ipxe can't log in
-
@scotsdave said in ipxe can't log in:
The only thing I have changed is I updated the kernel as we had some new computers that the Nic was detected on.
Just a point of reference, at this point in the process its iPXE that is in control until bzImage/init.xz is downloaded. When you enter a uid/password that information is passed to boot.php with the params. Its the FOG server that grants access or not. To say it another way the kernel hasn’t started running yet. The problem is around iPXE or boot.php/fog server.
Do you have any custom iPXE menus with this server?
-
@george1421 No everything is stock
-
@scotsdave Well I can say this one has me confused. It should be working.
- You can log into the web ui but not the iPXE login with the same user id and password from the same computer.
- You are not using any high order (ascii) or double byte characters in either the user name or password.
- The native
fog
admin as well as other users have the same issue. - You have no custom FOG iPXE menus created, just standard fog installer created menus.
Lets try to bypass the password prompt as a test.
In the FOG UI goto Fog Configuration -> iPXE Menu Item Settings. Click on the menu item fog.deployimage. In the parameters field it should look like this:
login params param mac0 ${net0/mac} param arch ${arch} param username ${username} param password ${password} param qihost 1 isset ${net1/mac} && param mac1 ${net1/mac} || goto bootme isset ${net2/mac} && param mac2 ${net2/mac} || goto bootme
Now lets edit it. These parameters here lets change them.
param username ${username} param password ${password}
Set the variables to a valid fog user account. Like this
param username fog param password password
Press the save button at the bottom of that section. Understand that when you go into this menu item its still going to ask you to login, you can enter anything because we are not using the variables for login because you hard coded the answers.
Now pxe boot the target computer and go into the deploy image menu on the FOG iPXE menu. It should prompt you to login, but after that see if it takes the hard coded login information. You might also want as a test to remove the
login
command at the top so it doesn’t prompt you. It should just let you in to deploy image.Lets see where this gets us. I’m still suspecting a keyboard code page problem, but I don’t know why.
-
@george1421 thanks for helping George.
The plot thickens. I think it’s an issue with the latest batch of laptops we have.
With login removed from the parameters and the username and password hard coded it still asks for a login and won’t accept anything.
I tried a very old dell laptop and it went straight through and asked which image to deploy.
Any other suggestions
-
@scotsdave said in ipxe can't log in:
With login removed from the parameters and the username and password hard coded it still asks for a login and won’t accept anything.
I tried a very old dell laptop and it went straight through and asked which image to deploy.Did you remove the
login
command from the parameters. And on the new laptops when you go into deploy image you keep getting rejected (even though the password is hard coded)?So what hardware are we having issues with? Is there any codepage settings in the bios/firmware?
Was your old computer you tested uefi or bios mode? I assume the new computers are all uefi? (still searching for a difference here). A bios computer would use undionly.kpxe where a uefi computer would use ipxe.efi. A different boot loader could be one difference.
Are the build codes different between undionly.kpxe and ipxe.efi? The build code would be the hex characters that is displayed when the iPXE banner is displayed.
@Developers any other ideas? This is a good/tough one I’ve never seen before.
-
@george1421 hi George the laptop is an hp probook 430 g8
Both the hp and dell are using ufei
Correct when hitting deploy image on the hp I still get a logon screen with the password hard coded. On the dell I get no logon screen and just a choice of image.
-
Also to add I started from scratch and rebuilt the server this morning so it’s just Ubuntu and the fog installation pulled from the git.
-
Ok I’ve been doing some more investigation.
I have an older batch of HP Probook 430 G8’s here and that can log on to deploy image fine. When it PXE boots I get the following :-
With the newer batch of HP Probook 430 G8 I get the following :-
If I run a firmware update on the old batch of probooks I can no longer log in to deploy image it will not accept the credentials.
The only difference I can see is the warning about using legacy NIC wrapper and all zeros for the mac address.
Does Ipxe need to updated to support this new firmware?
Thanks
David
-
Ok I’ve fixed this now.
I swapped to using snponly.efi instead of ipxe.efi
I couldn’t find any instructions on how to do this as a noob. Is it in the wiki as I couldn’t find it?
I did the following on Ubuntu :-
Open terminal
sudo -i nano -w /etc/dhcp/dhcpd.conf
edit the entries for UEFI-64-1, UEFI-64-2 and UEFI-64-3
Change the filename from “ipxe.efi” to “snponly.efi”
} class "UEFI-64-1" { match if substring(option vendor-class-identifier, 0, 20) = "PXEClient:> filename "snponly.efi"; } class "UEFI-64-2" { match if substring(option vendor-class-identifier, 0, 20) = "PXEClient:> filename "snponly.efi"; } class "UEFI-64-3" { match if substring(option vendor-class-identifier, 0, 20) = "PXEClient:> filename "snponly.efi";
Ctrl + o then enter to save
Ctrl + x to exit
Restart DHCP
sudo service isc-dhcp-server restart
You then get the below when booting
Thanks @george1421 for all the help in this thread.
David
-
@scotsdave So the fix was to shift from ipxe.efi to snponly.efi? And they both have the same ipxe build number/ In my head that has doubt spelled in big letters. Hey if it works for you, run with it.
The difference between the two are in the NIC driver section. The snponly file uses the built in driver in the nic adapter called snp. This is akind to the undi driver built into bios network adapters and the undionly.kpxe file that FOG uses. The ipxe.efi bootloader has all of the common nic adapters built into it much like the linux OS. When UEFI was new the snp nic interface was not very good. That is why fog recommended ipxe.efi. Within the last 2 years the snp interface as matured and is much better where recommending the snponly.efi driver for new(ish) hardware is not a bad choice, but if you have old uefi computers, you will have marginal success with the snponly.efi boot loader.
-
@george1421 I pulled the latest build of Ipxe and the build number did update and had a different build number but it still did the same thing.
I’ve reimaged using deploy image about 5 times now and it consistently works now go figure!
Luckily in my environment we don’t have any old computers, this moving forward will be the lowest spec machine we will have.
One other thing that was strange was when doing a full registration of the host and I was asked would I like to deploy an image if I said yes it accepted my username and password using Ipxe.
Thanks for explaining why Ipxe was picked as a default efi image too. I just wonder how many others will be affected by this change in firmware by HP and what it is changing in the NIC!
David