[
https://issues.apache.org/jira/browse/VCL-867?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15924996#comment-15924996
]
Josh Thompson commented on VCL-867:
-----------------------------------
I looked in to the AD permissions needed on the OU for the user account that
will be used by VCL to add computers. First, create the account and a group for
the account. Set the group as the primary group for the account and remove any
other groups. Next, follow method 2 at this URL to give rights to add computers:
https://prajwaldesai.com/allow-domain-user-to-add-computer-to-domain/
Then, use the following steps to grant the account read access to the OU:
1) right click the OU
2) select the Security tab
3) click the Advanced button
4) click the Add button
5) click "Select a principal" at the top and select your account
6) leave Type as "Allow", set "Applies to" to "This object only"
7) the defaults may already be correct, but to be sure, scroll to the bottom,
and click "Clear all"
8) scroll back to the top and check "List contents", "Read all properties", and
"Read permissions"
9) click OK
Note that if you then edit the added permissions, a bunch of the boxes at the
bottom will have been checked.
At this point, VCL should be able to join a computer to the domain in that OU.
> Active Directory Authentication for Windows VM's
> ------------------------------------------------
>
> Key: VCL-867
> URL: https://issues.apache.org/jira/browse/VCL-867
> Project: VCL
> Issue Type: New Feature
> Components: database, vcld (backend), web gui (frontend)
> Reporter: Junaid Ali
> Labels: features
> Fix For: 2.5
>
> Attachments: managementnode.patch, vmadsauth.sql, web.patch
>
>
> The current VCL application creates local user accounts for each reservation.
> There is a need to provide active directory authentication so as to provide
> access to domain resources like profile and network shares during the VCL
> reservation.
> This patch updates the VCL database by creating two additional tables:
> activedirectorydomain -> used to store active directory related information
> imageactivedirectorydomain -> used to store mapping of which images use which
> active directory domain.
> A new column is added to the reservation table to hold current active
> directory information for that particular reservation.
> The patch updates the VCL backed (vcld) to add functionality to make the
> windows images part of the active directory domain. It also sets the
> computer's hostname to be the same as defined in the database. This is done
> to prevent creation of a lot of temporary computer objects within Active
> Directory. The process of domain join add's two reboots (one for hostname
> update and one for domain join). After each reboot the cygwin_rebase scripts
> are run to reconfigure SSHD.
> The patch also updates the VCL frontend to allow management of Active
> directory domains within the system and also manage the association of VCL
> images and active directory domains. There is an option to enable moving
> computer objects to specific Active directory Organization Unit's for better
> grouping and ability to apply custom policies to custom group of images on
> the Active directory side. This option was working in Cygwin 1.5 but stopped
> working in Cygwin 1.7 due to some path issues. I left this option in the
> front-end while I look for resolution within Cygwin 1.7.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
