Have Windows domain allow the less secure 'securejoin' if indicated in site (can be rendered secure in *very* specific circumstances).

git-svn-id: https://svn.code.sf.net/p/xcat/code/xcat-core/trunk@14931 8638fb3e-16cb-4fca-ae20-7b5d299a9bcd
This commit is contained in:
jbjohnso 2013-01-21 14:34:37 +00:00
parent beda697525
commit 14ffb71f0e
2 changed files with 6 additions and 2 deletions

View File

@ -61,7 +61,7 @@ statelite => {
#seriously evaluate wider support of multi-domain environments, will leave them
#commented rather than tempt people to try with an expectation that it could work.
domain => {
cols => [qw(node ou comments disable)],
cols => [qw(node ou authdomain comments disable)],
keys => ['node'],
table_desc => 'Mapping of nodes to domain attributes',
descriptions => {
@ -69,6 +69,7 @@ domain => {
# domain => 'The name of the domain it is a member of, such as "example.com". Defaults to domain value from the site table',
# the above column is unimplemented by anything, so leave it out for this pass
ou => 'For an LDAP described machine account (i.e. Active Directory), the orginaztional unit to place the system. If not set, defaults to cn=Computers,dc=your,dc=domain',
authdomain => 'If a node should participate in an AD domain or Kerberos realm distinct from domain indicated in site, this field can be used to specify that',
comments => 'Any user-written notes.',
disable => "Set to 'yes' or '1' to comment out this row.",
},

View File

@ -307,7 +307,10 @@ sub windows_join_data {
#we are still here, meaning configuration has a domain and activedirectory set, probably want to join..
#TODO: provide a per-node 'disable' so that non-AD could be mixed into a nominally AD environment
my $adinfo = machinepassword(wantref=>1); #TODO: needs rearranging in non prejoin case
my $prejoin =1; #todo: variant without prejoin for TLS-free
my $prejoin =1;
if (defined $::XCATSITEVALS{prejoinactivedirectory} and not $::XCATSITEVALS{prejoinactivedirectory} ) {
$prejoin = 0;
}
my $componentxml = '<component name="Microsoft-Windows-UnattendedJoin" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">'."\n<Identification>\n<JoinDomain>".$adinfo->{domain}."</JoinDomain>\n";
if ($adinfo->{ou}) {
$componentxml .= "<MachineObjectOU>".$adinfo->{ou}."</MachineObjectOU>\n";