RE: WOL ? Computer boot/start alone

@Tom-Elliott After uncheck PINGHOSTGLOBALENABLED, it’s OK.
Computer don’t start/boot alone.
WOL tasks always good !

No secondary effect ?

Thanks all

@tom-elliott OK thanks
It’s that: PINGHOSTGLOBALENABLED ?

No secondary effect if i uncheck this option ?

@x23piracy I have test “powercfg -h off” with elevated privilege on 2 problematic computers
No change: computers start always alone.

For the moment the only solution what I found it’s up to date NIC Drivers …

@Tom-Elliott “Ping hosts just tests the status of a host.” => Can I disable this option into FOG ?

Thanks all

@x23piracy No, i have just update NIC Device for test on this machine.
But hibernation mode is off
When i run: powercfg -a
“La mise en veille prolongée n’a pas été activée”

So … I have update my Network Device Drivers
I have enabled “Wake on Pattern Match” for test.

For the moment the computer doesn’t start alone automatically.

I do not understand why suddenly the network drivers would be problematic.

I suspect the update Microsoft KB4103718 (https://borncity.com/win/2018/05/27/windows-7-update-kb4103718-network-issues-fixed/) which is a priori known to pose problems with network card.

That’s very strange …

Hello,

@x23piracy @george1421 Thanks for your answers.

I have tried your solution @x23piracy .
but … no way ! it doesn’t work ! Computer start always alone…
I don’t understand why !

@george1421 No task into FOGWEBUI

When I stop computer I run:

"tcpdump -i  eth0 '(udp and port 7) or (udp and port 9)' -vv -x | tee wol.log"

on my FOG Server and … nothing but computer start always !

If i run

tcpdump -n dst host "IP OF COMPUTER START ALONE"

i look:

13:46:49.129590 IP IPFOGSERVER.35593 > IPOFCOMPUTER.445: Flags [S], seq 1711374309, win 29200, options [mss 1460,sackOK,TS val 2078989 ecr 0,nop,wscale 7], length 0
13:46:50.126242 IP IPFOGSERVER.35593 > IPOFCOMPUTER.445: Flags [S], seq 1711374309, win 29200, options [mss 1460,sackOK,TS val 2079239 ecr 0,nop,wscale 7], length 0

and my computer start and i look

13:47:09.810532 IP IPFOGSERVER.46111 > IPOFCOMPUTER.2070: UDP, length 14
13:47:09.812972 IP IPFOGSERVER.46892 > IPOFCOMPUTER.2071: UDP, length 15
13:47:09.813159 IP IPFOGSERVER.46892 > IPOFCOMPUTER.2071: UDP, length 1460
13:47:09.814626 IP IPFOGSERVER.46892 > IPOFCOMPUTER.2071: UDP, length 1460
13:47:09.815206 IP IPFOGSERVER.46892 > IPOFCOMPUTER.2071: UDP, length 1460
13:47:09.815913 IP IPFOGSERVER.46892 > IPOFCOMPUTER.2071: UDP, length 1460
13:47:09.816570 IP IPFOGSERVER.46892 > IPOFCOMPUTER.2071: UDP, length 1460
13:47:09.818901 IP IPFOGSERVER.46892 > IPOFCOMPUTER.2071: UDP, length 1460
13:47:09.819486 IP IPFOGSERVER.46892 > IPOFCOMPUTER.2071: UDP, length 1460
13:47:09.821192 IP IPFOGSERVER.46892 > IPOFCOMPUTER.2071: UDP, length 1460
13:47:09.821775 IP IPFOGSERVER.46892 > IPOFCOMPUTER.2071: UDP, length 1460

Another idea ?

Hello,

I have a curious problems with FOG ? (maybe ?) and WOL.

FOG version: 1.5.4 on Debian 8.4
3.16.0-4-amd64 #1 SMP Debian 3.16.7-ckt25-2 (2016-04-08) x86_64 GNU/Linux

I explain:
When a user stop the computer with windows menu Starts => Stop, the computer power off.
That’s OK.
But … avg 5 minutes after that a WOL signal wake up the computer … and it boot on fog menu pxe wait 5 sec with the fog menu and boot on the HDD.

