-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Taylor wrote:
> Hi All,
>
> I'm reading the docs and various references available for Puppet but
> can't seem to find a better way of accomplishing my goal of binding my
> Linux Servers to Active Directory. (Please don't berate me for the
> premise.)
>
> Quick Background:
> I've become enamored with likewise-open as a method and tool for
> binding linux machines to AD. It's clean and simple. (http://
> anothersysadmin.wordpress.com/2008/04/06/howto-active-directory-
> authentication-in-ubuntu-804/)
>
> But I can't get past the command line requirement and being forced to
> run an exec that stores a domain admin password in a text file. Here
> is my recipe so far:
>
> class likewise{
> file { likewise-preseed:
> path => "/var/cache/debconf/likewise.preseed"
> owner => root,
> group => root,
> mode => 400,
> source => "puppet:///likewise/likewise.preseed"
> }
>
> package{
> likewise-open: ensure => latest,
> responsefile => "/var/cache/debconf/likewise.preseed",
> require => file[likewise-preseed]
> }
>
> exec{ "domainjoin-cli join at.sfsu.edu svc_bind PASSWORD":
> path => ["/usr/bin", "/usr/sbin"]
> }
>
> That recipe is obviously not complete, but I'm hung at the exec
> command. It doesn't seem right to me from a philosophical perspective.
> There should be a better way that doesn't require me to store a
> password in the recipe. Does anyone have a suggestion of a better way
> of doing this? I'm sure I'm missing something obvious.
>
> I did take a look at the NSSwitch LDAP recipe (http://
> reductivelabs.com/trac/puppet/wiki/Recipes/LDAPClientNSSwitch) and
> that might accomplish the same goal but seems more complex and
> unnecessary when an elegant solution such as likewise-open exists.
>
> Thanks for your thoughts.
>
>
You don't need to be a domain admin to bind to AD- so the answer is
create an account that can only bind machines to AD.
- --
Joe McDonagh
AIM: YoosingYoonickz
IRC: joe-mac on freenode
L'ennui est contre-révolutionnaire
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAktzduoACgkQRkBieEaRmua1vgCeMQO+6uC2BrzFjms6VnMC8Tvr
dE4AniEZFWvesG9p521OBY8BzOkDvNrJ
=KO0b
-----END PGP SIGNATURE-----
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
