Hi All,
I'm reading the docs and various references available for Puppet but
can't seem to find a better way of accomplishing my goal of binding my
Linux Servers to Active Directory. (Please don't berate me for the
premise.)
Quick Background:
I've become enamored with likewise-open as a method and tool for
binding linux machines to AD. It's clean and simple. (http://
anothersysadmin.wordpress.com/2008/04/06/howto-active-directory-
authentication-in-ubuntu-804/)
But I can't get past the command line requirement and being forced to
run an exec that stores a domain admin password in a text file. Here
is my recipe so far:
class likewise{
file { likewise-preseed:
path => "/var/cache/debconf/likewise.preseed"
owner => root,
group => root,
mode => 400,
source => "puppet:///likewise/likewise.preseed"
}
package{
likewise-open: ensure => latest,
responsefile => "/var/cache/debconf/likewise.preseed",
require => file[likewise-preseed]
}
exec{ "domainjoin-cli join at.sfsu.edu svc_bind PASSWORD":
path => ["/usr/bin", "/usr/sbin"]
}
That recipe is obviously not complete, but I'm hung at the exec
command. It doesn't seem right to me from a philosophical perspective.
There should be a better way that doesn't require me to store a
password in the recipe. Does anyone have a suggestion of a better way
of doing this? I'm sure I'm missing something obvious.
I did take a look at the NSSwitch LDAP recipe (http://
reductivelabs.com/trac/puppet/wiki/Recipes/LDAPClientNSSwitch) and
that might accomplish the same goal but seems more complex and
unnecessary when an elegant solution such as likewise-open exists.
Thanks for your thoughts.
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
