Difference between revisions of "Password Central"
(→Global Defaults) |
(→1.4.0 and 1.5.0 series) |
||
(28 intermediate revisions by 2 users not shown) | |||
Line 1: | Line 1: | ||
− | This article | + | This article reflects settings in the 1.3.0 release. |
= Web Interface = | = Web Interface = | ||
Default username is <font color="red">fog</font> | Default username is <font color="red">fog</font> | ||
+ | |||
Default password is <font color="red">password</font> | Default password is <font color="red">password</font> | ||
− | If you | + | If you lose this password, and you have root access to the main fog server, you can reset it to the default via CLI. |
+ | == 1.2.0 and lower == | ||
+ | NOTE: Can still be used for 1.3.0 | ||
+ | <pre> | ||
+ | mysql -D fog | ||
+ | UPDATE `users` SET `uPass` = MD5('password') WHERE `uName` = 'fog'; | ||
+ | quit | ||
+ | </pre> | ||
+ | == 1.3.0 series == | ||
<pre> | <pre> | ||
− | mysql | + | mysql -D fog |
− | |||
UPDATE `users` SET `uPass` = '$2y$11$g0Hu8OaOStuPk7WWYGh6Wu4PLlZDZGOkzMwEEAk.rZMrI9IdDwno.' WHERE `uName` = 'fog'; | UPDATE `users` SET `uPass` = '$2y$11$g0Hu8OaOStuPk7WWYGh6Wu4PLlZDZGOkzMwEEAk.rZMrI9IdDwno.' WHERE `uName` = 'fog'; | ||
+ | quit | ||
</pre> | </pre> | ||
Line 17: | Line 26: | ||
<pre> | <pre> | ||
− | mysql | + | mysql -D fog |
− | |||
INSERT INTO `users` (`uName`,`uPass`,`uCreateBy`,`uType`) VALUES ('fog','$2y$11$g0Hu8OaOStuPk7WWYGh6Wu4PLlZDZGOkzMwEEAk.rZMrI9IdDwno.','localAdmin','0'); | INSERT INTO `users` (`uName`,`uPass`,`uCreateBy`,`uType`) VALUES ('fog','$2y$11$g0Hu8OaOStuPk7WWYGh6Wu4PLlZDZGOkzMwEEAk.rZMrI9IdDwno.','localAdmin','0'); | ||
+ | quit | ||
+ | </pre> | ||
+ | |||
+ | == 1.4.0 and 1.5.0 series == | ||
+ | |||
+ | For 1.4 and 1.5, there are some other fields needed when recreating a new user. Here's how to do that: | ||
+ | |||
+ | <pre> | ||
+ | mysql -D fog | ||
+ | INSERT INTO users (uName,uPass,uCreateDate,uCreateBy,uType,uDisplay,uAllowAPI,uAPIToken) VALUES('fog','$2y$11$A2D/RijXM.qL7KYrMVo7f.Gfomq6vO6NpL6pEHQIY1OzUci7wBOjC','2017-11-23 9:48:00','localAdmin',0,'fog',1,''); | ||
+ | quit | ||
</pre> | </pre> | ||
− | = Storage Management = | + | = Storage Management Credentials = |
Accessed via the web interface, and then clicking on "Storage Management" in the ribbon. In here, you can view the storage nodes connected to your fog server. | Accessed via the web interface, and then clicking on "Storage Management" in the ribbon. In here, you can view the storage nodes connected to your fog server. | ||
− | By clicking on one of the storage nodes, you enter into that storage node's settings area. In here | + | By clicking on one of the storage nodes, you enter into that storage node's settings area. In here are the FTP credentials labeled 'username' and 'password' used for managing this storage node. Please see [[Troubleshoot FTP]] for '''further troubleshooting'''. |
= Active Directory = | = Active Directory = | ||
Line 58: | Line 77: | ||
== Group Settings == | == Group Settings == | ||
− | You may set Active Directory credentials on many hosts at once via groups. After setting AD Credentials here and then coming back to check this area in groups, you will see that the field is always blank. The settings are not applied to the group, but instead to each individual host. If you check the individual hosts (explained above), you will see that your settings have applied. Hosts later added to the group will not receive the previously applied settings, because the settings do not apply to the group, but instead to each individual host in the group and only at the time of applying the settings. | + | You may set Active Directory credentials on many hosts at once via groups. After setting AD Credentials here and then coming back to check this area in groups, you will see that the field is always blank. The settings are not applied to the group, but instead to each individual host within the group. If you check the individual hosts (explained above), you will see that your settings have applied. Hosts later added to the group will not receive the previously applied settings, because the settings do not apply to the group, but instead to each individual host in the group and only at the time of applying the settings. |
