Hello Jonathan,

I believe you can use = the Red Hat Documentation for this.

https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_= Virtualization/3.1/html/Evaluation_Guide/Evaluation_Guide-VDI.html#Evaluati= on_Guide-Add_Active_Directory

One of the "gotchas" that I ran into is that you need to specify = the Active Directory as your DNS provider in your resolv.conf file (not sur= e if it was coincidence or not; but I ran into some issues that went away w= hen I did this)

Has anyone had s= uccess doing this with 389 ?

cheers

--Apple-Mail=3D_A45E5F81-2FC0-40AB-B8A0-DCD4CC67FE70-- --===============1127309428871274548== Content-Type: multipart/alternative MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="attachment.bin" Ci0tQXBwbGUtTWFpbD1fQTQ1RTVGODEtMkZDMC00MEFCLUI4QTAtRENENENDNjdGRTcwCkNvbnRl bnQtVHJhbnNmZXItRW5jb2Rpbmc6IHF1b3RlZC1wcmludGFibGUKQ29udGVudC1UeXBlOiB0ZXh0 L3BsYWluOwoJY2hhcnNldD1pc28tODg1OS0xCgoKCgo+IEhlbGxvIEpvbmF0aGFuLAo+PTIwCj4g SSBiZWxpZXZlIHlvdSBjYW4gdXNlIHRoZSBSZWQgSGF0IERvY3VtZW50YXRpb24gZm9yIHRoaXMu Cj49MjAKPiA9Cmh0dHBzOi8vYWNjZXNzLnJlZGhhdC5jb20vc2l0ZS9kb2N1bWVudGF0aW9uL2Vu LVVTL1JlZF9IYXRfRW50ZXJwcmlzZV9WaXJ0PQp1YWxpemF0aW9uLzMuMS9odG1sL0V2YWx1YXRp b25fR3VpZGUvRXZhbHVhdGlvbl9HdWlkZS1WREkuaHRtbCNFdmFsdWF0aW9uXz0KR3VpZGUtQWRk X0FjdGl2ZV9EaXJlY3RvcnkKPj0yMAo+IE9uZSBvZiB0aGUgImdvdGNoYXMiIHRoYXQgSSByYW4g aW50byBpcyB0aGF0IHlvdSBuZWVkIHRvIHNwZWNpZnkgdGhlID0KQWN0aXZlIERpcmVjdG9yeSBh cyB5b3VyIEROUyBwcm92aWRlciBpbiB5b3VyIHJlc29sdi5jb25mIGZpbGUgKG5vdCBzdXJlID0K aWYgaXQgd2FzIGNvaW5jaWRlbmNlIG9yIG5vdDsgYnV0IEkgcmFuIGludG8gc29tZSBpc3N1ZXMg dGhhdCB3ZW50IGF3YXkgPQp3aGVuIEkgZGlkIHRoaXMpCgpIYXMgYW55b25lIGhhZCBzdWNjZXNz IGRvaW5nIHRoaXMgd2l0aCAzODkgPwoKY2hlZXJzCgoKLS1BcHBsZS1NYWlsPV9BNDVFNUY4MS0y RkMwLTQwQUItQjhBMC1EQ0Q0Q0M2N0ZFNzAKQ29udGVudC1UcmFuc2Zlci1FbmNvZGluZzogN2Jp dApDb250ZW50LVR5cGU6IHRleHQvaHRtbDsKCWNoYXJzZXQ9aXNvLTg4NTktMQoKPGh0bWw+PGhl YWQ+PG1ldGEgaHR0cC1lcXVpdj0iQ29udGVudC1UeXBlIiBjb250ZW50PSJ0ZXh0L2h0bWwgY2hh cnNldD1pc28tODg1OS0xIj48L2hlYWQ+PGJvZHkgc3R5bGU9IndvcmQtd3JhcDogYnJlYWstd29y ZDsgLXdlYmtpdC1uYnNwLW1vZGU6IHNwYWNlOyAtd2Via2l0LWxpbmUtYnJlYWs6IGFmdGVyLXdo aXRlLXNwYWNlOyAiPjxicj48ZGl2PjxkaXY+PGJyPjwvZGl2PjxiciBjbGFzcz0iQXBwbGUtaW50 