Fog quick image password not working
-
I’m using version 1.5.9 FOG, when I boot to the pxe menu and select “Deploy Image” I am prompted for the username and password. I’m sure I’m using the correct name and password - it’s worked reliably in the past - but now it’s not working. After three tries it dumps me to a generic text menu that has no real functionality other than to reboot or show hardware info. I can still create and deploy images with the Web Interface without issue, but I would really like to get the quick image deploy working again too.
-
@strahd The quick image should use the same login as the web ui. So if your user ID is a web ui admin that account should work. The only caveat is that (I believe) the deploy image user has to be a real user on the FOG system not an ldap based user.
-
@george1421 Well that’s just it… I’m using the same user name and pass as the web ui user. I also used the same user and pass for Ubuntu. Those work just fine. If I pxe boot to the menu, the same user and password does not work.
Can I make another user and test that? Or perhaps do a password change on the current user and see if things line up again? Does the FOG system rely on the OS for its users or is that kept seperate somewhere? I set up this server a long time ago but honestly I rarely mess with it.
-
@george1421 Update:
To troubleshoot, I did the following:
I use Ubuntu 22.04.2 LTS and I ran updates just to make sure it was up to date. No problems there.
I created a new admin user in the FOG UI too see if I can use that user to make a quick deploy. This new user also fails to work do a quick deploy despite the fact that it can indeed log into the UI. I don’t have custom menu settings so this should be the default:login
params
param mac0 ${net0/mac}
param arch ${arch}
param username ${username}
param password ${password}
param qihost 1
isset ${net1/mac} && param mac1 ${net1/mac} || goto bootme
isset ${net2/mac} && param mac2 ${net2/mac} || goto bootme -
@strahd Does your password contain non-low order ascii characters (A-Z,a-z,0-9, <simple punctuation>? Or to ask it a different way does your password use double byte characters? Or to ask it more direct, are you using non US-English characters in your password?
To answer your previous question, no fog does not use the underlying linux OS for authentication. Its all from the FOG internal database or via LDAP.
The only time we’ve seen this password issue is if the password contains non-US characters. This is because the iPXE environment has the English-US keyboard mapping.
-
@strahd said in Fog quick image password not working:
param username ${username}
param password ${password}I’m not suggesting you do this, but if you tweaked the iPXE menu this way you can do a deploy image without a password prompt. Understand there is a security risk here because the uid and password will be in clear text in the ipxe command file.
params param mac0 ${net0/mac} param arch ${arch} param username <fog_ui_user_id> param password <fog_ui_user_password> param qihost 1 isset ${net1/mac} && param mac1 ${net1/mac} || goto bootme isset ${net2/mac} && param mac2 ${net2/mac} || goto bootme
Where
<fog_ui_user_id>
and<fog_ui_user_password>
are the actual fog web ui credentials -
@george1421 I’ll try your menu option for testing purposes - I do work in a public school though and I’m not sure if I want to leave it like that.
Also to answer your other message: Our user name and password are us-english characters and are very simple and short.
-
@george1421 I tried your script. Does it need the word “login” at the top like the old one had? Regardless, I tried it both ways. When I choose deploy from the menu I still get a login prompt, and am still unable to authenticate. (FYI We do not use LDAP, my goal is to keep this system as simple as possible.)
-
@strahd It does not need the login command. That forces the ipxe menu to ask the user for a user ID and password. It doesn’t authenticate the user but only places what the user entered in $username and $password variables.
entering them in directly for the parameter username should be good enough. Understand you need to remove the greater than and less than characters.
-
@george1421 OK, tried all that and it still does not work. I’m sure the problem lies at a deeper level somewhere. I made a video of the entire boot process, maybe you will see something out of the ordinary?:
https://drive.google.com/file/d/1a_FtsLZOHJ0EzV3UakXAaSmS_RMD7b5C/view?usp=sharing
-
@strahd So what I gathered from the video is that you had to try twice to enter the password. Then it started imaging, but what it actually did was go into hardware compatibility mode.
What is unique about this is someone else had this issue with FOS not going to imaging but jumping into hardware compatibility mode.
Lets have you switch your FOG install over to the dev branch. This will take your fog version to 1.5.9.115 or later. It has the latest fixes. I don’t think any of the fixes solve this issue, but it will fix a few other annoying issues. Plus it will give the developers a point in time to look.
Upgrading to the dev version is pretty easy. Just change into the local git repository you cloned when you install fog, typically /root/fogproject then run these commands.
cd /root/fogproject git pull git checkout dev-branch git pull cd bin ./installfog.sh
This will upgrade FOG with all of the settings you previously selected.