I’m sure the WOL signal it’s send by my FOG Server, because if i stop my FOG server the problem disapear.

Nothing tasks into FOG WEBUI.

I have used the wolbroadcast plugins. For the moment i have delete this plugins for see if the problems come from him.

I precise, the problem appear on DELL Optiplex 9020.
Several machines are concerned.
Computers are conf for boot on HDD 1frst.
BIOS are conf for WOL with PXE

Have you any idea ?

Thanks for answers/idea.

@george1421 Yes, if i change password of one user into FOG_Admin, It change immediatly for connect to FOG WEBUI.

@tom-elliott Hello,

So, i have try to working 1-5-1
FOG 1.5.0.16

Globally it’s OK, it’s works fine !
When i deleted one user of the FOG_Admin group it cannot acces to WEBUI FOG ! (and not deleted to Users table in SQL)
When i change password of one AD users (into group FOG_Admin) it cannot acces to WEBUI with old password => Work fine with the new password

I have look 2 “problems” (not verify important but … it might be interesting)

1. The news LDAP Plugins don’t work with group nesting (a group into a group) per example:

if i add into FOG_Admin just another group (IT_Services per example) with IT services members, no members can acces to WEBUI FOG. If i add individualy user into FOG_Admin, it’s work !

2. If i delete one user into FOG_Admin, he can still log in just once. The second time he can not anymore. Synchronization is ok

Not really really bad but it could be points for improvement

in any case, A BIG THANK YOU

@tom-elliott yes thanks ! i’m not very very good in sql !

I can try to put this request to logout WEBUI pending a better solution…
In which file could I make this change for try ?

Thank you !

We could possibly do a .sql script that removes AD users from the Users table, for example:

mysql> use fog;
mysql> delete from users where uType = '990' or uType = '991';

We could put it in a crontab and run it at regular intervals

It’s probably a little oldschool but it could work no?

@Tom-Elliott Thanks for answers !

Effectivly, after more test, the plugins LDAP in FOG 1.5.0 (Official … not in RC) don’t delete users AD in Users table.
That’s why if we delete my users of the FOG_Admin group it can always login.

I do not really understand how synchronization works, because if I change to test the password in AD of a user who is already in the Users table, the plugin manages to update it in the SQL table and connect with the new password work fine … this proves that a synchronization is done “correctly”.
but when deleting the user in the group he can not do it … synchro. is not good.

For login with the “mail” AD attribut it’s work only if i change regex into the 2 files:
lib/fog/user.class.php
lib/plugins/ldap/class/ldap.class.php

If i don’t change that, login with the mail Attribut don’t work.

I need login with mail AD attribut, because in my institution all application linked with AD or LDAP (with CAS authentication) use the mail for login.
The sAMAccountName is just the “registration number” and not very friendly for users.
All my computer client linked into my ad domain login with adress mail.

Thanks a lot for your help

@fernando-gietz

Hello,

Thanks for your answers !

@Fernando-Gietz said in LDAP Plugins on FOG 1.5.0:
When you close the session in the WEBUI, the plugin erases the user entry from the users table. Only the entries with uType = 990, 991 are erased, not the local users.

That’s what I thought … but it does not work, the user is not removed from the Users table when disconnecting (properly) and that’s why the account can still connect even after removing the group

For trying, i have uninstall LDAP Plugins and update php5-ldap (root@server:~# apt-get install php5-ldap )
And reinstall et re test plugin:

1. My users is on the FOG_Admin group,
2. Login into FOG with mail AD attribute => OK, it’s work
3. Look into the DB with an “select * from users;” and my AD user is in the table => OK (uType 990)
4. Disconnect properly with “Logout” into FOG WEBUI => OK
5. Re-Look immediately after into the DB with “select * from users;” and my AD users is always in the Users table (not deleted as you say)
6. I suppress my AD account to the FOG_Admin group
7. I retry connection with my AD account and I can always connect to FOG WEBUI.
8. I uninstall LDAP Plugin
9. I look into the DB users tables, my AD user is delete (now just FOG local user is in the User table)
10. I try to login into FOG, and now it’s OK, i can’t connect to FOG with AD account because my plugins is uninstall.

