RE: Mac OS X resizeable disk support

Going off of what @Sebastian-Roth said, you could shrink the disk before imaging, and when v0.10.0 of the client is released, create a snapin to auto expand the disk. That way as soon as osx boots up after imaging, the client pulls the auto-expand snapin and runs it.

@aruhuno

Un certificat requis n’est pas dans sa période de validité selon la vérification par rapport à l’horloge système en cours ou le tampon daté dans le fichier signé.

The problem is that your machines do not have the same time set as your server. This means, when you updated your server the keys were re-generated and signed against the server’s time. But if the machine’s time is behind (say by 3 hours), according to the clients the keys were signed in the future, and thus invalid.

You can either fix your server / client times, or wait for the clients to get past the “time in the future” that the keys were made.

Below are instructions on how to make FOG work with your firewall left on. If you encounter any scenario where this configuration does not work, please let me know and I’ll make adjustments.

Firewalld vs IPTables

Firewalld is an IPTables wrapper. It comes installed on Centos 7 and newer fedora installs. If you do not have firewalld then you most likely will have IPTables. To check if you have firewalld run firewall-cmd. If the command runs fine (no command not found error) then you have firewalld.

Firewalld

for service in http https tftp ftp mysql nfs mountd rpc-bind proxy-dhcp samba; do firewall-cmd --permanent --zone=public --add-service=$service; done
systemctl restart firewalld.service

IPTables

echo "IPTABLES_MODULES=\"nf_conntract_tftp nf_conntrack_ftp nf_conntrack_netbios_ns\"" >> /etc/sysconfig/iptables-config
for port in 80 443 21 3306 2049 20048 111 138 139 445; do iptables -I INPUT 1 -p tcp --dport $port -j ACCEPT; done
for port in 69 111 4011 137; do iptables -I INPUT 1 -p udp --dport $port -j ACCEPT; done
service iptables save

DHCP & DNS

If you use your FOG Server for DHCP or DNS run these commands as well.

Firewalld

for service in dhcp dns; do firewall-cmd --permanent --zone=public --add-service=$service; done
firewall-cmd --reload

IPTables

iptables -I INPUT 1 -p tcp --dport 53 -j ACCEPT;
for port in 53 67; do iptables -I INPUT 1 -p udp --dport $port -j ACCEPT; done
service iptables save

I’d just like to step and and thank you @AsGF2MX. You’re doing an AMAZING job helping us debug this.

@alv000h FOG already removes page files (swap) and hibernation files on capture.

v0.10.3 fixes this issue, please update

Nope. We maintained complete backwards compatibility for the FOG Service. (Though I would recommend transitioning to the new client when you can)

@george1421 , I already have a firewall configuration that has been tested for awhile now and works (the hardest part was nfs as it was using random ports, but that is easily limited). As for SELinux I already have a policy made, I just need more people to test it and see if I missed anything (after I package it up nicely).

@Wayne-Workman unfortunately we will not add this. The ssl directory where your private keys are stored, and should never be accessible via the web GUI. That presents a massive security risk as a single bug in the web GUI could provide anyone with access to your private certs; arguably the most sensitive data on the server.

As the saying goes, security and convience are usually at opposite ends of the spectrum; and this is one thing we will not compromise on.

Exporting your keys as root using ssh is the preferred, and only way, we will support.

v0.10.3 is released and auto-updated has been re-enabled.

Issue has been fixed and the patch will be available when 0.11.5 is released.

@dustindizzle11
Disclaimer: I am not sure if this is even possible.

FOG 0.32 and 1.2.0 do not support GPT, which Windows 10 defaults to. Your best bet would be to install Windows 10 with an MBR configured disk. Once that is done, you should be able to treat it like a Windows 7 image.

@george1421 It would be best if we modeled how forwarding tables work; Longest Prefix Match. Its a fairly intuitive way of handling multiple CIDRs that may overlap, and is the standard.

Implementing this optimally is fairly straight forward as well, in fact I’ve done so before in other applications. All the “heavy lifting” should be done by the backend, as it will know the host’s IP from the HTTP request, and can quickly perform a longest prefix match on all registered CIDRs.

Issue confirmed and patched in nightlies. Fix will be available in v0.11.3 release.

The printer should still get added. The process doesn’t get killed off, the client just stops caring about it.

@ITCC

The FOG client “locks” into the FOG server that is running when you install it. From the sounds of it, you are setting up a new FOG server and trying to making the clients use this new server, but they are still locked in to your old one. You can setup your new server so that is has the same identity as your old one; allowing the clients to seamlessly switch between the two. To do this, you would need to copy over your CA certs from your old server to the new one, and then use the --recreate-keys parameter (DO NOT USE --recreate-CA, this resets the identity of a server).

Its odd that you can print to it but its not showing. Try looking into this issue elsewhere. A quick Google on my part showed this wasn’t FOG specific. People have issues where it won’t show in the device list but can still be printed to.

We are currently in the process of adding internationalization support to the client (i.e. all text your end user sees will be in their language). We are looking for people to help with the translations of a small set of phrases the client uses into other languages.

We currently have translations / translators for:

• Basque
• Dutch
• French
• German
• Hungary
• Norwegian
• Spanish (Spain)

If you’re interested in adding an additional language to the client, when you translate, please put the language above the phrases, and leave the phrases in the original ordering and format (basically just copy and paste the phrase list, replacing text), this will help me greatly.

Below is a list of phrases that should be translated:

### SHUTDOWN PROMPT ###
{company} needs to perform maintenance on this computer.
Please save any work and close all programs.
Cancel
Hide
Postpone
Restart Now
Shutdown Now 
Postpone for
X hour(s) Y minute(s) Z second(s)

### NOTIFICATIONS ###
Shutdown Aborted
Shutdown has been aborted
Shutdown Delayed
Shutdown has been delayed for {time}
Shutdown will occur in {time}

You are about to be logged off
You will be logged off if you remain inactive

Installing {snapin name}
Please do not shutdown until this is completed

{snapin name} installed
Installation has finished and is now ready for use

@kverkiss The --recreate-keys option for the installer re-configures the certificates to your new IP, but --recreate-CA resets the identity. This will “block” all clients from communicating with the server.

@adukes40 for now globally disable the client auto updating (in fog settings). That will resolve your bandwidth issues and make your clients operable. When I get more free time I’ll take a look at what’s going on.