Red Hat Summit Red Hat Summit지원콘솔개발자평가판 시작연락처

이 콘텐츠는 선택한 언어로 제공되지 않습니다.

Chapter 4. Additional Configuration

4.1. Configuring Single Sign-On for Virtual Machines
링크 복사

Configuring single sign-on, also known as password delegation, allows you to automatically log in to a virtual machine using the credentials you use to log in to the User Portal. Single sign-on can be used on both Red Hat Enterprise Linux and Windows virtual machines.

Important

If single sign-on to the User Portal is enabled, single sign-on to virtual machines will not be possible. With single sign-on to the User Portal enabled, the User Portal does not need to accept a password, thus the password cannot be delegated to sign in to virtual machines.
To configure single sign-on for Red Hat Enterprise Linux virtual machines using GNOME and KDE graphical desktop environments and IPA (IdM) servers, you must install the rhevm-guest-agent package on the virtual machine and install the packages associated with your window manager.

Important

The following procedure assumes that you have a working IPA configuration and that the IPA domain is already joined to the Manager. You must also ensure that the clocks on the Manager, the virtual machine and the system on which IPA (IdM) is hosted are synchronized using NTP.

Procedure 4.1. Configuring Single Sign-On for Red Hat Enterprise Linux Virtual Machines

  1. Log in to the Red Hat Enterprise Linux virtual machine.
  2. Enable the required channel:
    • For Red Hat Enterprise Linux 6 
      # subscription-manager repos --enable=rhel-6-server-rhev-agent-rpms
      Copy to Clipboard Toggle word wrap
    • For Red Hat Enterprise Linux 7 
      # subscription-manager repos --enable=rhel-7-server-rh-common-rpms
      Copy to Clipboard Toggle word wrap
  3. Download and install the guest agent packages: 
    # yum install rhevm-guest-agent-common
    Copy to Clipboard Toggle word wrap
  4. Install the single sign-on packages: 
    # yum install rhevm-guest-agent-pam-module
# yum install rhevm-guest-agent-gdm-plugin
    Copy to Clipboard Toggle word wrap
  5. Install the IPA packages: 
    # yum install ipa-client
    Copy to Clipboard Toggle word wrap
  6. Run the following command and follow the prompts to configure ipa-client and join the virtual machine to the domain: 
    # ipa-client-install --permit --mkhomedir
    Copy to Clipboard Toggle word wrap

    Note

    In environments that use DNS obfuscation, this command should be: 
    # ipa-client-install --domain=FQDN --server==FQDN
    Copy to Clipboard Toggle word wrap
  7. For Red Hat Enterprise Linux 7.2, run: 
    # authconfig --enablenis --update
    Copy to Clipboard Toggle word wrap

    Note

    Red Hat Enterprise Linux 7.2 has a new version of the System Security Services Daemon (SSSD) which introduces configuration that is incompatible with the Red Hat Enterprise Virtualization Manager guest agent single sign-on implementation. The command will ensure that single sign-on works.
  8. Fetch the details of an IPA user: 
    # getent passwd IPA_user_name
    Copy to Clipboard Toggle word wrap
    This will return something like this: 
    some-ipa-user:*:936600010:936600001::/home/some-ipa-user:/bin/sh
    Copy to Clipboard Toggle word wrap
    You will need this information in the next step to create a home directory for some-ipa-user.
  9. Set up a home directory for the IPA user:
    1. Create the new user's home directory: 
      # mkdir /home/some-ipa-user
      Copy to Clipboard Toggle word wrap
    2. Give the new user ownership of the new user's home directory: 
      # chown 935500010:936600001 /home/some-ipa-user
      Copy to Clipboard Toggle word wrap
Log in to the User Portal using the user name and password of a user configured to use single sign-on and connect to the console of the virtual machine. You will be logged in automatically.
To configure single sign-on for Red Hat Enterprise Linux virtual machines using GNOME and KDE graphical desktop environments and Active Directory, you must install the rhevm-guest-agent package on the virtual machine, install the packages associated with your window manager and join the virtual machine to the domain.

Important

The following procedure assumes that you have a working Active Directory configuration and that the Active Directory domain is already joined to the Manager. You must also ensure that the clocks on the Manager, the virtual machine and the system on which Active Directory is hosted are synchronized using NTP.

