From 14ffb71f0e4d82dc65978a5f1eda199f6939ebd4 Mon Sep 17 00:00:00 2001 From: jbjohnso Date: Mon, 21 Jan 2013 14:34:37 +0000 Subject: [PATCH] Have Windows domain allow the less secure 'securejoin' if indicated in site (can be rendered secure in *very* specific circumstances). git-svn-id: https://svn.code.sf.net/p/xcat/code/xcat-core/trunk@14931 8638fb3e-16cb-4fca-ae20-7b5d299a9bcd --- perl-xCAT/xCAT/Schema.pm | 3 ++- xCAT-server/lib/perl/xCAT/Template.pm | 5 ++++- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/perl-xCAT/xCAT/Schema.pm b/perl-xCAT/xCAT/Schema.pm index 4dbfa18d2..7e4d0adc5 100644 --- a/perl-xCAT/xCAT/Schema.pm +++ b/perl-xCAT/xCAT/Schema.pm @@ -61,7 +61,7 @@ statelite => { #seriously evaluate wider support of multi-domain environments, will leave them #commented rather than tempt people to try with an expectation that it could work. domain => { - cols => [qw(node ou comments disable)], + cols => [qw(node ou authdomain comments disable)], keys => ['node'], table_desc => 'Mapping of nodes to domain attributes', descriptions => { @@ -69,6 +69,7 @@ domain => { # domain => 'The name of the domain it is a member of, such as "example.com". Defaults to domain value from the site table', # the above column is unimplemented by anything, so leave it out for this pass ou => 'For an LDAP described machine account (i.e. Active Directory), the orginaztional unit to place the system. If not set, defaults to cn=Computers,dc=your,dc=domain', + authdomain => 'If a node should participate in an AD domain or Kerberos realm distinct from domain indicated in site, this field can be used to specify that', comments => 'Any user-written notes.', disable => "Set to 'yes' or '1' to comment out this row.", }, diff --git a/xCAT-server/lib/perl/xCAT/Template.pm b/xCAT-server/lib/perl/xCAT/Template.pm index 1009d180f..70f998a5d 100644 --- a/xCAT-server/lib/perl/xCAT/Template.pm +++ b/xCAT-server/lib/perl/xCAT/Template.pm @@ -307,7 +307,10 @@ sub windows_join_data { #we are still here, meaning configuration has a domain and activedirectory set, probably want to join.. #TODO: provide a per-node 'disable' so that non-AD could be mixed into a nominally AD environment my $adinfo = machinepassword(wantref=>1); #TODO: needs rearranging in non prejoin case - my $prejoin =1; #todo: variant without prejoin for TLS-free + my $prejoin =1; + if (defined $::XCATSITEVALS{prejoinactivedirectory} and not $::XCATSITEVALS{prejoinactivedirectory} ) { + $prejoin = 0; + } my $componentxml = ''."\n\n".$adinfo->{domain}."\n"; if ($adinfo->{ou}) { $componentxml .= "".$adinfo->{ou}."\n";