[ovirt-users] Active Directory domain authorization in oVirt Hosted Engine guest OS
aleksey.maksimov at it-kb.ru
aleksey.maksimov at it-kb.ru
Wed Oct 19 10:48:41 UTC 2016
Hello oVirt guru`s!
I'm sorry for possible offtopic, but I do not know where to seek help.
I want to set up Active Directory domain authorization in oVirt Hosted Engine guest OS.
For this I use SSSD as described here:
https://blog.it-kb.ru/2016/10/15/join-debian-gnu-linux-8-6-to-active-directory-domain-with-sssd-and-realmd-for-authentication-and-configure-ad-domain-security-group-authorization-for-sudo-and-ssh-with-putty-sso/
I attached the computer to the domain using the realm utility.
It looks nice.
[root at KOM-OVIRT1 ~]# realm list
ad.holding.com
type: kerberos
realm-name: AD.HOLDING.COM
domain-name: ad.holding.com
configured: kerberos-member
server-software: active-directory
client-software: sssd
required-package: oddjob
required-package: oddjob-mkhomedir
required-package: sssd
required-package: adcli
required-package: samba-common
login-formats: %U at ad.holding.com
login-policy: allow-permitted-logins
permitted-logins:
permitted-groups: KOM-SRV-Linux-Admins at ad.holding.com
However, getent does not return information about domain accounts:
[root at KOM-OVIRT1 ~]# getent passwd aleksey at ad.holding.com
[root at KOM-OVIRT1 ~]#
getent for local accounts work:
[root at KOM-OVIRT1 ~]# getent passwd root
root:x:0:0:root:/root:/bin/bash
oVirt Hosted Engine guest OS has some tricky authorization settings?
Can you help me?
More information about the Users
mailing list