LDAP - AD - User access and host joining the domain
I’m currently using plugin LDAP and it is working but I’m expecting more than users login to Web UI.
I don’t know but all the users in my AD have access to all as if there are administrators. If there are possible to restrict the access to user (groups, sites…)?
The next problem is that we can’t see in portal management who are using or have connected to FOG, I was expecting that we will see all the users in the MENU Users in FOG but we can only the one that we created locally. If there any solution concerning this issue?
It seems that doesn’t show any wrong configuration, it always make it as if every is correct and after we have to go step by step to discover what is wrong and what are the things to adjust. For example, it will always put some green stuffs (update successfuly…). We never know that the configuration may be wrong so it is always a surprise because sometimes we are waiting to see the result of the configuration.
Concerning the AD, joining a host to the domain. Do we need to configure certains things (AD…) to allow the host to join the domain?
All fog users are basically admins. I’m unaware of how to figure out who’s logged in currently. There may be some details in the apache logs, not sure though.
To join computers to the domain, your image must contain the FOG Client. And, you’ll need to enter credentials into the FOG Server that have the permission to join a host to the domain. Also, your image needs to be properly sysprepped, or configured very carefully if you’re not sysprepping.
@wayne-workman Thank you a lot but I still have some questions.
What do you mean “needs to be properly sysprepped”?
So if all fog users are admins, how can you define the roles? Is it the MySQL probably or something else?
“your image must contain the FOG Client” do you mean host?
@gjo sysprepping is typically run just before image capture. This process will generalize your image to work on multiple models as well as solve some other issues with key management servers, wsus, and is the Microsoft supported way to build an image.
Re: admins, I think a fog plug-in may exist that may help. Memory is fuzzy on this.
Re: fog client, your image has to have the fog client for domain join to work. This means it must be installed on the Golden system from which you take an image.
@wayne-workman thank you, I will try to run everything to see.
How do you know that your host has joined the domain through FOG?
@gjo on the host itself, you can look in the fog client log. You can also look at the “PC properties” and see it’s domain status. in Active Directory Users and Computers, you should see the new computer object. A note on this you might not be aware of, FOG will rename the system to whatever name you have set in the FOG Server for that host, it does this just before domain joining.
When I was doing a lot of imaging, we would set the hostname during Host Registration.