Problem with some hostname and AD integration
-
Ok
This morning, I reinstall fog with 6C 6K parameters and thse file where created in “/var/www/fog/management/other/”
-rw-r--r-- 1 www-data www-data 1287 août 25 08:01 ca.cert.der -rw-r--r-- 1 www-data www-data 1797 août 25 08:01 ca.cert.pem -rw-r--r-- 1 www-data www-data 35147 août 25 08:00 gpl-3.0.txt -rw-r--r-- 1 www-data www-data 89 août 25 08:00 hostimport.csv -rw-r--r-- 1 www-data www-data 4493 août 25 08:00 index.php drwxr-xr-x 2 www-data www-data 4096 août 25 08:01 ssland in ssl folder, I’ve got
-rw-r--r-- 1 www-data www-data 1679 août 25 08:01 srvpublic.crtWith 0.3 client all is ok, with 0.9.4 client all is ok in log for printers or snapin, communication seems good with server, but certificate error…
-
@Matthieu-Jacquart If what I’m reading from the messages is correct, for the authorize section of the log you provided, it’s stating it could not download the .crt file. Followed by, failed to connect to server?
Does this sound accurate?
-
@Matthieu-Jacquart If what I’m reading from the messages is correct, for the authorize section of the log you provided, it’s stating it could not download the .crt file. Followed by, failed to connect to server?
Does this sound accurate?
Does the file exist:
/var/www/html/fog/management/other/ca.cert.der or /var/www/fog/management/other/ca.cert.der
-
Communication with server is good, for exmaple snapin and printers are ok
On the server I’ve got the file ca.cert.der in the 2 folders
In /var/www/fog/management/other/ : drwxr-xr-x 3 www-data www-data 4096 août 25 08:01 . drwxr-xr-x 12 www-data www-data 4096 août 25 08:00 .. -rw-r--r-- 1 www-data www-data 1287 août 25 08:01 ca.cert.der -rw-r--r-- 1 www-data www-data 1797 août 25 08:01 ca.cert.pem -rw-r--r-- 1 www-data www-data 35147 août 25 08:00 gpl-3.0.txt -rw-r--r-- 1 www-data www-data 89 août 25 08:00 hostimport.csv -rw-r--r-- 1 www-data www-data 4493 août 25 08:00 index.php drwxr-xr-x 2 www-data www-data 4096 août 25 08:01 ssl In /var/www/html/fog/management/other/ : drwxr-xr-x 3 www-data www-data 4096 août 25 08:01 . drwxr-xr-x 12 www-data www-data 4096 août 25 08:00 .. -rw-r--r-- 1 www-data www-data 1287 août 25 08:01 ca.cert.der -rw-r--r-- 1 www-data www-data 1797 août 25 08:01 ca.cert.pem -rw-r--r-- 1 www-data www-data 35147 août 25 08:00 gpl-3.0.txt -rw-r--r-- 1 www-data www-data 89 août 25 08:00 hostimport.csv -rw-r--r-- 1 www-data www-data 4493 août 25 08:00 index.php drwxr-xr-x 2 www-data www-data 4096 août 25 08:01 ssl -
The only other thing I can think of them is the client does not have the proper ca certificated stored. This means it cannot verify the servers public key and therefor will not attempt further communication using encryption based protocols. Snapins and maybe printers and possibly all client services beside hostname do not require encryption.
Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG! Get in contact with me (chat bubble in the top right corner) if you want to join in.
Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)
Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG
-
@Tom-Elliott I agree with that, question is : how to modidy certificate stored by new client ?
-
@Matthieu-Jacquart There’s a few ways.
The easiest way, supposedly, is to simply uninstall the “new client” fog and reinstall. Another way is to go into the Certificate Store and look for FOG CA Certificate. Or whatever it’s labeled as.
-
For uninstalling/reinstalling client, already did (a lot of time ^^)
With rebbot between, and each time douwnloading client from web interface to be sure it is up to date.For the other solution, where is the certificate store ?
-
I just upgraded to 4491 and now the hostnamechanger fails on my clients also with an Invalid Host Certificate. I am running on Red Hat 6.6 and it did work before the upgrade. I have taken one client and uninstalled/reinstalled the new client and it still does not work. I am also seeing problems on previously installed new clients when the hostnamechanger runs on them.
-
I feel less alone… ^^
I agree with that, I updated svn each day and trouble began last thursday I think, don’t remember precise svn version at this date. -
I have some more information. I deleted the fog certificate and then did a repair on fog and got the message “Failed to download CA certificate”. So it still looks like a problem with the certificate on the server.
Later I uninstalled the fog client, rebooted, and successfully reinstalled it. Still getting the same errors though.
-
Here is the directory of the fog certificate area on the server:
-rw-r--r-- 1 apache apache 1287 Aug 25 07:51 ca.cert.der -rw-r--r-- 1 apache apache 1797 Aug 25 07:51 ca.cert.pem -rw-r--r-- 1 apache apache 35147 Aug 25 07:51 gpl-3.0.txt -rw-r--r-- 1 apache apache 89 Aug 25 07:51 hostimport.csv -rw-r--r-- 1 apache apache 4493 Aug 25 07:51 index.php drwxr-xr-x 2 apache apache 4096 Aug 25 07:51 ssl [root@clstfogi other]# ls -l ssl total 4 -rw-r--r-- 1 apache apache 1675 Aug 25 07:51 srvpublic.crtIt looks like all of the files were regenerated when I reinstalled this morning, unless there is one missing. Are the files being created wrong?
-
I found the issue, a fix has been pushed. A variable was misnamed. Soon as you apply the patch the clients will work again.
-
It works now in git 4493.
-
Woot woot.
This was particularly problemattic to figure out. I’m sorry I’m such an idiot.
-
It works great, thank you @Tom-Elliott and @Jbob ! You make a great job.
I lost few hours this time but usually I gain so much time thanks to fog, that’s not a big deal.Oh, is there a difference between git and svn version ?
And last question, I reinstalled computers yesterday with 0.3 client, is there a way to uninstall it in bulk before installing new clients (with command “msiexec /i FOGService.msi /quiet WEBADDRESS=“192.168.1.2” WEBROOT=”")
-
@Matthieu-Jacquart said:
Oh, is there a difference between git and svn version ?
No difference, it just comes from a different place. This explains it: https://wiki.fogproject.org/wiki/index.php/Upgrade_to_trunk#Additional_information_on_svn_and_git_.26_FOG_Trunk
And last question, I reinstalled computers yesterday with 0.3 client, is there a way to uninstall it in bulk before installing new clients (with command “msiexec /i FOGService.msi /quiet WEBADDRESS=“192.168.1.2” WEBROOT=”")
There are many ways to remotely remove and install software. Most of the ways I know use Active Directory with GPO or Scripting or Powershell.
-
Ok thanks
I have software to deploy software (GPO or I prefer PDQ deploy), but I don’t know the tips to remove it, I’m going to search
