based on your dns name of your domain controller.

                              Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG!

                              1 Reply Last reply Reply Quote 0
                              • Tom ElliottT
                                Tom Elliott
                                last edited by

                                Do you actually have a Bind user/password pair you must use to search your Active DIrectory?

                                The “Bind DN/Password” is not “who can login” it’s what credentials are needed to even scan AD for information to begin with. Most people will likely not even have to have this set.

                                Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG! Get in contact with me (chat bubble in the top right corner) if you want to join in.

                                Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

                                Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

                                1 Reply Last reply Reply Quote 1
                                • J
                                  jacoboren
                                  last edited by

                                  @Tom-Elliott @george1421

                                  Do you know if the version of php7.1 was tested before or need to be php5 ?

                                  Thanks.

                                  george1421G 1 Reply Last reply Reply Quote 0
                                  • george1421G
                                    george1421 Moderator @jacoboren
                                    last edited by

                                    @jacoboren PHP 7 should work no problem. Most of the major disrobutions have moved to php 7 in their current OS releases.

                                    Attempt to login with AD credentials, then access the FOG server linux console. There should be some AD log messages in the Apache error log. Depending on the OS the log file will be in /var/log/httpd/error_log or /var/log/apache2/error.log Tail that file to see any ldap errors. Please post the errors here.

                                    Also I noticed from your original post, are you keying in the domain with the user name domain\user ?? I think the code requires just user because the domain is set in the LDAP connector code.

                                    Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG!

                                    1 Reply Last reply Reply Quote 1
                                    • Wayne WorkmanW
                                      Wayne Workman @Tom Elliott
                                      last edited by

                                      @tom-elliott said in Users, not machines at the Active Directory.:

                                      @jacoboren As @george1421 pointed out, then I think what you’re looking for already exists.

                                      FOG Configuration Page->FOG Settings->Plugin Settings-> Enable Plugins.

                                      Go to the gear icon that becomes present.

                                      Click on “LDAP” plugin (Looks like a key).

                                      Go to install plugin.

                                      Click on “LDAP” plugin.

                                      Click on Install LDAP Plugin.

                                      You will then have a new icon appear that looks like the Key in the main menu item.

                                      Click there.

                                      Create New.

                                      Make the configuration as you need it.

                                      #wiki worthy

                                      Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG!
                                      Daily Clean Installation Results:
                                      https://fogtesting.fogproject.us/
                                      FOG Reporting:
                                      https://fog-external-reporting-results.fogproject.us/

                                      1 Reply Last reply Reply Quote 0
                                      • J
                                        jacoboren
                                        last edited by

                                        Hi guys, @Tom-Elliott @george1421 @Sebastian-Roth

                                        I still fighting to make it work, try almost everything, seems that is fetching there because I have another Linux machine integrate with LDAP on the same network, the ports are OK, I also verified it.

                                        This is my output:

                                        tail -F /var/log/apache2/error.log

                                        [Sun Aug 06 09:49:23.155362 2017] [php7:notice] [pid 5316] [client 10.12.180.213:54409] Plugin LDAP::_result(). Search Method: list; Filter: (member=*); Result: 0, referer: http://10.12.180.16/fog/management/index.php
                                        [Sun Aug 06 09:49:23.155417 2017] [php7:notice] [pid 5316] [client 10.12.180.213:54409] Plugin LDAP::_getAccessLevel() Group Search DN did not return any results. Group Search DN: ou=workers,dc=ger,dc=corp,dc=inte,dc=com, referer: http://10.12.180.16/fog/management/index.php
                                        [Sun Aug 06 09:49:23.155564 2017] [php7:notice] [pid 5316] [client 10.12.180.213:54409] Plugin LDAP::authLDAP() Access level is still 0 or false. No access is allowed!, referer: http://10.12.180.16/fog/management/index.php

                                        Have something wrong on the field “Group Member Attribute”=“member” ? I’m also still with doubt about the field “Admin Group” this is what I think but I don’t understand exactly what should be there. You see it on the print-screen.
                                        What should be there?

                                        Thanks guys!

                                        george1421G 1 Reply Last reply Reply Quote 0
                                        • S
                                          Sebastian Roth Moderator
                                          last edited by Sebastian Roth

                                          @jacoboren We don’t know your AD/LDAP structure we can only guess! As Tom and George already suggested the DN ou=workers,dc=ger,dc=corp,dc=inte,dc=com does not sound like a proper container for groups! See this picture for a fairly simple AD structure:
                                          alt text
                                          Somewhere further down ther is probably OU=Users as well. To me your OU=workers sounds like it is a user container. Please find the group container in your structure!

                                          Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

                                          Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

                                          1 Reply Last reply Reply Quote 0
                                          • george1421G
                                            george1421 Moderator @jacoboren
                                            last edited by

                                            @jacoboren Since you are having no luck with this, lets try to collect a bit more info. Can you please do the following.

                                            1. Open “Active directory Users and Computers”
                                            2. Select View->Advanced Features make sure its checked when done.
                                            3. Navigate to the group and open the group.
                                            4. Select the Object tab (only visible when the advanced features is enabled.
                                            5. Copy the full conical path and post it here.

                                            Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG!

                                            1 Reply Last reply Reply Quote 1
                                            • 1
                                            • 2
                                            • 2 / 2
                                            • First post
                                              Last post

                                            150

                                            Online

                                            12.0k

                                            Users

                                            17.3k

                                            Topics

                                            155.2k

                                            Posts
                                            Copyright © 2012-2024 FOG Project