Fog Client Authentication Issue



  • Hello,
    Running 1.5.7 on Debian 10. This is a new server and I had to follow the instructions here (https://wiki.fogproject.org/wiki/index.php?title=Migrate_FOG#If_old_server_was_FOG_1.3.0.2B) since I wanted to keep my current Fog client hosts to still communicate after the new server was up. Those clients (around 200) are communicating great after following those instructions.

    But, when I download the Fog client from the new server to be used on a new image and when that image is deployed, the authentication is broken. Looking at the fog log on the PC it looks like it wants to download a security token but can’t find where that is at. Any help would be great. Thanks again

    ------------------------------------------------------------------------------
    --------------------------------Authentication--------------------------------
    ------------------------------------------------------------------------------
     1/2/2020 3:50 PM Client-Info Version: 0.11.16
     1/2/2020 3:50 PM Client-Info OS:      Windows
     1/2/2020 3:50 PM Middleware::Authentication Waiting for authentication timeout to pass
     1/2/2020 3:52 PM Middleware::Communication Download: http://172.25.48.10/fog/management/other/ssl/srvpublic.crt
     1/2/2020 3:52 PM Data::RSA FOG Server CA cert found
     1/2/2020 3:52 PM Middleware::Authentication Cert OK
     1/2/2020 3:52 PM Middleware::Authentication ERROR: Could not get security token
     1/2/2020 3:52 PM Middleware::Authentication ERROR: The system cannot find the path specified.
    
     1/2/2020 3:52 PM Middleware::Communication POST URL: http://172.25.48.10/fog/management/index.php?sub=requestClientInfo&authorize&newService
     1/2/2020 3:52 PM Middleware::Response Error multiple hosts returned for list of mac addresses
    


  • @Sebastian-Roth Thanks again. I created an new image without that VPN software installed and everything is working as it should. Sorry about this and thanks again for all your help and time.


  • Senior Developer

    @LJedi said in Fog Client Authentication Issue:

    Update: The second MAC is the MAC from a VPN software that I installed. I think that is causing issues. I’ll continue to troubleshoot.

    See my description in the topic mentioned before.



  • @Sebastian-Roth said in Fog Client Authentication Issue:

    SELECT * FROM hosts WHERE hostID=640;

    After running that command, It did show a host, the host that I created the image from. I clicked on that host, and it was showing two MAC addresses (Its own MAC and the MAC of the PC that I deployed the image to). I went in and deleted that HOST and the correct PC showed up in the “Pending Host”. Really weird.

    Update: The second MAC is the MAC from a VPN software that I installed. I think that is causing issues. I’ll continue to troubleshoot.


  • Senior Developer

    @LJedi Yeah sorry, forgot the semicolon…

    Now check if any host still uses the MACs…

    SELECT * FROM hosts WHERE hostID=640;
    

    If it exists, then I would just go to the webUI, edit this host’s settings and do the “Reset Encryption Data” there.



  • @Daniel-Miller Thank you!

    MariaDB [fog]> SELECT * FROM hostMAC WHERE hmMAC IN ('00:ff:d4:ce:09:d6','b0:83:                                                                                        fe:83:73:4c');
    +------+----------+-------------------+--------+-----------+-----------+--------                                                                                        --------+-----------------+
    | hmID | hmHostID | hmMAC             | hmDesc | hmPrimary | hmPending | hmIgnor                                                                                        eClient | hmIgnoreImaging |
    +------+----------+-------------------+--------+-----------+-----------+--------                                                                                        --------+-----------------+
    |  664 |      640 | 00:ff:d4:ce:09:d6 |        | 1         |           | 0                                                                                                      | 0               |
    |  705 |      640 | b0:83:fe:83:73:4c |        | 0         | 1         | 0                                                                                                      | 0               |
    +------+----------+-------------------+--------+-----------+-----------+--------                                                                                        --------+-----------------+
    2 rows in set (0.001 sec)


  • @LJedi need to complete the statement with a ;; that is the line continuation prompt.



  • @Sebastian-Roth Sure looks empty to me.

    MariaDB [fog]> SELECT * FROM hostMAC WHERE hmMAC IN ('00:ff:d4:ce:09:d6','b0:83:fe:83:73:4c')
        ->
    
    

  • Senior Developer

    @LJedi said in Fog Client Authentication Issue:

    I deleted the host that was having issues on the Fog server and hoping that it will show up under “Pending Hosts” and it never did.

    That’s kinda strange. Are you sure the MAC address is definitely free now? Please run the following query on your database to make sure:

    SELECT * FROM hostMAC WHERE hmMAC IN ('00:ff:d4:ce:09:d6','b0:83:fe:83:73:4c')
    

    This query should return an empty result set!?



  • @Sebastian-Roth I looked over the forums that you linked and cleaned up the database and verified on the Fog server that I am not filtering anything when it comes to the hosts. I deleted the host that was having issues on the Fog server and hoping that it will show up under “Pending Hosts” and it never did. The fog log on the PC did change. Any ideas?

