<div dir="ltr"><div><div>Thanks Rafael. I forgot to mention that this is an AD host, which just uses kerberos keytabs to establish trust, so it looks like the best option is to install krb5 tools and sssd.<br><br></div>Cheers,<br><br></div>Cam<br></div><div class="gmail_extra"><br><div class="gmail_quote">On Mon, Sep 26, 2016 at 5:09 PM, Rafael Martins <span dir="ltr"><<a href="mailto:rmartins@redhat.com" target="_blank">rmartins@redhat.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class="">----- Original Message -----<br>
> From: "cmc" <<a href="mailto:iucounu@gmail.com">iucounu@gmail.com</a>><br>
> To: "users" <<a href="mailto:users@ovirt.org">users@ovirt.org</a>><br>
> Sent: Monday, September 26, 2016 6:04:05 PM<br>
> Subject: [ovirt-users] kerberos and AAA<br>
><br>
> Hi,<br>
><br>
> I've installed the LDAP AAA module for oVirt on the engine host, but I<br>
> suspect I also need to bind the host to the domain first as I am getting<br>
> 'peer not authenticated' when I try the auth. Is it ok to install sssd and<br>
> the kerberos tools without on the engine host manually? I know that in<br>
> general you should avoid installing things manually so wanted to check<br>
> first.<br>
<br>
</span>If you have access to the LDAP server you can just create the keys there and transfer to the engine host, or just install the tools in engine host and bind. It is not supposed to produce issues.<br>
<br>
Rafael<br>
<br>
> Thanks,<br>
><br>
> Cam<br>
><br>
> ______________________________<wbr>_________________<br>
> Users mailing list<br>
> <a href="mailto:Users@ovirt.org">Users@ovirt.org</a><br>
> <a href="http://lists.ovirt.org/mailman/listinfo/users" rel="noreferrer" target="_blank">http://lists.ovirt.org/<wbr>mailman/listinfo/users</a><br>
><br>
</blockquote></div><br></div>