Difference between revisions of "Password Central"

From FOG Project
Jump to: navigation, search
Line 6: Line 6:
 
Default password is <font color="red">password</font>
 
Default password is <font color="red">password</font>
  
If you loose this password, and you have root access to the fog server, you can reset it to the default via CLI.
+
If you loose this password, and you have root access to the main fog server, you can reset it to the default via CLI.
  
 
<pre>
 
<pre>
Line 21: Line 21:
 
INSERT INTO `users` (`uName`,`uPass`,`uCreateBy`,`uType`) VALUES ('fog','$2y$11$g0Hu8OaOStuPk7WWYGh6Wu4PLlZDZGOkzMwEEAk.rZMrI9IdDwno.','localAdmin','0');
 
INSERT INTO `users` (`uName`,`uPass`,`uCreateBy`,`uType`) VALUES ('fog','$2y$11$g0Hu8OaOStuPk7WWYGh6Wu4PLlZDZGOkzMwEEAk.rZMrI9IdDwno.','localAdmin','0');
 
</pre>
 
</pre>
 +
 +
= Storage Management =
 +
 +
Accessed via the web interface, and then clicking on "Storage Management" in the ribbon. In here, you can view the storage nodes connected to your fog server.
 +
 +
By clicking on one of the storage nodes, you enter into that storage node's settings area. In here is the FTP username and password used for managing this storage node. Please see [[Troubleshoot FTP]] for further troubleshooting.
 +
 +
= Active Directory =
 +
 +
There are three places where you can set Active Directory joining credentials. Two are persistent.
 +
 +
== Global Defaults ==
 +
 +
<font color="red">Web Interface -> FOG Configuration -> FOG Settings -> Active Directory Defaults -> FOG_AD_DEFAULT_USER</font>
 +
<font color="red">Web Interface -> FOG Configuration -> FOG Settings -> Active Directory Defaults -> FOG_AD_DEFAULT_PASSWORD</font>
 +
<font color="red">Web Interface -> FOG Configuration -> FOG Settings -> Active Directory Defaults -> FOG_AD_DEFAULT_PASSWORD_LEGACY</font>
 +
 +
These three areas are just place-holders. When ticking the checkbox to join a host to Active Directory (explained below), these global settings are what is used to populate the fields. These fields are also what is used when saying "Y" to joining Active Directory via network booting and doing a "Full Host Registration".
 +
 +
The FOG_AD_DEFAULT_PASSWORD field is used only for the new fog client. This field is typed in as plain-text, and upon saving, is encrypted using an industry-standard encryption technique. Please read through [[FOG_Client#Security_Design]] for more details on this.
 +
 +
The FOG_AD_DEFAULT_PASSWORD_LEGACY field is only used with the legacy fog client. This value must be encrypted first by "fogcrypt.exe". This program runs on windows via command prompt only, and is available for download at the bottom of every page in the fog web interface, including the login page. After running your password through this program, you would copy/paste the encrypted string it produces into the FOG_AD_DEFAULT_PASSWORD field. This field '''should not be set''' if you do not intend to use the legacy client. It's also '''strongly advised not use the legacy client''', and instead use the new fog client due to security concerns.
 +
 +
== Host Settings ==
 +
 +
You may individually set unique user/pass and domain information on a per-host basis if you wish. You can get to this area like this:
 +
 +
<font color="red">Web Interface -> Host Management -> [list all hosts or search] -> Click on the desired host -> Click "Active Directory"</font>
 +
 +
In this area, there are a few fields. When checking the "Join Domain after image task" checkbox, if global defaults are set, they are auto-populated into these fields. You may manually enter these fields with whatever domain/user/password you wish.
 +
 +
The two password fields "Domain Password" and "Domain Password Legacy" are explained above in the "Global Defaults" area.
 +
 +
== Group Settings ==
 +
 +
You may set Active Directory credentials on many hosts at once via groups. After setting AD Credentials here and then coming back to check this area in groups, you will see that the field is always blank. The settings are not applied to the group, but instead to each individual host. If you check the individual hosts (explained above), you will see that your settings have applied. Hosts later added to the group will not receive the previously applied settings, because the settings do not apply to the group, but instead to each individual host in the group and only at the time of applying the settings.
 +
 +
You can go to this area like this:
 +
 +
<font color="red">Web Interface -> Group Management -> [list all groups or search] -> Click the desired group -> Click "Active Directory"</font>
 +
 +
The two password fields "Domain Password" and "Domain Password Legacy" are explained above in the "Global Defaults" area.
 +
  