You can go to this area like this: | You can go to this area like this: | ||
Line 66: | Line 85: | ||
The two password fields "Domain Password" and "Domain Password Legacy" are explained above in the "Global Defaults" area. | The two password fields "Domain Password" and "Domain Password Legacy" are explained above in the "Global Defaults" area. | ||
+ | = MySQL = | ||
+ | |||
+ | Related article: [[Troubleshoot_MySQL]] | ||
+ | |||
+ | == For Storage Nodes == | ||
+ | |||
+ | FOG 1.3.0 storage nodes communicate with the main server's database to get various work done. During installation, the installer will prompt you for a <font color="red">FOG_STORAGENODE_MYSQLUSER</font> and a <font color="red">FOG_STORAGENODE_MYSQLPASS</font>. | ||
+ | |||
+ | The default username is <font color="red">fogstorage</font> | ||
+ | |||
+ | The password is always unique, and can be retrieved via the web interface here: | ||
+ | |||
+ | <font color="red">Web Interface -> FOG Configuration -> FOG Settings -> FOG Storage Nodes -> FOG_STORAGENODE_MYSQLPASS</font> | ||
+ | |||
+ | You would copy/paste this password value into the installer during installation. | ||
+ | |||
+ | If you need to change this password or username or server address later on a storage node, you may edit the <font color="red">/opt/fog/.fogsettings</font> on that particular node to update the password and then re-run the installer to complete changes. You may edit the file with Vi like this: | ||
+ | |||
+ | <font color="red">vi /opt/fog/.fogsettings</font> | ||
+ | |||
+ | Instructions on using Vi: [[vi]] | ||
+ | |||
+ | In this file, look for the fields <font color="red">snmysqluser=</font> and <font color="red">snmysqlpass=</font> and <font color="red">snmysqlhost=</font>. That's where you'd change the values, and then after saving and closing, re-run the installer to complete changes. | ||
+ | |||
+ | To change the password in MySQL, you would run one of the below commands on '''the main fog server'''. | ||
+ | |||
+ | Newer versions of MySQL and Ubuntu 16+: | ||
+ | |||
+ | <pre>mysql | ||
+ | ALTER USER 'fogstorage'@'%' IDENTIFIED WITH mysql_native_password BY 'NewPassGoesHere';</pre> | ||
+ | |||
+ | Older versions of MySQL: | ||
+ | |||
+ | <pre>mysql | ||
+ | ALTER USER 'fogstorage'@'%' IDENTIFIED BY 'NewPassGoesHere';</pre> | ||
+ | |||
+ | == For Main Server == | ||
+ | |||
+ | Typically, the user, password, and host is normally blank for the main server. The installer, unless told otherwise when it prompts, will assume a blank password. | ||
+ | |||
+ | To change the password in MySQL, it would be something like one of these: | ||
+ | |||
+ | Newer versions of MySQL and Ubuntu 16+: | ||
+ | |||
+ | <pre>mysql | ||
+ | ALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password BY '';</pre> | ||
+ | |||
+ | Older versions of MySQL: | ||
+ | |||
+ | <pre>mysql | ||
+ | ALTER USER 'root'@'localhost' IDENTIFIED BY '';</pre> | ||
+ | |||
+ | After having changed the password, it may be necessary to update the value inside of <font color="red">/opt/fog/.fogsettings</font> on the main server. You may edit the file with Vi like this: | ||
+ | |||
+ | <font color="red">vi /opt/fog/.fogsettings</font> | ||
+ | |||
+ | Instructions on using Vi: [[vi]] | ||
+ | |||
+ | In this file, look for the fields <font color="red">snmysqluser=</font> and <font color="red">snmysqlpass=</font> and <font color="red">snmysqlhost=</font>. That's where you'd change the values, and then after saving and closing, re-run the installer to complete changes. | ||
+ | |||
+ | = Proxy Settings = | ||
+ | |||
+ | If your organization uses a Proxy Server to access the web, you may set credentials and other settings for this '''if needed''' here: | ||
+ | |||
+ | <font color="red">Web Interface -> FOG Configuration -> FOG Settings -> Proxy Settings</font> | ||
+ | |||
+ | = Kernel Updates = | ||
+ | |||
+ | The username and password for FOG 1.3.0 kernel updates is oddly named, as you will see below. These credentials are the ones used when placing newly downloaded kernels and inits onto the server. They are used via FTP. See [[Kernel Update]] for more information on the process. | ||
