- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Is there posibility to use Active Directory authentication to access to KVM?
Link Copied
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
idosk,
Yes, it's possible to use Active Directory to authenticate your KVM connections. You will need to select both Active Directory Integration and Access Control List in your SCS profile. Then in the ACL section give your Active Directory user or group the necessary access rights.
For more information about this download Intel SCS and look through the Intel SCS User Guide.
https://downloadcenter.intel.com/Detail_Desc.aspx?agr=Y&DwnldID=20921 https://downloadcenter.intel.com/Detail_Desc.aspx?agr=Y&DwnldID=20921
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I can only connect to KVM if I grant permission "PT Administration" directly to user account.
If I grant this permission to a group (which includes my user account), I can't connect to KVM.
Is there possibility to grant permission for an AD group for connect to KVM?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Granting permissions to an AD group instead of a single user is possible. Just make sure that you are logged into the computer initiating the KVM connection with a user from that AD group. Also, if you're using RealVNC Viewer Plus to initiate the connection, verify "Use single sign-on if VNC Server supports it" is checked.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I really logged into the computer initiating the KVM connection with a user from AD group which has "PT Administration". And "Use single sign-on if VNC Server supports it" is checked. But I get error: "The user account [Intel(r) AMT: RemoteID 35] does not have the relevant permissions to access the AMT server."
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I would suggest trying a klist purge command to clear any old Kerberos tickets. This will eliminate the possibility of an old Kerberos ticket being used in error.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Alan,
I tried klist purge, log off, reboot my client machine but it didn't help.
I noticed that when I grant permission directly to an user, I get two tickets:
- Server: HTTP/pc57.mydomain.com:16992
- Server: HTTP/pc57.mydomain.com:16994
But if i grant permission to a group (which contains my user account), I get only one ticket:
Server: HTTP/pc57.mydomain.com:16992.
But why I haven't received ticket for port 16994? Maybe there are some requirements to this group?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
idosk,
I've recently learned that RealVNC is aware of this issue and is working on an update. The update is scheduled to be released in the early part of October.
As for the 16994 Kerberos ticket, this is for Serial Over Lan and IDE Redirection which is set after you've established a connection to the client. You're not seeing this ticket because you're not able to establish the initial connection.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
It is really problem with RealVNC.
I've tried DameWare Mini Remote Control and it works well

- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page