• Recent
  • Unsolved
  • Tags
  • Popular
  • Users
  • Groups
  • Search
  • Register
  • Login
  • Recent
  • Unsolved
  • Tags
  • Popular
  • Users
  • Groups
  • Search
  • Register
  • Login

Integrate Windows Authentication in FOG

Scheduled Pinned Locked Moved
General
4
6
2.9k
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • L
    Lee Rowlett Developer
    last edited by Dec 6, 2012, 10:44 PM

    Hi,

    has anyone been able or successfully implemented windows authentication for FOG instead of manually creating users? it’s just my security manager is on my back about the “security” of FOG and it’s something that’s been flagged in an audit.

    I have took a stab at it but it looks like it’s an overhaul of changes required and my skills using AD authentication with linux is limit. don’t really want to lose FOG over something so trivial

    Anyone else interested in this feature or got any info?

    1 Reply Last reply Reply Quote 0
    • B
      BryceZ
      last edited by Dec 6, 2012, 11:13 PM

      Windows Authentication for FOG has been brought up before, but it will take somebody who is willing to get their hands dirty coding figuring out the best way to implement it, so it hasn’t really gone anywhere.

      One alternative that I’ve managed to get implemented where I work is using Shibboleth to process the authentication and then having matching usernames in the FOG database to insure access. Luckily we already had the Shibboleth infrastructure in place, and other people had tied multiple web systems into it already, so adding FOG was a fairly trivial copy and paste of existing code.

      I would guess that the easiest way to add Windows authentication to FOG would be to have Apache handle the authentication for accessing the site directory and use LDAP to tie Apache authentication to your Windows AD. But I haven’t tried this myself so I can’t provide any example code.

      1 Reply Last reply Reply Quote 0
      • J
        John Deery
        last edited by Dec 8, 2012, 4:30 AM

        The code for it isn’t all that bad and I have a small working version of AD integration. It does require the apache ldap module to be installed but otherwise it just does a quick anonymous bind to the AD to look up the name and, if found, tries another bind with the name and password. Of course the first check can be taken out since not everyone will allow anonymous binding to their AD.

        I think BryceZ has the right of it, too, that after doing the check, certain information will need to be passed on to FOG to allow for the local access features. Moodle does a really nice job of this, so that may be somewhere to look.

        I’m guessing that with the .33 framework that this all could be achieved via a plugin instead of putting it into the core of the program.

        1 Reply Last reply Reply Quote 0
        • F
          Fernando Gietz Developer
          last edited by Dec 11, 2012, 11:23 AM

          We use a LDAP validation to access to FOG webui, but firstly the username have been created in the FOG database.
          Each user have his rol. We use one fog server to deploy images, and we have 60 diferent users. Also, we have created a new rol in fog webui and a new “administration” layer. This layer is “site”, one "site " is a building or a high school or a faculty.
          FOG have two rol: site manager and fast deploy. We have a new one: technician. We can link one user with one rol, and one user is linked to one or more sites.

          The site manager rol can see the fog server setup and all computers/clients. The technician only can see the computers and the images from his linked site, he can’t see the server setup.

          1 Reply Last reply Reply Quote 0
          • B
            BryceZ
            last edited by Dec 11, 2012, 2:41 PM

            Fernando, I think there are a lot of people out there using FOG that would really appreciate this sort of functionality.

            1 Reply Last reply Reply Quote 0
            • F
              Fernando Gietz Developer
              last edited by Dec 11, 2012, 4:43 PM

              I glad 🙂
              We use a fog 0.30 customized version :oops: But the LDAP validation, I think that is easy to migrate to a new version of FOG.
              The “site” layer and technician rol, is much more difficult. Sorry.
              I just started the migration of code from the old version to the new FOG version.

              1 Reply Last reply Reply Quote 0
              • 1 / 1
              1 / 1
              • First post
                5/6
                Last post

              150

              Online

              12.0k

              Users

              17.3k

              Topics

              155.2k

              Posts
              Copyright © 2012-2024 FOG Project