Windows容器内的Active Directory帐户(服务器2016 TP5) [英] Active directory accounts inside a windows container (server 2016 TP5)
问题描述
所以我有Windows Server 2016 TP5,我在玩这些容器。我能够完成基本的docker任务。我正在尝试弄清楚如何将一些由IIS托管的Web应用程序进行容器化。
So I have Windows Server 2016 TP5 and I'm playing around with the containers. I am able to do basic docker tasks fine. I'm trying to figure out how to containerize some of our IIS-hosted web applications.
通常,我们通常对数据库使用集成身份验证,对应用程序池使用域服务帐户。我目前没有测试虚拟机(位于域中),因此无法测试该虚拟机是否可以在容器中运行。
Thing is, we usually use integrated authentication for the DB and use domain service accounts for the app pool. I currently don't have a test VM (that is in a domain) so I can't test if this will work inside a container.
如果主机已加入AD域,那么其容器也属于该域吗?我仍然可以使用域帐户运行进程吗?
If the host is joined to an AD domain, are its containers also part of the domain? Can I still run processes using domain accounts?
编辑:
另外,如果我在dockerfile中指定了 USER,这是否意味着我的应用程序池会使用该命令(而不是应用程序池标识)运行?
Also, if I specify the "USER" in the dockerfile, does this mean that my app pool will run using that (instead of the app pool identity)?
推荐答案
更新:此答案是不再相关-适用于2016 TP5。
Update: this answer is no longer relevant - was for 2016 TP5. AD support has been added in later releases
原始答案
快速答案-否,不支持将容器作为AD的一部分,因此AD支持已添加到更高版本中。您不能使用AD帐户在容器中运行进程或对其进行身份验证
Original answer Quick answer - no, containers are not supported as part of AD so you can't use AD accounts to run processes within a container or authenticate with it
在MS Containers网站上曾经提到过,但是原始链接现在重定向。
This used to be mentioned on the MS Containers site but the original link now redirects.
原始措辞(是CTP 3还是4?):
容器无法加入Active Directory域,并且不能以域用户,服务帐户,或机器帐户。
Original wording (CTP 3 or 4?): "Containers cannot join Active Directory domains, and cannot run services or applications as domain users, service accounts, or machine accounts."
我不知道在以后的版本中是否会更改。
I don't know if that will change in a later release.
有人尝试破解它,但没有任何乐趣。
Someone tried to hack around it but with no joy.
这篇关于Windows容器内的Active Directory帐户(服务器2016 TP5)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
