[ovirt-users] Active Directory domain authorization in oVirt Hosted Engine guest OS
Karli Sjöberg
karli.sjoberg at slu.se
Wed Oct 19 12:23:39 UTC 2016
On Wed, 2016-10-19 at 13:48 +0300, aleksey.maksimov at it-kb.ru wrote:
> Hello oVirt guru`s!
>
> I'm sorry for possible offtopic, but I do not know where to seek
> help.
>
> I want to set up Active Directory domain authorization in oVirt
> Hosted Engine guest OS.
>
> For this I use SSSD as described here:
> https://blog.it-kb.ru/2016/10/15/join-debian-gnu-linux-8-6-to-active-
> directory-domain-with-sssd-and-realmd-for-authentication-and-
> configure-ad-domain-security-group-authorization-for-sudo-and-ssh-
> with-putty-sso/
I used this[*] that worked for me (at least on Ubuntu) yesterday.
Adjust accordingly for CentOS.
/K
[*] https://help.ubuntu.com/lts/serverguide/sssd-ad.html
>
> I attached the computer to the domain using the realm utility.
> It looks nice.
>
> [root at KOM-OVIRT1 ~]# realm list
> ad.holding.com
> type: kerberos
> realm-name: AD.HOLDING.COM
> domain-name: ad.holding.com
> configured: kerberos-member
> server-software: active-directory
> client-software: sssd
> required-package: oddjob
> required-package: oddjob-mkhomedir
> required-package: sssd
> required-package: adcli
> required-package: samba-common
> login-formats: %U at ad.holding.com
> login-policy: allow-permitted-logins
> permitted-logins:
> permitted-groups: KOM-SRV-Linux-Admins at ad.holding.com
>
> However, getent does not return information about domain accounts:
>
> [root at KOM-OVIRT1 ~]# getent passwd aleksey at ad.holding.com
> [root at KOM-OVIRT1 ~]#
>
> getent for local accounts work:
>
> [root at KOM-OVIRT1 ~]# getent passwd root
> root:x:0:0:root:/root:/bin/bash
>
> oVirt Hosted Engine guest OS has some tricky authorization settings?
> Can you help me?
> _______________________________________________
> Users mailing list
> Users at ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
>
More information about the Users
mailing list