Tag Archives: sso

Single Sign On in RHEV3 using GDM and Active Directory

As per my previous post we should have Active Directory up and running in our RHEV-M.

So how about setting up SSO on our RHEL guests? In order to do that we should follow this simple procedure.

First of all we need to install our rhev agent that is found in a special channel and winbind client:

rhn-channel --add --channel=rhel-x86_64-rhev-agent-6-server
yum install rhev-agent rhev-agent-gdm-plugin-rhevcred samba-winbind-clients

Next of all we need to activate AD authentification on our guest, for example (RHEVM is our test Domain):

system-config-authentication
  User Account => Winbind
  Winbind Domain => RHEVM
  Security Model => ads
  Winbind ADS Realm => RHEVM
  Winbind Domain Controller => ad.rhevm.test
  Template Shell => /bin/bash
  Join Domain  => Joined domain RHEVM.

If is not working double check your configuration files and DNS resolution:

/etc/samba/smb.conf 
/etc/krb5.conf 
/etc/resolv.conf

And finally, just in case, check that winbind is properly working, we could check some users/groups for example:

wbinfo -t
wbinfo -u
wbinfo -g
getent passwd "RHEVM\testuser"

As a last step, check that we can login/sudo with an AD user on this guest:

su - 'RHEVM\testuser'
ssh 'RHEVM\testuser'@localhost

Finally restart GDM daemon and rhev-agent service:

service rhev-agentd restart
pkill -f gdm-binary

And try to Single Sign On through GDM! It should work!

If it doesn’t work put in debug mode rhev-agent and try to figure out why is not working:

vi /etc/rhev-agent.conf
  ...
  level=DEBUG
  ...
service rhev-agentd restart
tail -f /var/log/rhev-agent/rhev-agent.log