Now the only caveat here is that when FOG 1.5.10 is released, you will need to switch back to the master branch to install FOG 1.5.10.
cd /root/fogproject git pull git checkout master git pull cd bin ./installfog.sh
Now beyond the update to fog 1.5.9.115 or later, the things I see is that FOG iPXE is asking you twice for the password. FOG iPXE doesn’t know anything about passwords or user names, it just collects them and passes them off to boot.php that runs on the FOG server. When you enter the password it appears that it came right back and asked for the password again without posting the values to the FOG server. That is strange.
Now what I want you to do is first make sure you are not passing the user ID and password as I mentioned before. I want you to open the following url with a web browser
http://<fog_server_ip>/fog/service/ipxe/boot.php?mac=00:00:00:00:00:00
That will print out a screen of text. Copy and paste that into this tread. I want to see if something jumps out to why the login prompt isn’t working. -
@Strahd Does this happen for every machine or is it an issue with a particular model?
-
@sebastian-roth OK, now we are getting somewhere… With some testing, this seems to be a model specific issue.
HP 450 G2 Legacy mode - works
HP 450 G5 UEFI - works
HP 450 G7 UEFI - works
HP 450 G8 UEFI - not working - it boots normally but the username/password for quick deploy doesn’t work for some reason
The G8 bios does not support legacy mode so I can’t test that. -
@Strahd Have you checked to see if there is a firmware update available for the G8?
I am pretty sure the other time we had this issue discussed in the forums it was specific to one model as well. It’s really strange this doesn’t work on particular models.
When you type in the username and password field do you see the characters printed in screen?
-
@sebastian-roth There’s a video link in this thread that shows the entire process.
https://drive.google.com/file/d/1a_FtsLZOHJ0EzV3UakXAaSmS_RMD7b5C/view?usp=sharingYes, it show characters being typed, and I get denied three times before it gives up and drops out. I have verified that I am typing the credentials correctly, and went as far as creating another admin account and it fails as well.
I will investigate a bios update. I know for a fact that there is a firmware update for this laptop - Microsoft Update is a delivery mechanism for this HP bios update, which is (in my opinon) pretty unusual.
-
@sebastian-roth OK, did a bios update - that part was actually nice since the bios supports updating over ethernet without the need for an operating system or flash drive. Fog still fails, though, so that didn’t fix it. I can still deploy an image via scheduled task in the web UI, just not from the fog boot menu. It’s not a deal breaker but it would be nice to know what isn’t working.
-
@Strahd Too bad the firmware update didn’t fix it. Well than you can dig into it by adding debug output to the iPXE menu code. Go to the FOG web UI -> FOG Configuration -> iPXE Menu Item Settings -> fog.deployimage -> Parameters:
login params param mac0 ${net0/mac} param arch ${arch} param username ${username} param password ${password} param qihost 1 ### add this START #### echo Username: ${username} echo Password: ${password} echo Please press ENTER to go ahead... read prompt ### add this END #### isset ${net1/mac} && param mac1 ${net1/mac} || goto bootme isset ${net2/mac} && param mac2 ${net2/mac} || goto bootme
I think it should be pretty clear which part I added in between to print out the variables. I just tested this on my dev environment and it works just great no matter if I type in the correct or wrong credentials it prints it out before going ahead.
Update: Now when I look at the video again I guess you might not even get as far as this. So if it does not do the print out you can start adding simple lines of deugging between each of the existing lines to see when things start to fail.
login echo Test1 && read test1 params echo Test2 && read test2 ...
-
@sebastian-roth Ok, I took it a step further and added 2 more lines to your script, mostly to see if it wasn’t all zeroes or something:
echo mac0: ${net0/mac}
echo arch: ${arch}Output data is as follows:
Username: fog
Password: xxxxxx
mac0: e0:70:ea:aa:95:dc
arch: x86_64
Please press ENTER to go ahead…The output username and password are correct.
Additionally, after pressing enter on a WORKING computer (only), I very briefly see the following line:
http://10.46.10.40/fog/service/ipxe/boot.php… ok
The non-working computer does not show that line, but rather jumps back to the login prompt. -
@strahd said in Fog quick image password not working:
The non-working computer does not show that line, but rather jumps back to the login prompt.
Do I get this right? You see the debug output but not the “http://10.46.10.40/fog/service/ipxe/boot.php… ok” line?
Can you please add the following line to the very end:
goto bootme
That might really be a bug in our iPXE boot script generation!! I guess the G8 model has at least three network devices and that makes it skip the jump to the correct label after entering the password.
Great you did some further testing and we finally figured this one out. Can you imagine we did not run into this very simple issue for years and years?!?!?
-
@sebastian-roth Awesome, this ALMOST fixed it. Good job!
I am now properly prompted to select the proper boot image, however when I press enter on that menu it just jumps back to the original pxe boot menu.As for having more than three network devices… I did notice that HP added an option to pxe boot over wifi, which seemed like pretty new tech, though I’m not sure how that would work without adding lots of custom drivers, or something.