Clarification on FOG Client 0.10.0+ Installation Options wiki entry

Regarding server vs WebAddress

Which is it? fogserver or fog-server ?

Smart Installer
--server= Specify the server address. Default is fogserver

While

MSI Switches
WEBADDRESS= defaults to "fog-server", this is the ip/dns name of your server

IMO, how you approach your image has more to do with your infrastructure. Do you want to pre-load, front-load, side-load, post-load, download, overload, wide-load … ?

My initial Windows 10 unattend.xml was from my Windows 7 and it worked fine. Those elements which were deprecated from Windows 7 had no ill effect. Check your unattend.xml with Windows System Image Manager and you’ll see. Break it down, keep it simple, build from there.

Eventually, for our formal Windows 10 Professional rollout in March I rewrote the entire sysprep and answer files process to load more things into my different answer files. but they are fundamentally the same as my Windows 7 ones. In fact I could use my Windows 10 answer file on Windows 7 right now.

It’s not a v1703 thing. I ran into it with v1607 as well.

After you copy the shortcuts to desktop you must edit the permissions for each to:

ADD Users Read & Execute, Read 

Good to know. I won’t be able to test right away though. I’m busy doing summer stuff right now. I’ll get back to you as soon as possible.

Okay, so I figured out that I need to allow a group to have remote libvirt SSH

vim /etc/polkit-1/localauthority/50-local.d/50-libvirt-remote-access.pkla

Entering the following:

[Remote libvirt SSH access]
Identity=unix-group:remote-libvirt
Action=org.libvirt.unix.manage
ResultAny=yes
ResultInactive=yes
ResultActive=yes

The next problem is that I want to add the ADGroup to the local group “remote-libvirt”

Server

• OS: CentOS 7.3.1611

Description

Two identically configured CentOS 7.3.1611 servers except for name and IP.
Joined to an AD Domain.
Logged into using AD credentials.

Using Virtual Machine Manager to remote connect from ServerA to ServerB, I can tell the authentication is working, according to:

 systemctl status sshd

But I’m getting:

Unable to connect to libvirt.

authentication unavailable: no polkit agent
available to authenticate action
`org.libvirt.unix.manage'

Verify that the 'libvirtd' deamon is running on the remote host.

This is the same as according to:

systemctl status libvirtd.service

Full details on the failed connection as reported by VMM are:

Unable to connect to libvirt.

authentication unavailable: no polkit agent available to authenticate action 'org.libvirt.unix.manage'

Verify that the 'libvirtd' daemon is running
on the remote host.

Libvirt URI is: qemu+ssh://ADAccount@10.12.40.124/system

Traceback (most recent call last):
  File "/usr/share/virt-manager/virtManager/connection.py", line 904, in _do_open
    self._backend.open(self._do_creds_password)
  File "/usr/share/virt-manager/virtinst/connection.py", line 148, in open
    open_flags)
  File "/usr/lib64/python2.7/site-packages/libvirt.py", line 105, in openAuth
    if ret is None:raise libvirtError('virConnectOpenAuth() failed')
libvirtError: authentication unavailable: no polkit agent available to authenticate action 'org.libvirt.unix.manage'

That did the trick!

# Join to an AD Domain
# --------------------------
# Elevate Access Level
	sudo su

# Install Pre-requisites for joining to an AD Domain
	yum install -y sssd realmd oddjob oddjob-mkhomedir adcli samba-common samba-common-tools krb5-workstation openldap-clients policycoreutils-python

# Join to domain
# ( http://www.unix.com/man-page/centos/8/realm/ )
	realm join --user=DomainJoinCapableADAccount domain.name

# Restrict access from domain
	realm deny --all

# Permit access by Domain User Group "ADGroupName" (A-z only)
	realm permit -R domain.name -g ADGroupName

# Do not require FQDN for username
	sed -i "s|use_fully_qualified_names = True|use_fully_qualified_names = False|g" /etc/sssd/sssd.conf
	systemctl restart sssd

# Permit Access to SUDO
	echo "%ADGroupName    ALL=(ALL)       ALL" >> /etc/sudoers.d/sudoers

# Reboot to Commit
	reboot

Now for the next hurdle.

Server

• FOG Version: n/a
• OS: CentOS 7.3.1611

Client

• Service Version:
• OS:

Description

Playing with fire here. I have a CentOS 7.3.1611 GUI server with xRDP installed, joined to an Active Directory domain.

I want to restrict the wide-open access AD accounts have to it so only the AD group “ABC” can SSH telnet and RDP to it.

