Problem with some hostname and AD integration



  • Hi

    I have problems with some computers with latest svn and new client : for most of computers everything is fine, computer name and AD inegration works.
    But for some others, hostname didn’t change (stays like PROF-BN04FSGEER) and are considered as new computers in AD, and for others computer name changes AFTER AD integration !

    Evertyhing was fine with fog 1.2 and older client, but now with latest svn ond new client, I had these problems. I don’t know if it’s a bug or a bad parameters in my fog settings, so I looked in “Active Directory Defaults” and try to understand difference between FOG_AD_DEFAULT_PASSWORD and FOG_AD_DEFAULT_PASSWORD_LEGACY.
    I understood that legacy password was the previous one, with the older client, generate with fogcrypt, and which always works like a charm.
    And the other one (FOG_AD_DEFAULT_PASSWORD) is the new AD password to works with new client, that’s it ? To be sure, I’ve just to enter in plain text AD password, and after clicking “save changes” this password is encrypted, right ?

    But why this encrypted password always whange ? With fog crypt, if a type the same password twice, I’ve got twice the same result. And with the new AD password, if I try several times, encrypted password looks always different !
    So I don’t know if I make a mistake somewhere or not…

    Thnks for your help and explanations !

    Matthieu



  • Ok thanks

    I have software to deploy software (GPO or I prefer PDQ deploy), but I don’t know the tips to remove it, I’m going to search ;)


  • Moderator

    @Matthieu-Jacquart said:

    Oh, is there a difference between git and svn version ?

    No difference, it just comes from a different place. This explains it: https://wiki.fogproject.org/wiki/index.php/Upgrade_to_trunk#Additional_information_on_svn_and_git_.26_FOG_Trunk

    And last question, I reinstalled computers yesterday with 0.3 client, is there a way to uninstall it in bulk before installing new clients (with command “msiexec /i FOGService.msi /quiet WEBADDRESS=“192.168.1.2” WEBROOT=”")

    There are many ways to remotely remove and install software. Most of the ways I know use Active Directory with GPO or Scripting or Powershell.



  • It works great, thank you @Tom-Elliott and @Jbob ! You make a great job.
    I lost few hours this time but usually I gain so much time thanks to fog, that’s not a big deal.

    Oh, is there a difference between git and svn version ?

    And last question, I reinstalled computers yesterday with 0.3 client, is there a way to uninstall it in bulk before installing new clients (with command “msiexec /i FOGService.msi /quiet WEBADDRESS=“192.168.1.2” WEBROOT=”")


  • Senior Developer

    Woot woot.

    This was particularly problemattic to figure out. I’m sorry I’m such an idiot.



  • It works now in git 4493.


  • Senior Developer

    I found the issue, a fix has been pushed. A variable was misnamed. Soon as you apply the patch the clients will work again.



  • Here is the directory of the fog certificate area on the server:

    -rw-r--r-- 1 apache apache  1287 Aug 25 07:51 ca.cert.der
    -rw-r--r-- 1 apache apache  1797 Aug 25 07:51 ca.cert.pem
    -rw-r--r-- 1 apache apache 35147 Aug 25 07:51 gpl-3.0.txt
    -rw-r--r-- 1 apache apache    89 Aug 25 07:51 hostimport.csv
    -rw-r--r-- 1 apache apache  4493 Aug 25 07:51 index.php
    drwxr-xr-x 2 apache apache  4096 Aug 25 07:51 ssl
    [root@clstfogi other]# ls -l ssl
    total 4
    -rw-r--r-- 1 apache apache 1675 Aug 25 07:51 srvpublic.crt
    

    It looks like all of the files were regenerated when I reinstalled this morning, unless there is one missing. Are the files being created wrong?



  • I have some more information. I deleted the fog certificate and then did a repair on fog and got the message “Failed to download CA certificate”. So it still looks like a problem with the certificate on the server.

    Later I uninstalled the fog client, rebooted, and successfully reinstalled it. Still getting the same errors though.



  • I feel less alone… ^^
    I agree with that, I updated svn each day and trouble began last thursday I think, don’t remember precise svn version at this date.



  • I just upgraded to 4491 and now the hostnamechanger fails on my clients also with an Invalid Host Certificate. I am running on Red Hat 6.6 and it did work before the upgrade. I have taken one client and uninstalled/reinstalled the new client and it still does not work. I am also seeing problems on previously installed new clients when the hostnamechanger runs on them.



  • For uninstalling/reinstalling client, already did (a lot of time ^^)
    With rebbot between, and each time douwnloading client from web interface to be sure it is up to date.

