Este contenido no está disponible en el idioma seleccionado.
Chapter 4. Additional Configuration
4.1. Configuring Single Sign-On for Virtual Machines
Important
4.1.1. Configuring Single Sign-On for Red Hat Enterprise Linux Virtual Machines Using IPA (IdM)
Important
Procedure 4.1. Configuring Single Sign-On for Red Hat Enterprise Linux Virtual Machines
- Log in to the Red Hat Enterprise Linux virtual machine.
- Enable the required repository:
- For Red Hat Enterprise Linux 6
# subscription-manager repos --enable=rhel-6-server-rhv-4-agent-rpms
- For Red Hat Enterprise Linux 7
# subscription-manager repos --enable=rhel-7-server-rh-common-rpms
- Download and install the guest agent packages:
# yum install ovirt-guest-agent-common
- Install the single sign-on packages:
# yum install ovirt-guest-agent-pam-module # yum install ovirt-guest-agent-gdm-plugin
- Install the IPA packages:
# yum install ipa-client
- Run the following command and follow the prompts to configure ipa-client and join the virtual machine to the domain:
# ipa-client-install --permit --mkhomedir
Note
In environments that use DNS obfuscation, this command should be:# ipa-client-install --domain=FQDN --server==FQDN
- For Red Hat Enterprise Linux 7.2 and later, run:
# authconfig --enablenis --update
Note
Red Hat Enterprise Linux 7.2 has a new version of the System Security Services Daemon (SSSD) which introduces configuration that is incompatible with the Red Hat Virtualization Manager guest agent single sign-on implementation. The command will ensure that single sign-on works. - Fetch the details of an IPA user:
# getent passwd IPA_user_name
This will return something like this:some-ipa-user:*:936600010:936600001::/home/some-ipa-user:/bin/sh
You will need this information in the next step to create a home directory for some-ipa-user. - Set up a home directory for the IPA user:
- Create the new user's home directory:
# mkdir /home/some-ipa-user
- Give the new user ownership of the new user's home directory:
# chown 935500010:936600001 /home/some-ipa-user
4.1.2. Configuring Single Sign-On for Red Hat Enterprise Linux Virtual Machines Using Active Directory
Important
Procedure 4.2. Configuring Single Sign-On for Red Hat Enterprise Linux Virtual Machines
- Log in to the Red Hat Enterprise Linux virtual machine.
- Enable the Red Hat Virtualization Agent repository:
- For Red Hat Enterprise Linux 6
# subscription-manager repos --enable=rhel-6-server-rhv-4-agent-rpms
- For Red Hat Enterprise Linux 7
# subscription-manager repos --enable=rhel-7-server-rh-common-rpms
- Download and install the guest agent packages:
# yum install ovirt-guest-agent-common
- Install the single sign-on packages:
# yum install ovirt-guest-agent-gdm-plugin
- Install the Samba client packages:
# yum install samba-client samba-winbind samba-winbind-clients
- On the virtual machine, modify the
/etc/samba/smb.conf
file to contain the following, replacingDOMAIN
with the short domain name andREALM.LOCAL
with the Active Directory realm:[global] workgroup = DOMAIN realm = REALM.LOCAL log level = 2 syslog = 0 server string = Linux File Server security = ads log file = /var/log/samba/%m max log size = 50 printcap name = cups printing = cups winbind enum users = Yes winbind enum groups = Yes winbind use default domain = true winbind separator = + idmap uid = 1000000-2000000 idmap gid = 1000000-2000000 template shell = /bin/bash
- Join the virtual machine to the domain:
net ads join -U user_name
- Start the winbind service and ensure it starts on boot:
- For Red Hat Enterprise Linux 6
# service winbind start # chkconfig winbind on
- For Red Hat Enterprise Linux 7
# systemctl start winbind.service # systemctl enable winbind.service
- Verify that the system can communicate with Active Directory:
- Verify that a trust relationship has been created:
# wbinfo -t
- Verify that you can list users:
# wbinfo -u
- Verify that you can list groups:
# wbinfo -g
- Configure the NSS and PAM stack:
- Open the Authentication Configuration window:
# authconfig-tui
- Select the Use Winbind check box, select Next and press Enter.
- Select the OK button and press Enter.
4.1.3. Configuring Single Sign-On for Windows Virtual Machines
RHEV Guest Tools
ISO file provides this agent. If the RHEV-toolsSetup.iso
image is not available in your ISO domain, contact your system administrator.
Procedure 4.3. Configuring Single Sign-On for Windows Virtual Machines
- Select the Windows virtual machine. Ensure the machine is powered up.
- Click Change CD.
- Select
RHEV-toolsSetup.iso
from the list of images. - Click OK.
- Click the Console icon and log in to the virtual machine.
- On the virtual machine, locate the CD drive to access the contents of the guest tools ISO file and launch
RHEV-ToolsSetup.exe
. After the tools have been installed, you will be prompted to restart the machine to apply the changes.
4.1.4. Disabling Single Sign-on for Virtual Machines
Procedure 4.4. Disabling Single Sign-On for Virtual Machines
- Select a virtual machine and click.
- Click the Console tab.
- Select the Disable Single Sign On check box.
- Click.