How to setup Microsoft AD LDAP for FOG 1.5.0~

• 1 - Go to >Fog Configuration> Fog Settings>Plugin System - check the box for “PLUGINSYS ENABLED”

• 2 - In the menu, you should now see a gear icon called “Plugins”

• 3 - Once on the Plugins page select “LDAP” then navigate to “Install plugins” then install the LDAP plugin. You should now see the LDAP plugin listed under “Installed Plugins”

• 4 - SSH to your FOG server and install the latest php-ldap module through your distro package manager

• 5 - In the menu, you should now see a key icon called “LDAP Servers”

• 6 - Click “Create New LDAP”

• 7 - Now for the fun part…

LDAP Connection Name - (This is whatever you want it to be… it’s just a name)
LDAP Server Description - (Again… whatever you want… it’s just a Description)
LDAP Server Address - MANDATORY - (The name of the server to check logins against)
LDAP Server Port - MANDATORY - (Pick 389 or 636 from the drop down… if you are not sure what one will work for you start with 389 or Google it)
Use Group Matching - recommended - (you are most likely going to want to leave this checked)
Search Base DN - MANDATORY - (This is the organizational unit within Active directory that you would like to start your search for users)
Group Search DN - MANDATORY - (This is the organizational unit within Active directory that you would like to start your search for Group Matching)
Admin Group - MANDATORY - (This is the name of the security/distribution group that admins need to be a part of in AD in order to login with LDAP) Note: Just the group name… not the whole CN as you already provided that information above.
Mobile Group - recommended - (You probably just want to make this the same as above unless you use this for things… idk)
Initial Template - (Since this tutorial is for Microsoft AD lets select Microsoft AD)
User Name Attribute - MANDATORY - (Not sure if the case is important for this setting within in FOG, but for others I know it is… thus I changed the “User Name Attribute” from “samAccountName” to “sAMAccountName”)
Group Member Attribute - MANDATORY - (Default setting here is good - “member”)
Search Scope - (Depends on how your organizational units are set up within AD )
Bind DN - MANDATORY - (This is the full path to the location of the user account you will be using to talk with LDAP this should start with “cn=”)(This user should have somewhat elevated permissions in AD the level of which is at your discretion)
Bind Password - MANDATORY - (The password for the user account above)
Once done click “create”

• 8 - Read the “Some things to keep in mind section below - Then test logging into FOG with an AD account”

Some things to keep in mind:

• The LDAP user you want to log in with should not already have a local account within FOG.
• Once you get it working don’t just go and delete all your local FOG accounts… Leave one with a nice long and random password - keep that password somewhere safe, if the plugin stops working for some reason it would be nice to still have access to your FOG server GUI without having to go and add a user into the database manually.
• Please once working use a test AD account or create one and make sure you did not just give every user in your AD the ability to log into your FOG server and image every computer.
• The apache error log is a great tool to use when troubleshooting why your LDAP is not working on FOG
• Below is an example of LDAP settings within FOG
• As always if you are not sure about something feel free to ask the fourms… Thats what they are there for

Disclaimer: All of the above information is a summary of my experience getting this plugin to work within our environment. I am only providing an example/tutorial. Please be careful with LDAP and TEST USER ACCESS as much as you can. only you will be at fault if for some unfortunate reason someone that should not have access to your FOG server gets it and images all your computers

With that said, I hope I have stressed the importance of securing your LDAP setting and this example/tutorial has helped you in some way…

Happy Fogging!

Not sure why I did not just start with trying a pre 6.xx.xx kernel…

Downloaded the the last 5.15.xx Linux kernel slapped it in /var/www/fog/service/ipxe/bzimage-5.15.98 updated the host kernel to bzimage-5.15.98 and BOOM 20GB/min.

Still willing to do some testing if there is anything you need from me to see if this can be fixed in 6.xx.xx.

latest stable version: 1.5.10.1639
bzimage version: 6.6.49

Partclone is reporting around 40MB/min
Debug iperf is reporting bandwidth between 2-3 Mbits/sec

Thoughts on where to start?

Thanks!

Hello,

Fog Version = 1.5.5

Wondering if anyone else on 1.5.5 is seeing this or there is already a post about this I have missed?

When looking at a hosts image History the “Engineer” section reports all imaging history has been done by the current logged in user.

I have tested this by logging in as another user viewing the same host image history and receive the same results.

However, the actual user that imaged the computer is listed correctly under Report Managment> Imaging Log.

Thoughts?

Thanks,
M144

@plegrand

Hello,

If for some reason you do not get redirected you may already be joined to #fog, if not just type the below line into your irc client.

/join #fog

#fogimaging and #fogproject are both set to +i and redirect to #fog so all FOG users end up in one channel instead of 3.

Thanks,
M144

@dahrell I know the pain!

The same thing happened to me when trying to use that docking station for the Surface Pro. The thing I don’t understand is that docking station will work for me when imaging a Surface Book but not a Surface Pro.

I ended up just using this surface docking station and it works every time with the newest kernel… Even tho it says it is for the Surface Pro 3 it did work with our 4’s.

Good luck,
-M144

@wayne-workman Sounds good… I’ll see what I can do when I find some free time.

