You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@vcl.apache.org by "ASF subversion and git services (JIRA)" <ji...@apache.org> on 2017/06/06 16:10:18 UTC
[jira] [Commented] (VCL-867) Active Directory Authentication for
Windows VM's
[ https://issues.apache.org/jira/browse/VCL-867?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16039175#comment-16039175 ]
ASF subversion and git services commented on VCL-867:
-----------------------------------------------------
Commit 1797800 from arkurth@apache.org in branch 'vcl/trunk'
[ https://svn.apache.org/r1797800 ]
VCL-867
Renamed Windows.pm::ad_join to ad_join_ps to differentiate it from the experimental ad_join_wmic.
Fixed problems with passwords containing special characters in ad_join_ps. Single quotes are now escaped.
Added debugging output to the script generated in ad_join_ps and ad_search.
Replaced utils.pm::get_active_directory_domain_credentials with get_management_node_ad_domain_credentials, called from DataStructure.pm::get_domain_credentials.
Added DataStructure.pm::get_domain_credentials, called from Windows.pm::ad_search instead of utils.pm::get_active_directory_domain_credentials. When retrieving credentials for a domain other than one assigned to the image of the current reservation, VCL object access is required to decrypt the password.
> Active Directory Authentication for Windows VM's
> ------------------------------------------------
>
> Key: VCL-867
> URL: https://issues.apache.org/jira/browse/VCL-867
> Project: VCL
> Issue Type: New Feature
> Components: database, vcld (backend), web gui (frontend)
> Reporter: Junaid Ali
> Assignee: Andy Kurth
> Labels: features
> Fix For: 2.5
>
> Attachments: managementnode.patch, vmadsauth.sql, web.patch
>
>
> The current VCL application creates local user accounts for each reservation. There is a need to provide active directory authentication so as to provide access to domain resources like profile and network shares during the VCL reservation.
> This patch updates the VCL database by creating two additional tables:
> activedirectorydomain -> used to store active directory related information
> imageactivedirectorydomain -> used to store mapping of which images use which active directory domain.
> A new column is added to the reservation table to hold current active directory information for that particular reservation.
> The patch updates the VCL backed (vcld) to add functionality to make the windows images part of the active directory domain. It also sets the computer's hostname to be the same as defined in the database. This is done to prevent creation of a lot of temporary computer objects within Active Directory. The process of domain join add's two reboots (one for hostname update and one for domain join). After each reboot the cygwin_rebase scripts are run to reconfigure SSHD.
> The patch also updates the VCL frontend to allow management of Active directory domains within the system and also manage the association of VCL images and active directory domains. There is an option to enable moving computer objects to specific Active directory Organization Unit's for better grouping and ability to apply custom policies to custom group of images on the Active directory side. This option was working in Cygwin 1.5 but stopped working in Cygwin 1.7 due to some path issues. I left this option in the front-end while I look for resolution within Cygwin 1.7.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)