Re: [ovirt-users] kerberos and AAA
Thanks Rafael. I forgot to mention that this is an AD host, which just uses kerberos keytabs to establish trust, so it looks like the best option is to install krb5 tools and sssd. Cheers, Cam On Mon, Sep 26, 2016 at 5:09 PM, Rafael Martins <rmart...@redhat.com> wrote: > - Original Message - > > From: "cmc" <iuco...@gmail.com> > > To: "users" <users@ovirt.org> > > Sent: Monday, September 26, 2016 6:04:05 PM > > Subject: [ovirt-users] kerberos and AAA > > > > Hi, > > > > I've installed the LDAP AAA module for oVirt on the engine host, but I > > suspect I also need to bind the host to the domain first as I am getting > > 'peer not authenticated' when I try the auth. Is it ok to install sssd > and > > the kerberos tools without on the engine host manually? I know that in > > general you should avoid installing things manually so wanted to check > > first. > > If you have access to the LDAP server you can just create the keys there > and transfer to the engine host, or just install the tools in engine host > and bind. It is not supposed to produce issues. > > Rafael > > > Thanks, > > > > Cam > > > > ___ > > Users mailing list > > Users@ovirt.org > > http://lists.ovirt.org/mailman/listinfo/users > > > ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] kerberos and AAA
- Original Message - > From: "cmc" <iuco...@gmail.com> > To: "users" <users@ovirt.org> > Sent: Monday, September 26, 2016 6:04:05 PM > Subject: [ovirt-users] kerberos and AAA > > Hi, > > I've installed the LDAP AAA module for oVirt on the engine host, but I > suspect I also need to bind the host to the domain first as I am getting > 'peer not authenticated' when I try the auth. Is it ok to install sssd and > the kerberos tools without on the engine host manually? I know that in > general you should avoid installing things manually so wanted to check > first. If you have access to the LDAP server you can just create the keys there and transfer to the engine host, or just install the tools in engine host and bind. It is not supposed to produce issues. Rafael > Thanks, > > Cam > > ___ > Users mailing list > Users@ovirt.org > http://lists.ovirt.org/mailman/listinfo/users > ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
[ovirt-users] kerberos and AAA
Hi, I've installed the LDAP AAA module for oVirt on the engine host, but I suspect I also need to bind the host to the domain first as I am getting 'peer not authenticated' when I try the auth. Is it ok to install sssd and the kerberos tools without on the engine host manually? I know that in general you should avoid installing things manually so wanted to check first. Thanks, Cam ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users