ZXJjaGFuZ2UtbmV3bGluZSI+PGJsb2NrcXVvdGUgdHlwZT0iY2l0ZSI+PGRpdiBkaXI9Imx0ciI+ PGRpdj48ZGl2PjxkaXY+SGVsbG8gSm9uYXRoYW4sPGJyPjxicj48L2Rpdj5JIGJlbGlldmUgeW91 IGNhbiB1c2UgdGhlIFJlZCBIYXQgRG9jdW1lbnRhdGlvbiBmb3IgdGhpcy48YnI+PGJyPjxhIGhy ZWY9Imh0dHBzOi8vYWNjZXNzLnJlZGhhdC5jb20vc2l0ZS9kb2N1bWVudGF0aW9uL2VuLVVTL1Jl ZF9IYXRfRW50ZXJwcmlzZV9WaXJ0dWFsaXphdGlvbi8zLjEvaHRtbC9FdmFsdWF0aW9uX0d1aWRl L0V2YWx1YXRpb25fR3VpZGUtVkRJLmh0bWwjRXZhbHVhdGlvbl9HdWlkZS1BZGRfQWN0aXZlX0Rp cmVjdG9yeSI+aHR0cHM6Ly9hY2Nlc3MucmVkaGF0LmNvbS9zaXRlL2RvY3VtZW50YXRpb24vZW4t VVMvUmVkX0hhdF9FbnRlcnByaXNlX1ZpcnR1YWxpemF0aW9uLzMuMS9odG1sL0V2YWx1YXRpb25f R3VpZGUvRXZhbHVhdGlvbl9HdWlkZS1WREkuaHRtbCNFdmFsdWF0aW9uX0d1aWRlLUFkZF9BY3Rp dmVfRGlyZWN0b3J5PC9hPjxicj4KCjxicj48L2Rpdj5PbmUgb2YgdGhlICJnb3RjaGFzIiB0aGF0 IEkgcmFuIGludG8gaXMgdGhhdCB5b3UgbmVlZCB0byBzcGVjaWZ5IHRoZSBBY3RpdmUgRGlyZWN0 b3J5IGFzIHlvdXIgRE5TIHByb3ZpZGVyIGluIHlvdXIgcmVzb2x2LmNvbmYgZmlsZSAobm90IHN1 cmUgaWYgaXQgd2FzIGNvaW5jaWRlbmNlIG9yIG5vdDsgYnV0IEkgcmFuIGludG8gc29tZSBpc3N1 ZXMgdGhhdCB3ZW50IGF3YXkgd2hlbiBJIGRpZCB0aGlzKTxicj48L2Rpdj48L2Rpdj48L2Jsb2Nr cXVvdGU+PGJyPjwvZGl2PjxkaXY+SGFzIGFueW9uZSBoYWQgc3VjY2VzcyBkb2luZyB0aGlzIHdp dGggMzg5ID88L2Rpdj48ZGl2Pjxicj48L2Rpdj48ZGl2PmNoZWVyczwvZGl2Pjxicj48L2JvZHk+ PC9odG1sPgotLUFwcGxlLU1haWw9X0E0NUU1RjgxLTJGQzAtNDBBQi1COEEwLURDRDRDQzY3RkU3 MC0tCg== --===============1127309428871274548==-- From christianh at 4over.com Tue Apr 23 13:50:09 2013 Content-Type: multipart/mixed; boundary="===============6441773903742701732==" MIME-Version: 1.0 From: Christian Hernandez To: users at ovirt.org Subject: Re: [Users] AD authentication for ovirt manager Date: Tue, 23 Apr 2013 08:13:02 -0700 Message-ID: In-Reply-To: 873EC74E-AF01-43A2-8012-568C73AF1293@ng23.net --===============6441773903742701732== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Tom, I *believe* that you can use 389 with TLS FWIW I have successfully added an AD and IPA domain. Thank you, Christian Hernandez 1225 Los Angeles Street Glendale, CA 91204 Phone: 877-782-2737 ext. 4566 Fax: 818-265-3152 christianh(a)4over.com www.4over.com On Tue, Apr 23, 2013 at 7:16 AM, Tom Brown wrote: > > > > Hello Jonathan, > > I believe you