  

Revision as of 01:27, 27 May 2016

This article has been updated to reflect settings in the 1.3.0 release.

Web Interface

Default username is fog Default password is password

If you loose this password, and you have root access to the main fog server, you can reset it to the default via CLI.

mysql
use fog
UPDATE `users` SET `uPass` = '$2y$11$g0Hu8OaOStuPk7WWYGh6Wu4PLlZDZGOkzMwEEAk.rZMrI9IdDwno.' WHERE `uName` = 'fog';

Alternatively, if the fog user does not exist, you may create it with the default password via CLI.

mysql
use fog
INSERT INTO `users` (`uName`,`uPass`,`uCreateBy`,`uType`) VALUES ('fog','$2y$11$g0Hu8OaOStuPk7WWYGh6Wu4PLlZDZGOkzMwEEAk.rZMrI9IdDwno.','localAdmin','0');

Storage Management

Accessed via the web interface, and then clicking on "Storage Management" in the ribbon. In here, you can view the storage nodes connected to your fog server.

By clicking on one of the storage nodes, you enter into that storage node's settings area. In here is the FTP username and password used for managing this storage node. Please see Troubleshoot FTP for further troubleshooting.

Active Directory

There are three places where you can set Active Directory joining credentials. Two are persistent.

Global Defaults

Web Interface -> FOG Configuration -> FOG Settings -> Active Directory Defaults -> FOG_AD_DEFAULT_USER Web Interface -> FOG Configuration -> FOG Settings -> Active Directory Defaults -> FOG_AD_DEFAULT_PASSWORD Web Interface -> FOG Configuration -> FOG Settings -> Active Directory Defaults -> FOG_AD_DEFAULT_PASSWORD_LEGACY

These three areas are just place-holders. When ticking the checkbox to join a host to Active Directory (explained below), these global settings are what is used to populate the fields. These fields are also what is used when saying "Y" to joining Active Directory via network booting and doing a "Full Host Registration".

The FOG_AD_DEFAULT_PASSWORD field is used only for the new fog client. This field is typed in as plain-text, and upon saving, is encrypted using an industry-standard encryption technique. Please read through FOG_Client#Security_Design for more details on this.

The FOG_AD_DEFAULT_PASSWORD_LEGACY field is only used with the legacy fog client. This value must be encrypted first by "fogcrypt.exe". This program runs on windows via command prompt only, and is available for download at the bottom of every page in the fog web interface, including the login page. After running your password through this program, you would copy/paste the encrypted string it produces into the FOG_AD_DEFAULT_PASSWORD field. This field should not be set if you do not intend to use the legacy client. It's also strongly advised not use the legacy client, and instead use the new fog client due to security concerns.

Host Settings

You may individually set unique user/pass and domain information on a per-host basis if you wish. You can get to this area like this:

Web Interface -> Host Management -> [list all hosts or search] -> Click on the desired host -> Click "Active Directory"

In this area, there are a few fields. When checking the "Join Domain after image task" checkbox, if global defaults are set, they are auto-populated into these fields. You may manually enter these fields with whatever domain/user/password you wish.

The two password fields "Domain Password" and "Domain Password Legacy" are explained above in the "Global Defaults" area.

