SOLVED Problem with some hostname and AD integration
-
Hi
I have problems with some computers with latest svn and new client : for most of computers everything is fine, computer name and AD inegration works.
But for some others, hostname didn’t change (stays like PROF-BN04FSGEER) and are considered as new computers in AD, and for others computer name changes AFTER AD integration !Evertyhing was fine with fog 1.2 and older client, but now with latest svn ond new client, I had these problems. I don’t know if it’s a bug or a bad parameters in my fog settings, so I looked in “Active Directory Defaults” and try to understand difference between FOG_AD_DEFAULT_PASSWORD and FOG_AD_DEFAULT_PASSWORD_LEGACY.
I understood that legacy password was the previous one, with the older client, generate with fogcrypt, and which always works like a charm.
And the other one (FOG_AD_DEFAULT_PASSWORD) is the new AD password to works with new client, that’s it ? To be sure, I’ve just to enter in plain text AD password, and after clicking “save changes” this password is encrypted, right ?But why this encrypted password always whange ? With fog crypt, if a type the same password twice, I’ve got twice the same result. And with the new AD password, if I try several times, encrypted password looks always different !
So I don’t know if I make a mistake somewhere or not…Thnks for your help and explanations !
Matthieu
-
Ok thanks
I have software to deploy software (GPO or I prefer PDQ deploy), but I don’t know the tips to remove it, I’m going to search
-
@Matthieu-Jacquart said:
Oh, is there a difference between git and svn version ?
No difference, it just comes from a different place. This explains it: https://wiki.fogproject.org/wiki/index.php/Upgrade_to_trunk#Additional_information_on_svn_and_git_.26_FOG_Trunk
And last question, I reinstalled computers yesterday with 0.3 client, is there a way to uninstall it in bulk before installing new clients (with command “msiexec /i FOGService.msi /quiet WEBADDRESS=“192.168.1.2” WEBROOT=”")
There are many ways to remotely remove and install software. Most of the ways I know use Active Directory with GPO or Scripting or Powershell.
-
It works great, thank you @Tom-Elliott and @Jbob ! You make a great job.
I lost few hours this time but usually I gain so much time thanks to fog, that’s not a big deal.Oh, is there a difference between git and svn version ?
And last question, I reinstalled computers yesterday with 0.3 client, is there a way to uninstall it in bulk before installing new clients (with command “msiexec /i FOGService.msi /quiet WEBADDRESS=“192.168.1.2” WEBROOT=”")
-
Woot woot.
This was particularly problemattic to figure out. I’m sorry I’m such an idiot.
-
It works now in git 4493.
-
I found the issue, a fix has been pushed. A variable was misnamed. Soon as you apply the patch the clients will work again.
-
Here is the directory of the fog certificate area on the server:
-rw-r--r-- 1 apache apache 1287 Aug 25 07:51 ca.cert.der -rw-r--r-- 1 apache apache 1797 Aug 25 07:51 ca.cert.pem -rw-r--r-- 1 apache apache 35147 Aug 25 07:51 gpl-3.0.txt -rw-r--r-- 1 apache apache 89 Aug 25 07:51 hostimport.csv -rw-r--r-- 1 apache apache 4493 Aug 25 07:51 index.php drwxr-xr-x 2 apache apache 4096 Aug 25 07:51 ssl [root@clstfogi other]# ls -l ssl total 4 -rw-r--r-- 1 apache apache 1675 Aug 25 07:51 srvpublic.crt
It looks like all of the files were regenerated when I reinstalled this morning, unless there is one missing. Are the files being created wrong?
-
I have some more information. I deleted the fog certificate and then did a repair on fog and got the message “Failed to download CA certificate”. So it still looks like a problem with the certificate on the server.
Later I uninstalled the fog client, rebooted, and successfully reinstalled it. Still getting the same errors though.
-
I feel less alone… ^^
I agree with that, I updated svn each day and trouble began last thursday I think, don’t remember precise svn version at this date. -
I just upgraded to 4491 and now the hostnamechanger fails on my clients also with an Invalid Host Certificate. I am running on Red Hat 6.6 and it did work before the upgrade. I have taken one client and uninstalled/reinstalled the new client and it still does not work. I am also seeing problems on previously installed new clients when the hostnamechanger runs on them.