I confirm once again, when i Uninstall plugins, the LDAPServer table is well delete and all users (where uType=990/991) is deleted from the Users table.

But … AD Users is not delete of the Users table when you logout properly

Any idea ?

Thanks all !

So … OK for login with AD “mail” attribut.
I have make 3 change into:

File: lib/fog/user.class.php

Line 134
Modify this regex:

134             '/(?=^.{3,40}$)^[\w][\w0-9]*[._-]?[\w0-9]*[.]?[\w0-9]+$/i',

by

134             '/(?=^.{3,40}$)^[\w][\w0-9]*[._-]?[\w0-9]*[._-]?[\w0-9]*[._-]?[\w0-9]*[@]?[\w0-9]*[.]?[\w0-9]+$/i',

Line 218
Modify this regex:

218             '/(?=^.{3,40}$)^[\w][\w0-9]*[._-]?[\w0-9]*[.]?[\w0-9]+$/i',

by

218             '/(?=^.{3,40}$)^[\w][\w0-9]*[._-]?[\w0-9]*[._-]?[\w0-9]*[._-]?[\w0-9]*[@]?[\w0-9]*[.]?[\w0-9]+$/i',

and into

File: lib/plugins/ldap/class/ldap.class.php

Line 258
Modify this regex:

258            '/(?=^.{3,40}$)^[\w][\w0-9]*[._-]?[\w0-9]*[.]?[\w0-9]+$/i',

by

258             '/(?=^.{3,40}$)^[\w][\w0-9]*[._-]?[\w0-9]*[._-]?[\w0-9]*[._-]?[\w0-9]*[@]?[\w0-9]*[.]?[\w0-9]+$/i',

and for verify, i look into DB:

mysql> select * from users;
+-----+-----------------------+--------------------------------------------------------------+---------------------+-----------+-------+----------+-----------+-----------+
| uId | uName                 | uPass      | uCreateDate         | uCreateBy | uType | uDisplay | uAllowAPI | uAPIToken |
+-----+-----------------------+------------+---------------------+-----------+-------+----------+-----------+-----------+
|   1 | fog                   | encrypted  | 2017-01-04 12:48:48 | fog       |     0 |          | 1         |           |
|   2 | FLSH                  | encrypted  | 2016-04-27 10:50:55 | fog       |     0 |          | 1         |           |
|  21 | fabien.test@test.fr   | encrypted  | 2018-03-07 07:52:52 | fog       |   990 |          |           |           |
|  20 | steve.test@test.fr    | encrypted  | 2018-03-06 08:37:32 | fog       |   990 |          |           |           |
+-----+-----------------------+------------+---------------------+-----------+-------+----------+-----------+-----------+
4 rows in set (0.00 sec)

But always the same problems when i delete my user of my FOG_Admin (group AD) … the deleted user can always login into FOG … the database can’t update.

Thanks

… For my 2nd question (use another AD Attribut) …
I have test with AD attribut “sn” and “givenName” … it’s work’s fine.

I think the “mail” AD attribut won’t work because FOG does not allow @ in login names.
Can I modify that somewhere for test ?

Thanks

Hello All,

In my production environment i use actually FOG 1.4.4 (work fine)
For test i have installed FOG 1.5.0 on Debian 8.4 Jessie

I have any question for the LDAP Plugins:

I have linked my FOG dev server with my Active Directory.
I test authentication with the samAccountname, that’s ok. Work fine.
My account is in the AD group “FOG_Admin”.

But … when i delete my account to the “FOG_Admin” group, i can always logon into FOG …
I think that’s maybe problematic ?