    ------------------------------------------------------------------------------
    --------------------------------Authentication--------------------------------
    ------------------------------------------------------------------------------
     1/3/2020 10:29 AM Client-Info Version: 0.11.16
     1/3/2020 10:29 AM Client-Info OS:      Windows
     1/3/2020 10:29 AM Middleware::Authentication Waiting for authentication timeout to pass
     1/3/2020 10:31 AM Middleware::Communication Download: http://172.25.48.10/fog/management/other/ssl/srvpublic.crt
     1/3/2020 10:31 AM Data::RSA FOG Server CA cert found
     1/3/2020 10:31 AM Middleware::Authentication Cert OK
     1/3/2020 10:31 AM Middleware::Authentication No token found at C:\Program Files (x86)\FOG\token.dat, this is expected if the client has not authenticated before
     1/3/2020 10:31 AM Middleware::Authentication ERROR: Could not get security token
     1/3/2020 10:31 AM Middleware::Authentication ERROR: Could not find file 'C:\Program Files (x86)\FOG\token.dat'.
     1/3/2020 10:31 AM Middleware::Communication POST URL: http://172.25.48.10/fog/management/index.php?sub=requestClientInfo&authorize&newService
     1/3/2020 10:31 AM Middleware::Response Invalid security token
    
    
     1/3/2020 10:31 AM Middleware::Communication URL: http://172.25.48.10/fog/management/index.php?sub=requestClientInfo&configure&newService&json
     1/3/2020 10:31 AM Middleware::Response Success
     1/3/2020 10:31 AM Middleware::Communication URL: http://172.25.48.10/fog/management/index.php?sub=requestClientInfo&mac=00:FF:D4:CE:09:D6|B0:83:FE:83:73:4C&newService&json
     1/3/2020 10:31 AM Middleware::Authentication Waiting for authentication timeout to pass
     1/3/2020 10:33 AM Middleware::Communication Download: http://172.25.48.10/fog/management/other/ssl/srvpublic.crt
     1/3/2020 10:33 AM Data::RSA FOG Server CA cert found
     1/3/2020 10:33 AM Middleware::Authentication Cert OK
     1/3/2020 10:33 AM Middleware::Authentication No token found at C:\Program Files (x86)\FOG\token.dat, this is expected if the client has not authenticated before
     1/3/2020 10:33 AM Middleware::Authentication ERROR: Could not get security token
     1/3/2020 10:33 AM Middleware::Authentication ERROR: Could not find file 'C:\Program Files (x86)\FOG\token.dat'.
     1/3/2020 10:33 AM Middleware::Communication POST URL: http://172.25.48.10/fog/management/index.php?sub=requestClientInfo&authorize&newService
     1/3/2020 10:33 AM Middleware::Response Invalid security token
     1/3/2020 10:33 AM Middleware::Response Success
     1/3/2020 10:33 AM Middleware::Communication URL: http://172.25.48.10/fog/service/getversion.php?clientver&newService&json
     1/3/2020 10:33 AM Middleware::Communication URL: http://172.25.48.10/fog/service/getversion.php?newService&json
    
     1/3/2020 10:33 AM Service Creating user agent cache
     1/3/2020 10:33 AM Middleware::Response ERROR: Unable to get subsection
     1/3/2020 10:33 AM Middleware::Response ERROR: Object reference not set to an instance of an object.
     1/3/2020 10:33 AM Middleware::Response ERROR: Unable to get subsection
     1/3/2020 10:33 AM Middleware::Response ERROR: Object reference not set to an instance of an object.
     1/3/2020 10:33 AM Middleware::Response ERROR: Unable to get subsection
     1/3/2020 10:33 AM Middleware::Response ERROR: Object reference not set to an instance of an object.
     1/3/2020 10:33 AM Service Initializing modules
    
    


  • @Sebastian-Roth Thank you for the information! I’ll look into the database issue and report back what I find.


  • Senior Developer

    @LJedi said in Fog Client Authentication Issue:

    1/2/2020 3:52 PM Middleware::Authentication ERROR: Could not get security token

    For new clients those message (should be a warning rather than an error really!) is fine. The token file was not yet created on the client and therefore it goes on to build a trusted communication channel with the server using the FOG Server certificate as a next step.

    1/2/2020 3:52 PM Middleware::Authentication ERROR: The system cannot find the path specified.

    Though I find this a bit strange as usually the client log would state “No token found at C:\Program Files (x86)\FOG\token.dat, this is expected if the client has not authenticated before” (see here for example). This message is missing in your log but I don’t think this is causing the problem!

    Middleware::Response Error multiple hosts returned for list of mac addresses

    Here we have the actual problem. You need to find out what MAC address might be a duplicate in your database. Find information on this in the forums: https://forums.fogproject.org/topic/13850/button-reset-encryption-data-does-not-appear (the initial topic sounds a bit different but keep in reading and you’ll find valuable information!!)


Log in to reply
 

372
Online

7.4k
Users

14.5k
Topics

136.6k
Posts