On Fri, Feb 2, 2018 at 4:46 AM, 董青龙 <[email protected]> wrote: > Thanks for the reply. I have completely configured all the things in > option 1 which you told. But it seems that sso still does not work. My > domain forest is "test.org" and my user is "test". When I login the user > portal, I get "[email protected]@test.org" int the top right corner. Should > it be "[email protected]"? >
This is fine, for AD we are using UPN as username (in your case ' [email protected]') and we concatenate this with authz extension name (in your case '@test.org'). Is it possible that engine send wrong user name to the guest agent? > > Could you please share engine.log from, after you try to login to VM Portal and open console to the VM to investigate? Thanks Martin At 2018-02-01 15:35:57, "Martin Perina" <[email protected]> wrote: > > > > On Thu, Feb 1, 2018 at 9:13 AM, 董青龙 <[email protected]> wrote: > >> Hi, all >> I am trying to make SSO working with windows7 vm in an ovirt 4.1 >> environment. Ovirt-guest-agent has been installed in windows7 vm. I have an >> active directory server of windows2012 and I have configured the engine >> using "ovirt-engine-extension-aaa-ldap-setup" successfully. The windows7 >> vm has joined the domain,too. But when I login the userportal using a user >> created in the AD server, I still have to login the windows7 vm using the >> same user for the second time. It seems that SSO does not work. >> Anyone can help me? Thanks! >> > > We are not providing full SSO for > VMs > . At the moment you have 2 options: > > 1. If you want user to be automatically logged in into a VM, then you need > to setup SSO using aaa-ldap extension for AD (please don't forget to answer > Yes for question about SSO for VMs in setup tool). Andf of course in a VM > you need to have installed and enabled guest agent. Once user logs into VM > Portal and clicks on a VM, then he should be automatically logged into it. > > 2. If you setup kerberos for engine SSO, then you don't need to enter > password to loging into VM Portal, but in such case we cannot pass a > password into a VM and user are not automatically logged in. > > Martin > > >> >> >> >> _______________________________________________ >> Users mailing list >> [email protected] >> http://lists.ovirt.org/mailman/listinfo/users >> >> > > > -- > Martin Perina > Associate Manager, Software Engineering > Red Hat Czech s.r.o. > > > > > -- Martin Perina Associate Manager, Software Engineering Red Hat Czech s.r.o.
_______________________________________________ Users mailing list [email protected] http://lists.ovirt.org/mailman/listinfo/users