can use the Red Hat Documentation for this. > > > https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Vir= tualization/3.1/html/Evaluation_Guide/Evaluation_Guide-VDI.html#Evaluation_= Guide-Add_Active_Directory > > One of the "gotchas" that I ran into is that you need to specify the > Active Directory as your DNS provider in your resolv.conf file (not sure = if > it was coincidence or not; but I ran into some issues that went away when= I > did this) > > > Has anyone had success doing this with 389 ? > > cheers > > --===============6441773903742701732== Content-Type: text/html MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="attachment.html" PGRpdiBkaXI9Imx0ciI+PGRpdj48ZGl2PlRvbSw8YnI+PGJyPjwvZGl2PkkgKmJlbGlldmUqIHRo YXQgeW91IGNhbiB1c2UgMzg5IHdpdGggVExTPGJyPjxicj48L2Rpdj5GV0lXIEkgaGF2ZSBzdWNj ZXNzZnVsbHkgYWRkZWQgYW4gQUQgYW5kIElQQSBkb21haW4uPGJyPjwvZGl2PjxkaXYgY2xhc3M9 ImdtYWlsX2V4dHJhIj48YnIgY2xlYXI9ImFsbCI+PGRpdj48ZGl2IGRpcj0ibHRyIj48ZGl2PgoK PGJyPlRoYW5rIHlvdSw8YnI+PGJyPkNocmlzdGlhbiBIZXJuYW5kZXo8YnI+PC9kaXY+MTIyNSBM b3MgQW5nZWxlcyBTdHJlZXQ8YnI+PGRpdj5HbGVuZGFsZSwgQ0EgOTEyMDQ8YnI+ClBob25lOiA8 YSB2YWx1ZT0iKzE4Nzc3ODIyNzM3Ij44NzctNzgyLTI3MzcgZXh0LiA0NTY2PC9hPjxicj5GYXg6 IDxhIHZhbHVlPSIrMTgxODI2NTMxNTIiPjgxOC0yNjUtMzE1MjwvYT48YnI+PGEgaHJlZj0ibWFp bHRvOmNocmlzdGlhbmhANG92ZXIuY29tIiB0YXJnZXQ9Il9ibGFuayI+Y2hyaXN0aWFuaEA0b3Zl ci5jb208L2E+ICZsdDttYWlsdG86PGEgaHJlZj0ibWFpbHRvOmNocmlzdGlhbmhANG92ZXIuY29t IiB0YXJnZXQ9Il9ibGFuayI+Y2hyaXN0aWFuaEA0b3Zlci5jb208L2E+Jmd0OyA8YnI+Cgo8YSBo cmVmPSJodHRwOi8vd3d3LjRvdmVyLmNvbS8iIHRhcmdldD0iX2JsYW5rIj53d3cuNG92ZXIuY29t PC9hPiAmbHQ7PGEgaHJlZj0iaHR0cDovL3d3dy40b3Zlci5jb20vIiB0YXJnZXQ9Il9ibGFuayI+ aHR0cDovL3d3dy40b3Zlci5jb208L2E+Jmd0OzwvZGl2PjwvZGl2PjwvZGl2Pgo8YnI+PGJyPjxk aXYgY2xhc3M9ImdtYWlsX3F1b3RlIj5PbiBUdWUsIEFwciAyMywgMjAxMyBhdCA3OjE2IEFNLCBU b20gQnJvd24gPHNwYW4gZGlyPSJsdHIiPiZsdDs8YSBocmVmPSJtYWlsdG86dG9tQG5nMjMubmV0 IiB0YXJnZXQ9Il9ibGFuayI+dG9tQG5nMjMubmV0PC9hPiZndDs8L3NwYW4+IHdyb3RlOjxicj48 YmxvY2txdW90ZSBjbGFzcz0iZ21haWxfcXVvdGUiIHN0eWxlPSJtYXJnaW46MCAwIDAgLjhleDti b3JkZXItbGVmdDoxcHggI2NjYyBzb2xpZDtwYWRkaW5nLWxlZnQ6MWV4Ij4KCjxkaXYgc3R5bGU9 IndvcmQtd3JhcDpicmVhay13b3JkIj48ZGl2IGNsYXNzPSJpbSI+PGJyPjxkaXY+PGRpdj48YnI+ PC9kaXY+PGJyPjxibG9ja3F1b3RlIHR5cGU9ImNpdGUiPjxkaXYgZGlyPSJsdHIiPjxkaXY+PGRp dj48ZGl2PkhlbGxvIEpvbmF0aGFuLDxicj48YnI+PC9kaXY+SSBiZWxpZXZlIHlvdSBjYW4gdXNl IHRoZSBSZWQgSGF0IERvY3VtZW50YXRpb24gZm9yIHRoaXMuPGJyPgoKPGJyPjxhIGhyZWY9Imh0 dHBzOi8vYWNjZXNzLnJlZGhhdC5jb20vc2l0ZS9kb2N1bWVudGF0aW9uL2VuLVVTL1JlZF9IYXRf RW50ZXJwcmlzZV9WaXJ0dWFsaXphdGlvbi8zLjEvaHRtbC9FdmFsdWF0aW9uX0d1aWRlL0V2YWx1 YXRpb25fR3VpZGUtVkRJLmh0bWwjRXZhbHVhdGlvbl9HdWlkZS1BZGRfQWN0aXZlX0RpcmVjdG9y eSIgdGFyZ2V0PSJfYmxhbmsiPmh0dHBzOi8vYWNjZXNzLnJlZGhhdC5jb20vc2l0ZS9kb2N1bWVu dGF0aW9uL2VuLVVTL1JlZF9IYXRfRW50ZXJwcmlzZV9WaXJ0dWFsaXphdGlvbi8zLjEvaHRtbC9F dmFsdWF0aW9uX0d1aWRlL0V2YWx1YXRpb25fR3VpZGUtVkRJLmh0bWwjRXZhbHVhdGlvbl9HdWlk ZS1BZGRfQWN0aXZlX0RpcmVjdG9yeTwvYT48YnI+CgoKCjxicj48L2Rpdj5PbmUgb2YgdGhlICZx dW90O2dvdGNoYXMmcXVvdDsgdGhhdCBJIHJhbiBpbnRvIGlzIHRoYXQgeW91IG5lZWQgdG8gc3Bl Y2lmeSB0aGUgQWN0aXZlIERpcmVjdG9yeSBhcyB5b3VyIEROUyBwcm92aWRlciBpbiB5b3VyIHJl c29sdi5jb25mIGZpbGUgKG5vdCBzdXJlIGlmIGl0IHdhcyBjb2luY2lkZW5jZSBvciBub3Q7IGJ1 dCBJIHJhbiBpbnRvIHNvbWUgaXNzdWVzIHRoYXQgd2VudCBhd2F5IHdoZW4gSSBkaWQgdGhpcyk8 YnI+Cgo8L2Rpdj48L2Rpdj48L2Jsb2NrcXVvdGU+PGJyPjwvZGl2PjwvZGl2PjxkaXY+SGFzIGFu eW9uZSBoYWQgc3VjY2VzcyBkb2luZyB0aGlzIHdpdGggMzg5ID88L2Rpdj48ZGl2Pjxicj48L2Rp dj48ZGl2PmNoZWVyczwvZGl2Pjxicj48L2Rpdj48L2Jsb2NrcXVvdGU+PC9kaXY+PGJyPjwvZGl2 Pgo= --===============6441773903742701732==-- From iheim at redhat.com Wed Apr 24 04:39:19 2013 Content-Type: multipart/mixed; boundary="===============1301143178675480403==" MIME-Version: 1.0 From: Itamar Heim To: users at ovirt.org Subject: Re: [Users] AD authentication for ovirt manager Date: Wed, 24 Apr 2013 09:22:06 +0300 Message-ID: <51777A0E.70708@redhat.com> In-Reply-To: CAFKQu78drXyWVwy12bODUYEckZLokv4GA57jXK6_OXWk8g9suw@mail.gmail.com --===============1301143178675480403== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable On 04/23/2013 05:12 PM, Chris Noffsinger wrote: > Also create a different user. For instance I could not get the > Administrator user to bind with my samba4 DC. Had to create a different > user to bind to. that's because the built-in administrator doesn't have a UPN iirc. --===============1301143178675480403==--