Next Server IP address was wrong on DHCP server. TFTP is working now! Thank you @george1421
Posts made by Brendan Clemente
RE: TFTP Open Timeout
@george1421 The DHCP server is actually set up on the switch itself. Sorry for the confusion. Let me get that capture for you now. And yeah I had an issue previously where I tried to switch the IP and found that in some places the new IP took and in others it was still trying to use the old IP. Since I’ve set up the RPi with a fresh install of Raspbian the IP of the fog server has not changed from 10.99.98.50.
TFTP Open Timeout
Good afternoon good people,
I’ve set up a few fog servers in the past few months on a couple of Raspberry Pi 3 B+ and have had few to no issues for the most part. The company I work for however is in the process of a network equipment infrastructure upgrade. We are moving to Fortinet switches and firewalls. I am working on testing the fog server on this new equipment but I am running into an issue:
The Raspberry Pi is pulling IP 10.99.98.50 from our DHCP server at 10.99.98.1. During setup I’m using:
Network Adapter: Eth0
DHCP Server: 10.99.98.1
Use FOG as DHCP: No
I’ve had our infra team set option 66 to 10.99.98.50 and option 67 to undionly.kpxe.
The setup works well, no issues getting into the management console. I added the client I am testing with. Now, when I go to capture an image, the Computer PXE boots, searches for DHCP, shows that it found the DHCP server then searches for TFTP and fails.
It searches for a few seconds for TFTP requests then says PXE-E32: TFTP open timeout
I’ve tried restarting the tftpd-hpa service, status says its ok. Tried reinstalling FOG multiple times, tried wiping my RPi and reinstalling the OS fresh and reinstalling FOG fresh. I’m not too terribly experienced with this so could somebody help me to determine where I’m going wrong? Could it be a firewall issue maybe?
Thank you in advance!
MFA or logging for brute force attempts
Good afternoon all,
I am currently in the process of testing FOG for use in deployment of Windows 10. All testing has gone well so I sent the machine over to our IT Security team for testing. They came back and said the device was secure, but they are concerned of a brute force attack on the FOG management client, at which point a malicious user could upload and deploy tainted images or perform other malicious tasks.
To cure this, I am curious as to if there is a way to enable MFA for the main login page? Or, is there logs stored somewhere of login attempts that I can have our IT Security team create alerts for? If not, has anybody created a script to create these logs?
Either one of these two solutions should abate the concerns of our security team. Thank you in advance.
RE: Rebooting FOG server issue
@Sebastian-Roth @george1421 Thank you both. I am most likely eventually going to move to using FOG dhcp so I am not going to go too crazy with this. Was just curious as to if this was a known issue with a workaround. Just using our hq dhcp for the time being for testing.
RE: Multiple FOG Servers
@Sebastian-Roth @george1421 Thank you both. I understand that FOG was not really created for this large of a project, however, I’m interested to see how to handles it and what, if anything, will break along the way. I will keep everyone updated with my experiences and issues so that hopefully somebody else can avoid my mistakes in the future!
With the amount of stores we have, I think it may be better to use each FOG server independently to avoid overloading any single part of the system. This will make managing the project more difficult but in the end I think it will be better suited for this client. Each store has a maximum of 7 computers so that should be much more within the programs capabilities. For our corporate office and some of the larger daughter sites, (upwards of 300 computers per site) I will be performing local upgrades.
If I had more time to play around with a central FOG node I might try to make it work, but with Windows 10 support ending at the close of this year, I need to have all 1200+ computer upgraded by then as to not give our compliance department a stroke.
Again, thank you both for the prompt response and for supporting an opensource program.