-
For uninstalling/reinstalling client, already did (a lot of time ^^)
With rebbot between, and each time douwnloading client from web interface to be sure it is up to date.For the other solution, where is the certificate store ?
-
@Matthieu-Jacquart There’s a few ways.
The easiest way, supposedly, is to simply uninstall the “new client” fog and reinstall. Another way is to go into the Certificate Store and look for FOG CA Certificate. Or whatever it’s labeled as.
-
@Tom-Elliott I agree with that, question is : how to modidy certificate stored by new client ?
-
The only other thing I can think of them is the client does not have the proper ca certificated stored. This means it cannot verify the servers public key and therefor will not attempt further communication using encryption based protocols. Snapins and maybe printers and possibly all client services beside hostname do not require encryption.
-
Communication with server is good, for exmaple snapin and printers are ok
On the server I’ve got the file ca.cert.der in the 2 folders
In /var/www/fog/management/other/ : drwxr-xr-x 3 www-data www-data 4096 août 25 08:01 . drwxr-xr-x 12 www-data www-data 4096 août 25 08:00 .. -rw-r--r-- 1 www-data www-data 1287 août 25 08:01 ca.cert.der -rw-r--r-- 1 www-data www-data 1797 août 25 08:01 ca.cert.pem -rw-r--r-- 1 www-data www-data 35147 août 25 08:00 gpl-3.0.txt -rw-r--r-- 1 www-data www-data 89 août 25 08:00 hostimport.csv -rw-r--r-- 1 www-data www-data 4493 août 25 08:00 index.php drwxr-xr-x 2 www-data www-data 4096 août 25 08:01 ssl In /var/www/html/fog/management/other/ : drwxr-xr-x 3 www-data www-data 4096 août 25 08:01 . drwxr-xr-x 12 www-data www-data 4096 août 25 08:00 .. -rw-r--r-- 1 www-data www-data 1287 août 25 08:01 ca.cert.der -rw-r--r-- 1 www-data www-data 1797 août 25 08:01 ca.cert.pem -rw-r--r-- 1 www-data www-data 35147 août 25 08:00 gpl-3.0.txt -rw-r--r-- 1 www-data www-data 89 août 25 08:00 hostimport.csv -rw-r--r-- 1 www-data www-data 4493 août 25 08:00 index.php drwxr-xr-x 2 www-data www-data 4096 août 25 08:01 ssl
-
@Matthieu-Jacquart If what I’m reading from the messages is correct, for the authorize section of the log you provided, it’s stating it could not download the .crt file. Followed by, failed to connect to server?
Does this sound accurate?
Does the file exist:
/var/www/html/fog/management/other/ca.cert.der or /var/www/fog/management/other/ca.cert.der
-
@Matthieu-Jacquart If what I’m reading from the messages is correct, for the authorize section of the log you provided, it’s stating it could not download the .crt file. Followed by, failed to connect to server?
Does this sound accurate?
-
Ok
This morning, I reinstall fog with 6C 6K parameters and thse file where created in “/var/www/fog/management/other/”
-rw-r--r-- 1 www-data www-data 1287 août 25 08:01 ca.cert.der -rw-r--r-- 1 www-data www-data 1797 août 25 08:01 ca.cert.pem -rw-r--r-- 1 www-data www-data 35147 août 25 08:00 gpl-3.0.txt -rw-r--r-- 1 www-data www-data 89 août 25 08:00 hostimport.csv -rw-r--r-- 1 www-data www-data 4493 août 25 08:00 index.php drwxr-xr-x 2 www-data www-data 4096 août 25 08:01 ssl
and in ssl folder, I’ve got
-rw-r--r-- 1 www-data www-data 1679 août 25 08:01 srvpublic.crt
With 0.3 client all is ok, with 0.9.4 client all is ok in log for printers or snapin, communication seems good with server, but certificate error…
-
The certificate problem is mostly likely as simple as the srvpublic.crt file is non-existent for whatever reason. I’m unable to replicate. When I push a commit, I update two servers, one running Fedora and one running Ubuntu. Right now they’re Fedora 22 and Ubuntu 15.04 just so I can get as broad as possible in testing the GUI and installer function properly on even “current” releases of OS. Part of the initial installer is the creation of the server’s keys. After that, the only thing that is performed is a certificate generation.
I need more info if at all possible.