As per my previous post we should have Active Directory up and running in our RHEV-M.
So how about setting up SSO on our RHEL guests? In order to do that we should follow this simple procedure.
First of all we need to install our rhev agent that is found in a special channel and winbind client:
rhn-channel --add --channel=rhel-x86_64-rhev-agent-6-server yum install rhev-agent rhev-agent-gdm-plugin-rhevcred samba-winbind-clients
Next of all we need to activate AD authentification on our guest, for example (RHEVM is our test Domain):
system-config-authentication User Account => Winbind Winbind Domain => RHEVM Security Model => ads Winbind ADS Realm => RHEVM Winbind Domain Controller => ad.rhevm.test Template Shell => /bin/bash Join Domain => Joined domain RHEVM.
If is not working double check your configuration files and DNS resolution:
/etc/samba/smb.conf /etc/krb5.conf /etc/resolv.conf
And finally, just in case, check that winbind is properly working, we could check some users/groups for example:
wbinfo -t wbinfo -u wbinfo -g getent passwd "RHEVM\testuser"
As a last step, check that we can login/sudo with an AD user on this guest:
su - 'RHEVM\testuser' ssh 'RHEVM\testuser'@localhost
Finally restart GDM daemon and rhev-agent service:
service rhev-agentd restart pkill -f gdm-binary
And try to Single Sign On through GDM! It should work!
If it doesn’t work put in debug mode rhev-agent and try to figure out why is not working:
vi /etc/rhev-agent.conf ... level=DEBUG ... service rhev-agentd restart tail -f /var/log/rhev-agent/rhev-agent.log