RE: Extend LDAP plugin to support AD authentication

Its been a few days since I posted an update to this. I’ve been debugging and have the ldap authentication working with AD. So the actual ldap authentication is working fine. I’ve run into a snag passing the authorized flag back to fog. I’m sure that can be worked out soon. Beyond that I’ve been testing with RC8 code. Once that is working I’ll stand up a new RC11 instance of FOG and confirm. In the end we are making progress with an end in sight.

Lets try to get a little clarity around your setup here.

You have install fog, is it safe to assume you installed 1.2.0, or did you install the current fog trunk version (i.e. pre 1.3.0)?

Is it safe to assume you are using a Microsoft dhcp server? (your event log might suggest something different). One might think you have two dhcp servers covering the same subnet.

What exactly did you set options 66 and 67 to?

What is the IP address of your fog server?

@RobTitian16 said in Driver Issues With Dell Latitude 7280 - No Bootable Devices:

Or am I chasing a red herring and the hard drive shouldn’t appear in the UEFI one-time boot menu?

It should show in the boot menu when/if a valid uefi boot partition is created. The uefi firmware looks at the disk and will only display a uefi boot option if it finds uefi boot media. To test this put a windows OEM dvd in the dvd drive and boot into the boot options menu. It should show the dvd rom.

There are a couple of way to go about this neither is perfectly clean.

I guess the first question to ask is if your can install 2 hard drives in your FOG server at one time?

If yes then you have options (not in any special order).

1. If your FOG server uses LVM disk management, you can just add the new 8TB disk to the existing root LVM volume. Let the OS manage the disk space.

2. Map the new drive to the existing FOG server and mount over the /images directory: https://forums.fogproject.org/topic/6642/moving-fog-s-images-files-off-the-root-partition

3. Setup the FOG server as a second storage node (basically map back to the FOG server where the 8TB drive is mounted). You will need to use the location plugin do decide which image goes to which (logical) storage node.

4. Clone your 1TB drive to your 8TB drive.

What ever solution, my preference is to not have the /images directory a member of the linux root partition. Filling up the root partition on linux is never a good thing. If the images are stored on the root partition its possible if the disk is not checked before the upload you could fill the root partition and bring down the linux OS. (I’ve been there and done that a few times).

@adukes40 This is only for user login. So far I’ve only tested via the web gui.

Good catch, you must have very fast eyes.

That error means that this computer either did not receive dhcp address from inside the ipxe kernel or the ipxe kernel could not configure the network adapter.

I use fog on 790s and it works OK. Is your 390 using the latest (or current) BIOS?

I might recommend (if you can tolerate a few little bugs) that you upgrade to the trunk version (i.e. soon to be 1.3.0 version) so that you have the latest drivers and programs for FOG. Since this is new to your company having a little instability to get the current files may be beneficial for this test.

Don’t get sad with FOG. FOG does work rather well, you just have a unique environment that we need to work (around). Here are the instructions for upgrading to the current trunk build https://wiki.fogproject.org/wiki/index.php/Upgrade_to_trunk
This build will be updated almost daily as new fixes are released. If you find a bug, report it to the forum and it is usually addressed in one day.

Your fog version doesn’t exist yet. May I ask you to update to the latest version of FOG (1.4.4 at the time of this post) and then try it again. This version did address an issue with partition creation.

Installing the fog client is not necessary to image target computers.

@fredlwal This is the error Cannot add PPA: ‘ppa:ondrej/php’. that is the root of your issue.

I just remember a thread about this issue, this past week. It was related to some non-LTS versions of ubuntu not having this package available.

@fredlwal What version of Debian/Ubuntu are you using?

@Developers I remember seeing a thread on this, but I can’t seem to find it or the answer, sorry.

@adukes40 While anything is possible it would be a lot of work, and it would then tie FOG to requiring an AD infrastructure.

I can say from a programming standpoint the code that FOG is built on can communicate with ldap pretty easily. So its possible to do. The issue is having enough motivation to pull it off. I looked at the ldap plugin that was in fog and have experience with programming queries to LDAP so there wasn’t a huge learning curve to update the plugin, plus what was there was sound already, they were just missing a few things.

@atarone OK, understood you never upgraded. The reason why I ask is that the image format that is captured has changed a bit and that might be the cause of the error. But that is a non-issue now.

Its still not clear if you setup the management interface to use the images you copied over from the old fog server. Migrating to a new fog server requires a few steps. One is to move the files, the second is to either clone the database or recreate the configuration in the new server that will use these copied files.

I wish we had a concise wiki or tutorial for you.

You kind of have two options here

1. Install all known drivers into your mother/reference image. This is the quickest and cleanest route. The downside here is that if you add a new hardware model you will need to recreate your reference image to include the new drivers.
2. Only put the minimum drivers in your reference image and then use a fog post download script to copy the proper files to target computer. The last bit here is to ensure before you capture the reference image you tell windows where to find the files when OOBE starts.

Either route you must use sysprep since you are deploying a single image to multiple computers. (note I did not say anything about the fog client in this post).

If you want to go down path 2 then, I have a few tutorials I wrote on the subject too. https://forums.fogproject.org/topic/8889/fog-post-install-script-for-win-driver-injection/4

But as I said its not concise step by step as of yet.

