On Wed, Jul 12, 2017 at 11:44 PM, Steve Kuznetsov <skuzn...@redhat.com> wrote:
> You could look at master logs: > > journalctl --unit atomic-openshift-master.service > > But I think Jordan was looking for client logs, so: > > oc login ... --loglevel 4 > Not client logs, server logs with the server having been started with loglevel 4 > > On Jul 12, 2017 8:38 PM, "Werner, Mark" <mark.wer...@unisys.com> wrote: > >> Jordan, >> >> >> >> Do you happen to know what journalctl command to use to view logs related >> to logons? >> >> >> >> Thanks, >> >> >> >> *Mark Werner* | Senior Systems Engineer | Cloud & Infrastructure Services >> >> Unisys | Mobile Phone 586.214.9017 <(586)%20214-9017> | >> mark.wer...@unisys.com >> >> 11720 Plaza America Drive, Reston, VA 20190 >> >> >> >> [image: unisys_logo] <http://www.unisys.com/> >> >> >> >> THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY >> MATERIAL and is for use only by the intended recipient. If you received >> this in error, please contact the sender and delete the e-mail and its >> attachments from all devices. >> >> [image: Grey_LI] <http://www.linkedin.com/company/unisys> [image: >> Grey_TW] <http://twitter.com/unisyscorp> [image: Grey_GP] >> <https://plus.google.com/+UnisysCorp/posts>[image: Grey_YT] >> <http://www.youtube.com/theunisyschannel>[image: Grey_FB] >> <http://www.facebook.com/unisyscorp>[image: Grey_Vimeo] >> <https://vimeo.com/unisys>[image: Grey_UB] <http://blogs.unisys.com/> >> >> >> >> *From:* Jordan Liggitt [mailto:jligg...@redhat.com] >> *Sent:* Wednesday, July 12, 2017 11:15 PM >> *To:* Werner, Mark <mark.wer...@unisys.com> >> *Cc:* Derek Wright <derekmwri...@gmail.com>; >> dev@lists.openshift.redhat.com >> *Subject:* Re: OpenShift Origin Active Directory Authentication >> >> >> >> Bump up the log level on the apiserver to 4 (--loglevel=4) and capture >> the log messages during a login attempt >> >> >> >> On Wed, Jul 12, 2017 at 11:05 PM, Werner, Mark <mark.wer...@unisys.com> >> wrote: >> >> Thank you. That is what I was kind of assuming. And there is my problem. >> I cannot get a successful logon with an AD user. I am out of ideas. It is >> easy enough to delete old identity bindings with oc delete identity >> <identity_provider>:<username>. >> >> >> >> I just can’t seem to understand why I cannot get AD authentication to >> work. >> >> >> >> *Mark Werner* | Senior Systems Engineer | Cloud & Infrastructure Services >> >> Unisys | Mobile Phone 586.214.9017 <(586)%20214-9017> | >> mark.wer...@unisys.com >> >> 11720 Plaza America Drive, Reston, VA 20190 >> >> >> >> [image: unisys_logo] <http://www.unisys.com/> >> >> >> >> THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY >> MATERIAL and is for use only by the intended recipient. If you received >> this in error, please contact the sender and delete the e-mail and its >> attachments from all devices. >> >> [image: Grey_LI] <http://www.linkedin.com/company/unisys> [image: >> Grey_TW] <http://twitter.com/unisyscorp> [image: Grey_GP] >> <https://plus.google.com/+UnisysCorp/posts>[image: Grey_YT] >> <http://www.youtube.com/theunisyschannel>[image: Grey_FB] >> <http://www.facebook.com/unisyscorp>[image: Grey_Vimeo] >> <https://vimeo.com/unisys>[image: Grey_UB] <http://blogs.unisys.com/> >> >> >> >> *From:* Jordan Liggitt [mailto:jligg...@redhat.com] >> *Sent:* Wednesday, July 12, 2017 10:58 PM >> >> >> *To:* Werner, Mark <mark.wer...