[ovirt-users] ovirt-engine-extension-aaa-ldap and sysprep domain join

Shahar Havivi shaharh at redhat.com
Tue Oct 27 10:51:44 UTC 2015


On 27.10.15 05:25, Alon Bar-Lev wrote:
> yes, you should probably only customize: $JoinDomain$, $DomainAdminPassword$, $DomainAdmin$
> maybe, not sure: $JoinDomain$, $MachineObjectOU$
> the rest should be the same as any other.
Please make sure that the file is the full sysprep file such as you can find
in /packaging/conf/sysprep/sysprep.w7 which is a windows 7 sysprep file.
You can leave the variables such as $OrgName$ which will be replaces (exept
from the variables that Alon mentioned which where the original problem).

> 
> ----- Original Message -----
> > From: "Cristian Mammoli" <c.mammoli at apra.it>
> > To: "Shahar Havivi" <shaharh at redhat.com>, "Alon Bar-Lev" <alonbl at redhat.com>
> > Cc: "users" <users at ovirt.org>
> > Sent: Tuesday, October 27, 2015 11:19:02 AM
> > Subject: Re: [ovirt-users] ovirt-engine-extension-aaa-ldap and sysprep domain join
> > 
> > So just pasting there the contents of a modified
> > /usr/share/ovirt-engine/conf/sysprep/sysprep.w7x64 (for example) should
> > work right?
> > 
> > The variables like '![CDATA[$OrgName$' will be replaced?
> > 
> > Il 26/10/2015 12:43, Shahar Havivi ha scritto:
> > > On 26.10.15 06:23, Alon Bar-Lev wrote:
> > >> Hi,
> > >> The usage of the engine-manage-domain user to anything else but ldap
> > >> searches is something that is unexpected and insecure.
> > >> As a solution, you may either paste a modified sysprep file into the pool
> > >> at UI or set up a different osinfo profile with modified sysprep file,
> > >> this modified sysprep file can contain the credentials of the user that
> > >> is being used for joining the domain.
> > >> CCing Shahar which may assist farther.
> > > Hi,
> > > You can paste a modified sysprep file to "new Pool"->"Initial run"->"Custom
> > > Script"
> > > As Alon mentioned.
> > >>
> > 
> > --
> > Mammoli Cristian
> > System administrator
> > T. +39 0731 22911
> > Via Brodolini 6 | 60035 Jesi (an)
> > 
> > 



More information about the Users mailing list