+ | |||
+ | The username and password is located here: | ||
+ | |||
+ | <font color="red">Web Interface -> FOG Configuration -> FOG Settings -> TFTP Server -> FOG_TFTP_FTP_PASSWORD</font> and <font color="red">FOG_TFTP_FTP_USERNAME</font> | ||
+ | |||
+ | = Local "fog" user = | ||
+ | |||
+ | Please do not use the local "fog" user account on the server to do back-end work. Create another account and use that. When building a new server, create a work account and do not create a "fog" user. This is absolutely not needed as the installer will create and maintain this user account. | ||
+ | |||
+ | The "fog" user is a local linux account on your fog server or fog storage node. It's also the account used by default for FTP access to any storage nodes (see Storage Management Credentials above). | ||
+ | |||
+ | To reset this password, you need to be this user, or root. | ||
+ | |||
+ | On any Linux system, you can elevate an administrative account to root like this: | ||
+ | |||
+ | <pre>sudo -i</pre> | ||
+ | |||
+ | And then provide your password. | ||
+ | |||
+ | You may change the fog password like this: | ||
+ | |||
+ | <pre>passwd fog</pre> | ||
+ | |||
+ | You'll be prompted for the new password, and then to re-enter it again. | ||
+ | |||
+ | Please see [[Troubleshoot FTP]] for a more complete article on this topic. | ||
+ | |||
+ | = .fogsettings = | ||
+ | |||
+ | Located here: <font color="red">/opt/fog/.fogsettings</font> | ||
+ | |||
+ | You may edit it with Vi like this: | ||
+ | <pre>vi /opt/fog/.fogsettings</pre> | ||
+ | Instructions on using Vi: [[vi]] | ||
+ | In this file, there are a whole lot of settings, passwords, addresses, etc. You should re-run the fog installer after changing any settings in this file. The important settings in here in relation to the scope of this article are: | ||
+ | * <font color="red">password=</font> This is what the installer uses to reset the local account, <font color="red">username</font> | ||
+ | ** Make sure this is set correctly or you'll find that every time you update or re-run the installer, you will have FTP failure, or have locked yourself out of your server! | ||
− | = This | + | * <font color="red">username=</font> This is the local account to be managed by the installer, and used by fog for many things, to include FTP. |
− | |||
− | |||
− | |||
+ | * <font color="red">snmysqluser=</font> This is the username to access the MySQL server. | ||
+ | * <font color="red">snmysqlpass=</font> This is the password to access the MySQL server. | ||
− | = | + | * <font color="red">snmysqlhost=</font> This is the MySQL server address. |
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | + | Please see [[.fogsettings]] for a complete listing and details. | |
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | + | = config.class.php = | |
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | + | Typically located here: <font color="red">/var/www/html/fog/lib/fog/config.class.php</font> | |
− | |||
− | |||
− | |||
− | |||
− | |||
+ | You may view the file like this: | ||
− | + | <pre>cat /var/www/html/fog/lib/fog/config.class.php</pre> | |
− | + | Used to be in '''older versions''' of FOG, this is where passwords and such would be set. It's no longer necessary to edit this file to set passwords, as the installer completely rebuilds this file every time it's ran. You simply need to make sure that the settings inside of <font color="red">/opt/fog/.fogsettings</font> are correct and then re-run the installer to update this file. | |
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | < | ||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | - | + | That said, you can view this file if you wish to see if passwords are being set correctly in it. Note that any changes manually made here but not reflected inside of .fogsettings will '''simply be overwritten''' upon the next fog update or re-run of the installer. |
Latest revision as of 15:49, 23 November 2017
This article reflects settings in the 1.3.0 release.
Contents
Web Interface
Default username is fog
Default password is password
If you lose this password, and you have root access to the main fog server, you can reset it to the default via CLI.
