Active Directory Mac OS X

Joe Schmitt

@Nicolas-Bricet what version of OS X? Is it Yosemite?

Nicolas Bricet

@Jbob Yes

Joe Schmitt

Yosemite has a bug with launchd where daemons don’t receive PATH. This is affecting our OS X domain binding code. Next version of the client should patch this.

Wayne Workman

@Jbob and when Apple patches it, will the client still work?

Joe Schmitt

@Wayne-Workman yep. The patch is to have the smart installer dump the path to the settings file, and then the daemon will use that as PATH. While it can become out-of-date if the user updated path, it should be good enough until Yosemite is fixed.

Nicolas Bricet

Thank you for your answer. The current client he works well on dernieère version of Mac OS X (El Capitan) or should also expect a future version of the client?

Nicolas Bricet

@Joe-Schmitt
Hello

We can work around the problem without waiting for the client update?
I just tested with version “El Capitan” I have the same worries.

Thank you for your help.
Have a good day.

Joe Schmitt

@Nicolas-Bricet possibly… How many Mac’s do you have with the FOG Service installed on?

Nicolas Bricet

Hello,

Nothing on a single iMac with version “El captain” in order to make a master to deploy it in a room of 15 computers.
I have the same worries as Yosemite, it detects that the computer must integrate the area but after restarting it does not and it integrates done this repeatedly.

Thank you for your help, good day.

Nicolas Bricet

@Joe-Schmitt
Hello,

So it was not until the next version of the client, I can not do anything in the meantime?

Have a good day.
Cordially.

Joe Schmitt

@Nicolas-Bricet if you manually stop the service you can apply the patch.

Once stopped, edit /opt/fog-service/fog.daemon
Add the line

eval `/usr/libexec/path_helper -s`

right after the #!/bin/bash line.

The next time the service is started, it should join the domain properly.

Nicolas Bricet

Hello,

That still does not work, here is the file that I modified and the LOG file when it tries to integrate the computer Actire Directory.
There always comes aps, the computer reboots again.

Meci advance.
Cordially.

#!/bin/bash
eval `/usr/libexec/path_helper -s`
▒~@~K
function startDaemon() {
        /opt/fog-service/control.sh start
        tail -f /dev/null &
        wait $!
}
▒~@~K
▒~@~K
function killDaemon() {
        /opt/fog-service/control.sh stop
        exit 0
}
▒~@~K
trap killDaemon SIGTERM
trap killDaemon SIGKill
▒~@~K
startDaemon;

