[ovirt-users] Active Directory domain authorization in oVirt Hosted Engine guest OS

aleksey.maksimov at it-kb.ru aleksey.maksimov at it-kb.ru
Wed Oct 19 10:48:41 UTC 2016

Hello oVirt guru`s!

I'm sorry for possible offtopic, but I do not know where to seek help.

I want to set up Active Directory domain authorization in oVirt Hosted Engine guest OS.

For this I use SSSD as described here: 

I attached the computer to the domain using the realm utility.
It looks nice.

[root at KOM-OVIRT1 ~]# realm list
  type: kerberos
  realm-name: AD.HOLDING.COM
  domain-name: ad.holding.com
  configured: kerberos-member
  server-software: active-directory
  client-software: sssd
  required-package: oddjob
  required-package: oddjob-mkhomedir
  required-package: sssd
  required-package: adcli
  required-package: samba-common
  login-formats: %U at ad.holding.com
  login-policy: allow-permitted-logins
  permitted-groups: KOM-SRV-Linux-Admins at ad.holding.com

However, getent does not return information about domain accounts:

[root at KOM-OVIRT1 ~]# getent passwd aleksey at ad.holding.com
[root at KOM-OVIRT1 ~]# 

getent for local accounts work:

[root at KOM-OVIRT1 ~]# getent passwd root

oVirt Hosted Engine guest OS has some tricky authorization settings?
Can you help me?

More information about the Users mailing list