1:48 p.m.
Hello oVirt guru`s!
I'm sorry for possible offtopic, but I do not know where to seek help.
I want to set up Active Directory domain authorization in oVirt Hosted Engine guest OS.
For this I use SSSD as described here:
https://blog.it-kb.ru/2016/10/15/join-debian-gnu-linux-8-6-to-active-dire...
I attached the computer to the domain using the realm utility.
It looks nice.
[root@KOM-OVIRT1 ~]# realm list
ad.holding.com
type: kerberos
realm-name: AD.HOLDING.COM
domain-name: ad.holding.com
configured: kerberos-member
server-software: active-directory
client-software: sssd
required-package: oddjob
required-package: oddjob-mkhomedir
required-package: sssd
required-package: adcli
required-package: samba-common
login-formats: %U(a)ad.holding.com
login-policy: allow-permitted-logins
permitted-logins:
permitted-groups: KOM-SRV-Linux-Admins(a)ad.holding.com
However, getent does not return information about domain accounts:
[root@KOM-OVIRT1 ~]# getent passwd aleksey(a)ad.holding.com
[root@KOM-OVIRT1 ~]#
getent for local accounts work:
[root@KOM-OVIRT1 ~]# getent passwd root
root:x:0:0:root:/root:/bin/bash
oVirt Hosted Engine guest OS has some tricky authorization settings?
Can you help me?
3:23 p.m.
On Wed, 2016-10-19 at 13:48 +0300, aleksey.maksimov(a)it-kb.ru wrote:
Hello oVirt guru`s!
I'm sorry for possible offtopic, but I do not know where to seek
help.
I want to set up Active Directory domain authorization in oVirt
Hosted Engine guest OS.
For this I use SSSD as described here:
https://blog.it-kb.ru/2016/10/15/join-debian-gnu-linux-8-6-to-active-
directory-domain-with-sssd-and-realmd-for-authentication-and-
configure-ad-domain-security-group-authorization-for-sudo-and-ssh-
with-putty-sso/
I used this[*] that worked for me (at least on Ubuntu) yesterday.
Adjust accordingly for CentOS.
/K
[*] https://help.ubuntu.com/lts/serverguide/sssd-ad.html
>
> I attached the computer to the domain using the realm utility.
> It looks nice.
>
> [root@KOM-OVIRT1 ~]# realm list
> ad.holding.com
> type: kerberos
> realm-name: AD.HOLDING.COM
> domain-name: ad.holding.com
> configured: kerberos-member
> server-software: active-directory
> client-software: sssd
> required-package: oddjob
> required-package: oddjob-mkhomedir
> required-package: sssd
> required-package: adcli
> required-package: samba-common
> login-formats: %U(a)ad.holding.com
> login-policy: allow-permitted-logins
> permitted-logins:
> permitted-groups: KOM-SRV-Linux-Admins(a)ad.holding.com
>
> However, getent does not return information about domain accounts:
>
> [root@KOM-OVIRT1 ~]# getent passwd aleksey(a)ad.holding.com
> [root@KOM-OVIRT1 ~]#
>
> getent for local accounts work:
>
> [root@KOM-OVIRT1 ~]# getent passwd root
> root:x:0:0:root:/root:/bin/bash
>
> oVirt Hosted Engine guest OS has some tricky authorization settings?
> Can you help me?
> _______________________________________________
> Users mailing list
> Users(a)ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
>
3:30 p.m.
Thank You for the advice, Karli
Problem solved here:
https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahoste...
Again sorry for offtopic
19.10.2016, 15:23, "Karli Sjöberg" <karli.sjoberg(a)slu.se>:
On Wed, 2016-10-19 at 13:48 +0300, aleksey.maksimov(a)it-kb.ru wrote:
> Hello oVirt guru`s!
>
> I'm sorry for possible offtopic, but I do not know where to seek
> help.
>
> I want to set up Active Directory domain authorization in oVirt
> Hosted Engine guest OS.
>
> For this I use SSSD as described here:
> https://blog.it-kb.ru/2016/10/15/join-debian-gnu-linux-8-6-to-active-
> directory-domain-with-sssd-and-realmd-for-authentication-and-
> configure-ad-domain-security-group-authorization-for-sudo-and-ssh-
> with-putty-sso/
I used this[*] that worked for me (at least on Ubuntu) yesterday.
Adjust accordingly for CentOS.
/K
[*] https://help.ubuntu.com/lts/serverguide/sssd-ad.html
> I attached the computer to the domain using the realm utility.
> It looks nice.
>
> [root@KOM-OVIRT1 ~]# realm list
> ad.holding.com
> type: kerberos
> realm-name: AD.HOLDING.COM
> domain-name: ad.holding.com
> configured: kerberos-member
> server-software: active-directory
> client-software: sssd
> required-package: oddjob
> required-package: oddjob-mkhomedir
> required-package: sssd
> required-package: adcli
> required-package: samba-common
> login-formats: %U(a)ad.holding.com
> login-policy: allow-permitted-logins
> permitted-logins:
> permitted-groups: KOM-SRV-Linux-Admins(a)ad.holding.com
>
> However, getent does not return information about domain accounts:
>
> [root@KOM-OVIRT1 ~]# getent passwd aleksey(a)ad.holding.com
> [root@KOM-OVIRT1 ~]#
>
> getent for local accounts work:
>
> [root@KOM-OVIRT1 ~]# getent passwd root
> root:x:0:0:root:/root:/bin/bash
>
> oVirt Hosted Engine guest OS has some tricky authorization settings?
> Can you help me?
> _______________________________________________
> Users mailing list
> Users(a)ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
2955
days inactive
2956
days old
2 comments
2 participants
participants (2)
-
aleksey.maksimov@it-kb.ru -
Karli Sjöberg