On Tuesday, April 24, 2018 at 3:55:23 PM UTC-5, Elias Pereira wrote: > > John, > > So the puppet is not designed to work with machines that are in the AD > domain? Maybe, only in servers that the root user are used with security by > sysadmin? >
Puppet works fine with machines in AD domains, both Windows and Linux. In fact, some of the machines under my own Puppet management are Linux machines belonging to the institutional AD domain. None of what I have described so far has anything particularly to do with AD. Even if your machines are configured to grant administrative privileges to some users based on their AD identities or group membership (not an essential characteristic of machine AD membership), that changes little. In particular, it does not change the fact that users do not, by default, share Puppet configuration or certificates with each other or with the system. If you want users to make catalog requests using the system identity, then the most natural way for them to do so is to assume the system identity. This is among the purposes served by the sudo and su commands on Linux. Alternatively, non-root users who have sufficient privileges to usefully do so can certainly run the agent as themselves. *By default*, such users will rely on their own personal configuration, certificates, etc., and all certificates used with Puppet need distinct certnames, as we've already discussed. However, a user with sufficient local privilege to access all the system's Puppet configuration should be able to instruct the agent to use that configuration instead of the default personal one by issuing the --confdir command-line option <https://puppet.com/docs/puppet/5.5/configuration.html#confdir> to point it to the system's config directory. For Puppet 5 on Linux, that would look like this: puppet agent --confdir=/etc/puppetlabs/puppet Most other relevant directory settings are relative to the $confdir by default, but it's possible that you might discover a need for additional CLI options to make it work fully. John -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/f3a498b0-72bf-4309-a66b-6d5a7958a16b%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
