SVN 5370 Domain Username Bug



  • Hi,

    I’ve been having an issue in the SVN 5370 trunk release (and the last few releases before that), with getting FOG imaged machines to auto join the domain.

    In the Active Directory Defaults config section when I enter a domain username, the imaged machine does not join itself into AD. Upon second inspection of the config settings the Username has been populated with many, many backslashes.

    My initial thought is that it may be something to do with PHP and Magic Quotes being turned on potentially. I’m wondering if anyone else has come across this issue?

    0_1447687979283_fog_slashes.jpg



  • The global settings appear to be working now that the sloppy domain pre-fix has been removed and the cert issue was cleared up. It still appears to be a bug that the extra erroneous slashes are added, but if the expected input is wrong then that is fair enough really!

    Thanks for the help, much appreciated.


  • Senior Developer

    @shird If you updated the global, then whatever entries are in that are populated to the host by checking the “Join Domain”.

    After the initial save, the value is individualized on the host level.

    One or two hosts is simple, but when you have 100’s or 1000’s of hosts, doing this one by one is very very tedious. This is where the Group page shines.

    From the List/Search of Host page, you can check the boxes for the host or hosts you want to join to a new or existing group. Once they’re in the group, go to the Group and edit that new group. You can then update all hosts in the group at once, by following (more or less) the same exact steps as you would on an individual host.



  • Brilliant. That appears to have worked!

    is there then an issue with the global setting AD values? Entering each host information is fine for one or two hosts but it will be problematic for several or more?



  • @Tom-Elliott Gotcha. Will try now.


  • Senior Developer

    Update the values as present on the HOST, not the Global settings.



  • @Tom-Elliott I’m not sure I understand. What exactly are you asking for me to update?


  • Senior Developer

    I am still not understanding the problem.

    The ad information presented is displayed as it’s stored on the host.

    So why not just update the host?



  • Interestingly it there appears to be no attempts on logging onto the domain in the NetSetup.log file since I fixed the cert issue. Could it be getting stuck on the Product Key or something else?



  • Nope, no difference at all :( Same output as above



  • @ch3i I’ll give it a bash (no pun intended ;) )


  • Moderator

    @shird Could you try to edit the user in the database instead the web UI ?

    FOG_AD_DEFAULT_USER entry in the globalSettings table



  • @ch3i Looks like you’re right.

    I’ve checked the NetSetup.log file on the client and the reason it is failing authentication is due to the Account name containing lots of erroneous backslashes, as mentioned in my first post. Currently the account name in NetSetup.log looks like this: Account: domain\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

    In the FOG.log I get the following:

    ------------------------------------------------------------------------------
    --------------------------------HostnameChanger-------------------------------
    ------------------------------------------------------------------------------
     20/11/2015 13:15 Client-Info Version: 0.9.7
     20/11/2015 13:15 HostnameChanger Running...
     20/11/2015 13:15 Middleware::Communication URL: http://192.168.1.156/fog/service/servicemodule-active.php?moduleid=hostnamechanger&mac=xx:xx:xx:xx:xx:xx||00:00:00:00:00:00:00:E0&newService=1
     20/11/2015 13:15 Middleware::Communication Response: Success
     20/11/2015 13:15 Middleware::Communication URL: http://192.168.1.156/fog/service/hostname.php?moduleid=hostnamechanger&mac=xx:xx:xx:xx:xx:xx||00:00:00:00:00:00:00:E0&newService=1
     20/11/2015 13:15 Middleware::Communication Response: Success
     20/11/2015 13:15 HostnameChanger Checking Hostname
     20/11/2015 13:15 HostnameChanger Hostname is correct
     20/11/2015 13:15 HostnameChanger Activing host with product key
    ------------------------------------------------------------------------------
    

    And nothing appears to happen beyond it.

    I’ve tried using a different account and restarting the FOG service, however no joy and I get the same as above.


  • Moderator

    @shird Not sure but I think the 2202 error is an authentication problem.

    Edit : https://msdn.microsoft.com/en-us/library/windows/desktop/aa370674(v=vs.85).aspx



  • It would seem rebooting the server then issuing the following command ./installfog.sh --recreate-CA --recreate-keys and re-installing the client (with a reboot of the client in-between) has done the tick for the cert error.

    Still having problems with auto-joining on AD though. I’m now getting Unknown Return Code: 2202. Is it worth creating a new forum post for?



  • Slight update.

    The bug in question only seems to appear when you click on the host AD details, not the overall FOG AD options.


    I’ve re-checked over the client logs and it would appear that has an invalid certificate. Is there any documentation on how to regenerate certs and apply them to the client as I can’t seem to find any? I suspect I’m being a bit blind…

    Thanks.



  • It is a test environment at the moment with a view to pushing out to production, so yes client 0.9.7 is being used (that is the latest version, right?).


  • Senior Developer

    What do you mean the legacy password is not used? You’re whole environment is using 0.9.7 version of the client?



  • @Tom-Elliott said:

    Can you just set the username to the username?

    I just tested saving and resaving things with the \ in the username and I’m not seeing this over and over.

    Tried this and it is still not joining to the domain.

    @Wayne-Workman said:
    Can you check and see what’s in the DB?

    mysql
    use fog
    select * from globalSettings where settingKey='FOG_AD_DEFAULT_USER';
    

    You can update that field like this:

    update globalSettings set settingValue='Administrator' where settingKey='FOG_AD_DEFAULT_USER';
    

    Query OK, 0 rows affected (0.00 sec)
    Rows matched: 0 Changed: 0 Warnings: 0

    Nothing to change by the looks of it.

    Other notable settingKeys for this topic:

    FOG_AD_DEFAULT_DOMAINNAME
    FOG_AD_DEFAULT_OU
    FOG_AD_DEFAULT_PASSWORD
    FOG_AD_DEFAULT_PASSWORD_LEGACY
    FOG_AD_DEFAULT_USER
    

    I should add that the “Domain Password” field in FOG Trunk (1.3.0 and higher) can ONLY be populated properly by using the web interface, because there is code in the web interface that encrypts the new password field, unlike the Legacy Password.

    Everything as expected in the DB (domainname is FQDN, user is correct, etc). Same as the information that was input into Config options page (sans Legacy Password as this is not used).


  • Senior Developer

    Can you just set the username to the username?

    I just tested saving and resaving things with the \ in the username and I’m not seeing this over and over.


Log in to reply
 

391
Online

38920
Users

10688
Topics

101407
Posts

Looks like your connection to FOG Project was lost, please wait while we try to reconnect.