<div style="line-height:1.7;color:#000000;font-size:14px;font-family:Arial"><div>Thanks for the reply. I have completely configured all the things in option 1 which you told. But it seems that sso still does not work. My domain forest is "test.org" and my user is "test". When I login the user portal, I get "test@test.org@test.org" int the top right corner. Should it be "test@test.org"? Is it possible that engine send wrong user name to the guest agent?</div><div><img src="cid:118ddb69$2$161549f1512$Coremail$ddqlo$126.com" orgwidth="171" orgheight="36" data-image="1" style="width: 171px; height: 36px;"></div><div><br></div><div style="position:relative;zoom:1"></div><div id="divNeteaseMailCard"></div>At 2018-02-01 15:35:57, "Martin Perina" <mperina@redhat.com> wrote:<br> <blockquote id="isReplyContent" style="PADDING-LEFT: 1ex; MARGIN: 0px 0px 0px 0.8ex; BORDER-LEFT: #ccc 1px solid"><div dir="ltr"><div class="gmail_default" style="font-family:arial,helvetica,sans-serif"><br></div><div class="gmail_extra"><br><div class="gmail_quote">On Thu, Feb 1, 2018 at 9:13 AM, ¶ÇàÁú <span dir="ltr"><<a href="mailto:ddqlo@126.com" target="_blank">ddqlo@126.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div style="line-height:1.7;color:#000000;font-size:14px;font-family:Arial"><div>Hi, all</div><div> I am trying to make SSO working with windows7 vm in an ovirt 4.1 environment. Ovirt-guest-agent has been installed in windows7 vm. I have an active directory server of windows2012 and I have configured the engine using "ovirt-engine-extension-aaa-<wbr></wbr>ldap-setup" successfully. The windows7 vm has joined the domain,too. But when I login the userportal using a user created in the AD server, I still have to login the windows7 vm using the same user for the second time. It seems that SSO does not work.</div><div> Anyone can help me? Thanks!</div></div></blockquote><div><br><div style="font-family:arial,helvetica,sans-serif;display:inline" class="gmail_default">We are not providing full SSO for </div>VMs<div style="font-family:arial,helvetica,sans-serif;display:inline" class="gmail_default">. At the moment you have 2 options:<br><br></div><div style="font-family:arial,helvetica,sans-serif;display:inline" class="gmail_default">1. If you want user to be automatically logged in into a VM, then you need to setup SSO using aaa-ldap extension for AD (please don't forget to answer Yes for question about SSO for VMs in setup tool). Andf of course in a VM you need to have installed and enabled guest agent. Once user logs into VM Portal and clicks on a VM, then he should be automatically logged into it.<br><br></div><div style="font-family:arial,helvetica,sans-serif;display:inline" class="gmail_default">2. If you setup kerberos for engine SSO, then you don't need to enter password to loging into VM Portal, but in such case we cannot pass a password into a VM and user are not automatically logged in.<br><br></div><div style="font-family:arial,helvetica,sans-serif;display:inline" class="gmail_default">Martin<br><br></div></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><br><br><span title="neteasefooter"><p> </p></span><br>______________________________<wbr></wbr>_________________<br>
Users mailing list<br>
<a href="mailto:Users@ovirt.org">Users@ovirt.org</a><br>
<a href="http://lists.ovirt.org/mailman/listinfo/users" rel="noreferrer" target="_blank">http://lists.ovirt.org/<wbr></wbr>mailman/listinfo/users</a><br>
<br></blockquote></div><br><br clear="all"><br>-- <br><div class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><font size="1">Martin Perina<br>Associate Manager, Software Engineering<br>Red Hat Czech s.r.o.<br></font></div></div>
</div></div>
</blockquote></div><br><br><span title="neteasefooter"><p> </p></span>