[ovirt-users] Active Directory domain authorization in oVirt Hosted Engine guest OS
aleksey.maksimov at it-kb.ru
aleksey.maksimov at it-kb.ru
Thu Oct 20 12:30:44 UTC 2016
Thank You for the advice, Karli
Problem solved here: https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.org/thread/NDBFLJ774A2TUWC65CHRQ5XVL3DGVMQR/
Again sorry for offtopic
19.10.2016, 15:23, "Karli Sjöberg" <karli.sjoberg at slu.se>:
> On Wed, 2016-10-19 at 13:48 +0300, aleksey.maksimov at it-kb.ru wrote:
>> Hello oVirt guru`s!
>>
>> I'm sorry for possible offtopic, but I do not know where to seek
>> help.
>>
>> I want to set up Active Directory domain authorization in oVirt
>> Hosted Engine guest OS.
>>
>> For this I use SSSD as described here:
>> https://blog.it-kb.ru/2016/10/15/join-debian-gnu-linux-8-6-to-active-
>> directory-domain-with-sssd-and-realmd-for-authentication-and-
>> configure-ad-domain-security-group-authorization-for-sudo-and-ssh-
>> with-putty-sso/
>
> I used this[*] that worked for me (at least on Ubuntu) yesterday.
> Adjust accordingly for CentOS.
>
> /K
>
> [*] https://help.ubuntu.com/lts/serverguide/sssd-ad.html
>
>> I attached the computer to the domain using the realm utility.
>> It looks nice.
>>
>> [root at KOM-OVIRT1 ~]# realm list
>> ad.holding.com
>> type: kerberos
>> realm-name: AD.HOLDING.COM
>> domain-name: ad.holding.com
>> configured: kerberos-member
>> server-software: active-directory
>> client-software: sssd
>> required-package: oddjob
>> required-package: oddjob-mkhomedir
>> required-package: sssd
>> required-package: adcli
>> required-package: samba-common
>> login-formats: %U at ad.holding.com
>> login-policy: allow-permitted-logins
>> permitted-logins:
>> permitted-groups: KOM-SRV-Linux-Admins at ad.holding.com
>>
>> However, getent does not return information about domain accounts:
>>
>> [root at KOM-OVIRT1 ~]# getent passwd aleksey at ad.holding.com
>> [root at KOM-OVIRT1 ~]#
>>
>> getent for local accounts work:
>>
>> [root at KOM-OVIRT1 ~]# getent passwd root
>> root:x:0:0:root:/root:/bin/bash
>>
>> oVirt Hosted Engine guest OS has some tricky authorization settings?
>> Can you help me?
>> _______________________________________________
>> Users mailing list
>> Users at ovirt.org
>> http://lists.ovirt.org/mailman/listinfo/users
More information about the Users
mailing list