1.2.0 and lower
NOTE: Can still be used for 1.3.0
mysql -D fog UPDATE `users` SET `uPass` = MD5('password') WHERE `uName` = 'fog'; quit
1.3.0 series
mysql -D fog UPDATE `users` SET `uPass` = '$2y$11$g0Hu8OaOStuPk7WWYGh6Wu4PLlZDZGOkzMwEEAk.rZMrI9IdDwno.' WHERE `uName` = 'fog'; quit
Alternatively, if the fog user does not exist, you may create it with the default password via CLI.
mysql -D fog INSERT INTO `users` (`uName`,`uPass`,`uCreateBy`,`uType`) VALUES ('fog','$2y$11$g0Hu8OaOStuPk7WWYGh6Wu4PLlZDZGOkzMwEEAk.rZMrI9IdDwno.','localAdmin','0'); quit
1.4.0 and 1.5.0 series
For 1.4 and 1.5, there are some other fields needed when recreating a new user. Here's how to do that:
mysql -D fog INSERT INTO users (uName,uPass,uCreateDate,uCreateBy,uType,uDisplay,uAllowAPI,uAPIToken) VALUES('fog','$2y$11$A2D/RijXM.qL7KYrMVo7f.Gfomq6vO6NpL6pEHQIY1OzUci7wBOjC','2017-11-23 9:48:00','localAdmin',0,'fog',1,''); quit
Storage Management Credentials
Accessed via the web interface, and then clicking on "Storage Management" in the ribbon. In here, you can view the storage nodes connected to your fog server.
By clicking on one of the storage nodes, you enter into that storage node's settings area. In here are the FTP credentials labeled 'username' and 'password' used for managing this storage node. Please see Troubleshoot FTP for further troubleshooting.
Active Directory
There are three places where you can set Active Directory joining credentials. Two are persistent.
Global Defaults
Web Interface -> FOG Configuration -> FOG Settings -> Active Directory Defaults -> FOG_AD_DEFAULT_USER
Web Interface -> FOG Configuration -> FOG Settings -> Active Directory Defaults -> FOG_AD_DEFAULT_PASSWORD
Web Interface -> FOG Configuration -> FOG Settings -> Active Directory Defaults -> FOG_AD_DEFAULT_PASSWORD_LEGACY
These three areas are just place-holders. When ticking the checkbox to join a host to Active Directory (explained below), these global settings are what is used to populate the fields. These fields are also what is used when saying "Y" to joining Active Directory via network booting and doing a "Full Host Registration".
The FOG_AD_DEFAULT_PASSWORD field is used only for the new fog client. This field is typed in as plain-text, and upon saving, is encrypted using an industry-standard encryption technique. Please read through FOG_Client#Security_Design for more details on this.
The FOG_AD_DEFAULT_PASSWORD_LEGACY field is only used with the legacy fog client. This value must be encrypted first by "fogcrypt.exe". This program runs on windows via command prompt only, and is available for download at the bottom of every page in the fog web interface, including the login page. After running your password through this program, you would copy/paste the encrypted string it produces into the FOG_AD_DEFAULT_PASSWORD field. This field should not be set if you do not intend to use the legacy client. It's also strongly advised not use the legacy client, and instead use the new fog client due to security concerns.
Host Settings
You may individually set unique user/pass and domain information on a per-host basis if you wish. You can get to this area like this:
Web Interface -> Host Management -> [list all hosts or search] -> Click on the desired host -> Click "Active Directory"
In this area, there are a few fields. When checking the "Join Domain after image task" checkbox, if global defaults are set, they are auto-populated into these fields. You may manually enter these fields with whatever domain/user/password you wish.
The two password fields "Domain Password" and "Domain Password Legacy" are explained above in the "Global Defaults" area.
Group Settings
You may set Active Directory credentials on many hosts at once via groups. After setting AD Credentials here and then coming back to check this area in groups, you will see that the field is always blank. The settings are not applied to the group, but instead to each individual host within the group. If you check the individual hosts (explained above), you will see that your settings have applied. Hosts later added to the group will not receive the previously applied settings, because the settings do not apply to the group, but instead to each individual host in the group and only at the time of applying the settings.
You can go to this area like this:
Web Interface -> Group Management -> [list all groups or search] -> Click the desired group -> Click "Active Directory"
The two password fields "Domain Password" and "Domain Password Legacy" are explained above in the "Global Defaults" area.
MySQL
Related article: Troubleshoot_MySQL
For Storage Nodes
FOG 1.3.0 storage nodes communicate with the main server's database to get various work done. During installation, the installer will prompt you for a FOG_STORAGENODE_MYSQLUSER and a FOG_STORAGENODE_MYSQLPASS.
