Context:
- Created a Domain Controller with Active Directory Setup.
- Created another Server with Jenkins-2 installed.(DNS Points correctly to the Domain Controllers)
- Installed the Active Directory Plugin
- Installed the Powershell Plugin
- Created a Powershell Job, with command
Copy-Item -Path \\SFTPServer\Docs\file.txt $Home
Steps:
- List item Logged in to Jenkins Server Machine with credentials of
globomantics.local\administrator - List item Started Jenkins to be available on localhost:8080
- List item Logged in into Jenkins using credentials of
globomantics.local\someunderprivilegeduser - List item Run the above created Powershell Job
What happens:
Powershell window appears and runs the command .. in the context of AD User globomantics.local\administrator
What is required:
Powershell command runs in the context of globomantics.local\someunderprivilegeduser
I understand that when we logged into jenkins using globomantics.local\someunderprivilegeduser, a kerberos ticket is generated on this machine. How can i use that ticket to run this powershell command? OR if my approach is completely wrong, what else to do?
Note: let's say globomantics.local\someunderprivilegeduser is NOT allowed to read \\SFTPServer\Docs\file.txt, In this case the Powershell Job should fail. BUT, since the job runs in the context of globomantics.local\administrator, the Job runs successfully.