    For the other solution, where is the certificate store ?


  • Senior Developer

    @Matthieu-Jacquart There’s a few ways.

    The easiest way, supposedly, is to simply uninstall the “new client” fog and reinstall. Another way is to go into the Certificate Store and look for FOG CA Certificate. Or whatever it’s labeled as.



  • @Tom-Elliott I agree with that, question is : how to modidy certificate stored by new client ?


  • Senior Developer

    The only other thing I can think of them is the client does not have the proper ca certificated stored. This means it cannot verify the servers public key and therefor will not attempt further communication using encryption based protocols. Snapins and maybe printers and possibly all client services beside hostname do not require encryption.



  • Communication with server is good, for exmaple snapin and printers are ok

    On the server I’ve got the file ca.cert.der in the 2 folders

    In /var/www/fog/management/other/ :
    drwxr-xr-x  3 www-data www-data  4096 août  25 08:01 .
    drwxr-xr-x 12 www-data www-data  4096 août  25 08:00 ..
    -rw-r--r--  1 www-data www-data  1287 août  25 08:01 ca.cert.der
    -rw-r--r--  1 www-data www-data  1797 août  25 08:01 ca.cert.pem
    -rw-r--r--  1 www-data www-data 35147 août  25 08:00 gpl-3.0.txt
    -rw-r--r--  1 www-data www-data    89 août  25 08:00 hostimport.csv
    -rw-r--r--  1 www-data www-data  4493 août  25 08:00 index.php
    drwxr-xr-x  2 www-data www-data  4096 août  25 08:01 ssl
    
     In /var/www/html/fog/management/other/ :
    drwxr-xr-x  3 www-data www-data  4096 août  25 08:01 .
    drwxr-xr-x 12 www-data www-data  4096 août  25 08:00 ..
    -rw-r--r--  1 www-data www-data  1287 août  25 08:01 ca.cert.der
    -rw-r--r--  1 www-data www-data  1797 août  25 08:01 ca.cert.pem
    -rw-r--r--  1 www-data www-data 35147 août  25 08:00 gpl-3.0.txt
    -rw-r--r--  1 www-data www-data    89 août  25 08:00 hostimport.csv
    -rw-r--r--  1 www-data www-data  4493 août  25 08:00 index.php
    drwxr-xr-x  2 www-data www-data  4096 août  25 08:01 ssl
    

  • Senior Developer

    @Matthieu-Jacquart If what I’m reading from the messages is correct, for the authorize section of the log you provided, it’s stating it could not download the .crt file. Followed by, failed to connect to server?

    Does this sound accurate?

    Does the file exist:

    /var/www/html/fog/management/other/ca.cert.der or /var/www/fog/management/other/ca.cert.der


  • Senior Developer

    @Matthieu-Jacquart If what I’m reading from the messages is correct, for the authorize section of the log you provided, it’s stating it could not download the .crt file. Followed by, failed to connect to server?

    Does this sound accurate?



  • Ok

    This morning, I reinstall fog with 6C 6K parameters and thse file where created in “/var/www/fog/management/other/”

    -rw-r--r--  1 www-data www-data  1287 août  25 08:01 ca.cert.der
    -rw-r--r--  1 www-data www-data  1797 août  25 08:01 ca.cert.pem
    -rw-r--r--  1 www-data www-data 35147 août  25 08:00 gpl-3.0.txt
    -rw-r--r--  1 www-data www-data    89 août  25 08:00 hostimport.csv
    -rw-r--r--  1 www-data www-data  4493 août  25 08:00 index.php
    drwxr-xr-x  2 www-data www-data  4096 août  25 08:01 ssl
    

    and in ssl folder, I’ve got

    -rw-r--r-- 1 www-data www-data 1679 août  25 08:01 srvpublic.crt
    

    With 0.3 client all is ok, with 0.9.4 client all is ok in log for printers or snapin, communication seems good with server, but certificate error…


  • Senior Developer

    The certificate problem is mostly likely as simple as the srvpublic.crt file is non-existent for whatever reason. I’m unable to replicate. When I push a commit, I update two servers, one running Fedora and one running Ubuntu. Right now they’re Fedora 22 and Ubuntu 15.04 just so I can get as broad as possible in testing the GUI and installer function properly on even “current” releases of OS. Part of the initial installer is the creation of the server’s keys. After that, the only thing that is performed is a certificate generation.

    I need more info if at all possible.


Log in to reply
 

394
Online

39.3k
Users

11.0k
Topics

104.6k
Posts

Looks like your connection to FOG Project was lost, please wait while we try to reconnect.