[ovirt-users] ovirt-engine-extension-aaa-ldap and sysprep domain join

Cristian Mammoli c.mammoli at apra.it
Fri Oct 30 19:33:02 UTC 2015 

It works fine, but it kills SSO as user...

Poking in the windows logs I see a failed login as:

myuser at mydomain.tld-authz !!

Il 27/10/2015 11:51, Shahar Havivi ha scritto:
> On 27.10.15 05:25, Alon Bar-Lev wrote:
>> yes, you should probably only customize: $JoinDomain$, $DomainAdminPassword$, $DomainAdmin$
>> maybe, not sure: $JoinDomain$, $MachineObjectOU$
>> the rest should be the same as any other.
> Please make sure that the file is the full sysprep file such as you can find
> in /packaging/conf/sysprep/sysprep.w7 which is a windows 7 sysprep file.
> You can leave the variables such as $OrgName$ which will be replaces (exept
> from the variables that Alon mentioned which where the original problem).
>
>> ----- Original Message -----
>>> From: "Cristian Mammoli" <c.mammoli at apra.it>
>>> To: "Shahar Havivi" <shaharh at redhat.com>, "Alon Bar-Lev" <alonbl at redhat.com>
>>> Cc: "users" <users at ovirt.org>
>>> Sent: Tuesday, October 27, 2015 11:19:02 AM
>>> Subject: Re: [ovirt-users] ovirt-engine-extension-aaa-ldap and sysprep domain join
>>>
>>> So just pasting there the contents of a modified
>>> /usr/share/ovirt-engine/conf/sysprep/sysprep.w7x64 (for example) should
>>> work right?
>>>
>>> The variables like '![CDATA[$OrgName$' will be replaced?
>>>
>>> Il 26/10/2015 12:43, Shahar Havivi ha scritto:
>>>> On 26.10.15 06:23, Alon Bar-Lev wrote:
>>>>> Hi,
>>>>> The usage of the engine-manage-domain user to anything else but ldap
>>>>> searches is something that is unexpected and insecure.
>>>>> As a solution, you may either paste a modified sysprep file into the pool
>>>>> at UI or set up a different osinfo profile with modified sysprep file,
>>>>> this modified sysprep file can contain the credentials of the user that
>>>>> is being used for joining the domain.
>>>>> CCing Shahar which may assist farther.
>>>> Hi,
>>>> You can paste a modified sysprep file to "new Pool"->"Initial run"->"Custom
>>>> Script"
>>>> As Alon mentioned.
>>> --
>>> Mammoli Cristian
>>> System administrator
>>> T. +39 0731 22911
>>> Via Brodolini 6 | 60035 Jesi (an)
>>>
>>>

-- 
Mammoli Cristian
System administrator
T. +39 0731 22911
Via Brodolini 6 | 60035 Jesi (an)

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ovirt.org/pipermail/users/attachments/20151030/69e195e5/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Firma2.jpg
Type: image/jpeg
Size: 12198 bytes
Desc: not available
URL: <http://lists.ovirt.org/pipermail/users/attachments/20151030/69e195e5/attachment-0001.jpg>

More information about the Users mailing list