[ovirt-users] oVirt 4.0.4 and Active Directory Kerberos SSO for Administration/User Portal. Troubleshooting

Ondra Machacek omachace at redhat.com
Fri Sep 30 12:52:53 UTC 2016

On 09/30/2016 02:44 PM, aleksey.maksimov at it-kb.ru wrote:
> Hello oVirt guru`s!
> I set up oVirt integration with Active Directory LDAP according to the manual:
> https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Virtualization/3.6/html/Administration_Guide/sect-Configuring_an_External_LDAP_Provider.html#Configuring_an_External_LDAP_Provider_ManualMethod
> I created a profile integration with my domain. All is working well.
> Now I'm trying to configure single sign-on for portals based on Kerberos.
> All settings are performed according to the manual:
> https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Virtualization/3.6/html/Administration_Guide/Configuring_LDAP_and_Kerberos_for_Single_Sign-on.html
> Kerberos client tested and working. However, SSO is not working.

So if you run kinit and then:

  $ curl --negotiate -u : -X GET -H "Accept: application/xml" -k 

It's fine?

> Please tell me how to find the cause of the problem. What are the steps to troubleshooting to do?

On oVirt engine check:


On AD check kerberos log.

> _______________________________________________
> Users mailing list
> Users at ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users

More information about the Users mailing list