As per my previous post we should have Active Directory up and running in our RHEV-M.
So how about setting up SSO on our RHEL guests? In order to do that we should follow this simple procedure.
First of all we need to install our rhev agent that is found in a special channel and winbind client:
rhn-channel --add --channel=rhel-x86_64-rhev-agent-6-server
yum install rhev-agent rhev-agent-gdm-plugin-rhevcred samba-winbind-clients
Next of all we need to activate AD authentification on our guest, for example (RHEVM is our test Domain):
system-config-authentication
User Account => Winbind
Winbind Domain => RHEVM
Security Model => ads
Winbind ADS Realm => RHEVM
Winbind Domain Controller => ad.rhevm.test
Template Shell => /bin/bash
Join Domain => Joined domain RHEVM.
If is not working double check your configuration files and DNS resolution:
/etc/samba/smb.conf
/etc/krb5.conf
/etc/resolv.conf
And finally, just in case, check that winbind is properly working, we could check some users/groups for example:
wbinfo -t
wbinfo -u
wbinfo -g
getent passwd "RHEVM\testuser"
As a last step, check that we can login/sudo with an AD user on this guest:
su - 'RHEVM\testuser'
ssh 'RHEVM\testuser'@localhost
Finally restart GDM daemon and rhev-agent service:
service rhev-agentd restart
pkill -f gdm-binary
And try to Single Sign On through GDM! It should work!
If it doesn’t work put in debug mode rhev-agent and try to figure out why is not working:
vi /etc/rhev-agent.conf
...
level=DEBUG
...
service rhev-agentd restart
tail -f /var/log/rhev-agent/rhev-agent.log