Este conteúdo não está disponível no idioma selecionado.
Chapter 4. Additional Configuration
4.1. Configuring Single Sign-On for Virtual Machines
Important
4.1.1. Configuring Single Sign-On for Red Hat Enterprise Linux Virtual Machines Using IPA (IdM)
Important
Procedure 4.1. Configuring Single Sign-On for Red Hat Enterprise Linux Virtual Machines
- Log in to the Red Hat Enterprise Linux virtual machine.
- Enable the required channel:- For Red Hat Enterprise Linux 6subscription-manager repos --enable=rhel-6-server-rhev-agent-rpms # subscription-manager repos --enable=rhel-6-server-rhev-agent-rpmsCopy to Clipboard Copied! Toggle word wrap Toggle overflow 
- For Red Hat Enterprise Linux 7subscription-manager repos --enable=rhel-7-server-rh-common-rpms # subscription-manager repos --enable=rhel-7-server-rh-common-rpmsCopy to Clipboard Copied! Toggle word wrap Toggle overflow 
 
- Download and install the guest agent packages:yum install rhevm-guest-agent-common # yum install rhevm-guest-agent-commonCopy to Clipboard Copied! Toggle word wrap Toggle overflow 
- Install the single sign-on packages:yum install rhevm-guest-agent-pam-module yum install rhevm-guest-agent-gdm-plugin # yum install rhevm-guest-agent-pam-module # yum install rhevm-guest-agent-gdm-pluginCopy to Clipboard Copied! Toggle word wrap Toggle overflow 
- Install the IPA packages:yum install ipa-client # yum install ipa-clientCopy to Clipboard Copied! Toggle word wrap Toggle overflow 
- Run the following command and follow the prompts to configure ipa-client and join the virtual machine to the domain:ipa-client-install --permit --mkhomedir # ipa-client-install --permit --mkhomedirCopy to Clipboard Copied! Toggle word wrap Toggle overflow Note In environments that use DNS obfuscation, this command should be:ipa-client-install --domain=FQDN --server==FQDN # ipa-client-install --domain=FQDN --server==FQDNCopy to Clipboard Copied! Toggle word wrap Toggle overflow 
- For Red Hat Enterprise Linux 7.2, run:authconfig --enablenis --update # authconfig --enablenis --updateCopy to Clipboard Copied! Toggle word wrap Toggle overflow Note Red Hat Enterprise Linux 7.2 has a new version of the System Security Services Daemon (SSSD) which introduces configuration that is incompatible with the Red Hat Enterprise Virtualization Manager guest agent single sign-on implementation. The command will ensure that single sign-on works.
- Fetch the details of an IPA user:getent passwd IPA_user_name # getent passwd IPA_user_nameCopy to Clipboard Copied! Toggle word wrap Toggle overflow This will return something like this:some-ipa-user:*:936600010:936600001::/home/some-ipa-user:/bin/sh some-ipa-user:*:936600010:936600001::/home/some-ipa-user:/bin/shCopy to Clipboard Copied! Toggle word wrap Toggle overflow You will need this information in the next step to create a home directory for some-ipa-user.
- Set up a home directory for the IPA user:- Create the new user's home directory:mkdir /home/some-ipa-user # mkdir /home/some-ipa-userCopy to Clipboard Copied! Toggle word wrap Toggle overflow 
- Give the new user ownership of the new user's home directory:chown 935500010:936600001 /home/some-ipa-user # chown 935500010:936600001 /home/some-ipa-userCopy to Clipboard Copied! Toggle word wrap Toggle overflow 
 
4.1.2. Configuring Single Sign-On for Red Hat Enterprise Linux Virtual Machines Using Active Directory
Important
Procedure 4.2. Configuring Single Sign-On for Red Hat Enterprise Linux Virtual Machines
- Log in to the Red Hat Enterprise Linux virtual machine.
- Enable the Red Hat Enterprise Virtualization Agent channel:- For Red Hat Enterprise Linux 6subscription-manager repos --enable=rhel-6-server-rhev-agent-rpms # subscription-manager repos --enable=rhel-6-server-rhev-agent-rpmsCopy to Clipboard Copied! Toggle word wrap Toggle overflow 
- For Red Hat Enterprise Linux 7subscription-manager repos --enable=rhel-7-server-rh-common-rpms # subscription-manager repos --enable=rhel-7-server-rh-common-rpmsCopy to Clipboard Copied! Toggle word wrap Toggle overflow 
 
- Download and install the guest agent packages:yum install rhevm-guest-agent-common # yum install rhevm-guest-agent-commonCopy to Clipboard Copied! Toggle word wrap Toggle overflow 
- Install the single sign-on packages:yum install rhev-agent-gdm-plugin-rhevcred # yum install rhev-agent-gdm-plugin-rhevcredCopy to Clipboard Copied! Toggle word wrap Toggle overflow 
- Install the Samba client packages:yum install samba-client samba-winbind samba-winbind-clients # yum install samba-client samba-winbind samba-winbind-clientsCopy to Clipboard Copied! Toggle word wrap Toggle overflow 
- On the virtual machine, modify the/etc/samba/smb.conffile to contain the following, replacingDOMAINwith the short domain name andREALM.LOCALwith the Active Directory realm:Copy to Clipboard Copied! Toggle word wrap Toggle overflow 
- Join the virtual machine to the domain:net ads join -U user_name net ads join -U user_nameCopy to Clipboard Copied! Toggle word wrap Toggle overflow 
- Start the winbind service and ensure it starts on boot:service winbind start chkconfig winbind on # service winbind start # chkconfig winbind onCopy to Clipboard Copied! Toggle word wrap Toggle overflow 
- Verify that the system can communicate with Active Directory:- Verify that a trust relationship has been created:wbinfo -t # wbinfo -tCopy to Clipboard Copied! Toggle word wrap Toggle overflow 
- Verify that you can list users:wbinfo -u # wbinfo -uCopy to Clipboard Copied! Toggle word wrap Toggle overflow 
- Verify that you can list groups:wbinfo -g # wbinfo -gCopy to Clipboard Copied! Toggle word wrap Toggle overflow 
 
- Configure the NSS and PAM stack:- Open the Authentication Configuration window:authconfig-tui # authconfig-tuiCopy to Clipboard Copied! Toggle word wrap Toggle overflow 
- Select the Use Winbind check box, select Next and press Enter.
- Select the OK button and press Enter.
 
4.1.3. Configuring Single Sign-On for Windows Virtual Machines
RHEV Guest Tools ISO file provides this agent. If the RHEV-toolsSetup.iso image is not available in your ISO domain, contact your system administrator.
	Procedure 4.3. Configuring Single Sign-On for Windows Virtual Machines
- Select the Windows virtual machine. Ensure the machine is powered up.
- Click Change CD.
- SelectRHEV-toolsSetup.isofrom the list of images.
- Click OK.
- Click the Console icon and log in to the virtual machine.
- On the virtual machine, locate the CD drive to access the contents of the guest tools ISO file and launchRHEV-ToolsSetup.exe. After the tools have been installed, you will be prompted to restart the machine to apply the changes.
4.1.4. Disabling Single Sign-on for Virtual Machines
Procedure 4.4. Disabling Single Sign-On for Virtual Machines
- Select a virtual machine and click .
- Click the Console tab.
- Select the Disable Single Sign On check box.
- Click .