@george1421 @Wayne-Workman Thanks guys… Been using FOG since back in the 0.32 days! It has saved me so much time, words can not describe how much I appreciate this project.

I hope to create some more documentation as I have some time. Would love to help with anything I can, just let me know.

Thanks,

• 1 - Go to >Fog Configuration> Fog Settings>Plugin System - check the box for “PLUGINSYS ENABLED”

• 2 - In the menu, you should now see a gear icon called “Plugins”

• 3 - Once on the Plugins page select “LDAP” then navigate to “Install plugins” then install the LDAP plugin. You should now see the LDAP plugin listed under “Installed Plugins”

• 4 - SSH to your FOG server and install the latest php-ldap module through your distro package manager

• 5 - In the menu, you should now see a key icon called “LDAP Servers”

• 6 - Click “Create New LDAP”

• 7 - Now for the fun part…

LDAP Connection Name - (This is whatever you want it to be… it’s just a name)
LDAP Server Description - (Again… whatever you want… it’s just a Description)
LDAP Server Address - MANDATORY - (The name of the server to check logins against)
LDAP Server Port - MANDATORY - (Pick 389 or 636 from the drop down… if you are not sure what one will work for you start with 389 or Google it)
Use Group Matching - recommended - (you are most likely going to want to leave this checked)
Search Base DN - MANDATORY - (This is the organizational unit within Active directory that you would like to start your search for users)
Group Search DN - MANDATORY - (This is the organizational unit within Active directory that you would like to start your search for Group Matching)
Admin Group - MANDATORY - (This is the name of the security/distribution group that admins need to be a part of in AD in order to login with LDAP) Note: Just the group name… not the whole CN as you already provided that information above.
Mobile Group - recommended - (You probably just want to make this the same as above unless you use this for things… idk)
Initial Template - (Since this tutorial is for Microsoft AD lets select Microsoft AD)
User Name Attribute - MANDATORY - (Not sure if the case is important for this setting within in FOG, but for others I know it is… thus I changed the “User Name Attribute” from “samAccountName” to “sAMAccountName”)
Group Member Attribute - MANDATORY - (Default setting here is good - “member”)
Search Scope - (Depends on how your organizational units are set up within AD )
Bind DN - MANDATORY - (This is the full path to the location of the user account you will be using to talk with LDAP this should start with “cn=”)(This user should have somewhat elevated permissions in AD the level of which is at your discretion)
Bind Password - MANDATORY - (The password for the user account above)
Once done click “create”

• 8 - Read the “Some things to keep in mind section below - Then test logging into FOG with an AD account”

Some things to keep in mind:

• The LDAP user you want to log in with should not already have a local account within FOG.
• Once you get it working don’t just go and delete all your local FOG accounts… Leave one with a nice long and random password - keep that password somewhere safe, if the plugin stops working for some reason it would be nice to still have access to your FOG server GUI without having to go and add a user into the database manually.
• Please once working use a test AD account or create one and make sure you did not just give every user in your AD the ability to log into your FOG server and image every computer.
• The apache error log is a great tool to use when troubleshooting why your LDAP is not working on FOG
• Below is an example of LDAP settings within FOG
• As always if you are not sure about something feel free to ask the fourms… Thats what they are there for

Disclaimer: All of the above information is a summary of my experience getting this plugin to work within our environment. I am only providing an example/tutorial. Please be careful with LDAP and TEST USER ACCESS as much as you can. only you will be at fault if for some unfortunate reason someone that should not have access to your FOG server gets it and images all your computers

With that said, I hope I have stressed the importance of securing your LDAP setting and this example/tutorial has helped you in some way…

Happy Fogging!

@sebastian-roth Sorry for the late reply, Looks like it is “045e:07c6”

The first lsusb is with no doc the second lsusb is with doc.

@george1421 Attached is a picture of the current setup with a:

TP-Link TL-0SG1008D switch (Not the new model they have out rn, also the dumbest switch I could find in the office… works about 90% of the time now)
A Surface Book Dock (Model 1661)
A Surface Book 4 (Model 1703 according to the Surface UEFI about page)
The white cable coming into the TP-Link switch is the uplink from a Cisco Meraki MS-22 switch
The blue cable just goes from the TP-Link to the Surface Book dock.
Then Dock to Surface Book through Microsofts proprietary connector

As for: @george1421 said in UEFI booting with Surface book 4:

But at the same time I’m confused why the wireless adapter is being displayed, unless the wireless and ethernet adapter are one and the same.

I feel the same about this… Not sure why only the wireless adapter is being displayed! The only LAN connection that I know of is coming from the Surface Dock. Also, I have not seen anything saying that the surface has a passthrough NIC built into it like a lot of newer Lenovos have. So for some reason lspci -nn|grep net is not showing the NIC for the Surface Dock.

I think at this point we are going to purchase and test a few dumb switches along with this usb 3.0 gigabit ethernet adapter that “Supports Legacy PXE (eHCI and xHCI) & UEFI PXE” (we will see about that! :))

Anyways, Those new toys should be in some time next week… I will test things out and let you know what I come up with. Let me know if you have any other suggestions in the meantime.

Thanks for all the help