Active Directory domain authorization in oVirt Hosted Engine guest OS
Hello oVirt guru`s! I'm sorry for possible offtopic, but I do not know where to seek help. I want to set up Active Directory domain authorization in oVirt Hosted Engine guest OS. For this I use SSSD as described here: https://blog.it-kb.ru/2016/10/15/join-debian-gnu-linux-8-6-to-active-directo... I attached the computer to the domain using the realm utility. It looks nice. [root@KOM-OVIRT1 ~]# realm list ad.holding.com type: kerberos realm-name: AD.HOLDING.COM domain-name: ad.holding.com configured: kerberos-member server-software: active-directory client-software: sssd required-package: oddjob required-package: oddjob-mkhomedir required-package: sssd required-package: adcli required-package: samba-common login-formats: %U@ad.holding.com login-policy: allow-permitted-logins permitted-logins: permitted-groups: KOM-SRV-Linux-Admins@ad.holding.com However, getent does not return information about domain accounts: [root@KOM-OVIRT1 ~]# getent passwd aleksey@ad.holding.com [root@KOM-OVIRT1 ~]# getent for local accounts work: [root@KOM-OVIRT1 ~]# getent passwd root root:x:0:0:root:/root:/bin/bash oVirt Hosted Engine guest OS has some tricky authorization settings? Can you help me?
On Wed, 2016-10-19 at 13:48 +0300, aleksey.maksimov@it-kb.ru wrote:
Hello oVirt guru`s!
I'm sorry for possible offtopic, but I do not know where to seek help.
I want to set up Active Directory domain authorization in oVirt Hosted Engine guest OS.
For this I use SSSD as described here: https://blog.it-kb.ru/2016/10/15/join-debian-gnu-linux-8-6-to-active- directory-domain-with-sssd-and-realmd-for-authentication-and- configure-ad-domain-security-group-authorization-for-sudo-and-ssh- with-putty-sso/
I used this[*] that worked for me (at least on Ubuntu) yesterday. Adjust accordingly for CentOS. /K [*] https://help.ubuntu.com/lts/serverguide/sssd-ad.html
I attached the computer to the domain using the realm utility. It looks nice.
[root@KOM-OVIRT1 ~]# realm list ad.holding.com type: kerberos realm-name: AD.HOLDING.COM domain-name: ad.holding.com configured: kerberos-member server-software: active-directory client-software: sssd required-package: oddjob required-package: oddjob-mkhomedir required-package: sssd required-package: adcli required-package: samba-common login-formats: %U@ad.holding.com login-policy: allow-permitted-logins permitted-logins: permitted-groups: KOM-SRV-Linux-Admins@ad.holding.com
However, getent does not return information about domain accounts:
[root@KOM-OVIRT1 ~]# getent passwd aleksey@ad.holding.com [root@KOM-OVIRT1 ~]#
getent for local accounts work:
[root@KOM-OVIRT1 ~]# getent passwd root root:x:0:0:root:/root:/bin/bash
oVirt Hosted Engine guest OS has some tricky authorization settings? Can you help me? _______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Thank You for the advice, Karli Problem solved here: https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.o... Again sorry for offtopic 19.10.2016, 15:23, "Karli Sjöberg" <karli.sjoberg@slu.se>:
On Wed, 2016-10-19 at 13:48 +0300, aleksey.maksimov@it-kb.ru wrote:
Hello oVirt guru`s!
I'm sorry for possible offtopic, but I do not know where to seek help.
I want to set up Active Directory domain authorization in oVirt Hosted Engine guest OS.
For this I use SSSD as described here: https://blog.it-kb.ru/2016/10/15/join-debian-gnu-linux-8-6-to-active- directory-domain-with-sssd-and-realmd-for-authentication-and- configure-ad-domain-security-group-authorization-for-sudo-and-ssh- with-putty-sso/
I used this[*] that worked for me (at least on Ubuntu) yesterday. Adjust accordingly for CentOS.
/K
[*] https://help.ubuntu.com/lts/serverguide/sssd-ad.html
I attached the computer to the domain using the realm utility. It looks nice.
[root@KOM-OVIRT1 ~]# realm list ad.holding.com type: kerberos realm-name: AD.HOLDING.COM domain-name: ad.holding.com configured: kerberos-member server-software: active-directory client-software: sssd required-package: oddjob required-package: oddjob-mkhomedir required-package: sssd required-package: adcli required-package: samba-common login-formats: %U@ad.holding.com login-policy: allow-permitted-logins permitted-logins: permitted-groups: KOM-SRV-Linux-Admins@ad.holding.com
However, getent does not return information about domain accounts:
[root@KOM-OVIRT1 ~]# getent passwd aleksey@ad.holding.com [root@KOM-OVIRT1 ~]#
getent for local accounts work:
[root@KOM-OVIRT1 ~]# getent passwd root root:x:0:0:root:/root:/bin/bash
oVirt Hosted Engine guest OS has some tricky authorization settings? Can you help me? _______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
participants (2)
-
aleksey.maksimov@it-kb.ru -
Karli Sjöberg