The default username is fogstorage
The password is always unique, and can be retrieved via the web interface here:
Web Interface -> FOG Configuration -> FOG Settings -> FOG Storage Nodes -> FOG_STORAGENODE_MYSQLPASS
You would copy/paste this password value into the installer during installation.
If you need to change this password or username or server address later on a storage node, you may edit the /opt/fog/.fogsettings on that particular node to update the password and then re-run the installer to complete changes. You may edit the file with Vi like this:
vi /opt/fog/.fogsettings
Instructions on using Vi: vi
In this file, look for the fields snmysqluser= and snmysqlpass= and snmysqlhost=. That's where you'd change the values, and then after saving and closing, re-run the installer to complete changes.
To change the password in MySQL, you would run one of the below commands on the main fog server.
Newer versions of MySQL and Ubuntu 16+:
mysql ALTER USER 'fogstorage'@'%' IDENTIFIED WITH mysql_native_password BY 'NewPassGoesHere';
Older versions of MySQL:
mysql ALTER USER 'fogstorage'@'%' IDENTIFIED BY 'NewPassGoesHere';
For Main Server
Typically, the user, password, and host is normally blank for the main server. The installer, unless told otherwise when it prompts, will assume a blank password.
To change the password in MySQL, it would be something like one of these:
Newer versions of MySQL and Ubuntu 16+:
mysql ALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password BY '';
Older versions of MySQL:
mysql ALTER USER 'root'@'localhost' IDENTIFIED BY '';
After having changed the password, it may be necessary to update the value inside of /opt/fog/.fogsettings on the main server. You may edit the file with Vi like this:
vi /opt/fog/.fogsettings
Instructions on using Vi: vi
In this file, look for the fields snmysqluser= and snmysqlpass= and snmysqlhost=. That's where you'd change the values, and then after saving and closing, re-run the installer to complete changes.
Proxy Settings
If your organization uses a Proxy Server to access the web, you may set credentials and other settings for this if needed here:
Web Interface -> FOG Configuration -> FOG Settings -> Proxy Settings
Kernel Updates
The username and password for FOG 1.3.0 kernel updates is oddly named, as you will see below. These credentials are the ones used when placing newly downloaded kernels and inits onto the server. They are used via FTP. See Kernel Update for more information on the process.
The username and password is located here:
Web Interface -> FOG Configuration -> FOG Settings -> TFTP Server -> FOG_TFTP_FTP_PASSWORD and FOG_TFTP_FTP_USERNAME
Local "fog" user
Please do not use the local "fog" user account on the server to do back-end work. Create another account and use that. When building a new server, create a work account and do not create a "fog" user. This is absolutely not needed as the installer will create and maintain this user account.
The "fog" user is a local linux account on your fog server or fog storage node. It's also the account used by default for FTP access to any storage nodes (see Storage Management Credentials above).
To reset this password, you need to be this user, or root.
On any Linux system, you can elevate an administrative account to root like this:
sudo -i
And then provide your password.
You may change the fog password like this:
passwd fog
You'll be prompted for the new password, and then to re-enter it again.
Please see Troubleshoot FTP for a more complete article on this topic.
.fogsettings
Located here: /opt/fog/.fogsettings
You may edit it with Vi like this:
vi /opt/fog/.fogsettings
Instructions on using Vi: vi
In this file, there are a whole lot of settings, passwords, addresses, etc. You should re-run the fog installer after changing any settings in this file. The important settings in here in relation to the scope of this article are:
- password= This is what the installer uses to reset the local account, username
- Make sure this is set correctly or you'll find that every time you update or re-run the installer, you will have FTP failure, or have locked yourself out of your server!
- username= This is the local account to be managed by the installer, and used by fog for many things, to include FTP.
- snmysqluser= This is the username to access the MySQL server.
- snmysqlpass= This is the password to access the MySQL server.
- snmysqlhost= This is the MySQL server address.
Please see .fogsettings for a complete listing and details.
config.class.php
Typically located here: /var/www/html/fog/lib/fog/config.class.php
You may view the file like this:
cat /var/www/html/fog/lib/fog/config.class.php
Used to be in older versions of FOG, this is where passwords and such would be set. It's no longer necessary to edit this file to set passwords, as the installer completely rebuilds this file every time it's ran. You simply need to make sure that the settings inside of /opt/fog/.fogsettings are correct and then re-run the installer to update this file.
That said, you can view this file if you wish to see if passwords are being set correctly in it. Note that any changes manually made here but not reflected inside of .fogsettings will simply be overwritten upon the next fog update or re-run of the installer.