Closed anranwuyan closed 7 months ago
@LeoYuAtMicrosoft have you setup Kerberos environment on your Linux box? once you setup Kerberos, you will see /etc/krb5.keytab on your local box. https://github.com/microsoft/omi/blob/master/Unix/doc/setup-kerberos-omi.md
by design.
Hi experts, I have joined my red hat 7.9 to my windows AD , and I am able to login to the Linux box with my Windows domain account. I also have omi installed on this Linux box. When I am trying to connect to this Linux box with 'winrm enumurate' command under kerberos authentication, i would hit below error.
PS C:\temp> winrm enumerate http://schemas.microsoft.com/wbem/wscim/1/cim-schema/2/SCX_Agent?__cimnamespace=root/scx -auth:kerberos -remote:https://rhel-e73.domain.leo.com:1270 -username:omaa@domain.leo.com -skipCACheck -skipCNCheck -skiprevocationcheck -encoding:utf-8 Enter the password for 'omaa@domain.leo.com' to connect to 'https://rhel-e73.domain.leo.com:1270': WSManFault Message = Access is denied.
Error number: -2147024891 0x80070005 Access is denied.
I noticed error '2023/10/31 15:09:30 [80832,80832] ERROR: null(0): EventId=20146 Priority=ERROR HTTP: Client Authorization failed. gss:() mech:(Key table entry not found)' in omiserver.log file when running the winrm command. Later I noticed file /etc/opt/omi/creds/omi.keytable does not exist on this Linux. Can anyone guide me how to get this file auto created please?
I get the omid installed, and then joined this Linux to AD. I am not sure if we have to join the Linux to AD first, and then install the OMID after that or not.
[root@rhel-e73 log]# cat /etc/*release NAME="Red Hat Enterprise Linux Server" VERSION="7.9 (Maipo)" ID="rhel" ID_LIKE="fedora" VARIANT="Server" VARIANT_ID="server" VERSION_ID="7.9" PRETTY_NAME="Red Hat" ANSI_COLOR="0;31" CPE_NAME="cpe:/o:redhat:enterprise_linux:7.9:GA:server" HOME_URL="https://www.redhat.com/" BUG_REPORT_URL="https://bugzilla.redhat.com/"
REDHAT_BUGZILLA_PRODUCT="Red Hat Enterprise Linux 7" REDHAT_BUGZILLA_PRODUCT_VERSION=7.9 REDHAT_SUPPORT_PRODUCT="Red Hat Enterprise Linux" REDHAT_SUPPORT_PRODUCT_VERSION="7.9" Red Hat Enterprise Linux Server release 7.9 (Maipo) Red Hat Enterprise Linux Server release 7.9 (Maipo)
[root@rhel-e73 log]# rpm -qa |grep -i sssd sssd-1.16.5-10.el7_9.15.x86_64 python-sssdconfig-1.16.5-10.el7_9.15.noarch sssd-krb5-common-1.16.5-10.el7_9.15.x86_64 sssd-ad-1.16.5-10.el7_9.15.x86_64 sssd-proxy-1.16.5-10.el7_9.15.x86_64 sssd-common-pac-1.16.5-10.el7_9.15.x86_64 sssd-client-1.16.5-10.el7_9.15.x86_64 sssd-ldap-1.16.5-10.el7_9.15.x86_64 sssd-common-1.16.5-10.el7_9.15.x86_64 sssd-ipa-1.16.5-10.el7_9.15.x86_64 sssd-krb5-1.16.5-10.el7_9.15.x86_64 [root@rhel-e73 log]#
Thanks!