问题
We are moving the TFS-server out of our development-domain to a new domain. The users in the development-domain should still be able to authenticate to the TFS-Server, either with their developement-domain credentials or a new set of credentials from the new domain. One problem is that we cannot create a trust between the domains. What is the best solution here? I've found some links where they use TFS-proxy server but they are not clear if the domains are trusted or not. Or is it possible to authenticate with TFS by using certificates only?
回答1:
If you don't make the 2 domains trust, the development-domain it can't access the new domain. Then the users in the development-domain should still not be able to authenticate to the TFS-Server.
Note:
If you are moving to a non-trusted domain, you might also need to manually add users and groups to teams, projects, collections, and Team Foundation Server itself. For more information, see Add users to team projects, Set administrator permissions for team project collections, and Set administrator permissions for Team Foundation Server.
More details please refer this tutorial: Move Team Foundation Server from one environment to another
Using TFS proxy server and setting up a remote site, it's more like cache version control files at a remote site and user download/get latest from remote site directly not from main site. TFS Proxy will not handle any user authentication for you, you still need to handle users in the domain the server is located, TFS Proxy only speeds up/limit accessing files over the network. Not sure this is what you want originally.
Accordning to the MSDN Article Trust and forrest conciderations for Team Foundation server you must have one way trusts between
- TFS AT server domain -> TFS Proxy Service Account domain
- TFS Proxy computer domain -> TFS Proxy User domain
You could also take a look at Grant Holliday's answer in this related question: Is it possible to setup TFS proxy server with a VPN connection?
来源:https://stackoverflow.com/questions/45012701/tfs-cross-domain-authentication-without-trust