SVN 5370 Domain Username Bug
-
@Tom-Elliott said:
Can you just set the username to the username?
I just tested saving and resaving things with the \ in the username and I’m not seeing this over and over.
Tried this and it is still not joining to the domain.
@Wayne-Workman said:
Can you check and see what’s in the DB?mysql use fog select * from globalSettings where settingKey='FOG_AD_DEFAULT_USER';
You can update that field like this:
update globalSettings set settingValue='Administrator' where settingKey='FOG_AD_DEFAULT_USER';
Query OK, 0 rows affected (0.00 sec)
Rows matched: 0 Changed: 0 Warnings: 0Nothing to change by the looks of it.
Other notable
settingKey
s for this topic:FOG_AD_DEFAULT_DOMAINNAME FOG_AD_DEFAULT_OU FOG_AD_DEFAULT_PASSWORD FOG_AD_DEFAULT_PASSWORD_LEGACY FOG_AD_DEFAULT_USER
I should add that the “Domain Password” field in FOG Trunk (1.3.0 and higher) can ONLY be populated properly by using the web interface, because there is code in the web interface that encrypts the new password field, unlike the Legacy Password.
Everything as expected in the DB (domainname is FQDN, user is correct, etc). Same as the information that was input into Config options page (sans Legacy Password as this is not used).
-
What do you mean the legacy password is not used? You’re whole environment is using 0.9.7 version of the client?
-
It is a test environment at the moment with a view to pushing out to production, so yes client 0.9.7 is being used (that is the latest version, right?).
-
Slight update.
The bug in question only seems to appear when you click on the host AD details, not the overall FOG AD options.
I’ve re-checked over the client logs and it would appear that has an invalid certificate. Is there any documentation on how to regenerate certs and apply them to the client as I can’t seem to find any? I suspect I’m being a bit blind…
Thanks.
-
It would seem rebooting the server then issuing the following command
./installfog.sh --recreate-CA --recreate-keys
and re-installing the client (with a reboot of the client in-between) has done the tick for the cert error.Still having problems with auto-joining on AD though. I’m now getting Unknown Return Code: 2202. Is it worth creating a new forum post for?
-
@shird Not sure but I think the 2202 error is an authentication problem.
Edit : https://msdn.microsoft.com/en-us/library/windows/desktop/aa370674(v=vs.85).aspx
-
@ch3i Looks like you’re right.
I’ve checked the NetSetup.log file on the client and the reason it is failing authentication is due to the Account name containing lots of erroneous backslashes, as mentioned in my first post. Currently the account name in NetSetup.log looks like this:
Account: domain\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
In the FOG.log I get the following:
------------------------------------------------------------------------------ --------------------------------HostnameChanger------------------------------- ------------------------------------------------------------------------------ 20/11/2015 13:15 Client-Info Version: 0.9.7 20/11/2015 13:15 HostnameChanger Running... 20/11/2015 13:15 Middleware::Communication URL: http://192.168.1.156/fog/service/servicemodule-active.php?moduleid=hostnamechanger&mac=xx:xx:xx:xx:xx:xx||00:00:00:00:00:00:00:E0&newService=1 20/11/2015 13:15 Middleware::Communication Response: Success 20/11/2015 13:15 Middleware::Communication URL: http://192.168.1.156/fog/service/hostname.php?moduleid=hostnamechanger&mac=xx:xx:xx:xx:xx:xx||00:00:00:00:00:00:00:E0&newService=1 20/11/2015 13:15 Middleware::Communication Response: Success 20/11/2015 13:15 HostnameChanger Checking Hostname 20/11/2015 13:15 HostnameChanger Hostname is correct 20/11/2015 13:15 HostnameChanger Activing host with product key ------------------------------------------------------------------------------
And nothing appears to happen beyond it.
I’ve tried using a different account and restarting the FOG service, however no joy and I get the same as above.
-
@shird Could you try to edit the user in the database instead the web UI ?
FOG_AD_DEFAULT_USER
entry in theglobalSettings
table -
@ch3i I’ll give it a bash (no pun intended )
-
Nope, no difference at all Same output as above
-
Interestingly it there appears to be no attempts on logging onto the domain in the NetSetup.log file since I fixed the cert issue. Could it be getting stuck on the Product Key or something else?
-
I am still not understanding the problem.
The ad information presented is displayed as it’s stored on the host.
So why not just update the host?
-
@Tom-Elliott I’m not sure I understand. What exactly are you asking for me to update?
-
Update the values as present on the HOST, not the Global settings.
-
@Tom-Elliott Gotcha. Will try now.
-
Brilliant. That appears to have worked!
is there then an issue with the global setting AD values? Entering each host information is fine for one or two hosts but it will be problematic for several or more?
-
@shird If you updated the global, then whatever entries are in that are populated to the host by checking the “Join Domain”.
After the initial save, the value is individualized on the host level.
One or two hosts is simple, but when you have 100’s or 1000’s of hosts, doing this one by one is very very tedious. This is where the Group page shines.
From the List/Search of Host page, you can check the boxes for the host or hosts you want to join to a new or existing group. Once they’re in the group, go to the Group and edit that new group. You can then update all hosts in the group at once, by following (more or less) the same exact steps as you would on an individual host.
-
The global settings appear to be working now that the sloppy domain pre-fix has been removed and the cert issue was cleared up. It still appears to be a bug that the extra erroneous slashes are added, but if the expected input is wrong then that is fair enough really!
Thanks for the help, much appreciated.