The whole concept if my tutorial is to place the drivers on the target computer in a specific location where windows knows where to find them. As for Win10 you need to use an unattend.xml script with a certain section added to tell windows OOBE where to find the drivers. The link that I posted above, at the bottom of the post it explains what needs to be added to your unattend.xml file.

Now the question which route are you willing to go down. Route 1 is pretty quick but could add more time when a new hardware platform is introduced. Route 2 take more time to setup but you can make a true universal image that will work on any hardware platform Dell, HP, Lenovo assuming that you can get the drivers in a .inf format (not compressed .exe file). With the lenovos I’ve been known to borrow the OEM driver directory and use that with my master install process.

I can say the issues you will run into more often than not is with the hardware.

FOG uses a customized version of linux called FOS. I suspect that FOS will run on even really old (ia32) based hardware. The issue is getting FOS to the target hardware. PXE booting was added to the PC 2001 spec USB booting wasn’t added until circa 2006 (I think). So with these old hardware systems you have to find a way to boot the FOS engine. With some creativity you could boot FOS from a CD drive.

We would have to ask the developers if they still include linux drivers for IDE drives and old nic cards (the 3com 3c503 and 3c509 cards were quite popular).

Really for your task at hand, I might use clonezilla with a portable usb hard drive over FOG for backing up these older systems. There is a lot less overhead and sometimes headache with clonezilla if all you are doing is backing up random systems from around your campus.

@JJ-Fullmer Wow interesting. I’ll surely take a look at that tonight. I installed RC11 B58 (I think) this AM after Tom updated the master code. The one thing that you must do if the LDAP plugin was installed before (now) is that you must uninstall and reinstall the plugin because the internal structure has changed. This AM after the refresh I had to recreate the ldap server and it installed correctly. Just to be sure uninstall the ldap plugin and then readd it back in.

As far as the status of the LDAP plugin, its (should be) almost complete. The only outstanding issue is adding the code for reauth. So as it stands right now once you are authorized via LDAP, you are authorized forever even if you kill the AD account (which is not to cool). I have a way to fix this tonight.

I’ll add a simple how to to this thread on what the plugin is expecting, but its pretty straight forward.

@atarone Ok great. (sorry about the long way to get to this point, but sometimes there is no way to know what the poster has already done)

Now what I would like you to do is capture the error messages about the format. If you have a mobile phone snap a picture to capture the error and post it here so the devs can take a look at the exact spot where the error begins.

@CamGreezy You will install all drivers, install the fog service but setup as service disabled. Create a setupcomplete.cmd batch file to restart the fog client service as described in your first link.

Once that is done you run sysprep with the proper command switches to have sysprep power off the computer (this IS important to make sure the computer is powered off and all of the files are marked closed).

There are several documents that will get you started.
https://wiki.fogproject.org/wiki/index.php?title=CentOS_7

It is now recommended that you change selinux setting to permissive and not disabled as it appears in some documentation. Also if you need to leave the firewall enabled you can do that. The developers has provided some guidance on what firewalld rules need to be configured. Or you can just disable the firewalld service as outlined in the docs. Its also best practices to create a new vmdk (virtual disk) for your images and then mount the new vmdk onto the root partition over the /images directory. I have a document on doing that if you need.

At its most basic step its just installing centos 7 selecting bare minimum configuration, then installing wget, git, and then downloading the fog installers.

This one is a bit dated and created by some third party, but the steps are almost the same today: http://blog.ibuddy.info/index.php/2015/06/fog-v-1-3-on-centos-7-full-install-guide/

@JJ-Fullmer OK I couldn’t resist checking. I have B54 installed and I was able to add a second ldap server without issue. Let me refresh my install and see if something changed from B54

@sarge_212 Don’t get discouraged here. You are doing pioneering work that hasn’t been done before with fog and the surface 4. “Some times you will get a little bloody walking on the bleeding edge of technology”

As Sebastian said, go into the fog settings and crank the debug level up to max and see if it will provide any additional information.

It would still be interesting to see if you can get a live linux to boot on this thing. That may be a path if the debugging doesn’t provide any more data. You can live boot linux from a usb flash drive so there won’t be anything installed on the surface. The live linux would give us a chance to run a few commands as well as tell use that booting linux on the tab is possible.

@Bob-Henderson I can’t share a working example of our Win10 unattend.xml file because of IP reasons. But I think I can get you pretty close.

If you go to any of the online unattend.xml builders to construct your unattend.xml file, such as this one: http://windowsafg.no-ip.org/win10x86_x64.html

Even without entering any values (btw: this is an excellent unattend.xml builder if you are not using MDT or other deployment tool), down at the bottom there is an output section. If you search there for settings pass="offlineServicing" you will see two sections. Just insert the following from this article: https://forums.fogproject.org/topic/8889/fog-post-install-script-for-win-driver-injection/4 just below the existing offlineServicing section or just insert another component section inside an existing offlineServicing section.

    <settings pass="offlineServicing">
        <component name="Microsoft-Windows-PnpCustomizationsNonWinPE" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
            <DriverPaths>
                <PathAndCredentials wcm:action="add" wcm:keyValue="1">
                    <Path>C:\Windows\DRV</Path>
                </PathAndCredentials>
            </DriverPaths>
        </component>
    </settings>

Since the driver store is located ON the target computer there is no need to supply any credentials to make this work.

@Foaming My opinion would be to always build a new box and then copy over your images. This gives you the most up to date OS as well as a clean build of FOG.