------------------------------------------------------------------------------^M
--------------------------------HostnameChanger-------------------------------^M
------------------------------------------------------------------------------^M
 07/06/2016 09:52 Client-Info Client Version: 0.10.6^M
 07/06/2016 09:52 Client-Info Client OS:      Mac^M
 07/06/2016 09:52 Client-Info Server Version: 7937^M
 07/06/2016 09:52 Middleware::Response Success^M
 07/06/2016 09:52 HostnameChanger Checking Hostname^M
 07/06/2016 09:52 HostnameChanger Hostname is correct^M
 07/06/2016 09:52 Power Creating shutdown command in 60 seconds^M
 07/06/2016 09:52 Bus {
  "self": true,
  "channel": "Power",
  "data": "{\n  \"action\": \"request\",\n  \"period\": 60,\n  \"options\": 2,\n  \"command\": \"-r +0 \\\"Host joined to Active Directory, restart required\\\"\",\n  \"message\": \"This computer needs to perform maintenance.\"\n}"
}^M
 07/06/2016 09:52 Bus Emmiting message on channel: Power^M
------------------------------------------------------------------------------^M
^M
 07/06/2016 09:52 Service Power operation being requested, checking back in 30 seconds^M
 07/06/2016 09:53 Service Power operation being requested, checking back in 30 seconds^M
 07/06/2016 09:53 Power Creating shutdown request^M
 07/06/2016 09:53 Power Parameters: -r +0 "Host joined to Active Directory, restart required"^M
 07/06/2016 09:53 Bus {
  "self": true,
  "channel": "Power",
  "data": "{\n  \"action\": \"shuttingdown\"\n}"
}^M
 07/06/2016 09:53 Bus Emmiting message on channel: Power^M
 07/06/2016 09:53 Service Power operation being requested, checking back in 30 seconds^M
 07/06/2016 09:53 Controller Stop^M
 07/06/2016 09:53 Service Stop requested^M
 07/06/2016 09:53 Bus {
  "self": true,
  "channel": "Status",
  "data": "{\n  \"action\": \"unload\"\n}"
}^M
 07/06/2016 09:53 Bus Emmiting message on channel: Status^M
 07/06/2016 09:55 Main Overriding exception handling^M
 07/06/2016 09:55 Main Bootstrapping Zazzles^M
 07/06/2016 09:55 Controller Initialize^M
 07/06/2016 09:55 Entry Creating obj^M
 07/06/2016 09:55 Controller Start^M
^M
 07/06/2016 09:55 Service Starting service^M
 07/06/2016 09:55 Bus Became bus server^M
 07/06/2016 09:55 Bus {
  "self": true,
  "channel": "Status",
  "data": "{\n  \"action\": \"load\"\n}"
}^M
 07/06/2016 09:55 Bus Emmiting message on channel: Status^M
^M
------------------------------------------------------------------------------^M
--------------------------------Authentication--------------------------------^M
------------------------------------------------------------------------------^M
 07/06/2016 09:55 Client-Info Version: 0.10.6^M
 07/06/2016 09:55 Client-Info OS:      Mac^M
 07/06/2016 09:55 Middleware::Authentication Waiting for authentication timeout to pass^M
 07/06/2016 09:55 Middleware::Communication Download: http://@IP/fog/management/other/ssl/srvpublic.crt^M
 07/06/2016 09:55 Middleware::Communication ERROR: Could not download file^M
 07/06/2016 09:55 Middleware::Communication ERROR: Error: ConnectFailure (Network is unreachable)^M
 07/06/2016 09:55 Middleware::Authentication ERROR: Could not authenticate^M
 07/06/2016 09:55 Middleware::Authentication ERROR: Could not find file "/opt/fog-service/tmp/public.cer".^M
^M
------------------------------------------------------------------------------^M
--------------------------------Authentication--------------------------------^M
------------------------------------------------------------------------------^M
 07/06/2016 09:55 Client-Info Version: 0.10.6^M
 07/06/2016 09:55 Client-Info OS:      Mac^M
 07/06/2016 09:55 Middleware::Authentication Waiting for authentication timeout to pass^M
 07/06/2016 09:56 Controller Stop^M
 07/06/2016 09:56 Service Stop requested^M
 07/06/2016 09:56 Middleware::Authentication ERROR: Could not authenticate^M
 07/06/2016 09:56 Middleware::Authentication ERROR: ^M
 07/06/2016 09:56 Bus {
  "self": true,
  "channel": "Status",
  "data": "{\n  \"action\": \"unload\"\n}"

Tom S

@Nicolas-Bricet Just out of curiosity: could you try adding the device to the domain using just the admins name so:
administrator
not
domain\administrator
OS X sometimes does not like the appending of the domain. Along with the above recommendation could you please remove any OU settings you may have entered into FOG. This is for testing purposes, if it works then we can get started seeing why things went wrong. If this does not work I will send you a copy of a script to try to see if it can be done at all. I will try and test tomorrow at work on my domain.

Good luck and please post your results!

-T

Joe Schmitt

v0.11.0 is released and should address some of the issues with Mac domain binding. Can you test when you get a chance?

Nicolas Bricet

@Joe-Schmitt

Hello,

That makes 10 days that could not make fasting test (being on several sites).
The solution Tom S. has not worked.
Possibility to have the final customer without reinstalling the latest version of SVN please?.

Thank you in advance, good day.
Cordially.

Nicolas Bricet

@Joe-Schmitt Hello,

I tested the latest version and I still have the same problem.
The client detects well the need to integrate the computer after restart but he does not. And suddenly the computer reboots.
This could perhaps come as the Mac has no network when it wants to integrate the restart?
Thank you in advance.

Joe Schmitt

@Nicolas-Bricet are you using an OU or is that field blank?

Nicolas Bricet

@Joe-Schmitt OU=B215,OU=Enseignement,OU=Ordinateurs,OU=¤¤,OU=¤¤,OU=¤¤,DC=ad,DC=**,DC=fr

Joe Schmitt

@Nicolas-Bricet Now that v0.11 was released, we are actively working on this issue. We’ve patched a few more OSX domain related things and will perform testing tomorrow to verify everything works in a live environment.

Joe Schmitt

@Nicolas-Bricet v0.11.1 of the client has been released and some changes were made to the OS X binding process. I cannot promise that the issue will be fixed as 0.11.1 was push out as quickly as possible to address more immediate concerns.