@george1421 You sir, are the man. I added those two lines
read -p " * Enter destination department for this computer: " dname
host_default_name="${dname}-${host_default_name}";
to fog.man.reg and was prompted for a department code, entered the dept code, then the hostname autopopped with the dept code prefix appended. However, after the device is registered, the prefix is not appended to the registered name.
@george1421 I say method#2 works best. Which script should I modify and where? At the beginning or end? Would it work like “read bios serial# prompt for dept code” or “prompt for dept code read bios sn append prefix”?
I’m trying to figure out how to expand on the computer naming task while imaging.
I have a group called TestGroup. Let’s say this group is a department in my organization, and the department code is TG. The way we name our computers is DeptCode-serialnumber. So TG-1A2B3CD would be how we name a computer. In FOG, I create the group and see the option to join a domain. Great! However, I want to be able to add the prefix to the computer name BEFORE joining the domain. I already have a script in place during Full Reg that reads the system’s serial number from the BIOS and auto-populates it.
How can I tie that Full Reg script into Groups so that it will either automatically append the prefix or prompt me during Full Reg to specify a department code that is referenced in the Group?
@sebastian-roth One more question (I hope this is the last one) if I want to set up a trust between my prod environment and the cert that FOG is using, where can I find the FOG cert on the file system?
@sebastian-roth Game changer! Thanks! I’m testing the dev-branch install right now on a vm.
@george1421 I ran wireshark while pxe booting fog and logging in to the ipxe menu, saw that the creds were sent via HTTP, not LDAP. So I should upgrade to the latest trunk using the -s switch and all will be SSL? I’d still have to compile the ipxe kernel with a cert or is that done during setup?
@george1421 So the alternative would be to use SSL and embed the cert into the ipxe kernel right? I saw a post about this topic and a post pointed to this link https://wiki.fogproject.org/wiki/index.php?title=Upgrade_to_trunk about the latest build already has SSL set up? I’d just have to run installfog.sh -s and HTTPS would be working for the web gui as well as ipxe?
I have LDAP configured properly for logging into the FOG UI as well as authentication during the IPXE menu login. I’m trying to add security layers to the FOG server and environment. I ran wireshark to see how FOG sends LDAP credentials, and it appears to send them clear text over HTTP. If I use LDAPS, will FOG still send those clear credentials via HTTP or will it be secure?
In case anyone else has this question, the Reports tab serves this purpose. Once an AD user logs into FOG and starts doing things, the history report will log it.
Re: [LDAP with Access Control](default role assignment at first login)
I want to continue this conversation. I was looking at the “Mobile Group” in LDAP plugin settings, and I created an Security Group called FOGTechnicians-SG in my AD, and put that group in Mobile Group. I read that Mobile Group was deactivated (maybe I misunderstood that?). But is there a way to predefine AD users in FOG and put them in the appropriate roles so that when they log in, the proper rules will be applied?
I successfully set up the LDAP plugin for FOG, and can login to the Web UI with my AD creds as well as authenticate to the iPXE menu with my AD creds, but when I register a host, it still says
“Created by FOG Reg on October 25, 2022, 6:45 pm”. Also when I create an image, it doesn’t show that I created the image. Does FOG have this functionality? My intention of setting up LDAP was to be able to keep track of who captures, deploys, and registers hosts.
@mcana66 What I did was create a file in /tftproot called autoexec.ipxe and put this in:
#!ipxe
ifopen net0
dhcp net0
chain ${boot-url}/scripts/menu_EFI.ipxe
This is for my FreeNAS box that I use for other projects and testing. You can chain any ipxe script (or any boot script like boot.php on the fog server) you want from there. The ${boot-url} variable is set in the default.ipxe file also located in /tftproot.
@mcana66 autoexec.ipxe is the default script that the ipxe kernel looks for unless another file is specified by your DHCP server or if you compile the kernel with an embedded menu script.
@fog_newb It starts the ipxe and stops where exactly? Configuring Devices?
My settings in FOG Config>IPXE General Config>Menu Hide/No Menu settings:
And FOG Config>FOG Settings>FOG Boot Settings:
Problem is during ipxe boot, I still get prompted to hit the ESC key. I’d like to change it to F12 instead of ESC because ESC also cancels the boot process and some of my staff like to spam the ESC key…
@rrtern Just wondering, did you create a route between the two subnets? The firewall(s) may also need rules to allow pxe, http, and tftp traffic between those subnets. I didn’t see anything mentioned about routes so that’s why I asked. For instance in pfsense, by default different VLANs can communicate with each other. But at my job’s network environment they have to create routes so that vlans and subnets can communicate.
I can say that we aren’t constantly imaging and reimaging PCs in our environment. The FOG server does a lot of idling. I do the most because I’m always working on golden images and testing. But that’s about it. I don’t think I could make a solid proposal to my employer to pay a small team full-time for full support of FOG. It wouldn’t be feasible. If anything we need to get more people using FOG instead of other very expensive imaging solutions. If the community grows then you’ll have a higher chance of gaining a few more volunteers.