@unisys.com> >> *Cc:* Derek Wright <derekmwri...@gmail.com>; >> dev@lists.openshift.redhat.com >> *Subject:* Re: OpenShift Origin Active Directory Authentication >> >> >> >> Configuring a new identity provider does not remove Identity objects >> created by a previously configured provider, which is why the allow_all >> object still exists. >> >> Also, until you get a successful login with your new LDAP identity >> provider, you won't see any Identity objects created by it. >> >> >> >> >> >> On Wed, Jul 12, 2017 at 10:55 PM, Werner, Mark <mark.wer...@unisys.com> >> wrote: >> >> No, the name is AD. But as I understand it the name is arbitrary. >> >> >> >> The kind is set to LDAPPasswordIdentityProvider, which replaced >> allow_all. As I understand it this defines the type of Identity Provider. >> >> >> >> >> name: AD >> >> provider: >> >> apiVersion: v1 >> >> attributes: >> >> email: >> >> - mail >> >> id: >> >> - dn >> >> name: >> >> - displayName >> >> preferredUsername: >> >> - sAMAccountName >> >> bindDN: CN=OpenShift User,OU=users,DC=domain,DC=local >> >> bindPassword: password >> >> insecure: true >> >> kind: LDAPPasswordIdentityProvider >> >> >> >> >> >> *Mark Werner* | Senior Systems Engineer | Cloud & Infrastructure Services >> >> Unisys | Mobile Phone 586.214.9017 <(586)%20214-9017> | >> mark.wer...@unisys.com >> >> 11720 Plaza America Drive, Reston, VA 20190 >> >> >> >> [image: unisys_logo] <http://www.unisys.com/> >> >> >> >> THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY >> MATERIAL and is for use only by the intended recipient. If you received >> this in error, please contact the sender and delete the e-mail and its >> attachments from all devices. >> >> [image: Grey_LI] <http://www.linkedin.com/company/unisys> [image: >> Grey_TW] <http://twitter.com/unisyscorp> [image: Grey_GP] >> <https://plus.google.com/+UnisysCorp/posts>[image: Grey_YT] >> <http://www.youtube.com/theunisyschannel>[image: Grey_FB] >> <http://www.facebook.com/unisyscorp>[image: Grey_Vimeo] >> <https://vimeo.com/unisys>[image: Grey_UB] <http://blogs.unisys.com/> >> >> >> >> *From:* Jordan Liggitt [mailto:jligg...@redhat.com] >> *Sent:* Wednesday, July 12, 2017 10:49 PM >> *To:* Werner, Mark <mark.wer...@unisys.com> >> *Cc:* Derek Wright <derekmwri...@gmail.com>; >> dev@lists.openshift.redhat.com >> *Subject:* Re: OpenShift Origin Active Directory Authentication >> >> >> >> >> >> >> >> On Wed, Jul 12, 2017 at 10:41 PM, Werner, Mark <mark.wer...@unisys.com> >> wrote: >> >> I am wondering why, if I perform a “oc get identity” that the only >> identity that is returned is allow_all? If I changed the master-config.yaml >> file to only have the Identity Provider AllowAllPasswordIdentityProvider, >> then restart the origin=master service. Why doesn’t “oc get identity” >> return AllowAllPasswordIdentityProvider and still returns allow_all? >> >> >> >> The name of your AllowAllPasswordIdentityProvider identity provider was >> "allow_all", right? >> >> name: allow_all >> >> >> >> >> >> >> >> _______________________________________________ >> dev mailing list >> dev@lists.openshift.redhat.com >> http://lists.openshift.redhat.com/openshiftmm/listinfo/dev >> >>
_______________________________________________ dev mailing list dev@lists.openshift.redhat.com http://lists.openshift.redhat.com/openshiftmm/listinfo/dev