Procedure 4.2. Configuring Single Sign-On for Red Hat Enterprise Linux Virtual Machines

  1. Log in to the Red Hat Enterprise Linux virtual machine.
  2. Enable the Red Hat Enterprise Virtualization Agent channel:
    • For Red Hat Enterprise Linux 6 
      # subscription-manager repos --enable=rhel-6-server-rhev-agent-rpms
      Copy to Clipboard Toggle word wrap
    • For Red Hat Enterprise Linux 7 
      # subscription-manager repos --enable=rhel-7-server-rh-common-rpms
      Copy to Clipboard Toggle word wrap
  3. Download and install the guest agent packages: 
    # yum install rhevm-guest-agent-common
    Copy to Clipboard Toggle word wrap
  4. Install the single sign-on packages: 
    # yum install rhev-agent-gdm-plugin-rhevcred
    Copy to Clipboard Toggle word wrap
  5. Install the Samba client packages: 
    # yum install samba-client samba-winbind samba-winbind-clients
    Copy to Clipboard Toggle word wrap
  6. On the virtual machine, modify the /etc/samba/smb.conf file to contain the following, replacing DOMAIN with the short domain name and REALM.LOCAL with the Active Directory realm: 
    [global]
   workgroup = DOMAIN
   realm = REALM.LOCAL
   log level = 2
   syslog = 0
   server string = Linux File Server
   security = ads
   log file = /var/log/samba/%m
   max log size = 50
   printcap name = cups
   printing = cups
   winbind enum users = Yes
   winbind enum groups = Yes
   winbind use default domain = true
   winbind separator = +
   idmap uid = 1000000-2000000
   idmap gid = 1000000-2000000
   template shell = /bin/bash
    Copy to Clipboard Toggle word wrap
  7. Join the virtual machine to the domain: 
    net ads join -U user_name
    Copy to Clipboard Toggle word wrap
  8. Start the winbind service and ensure it starts on boot: 
    # service winbind start
# chkconfig winbind on
    Copy to Clipboard Toggle word wrap
  9. Verify that the system can communicate with Active Directory:
    1. Verify that a trust relationship has been created: 
      # wbinfo -t
      Copy to Clipboard Toggle word wrap
    2. Verify that you can list users: 
      # wbinfo -u
      Copy to Clipboard Toggle word wrap
    3. Verify that you can list groups: 
      # wbinfo -g
      Copy to Clipboard Toggle word wrap
  10. Configure the NSS and PAM stack:
    1. Open the Authentication Configuration window: 
      # authconfig-tui
      Copy to Clipboard Toggle word wrap
    2. Select the Use Winbind check box, select Next and press Enter.
    3. Select the OK button and press Enter.
Log in to the User Portal using the user name and password of a user configured to use single sign-on and connect to the console of the virtual machine. You will be logged in automatically.

4.1.3. Configuring Single Sign-On for Windows Virtual Machines
링크 복사

To configure single sign-on for Windows virtual machines, the Windows guest agent must be installed on the guest virtual machine. The RHEV Guest Tools ISO file provides this agent. If the RHEV-toolsSetup.iso image is not available in your ISO domain, contact your system administrator.

Procedure 4.3. Configuring Single Sign-On for Windows Virtual Machines

  1. Select the Windows virtual machine. Ensure the machine is powered up.
  2. Click Change CD.
  3. Select RHEV-toolsSetup.iso from the list of images.
  4. Click OK.
  5. Click the Console icon and log in to the virtual machine.
  6. On the virtual machine, locate the CD drive to access the contents of the guest tools ISO file and launch RHEV-ToolsSetup.exe. After the tools have been installed, you will be prompted to restart the machine to apply the changes.
Log in to the User Portal using the user name and password of a user configured to use single sign-on and connect to the console of the virtual machine. You will be logged in automatically.

4.1.4. Disabling Single Sign-on for Virtual Machines
링크 복사

The following procedure explains how to disable single sign-on for a virtual machine.

Procedure 4.4. Disabling Single Sign-On for Virtual Machines

  1. Select a virtual machine and click Edit.
  2. Click the Console tab.
  3. Select the Disable Single Sign On check box.
  4. Click OK.
맨 위로 이동
Red Hat logoGithubredditYoutubeTwitter

자세한 정보

평가판, 구매 및 판매

커뮤니티

Red Hat 문서 정보

Red Hat을 사용하는 고객은 신뢰할 수 있는 콘텐츠가 포함된 제품과 서비스를 통해 혁신하고 목표를 달성할 수 있습니다. 최신 업데이트를 확인하세요.

보다 포괄적 수용을 위한 오픈 소스 용어 교체

Red Hat은 코드, 문서, 웹 속성에서 문제가 있는 언어를 교체하기 위해 최선을 다하고 있습니다. 자세한 내용은 다음을 참조하세요.Red Hat 블로그.

Red Hat 소개

Red Hat은 기업이 핵심 데이터 센터에서 네트워크 에지에 이르기까지 플랫폼과 환경 전반에서 더 쉽게 작업할 수 있도록 강화된 솔루션을 제공합니다.

Theme

© 2025 Red Hat