Group Settings

You may set Active Directory credentials on many hosts at once via groups. After setting AD Credentials here and then coming back to check this area in groups, you will see that the field is always blank. The settings are not applied to the group, but instead to each individual host. If you check the individual hosts (explained above), you will see that your settings have applied. Hosts later added to the group will not receive the previously applied settings, because the settings do not apply to the group, but instead to each individual host in the group and only at the time of applying the settings.

You can go to this area like this:

Web Interface -> Group Management -> [list all groups or search] -> Click the desired group -> Click "Active Directory"

The two password fields "Domain Password" and "Domain Password Legacy" are explained above in the "Global Defaults" area.




This page is a work in progress - feel free to help!

See the Discussions tab at the top for templates and known password locations.

And please, feel free to make adjustments and add content!

FOG relies on many passwords. On a simple installation most of these are handled automatically. On more advanced installations troubleshooting password mismatches can be challenging. The page linked below aims to be a single resource to explain all passwords necessary for FOG in all its various configurations.


Basic Installation

Fog's user account on main FOG server

This is a standard user account on the server. It is named 'fog'
Common errors associated with this mismatched password:

  • FOG can't do anything
  • Unexpected, strange errors
  • ...

How to modify this password:

The location varies per operating system.
To reset it, type this at the command line on the Main FOG server:
sudo passwd fog

FOG user on web interface

Common errors associated with a mismatched password:

  • Can't log into FOG web interface
  • ...
How to update it:
sudo ...

MySQL root user

The MySQL root user is normally only used on the main Fog server. Storage nodes use the fogstorage user instead of root.

Common errors associated with a mismatched password:

  • Unable to connect to Database 
    Msg: Failed to connect to server: localhost Server returned: Access denied for user 'root'@'localhost' (using password: YES) 
  • Scheduled Tasks fail to run

How to update it:

Changing the root admin password in MySQL is not simple. It's a lot easier to enter a known root password in the file mentioned below. This is an older guide, but might be helpful if a root password is lost:

http://www.debian-administration.org/articles/442

    Additional notes
  • In a private network this is usually not set. The installer urges a blank password.
  • The password is also in the following files:
    • /var/www/fog/commons/config.php
    • /opt/fog/service/etc/config.php

FOG Quick Image password

How to update it:
From the GUI:

About > PXE Boot Menu >

From command line (note this will be overwritten if the GUI is updated)

sudo vi tftpboot\pxelinux.cfg\default


Additional Passwords Outside of a Basic Installation

Storage Nodes

FOG user account on storage node

    Common errors associated with this mismatched password:
  • <unknown>

How to update it:

On the Storage Node: sudo passwd fog

MySQL connector back to Main FOG server

    Common errors associated with this mismatched password:
  • /images/ directory does not update - contains no images
  • ...

How to update it:

vi /var/www/fog/commons/config.php
define( "MYSQL_DATABASE", "fog" ); 
define( "MYSQL_USERNAME", "fogstorage" ); 
define( "MYSQL_PASSWORD", "b83cd3" );

FTP Connection from Storage Node to Master FOG Server

    Common errors associated with this mismatched password:
  • <unknown at this time>

How to test it:

  1. On the Master FOG Server, copy the password from this file:
    cat /var/www/fog/commons/config.php
    ...
    ...
    ...
    define( "STORAGE_FTP_USERNAME", "fog" );
    define( "STORAGE_FTP_PASSWORD", "[---------longPassword---------]" );
    ...
  2. Using the above credentials, attempt an FTP session back to the Main FOG Server
    From the Storage Node:
    ftp [FOG_Main_Server_IPAddr]
    Connected to [IPAddr].
    220 (vsFTPd 2.2.2)
    Name ([IPAddr]:[user]):fog
    331 Please specify the password.
    Password: [paste that longPassword from above]
    230 Login successful.

To verify that FTP is functional:

  1. <unknown at this time>