< /facepalm >

Looks like I picked the wrong week to quit amphetamines!

FOG 1.4.2 still installs 5.6 in a virgin CentOS 7.3.1611.

Try taking the NCR device and any other non Gb device off the network then try again.

Are you able to isolate the FOG server to it’s own subnet/vlan and work within it with purely Gb devices?

I don’t see you actually say that you’ve tried using more than the one image.

And have you tried manually copying the image from the server to another hard drive?

Where exactly does this `Disk Read Error’ occur?

What did you create your image on?

If you created the image on a physical machine, did you zero the HDD first?

Have you zeroed the destination machine’s HDD?

Have you pushed the image onto any other hardware?

Take the following description

Recipe Name: eduTECH | Version: 20170601 ( M )
Target Users: CommTECH Lab Students
Target HW: UEFI Dell OptiPlex 790 or 7020
OS: Windows 10 Professional (v1607) (64 bit)
--------------------------------------------------
Post-Imaging Notes:
- The system will SHUTDOWN when installation completes.
----------
eduTECH
----------
7-Zip 16.04
ACID Xpress 7.0a (build73)
Adobe Acrobat Reader DC 2017.009.20044
Adobe Digital Editions 4.5.4.0
Adobe Shockwave Player 12.2.8.198
Alice 3.3.0.0
Android Studio 2.3.1
Any Audio Converter 6.0.3.0
Any Video Converter 6.0.3.0
Apache OpenOffice 4.1.3
Arduino 1.8.2
Audacity 2.1.3 (LADSPA Plugins 0.4.15 & LAME 3.99.3 included)
Autodesk 3ds Max 2018
Autodesk AutoCAD 2018
Autodesk AutoCAD Electrical 2018
Autodesk AutoCAD Mechanical 2018
Autodesk AutoCAD Raster Design 2018
Autodesk Fusion 360 for Educational Institutions
Autodesk Inventor Professional 2018
Autodesk Inventor HSM Ultimate 2018.0.1a
Autodesk Maya 2017
Autodesk Revit 2018.0.1
Autodesk Sketchbook Pro 2018
Autodesk 123D Catch 3.0.0.0
Autodesk 123D Design 2.2.14
Autodesk Meshmixer 11.2.37
Autodesk MotionBuilder 2016.SP1 (AECSU-2016)
Autodesk Mudbox 2016.SP1 (AECSU-2016)
Blender 2.78c
Bridge Designer 2016
CDBurnerXP 4.5.7.6521
Corona SDK 2017.3068
Cura 2.5.0
DivX Player 10.8.1
Eclipse IDE 4.6.0
Edison 4.01 (5.50.015se) PATCHED
Epic Games Launcher 2.14.0-3399308
Frames 6.01.01
Fritzing 0.9.3b
GIMP 2.8.20
GitHub Desktop 3.3.4.0
Inkscape 0.92.1
IrfanView 4.44
iTunes 12.6.0.100
Java SE Development Kit 8.0.u131
Lightworks 14.0.0
MatterControl 1.7.0
Microsoft Movie Maker (MWE2012)
Microsoft Visual Studio Community 2017
Microsoft PhotoGallery (MWE2012)
NetBeans IDE 8.2 Java SE
Notepad++ 7.3.3
PyCharm EDU 3.5.1
QuickTime Player 7.79.80.95
Scratch 1.4
Scratch 2.0.456
Sculptris Alpha 6 1.0
SketchUp Pro 2017 17.2.2555.0
Sublime Text 3126
Tina Pro 6.01.018ev
Turing 4.1.1
Unity 5.6.0.f3 Personal
Unity Web Player 5.3.7.0
VLC Media Player 2.2.6

Then perform Image Export and examine the .csv .

Next add a hyphen ‘-’ to the start of this description, then Image Export and examine this new .csv .

Server

• FOG Version: 1.4.2
• OS: CentOS 7.3.1611

Client

• Service Version: n/a
• OS: n/a

Description

If an image definition description begins with a ‘-’ the function to ‘Export Images’ will only export up to the first 250-255 characters of that description.

Any love from the folks at ipxe.org yet?

Throw a chkdsk /offlinescanandfix then Restart.

How did you shut down Windows 10?

There’s Shutdown, then there’s SHIFT+Shutdown; the latter is what you want.

I’m not trying to insult you. This trips up lots of folks.

Hmmm … In the left column; lose the word management. It’s kinda, redundant. If home is the dashboard, call it dashboard or vice versa.

Many thanks for the live help Tom!

ipxe.efi 276d6 also fails the same way.