6 Replies Latest reply on Sep 12, 2013 5:19 AM by idosk

    KVM and Active Directory

    idosk

      Is there posibility to use Active Directory authentication to access to KVM?

        • 1. Re: KVM and Active Directory
          Alan Alderson

          idosk,

           

          Yes, it's possible to use Active Directory to authenticate your KVM connections. You will need to select both Active Directory Integration and Access Control List in your SCS profile. Then in the ACL section give your Active Directory user or group the necessary access rights.

           

          For more information about this download Intel SCS and look through the Intel SCS User Guide.

          https://downloadcenter.intel.com/Detail_Desc.aspx?agr=Y&DwnldID=20921

          • 2. Re: KVM and Active Directory
            idosk

            I can only connect to KVM if I grant permission "PT Administration" directly to user account.

            If I grant this permission to a group (which includes my user account), I can't connect to KVM.

            Is there possibility to grant permission for an AD group for connect to KVM?

            • 3. Re: KVM and Active Directory
              Alan Alderson

              Granting permissions to an AD group instead of a single user is possible. Just make sure that you are logged into the computer initiating the KVM connection with a user from that AD group. Also, if you're using RealVNC Viewer Plus to initiate the connection, verify "Use single sign-on if VNC Server supports it" is checked.

              • 4. Re: KVM and Active Directory
                idosk

                I really logged into the computer initiating the KVM connection with a user from AD group which has "PT Administration". And   "Use single sign-on if VNC Server supports it" is checked. But I get error: "The user account [Intel(r) AMT: RemoteID 35] does not have the relevant permissions to access the AMT server."

                • 5. Re: KVM and Active Directory
                  Alan Alderson

                  I would suggest trying a klist purge command to clear any old Kerberos tickets. This will eliminate the possibility of an old Kerberos ticket being used in error.

                  • 6. Re: KVM and Active Directory
                    idosk

                    Alan,

                    I tried klist purge, log off, reboot my client machine but it didn't help.

                    I noticed that when I grant permission directly to an user, I get two tickets:

                    1. Server: HTTP/pc57.mydomain.com:16992
                    2. Server: HTTP/pc57.mydomain.com:16994

                    But if i grant permission to a group (which contains my user account), I get only one ticket:

                    Server: HTTP/pc57.mydomain.com:16992.

                    But why I haven't received ticket for port 16994? Maybe there  are some requirements to this group?

                    • 7. Re: KVM and Active Directory
                      Alan Alderson

                      idosk,

                       

                      I’ve recently learned that RealVNC is aware of this issue and is working on an update. The update is scheduled to be released in the early part of October.

                       

                      As for the 16994 Kerberos ticket, this is for Serial Over Lan and IDE Redirection which is set after you’ve established a connection to the client. You're not seeing this ticket because you’re not able to establish the initial connection.

                      1 of 1 people found this helpful
                      • 8. Re: KVM and Active Directory
                        idosk

                        It is really problem with RealVNC.

                        I've tried DameWare Mini Remote Control and it works well