I look on the database on the users tables, and my account it’s always on the table

mysql> select * from users;
+-----+----------+-----------+---------------------+-----------+-------+----------+-----------+-----------+
| uId | uName    | uPass     | uCreateDate         | uCreateBy | uType | uDisplay | uAllowAPI | uAPIToken |
+-----+----------+-----------+---------------------+-----------+-------+----------+-----------+-----------+
|   1 | fog      | encrypted | 2017-01-04 12:48:48 | fog       |     0 |          | 1         |           |
|   2 | FLSH     | encrypted | 2016-04-27 10:50:55 | fog       |     0 |          | 1         |           |
|   7 | p1000261 | encrypted | 2018-02-28 14:44:22 | fog       |   990 |          |           |           |
+-----+----------+-----------+---------------------+-----------+-------+----------+-----------+-----------+
3 rows in set (0.00 sec)

uId 7 with uName (p1000261) it’s my AD account.

The LDAP Plugins can’t read and update automatically (on real time) the “users” table on SQL ?

I found that to remove AD users from the database you have to uninstall and reinstall the LDAP plugins.

(or then do it from the command line in the db directly)

Another question, can i use another Active Directory Attribute (not the samAccountname) but the “mail” attribut ?
I have test, but not working.

Thanks for all answers.

(sorry for my english, i’m french)

Hello,

Thanks for your answers.
Yes, I confirm login work with the Attribute AD sAMAccountName… but ONLY WITH the sAMAccountName not with sAMAccountName@domain.xxx (Invalid Login)

Username: test
Password: ****
Login work

Username: test@domain.xxx
Password: ****
Login failed

View screenshoot

Thank for your answer !

Hello,

I have installed for test in dev plateform the new FOG 1.3.0
Install OK. I’m intersted by the LDAP plugins.

I have tried, it work fine with an Active Directory domain. (Very thanks for your good works all team)

My question is, can i use an other attribute of Active Directory for the “User Nam Attribute”
The default “User Nam Attribute” with Active Directory is the sAMAccountName.
But … i want use the “mail” Attribute for login into FOG !

Naturaly i have tried to type “mail” into the “User Nam Attribute” fields.
But “Invalid login” at FOG logon screen…

For better explanation: view screenshot
I’m french, sorry for my bad english

Thanks a lot.

@george1421 OK … it is also what I think … is missing fields … user an pass to query LDAP … ! Thanks for your different answers and explanation.

@Tom-Elliott Yes, i think LDAP and/or AD authentication and delegation rights by users would be great for FOG.
If the LDAP Plugins developpers can explain how does it work it would be top !

Thanks for speed answers

Sorry for my bad english … i’m french.

@george1421 so … for blank page into apache2 log -> /var/log/apache2/error.log

PHP Fatal error: Call to undefined function ldap_connect()

For resolve this (blank page): apt-get install php5-ldap
I didn’t know that … it was not written in the wiki (https://wiki.fogproject.org/wiki/index.php?title=Plugins#LDAP_Plugin)

I try to log me into FOG with uid ldap … and now, not blank page but “Invalid login”

But now… after configure LDAP Server into FOG:
I see into apache2 “error.log” this:

PHP Warning: ldap_bind(): Unable to bind to server: Invalid credentials in /var/www/html/fog/lib/plugins/ldap/class/ldap.class.php on line 38, referer: http://sm-fog-dev/fog/management/index.php

PHP Warning: ldap_bind(): Unable to bind to server: Invalid DN syntax in /var/www/html/fog/lib/plugins/ldap/class/ldap.class.php on line 39, referer: http://sm-fog-dev/fog/management/index.php

PHP Warning: ldap_bind(): Unable to bind to server: Invalid DN syntax in /var/www/html/fog/lib/plugins/ldap/class/ldap.class.php on line 40, referer: http://sm-fog-dev/fog/management/index.php

I don’t understand what put into the fields “DN” …

Thanks for help !