I think actually for me it would be journalclt –-u origin-master.service.
Still that is a lot of log to parse through and I really don’t see anything regarding logon or authentication. I do see the error messages for when the master service was not starting but I have been past that for a while. Also, my understanding was that since this was installed with Ansible I could just go to /etc/sysconfig/origin-master and modify the line OPTIONS=--loglevel=2. Which I did, to OPTIONS=--loglevel=5. Then restarted origin-master service. Then tried a logon, but haven’t come across anything in the logs that tells me anything. Mark Werner | Senior Systems Engineer | Cloud & Infrastructure Services Unisys | Mobile Phone 586.214.9017 | [email protected] <mailto:[email protected]> 11720 Plaza America Drive, Reston, VA 20190 <http://www.unisys.com/> THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all devices. <http://www.linkedin.com/company/unisys> <http://twitter.com/unisyscorp> <https://plus.google.com/+UnisysCorp/posts> <http://www.youtube.com/theunisyschannel> <http://www.facebook.com/unisyscorp> <https://vimeo.com/unisys> <http://blogs.unisys.com/> From: Steve Kuznetsov [mailto:[email protected]] Sent: Wednesday, July 12, 2017 11:44 PM To: Werner, Mark <[email protected]> Cc: dev <[email protected]>; Jordan Liggitt <[email protected]> Subject: RE: OpenShift Origin Active Directory Authentication You could look at master logs: journalctl --unit atomic-openshift-master.service But I think Jordan was looking for client logs, so: oc login ... --loglevel 4 On Jul 12, 2017 8:38 PM, "Werner, Mark" <[email protected] <mailto:[email protected]> > wrote: Jordan, Do you happen to know what journalctl command to use to view logs related to logons? Thanks, Mark Werner | Senior Systems Engineer | Cloud & Infrastructure Services Unisys | Mobile Phone 586.214.9017 <tel:(586)%20214-9017> | [email protected] <mailto:[email protected]> 11720 Plaza America Drive, Reston, VA 20190 <http://www.unisys.com/> THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all devices. <http://www.linkedin.com/company/unisys> <http://twitter.com/unisyscorp> <https://plus.google.com/+UnisysCorp/posts> <http://www.youtube.com/theunisyschannel> <http://www.facebook.com/unisyscorp> <https://vimeo.com/unisys> <http://blogs.unisys.com/> From: Jordan Liggitt [mailto:[email protected] <mailto:[email protected]> ] Sent: Wednesday, July 12, 2017 11:15 PM To: Werner, Mark <[email protected] <mailto:[email protected]> > Cc: Derek Wright <[email protected] <mailto:[email protected]> >; [email protected] <mailto:[email protected]> Subject: Re: OpenShift Origin Active Directory Authentication Bump up the log level on the apiserver to 4 (--loglevel=4) and capture the log messages during a login attempt On Wed, Jul 12, 2017 at 11:05 PM, Werner, Mark <[email protected] <mailto:[email protected]> > wrote: Thank you. That is what I was kind of assuming. And there is my problem. I cannot get a successful logon with an AD user. I am out of ideas. It is easy enough to delete old identity bindings with oc delete identity <identity_provider>:<username>. I just can’t seem to understand why I cannot get AD authentication to work. Mark Werner | Senior Systems Engineer | Cloud & Infrastructure Services Unisys | Mobile Phone 586.214.9017 <tel:(586)%20214-9017> | [email protected] <mailto:[email protected]> 11720 Plaza America Drive, Reston, VA 20190 <http://www.unisys.com/> THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all devices. <http://www.linkedin.com/company/unisys> <http://twitter.com/unisyscorp> <https://plus.google.com/+UnisysCorp/posts> <http://www.youtube.com/theunisyschannel> <http://www.facebook.com/unisyscorp> <https://vimeo.com/unisys> <http://blogs.unisys.com/> From: Jordan Liggitt [mailto:[email protected] <mailto:[email protected]> ] Sent: Wednesday, July 12, 2017 10:58 PM To: Werner, Mark <[email protected] <mailto:[email protected]> > Cc: Derek Wright <[email protected] <mailto:[email protected]> >; [email protected] <mailto:[email protected]> Subject: Re: OpenShift Origin Active Directory Authentication Configuring a new identity provider does not remove Identity objects created by a previously configured provider, which is why the allow_all object still exists. Also, until you get a successful login with your new LDAP identity provider, you won't see any Identity objects created by it. On Wed, Jul 12, 2017 at 10:55 PM, Werner, Mark <[email protected] <mailto:[email protected]> > wrote: No, the name is AD. But as I understand it the name is arbitrary. The kind is set to LDAPPasswordIdentityProvider, which replaced allow_all. As I understand it this defines the type of Identity Provider. name: AD provider: apiVersion: v1 attributes: email: - mail id: - dn name: - displayName preferredUsername: - sAMAccountName bindDN: CN=OpenShift User,OU=users,DC=domain,DC=local bindPassword: password insecure: true kind: LDAPPasswordIdentityProvider Mark Werner | Senior Systems Engineer | Cloud & Infrastructure Services Unisys | Mobile Phone 586.214.9017 <tel:(586)%20214-9017> | [email protected] <mailto:[email protected]> 11720 Plaza America Drive, Reston, VA 20190 <http://www.unisys.com/> THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all devices. <http://www.linkedin.com/company/unisys> <http://twitter.com/unisyscorp> <https://plus.google.com/+UnisysCorp/posts> <http://www.youtube.com/theunisyschannel> <http://www.facebook.com/unisyscorp> <https://vimeo.com/unisys> <http://blogs.unisys.com/> From: Jordan Liggitt [mailto:[email protected] <mailto:[email protected]> ] Sent: Wednesday, July 12, 2017 10:49 PM To: Werner, Mark <[email protected] <mailto:[email protected]> > Cc: Derek Wright <[email protected] <mailto:[email protected]> >; [email protected] <mailto:[email protected]> Subject: Re: OpenShift Origin Active Directory Authentication On Wed, Jul 12, 2017 at 10:41 PM, Werner, Mark <[email protected] <mailto:[email protected]> > wrote: I am wondering why, if I perform a “oc get identity” that the only identity that is returned is allow_all? If I changed the master-config.yaml file to only have the Identity Provider AllowAllPasswordIdentityProvider, then restart the origin=master service. Why doesn’t “oc get identity” return AllowAllPasswordIdentityProvider and still returns allow_all? The name of your AllowAllPasswordIdentityProvider identity provider was "allow_all", right? name: allow_all _______________________________________________ dev mailing list [email protected] <mailto:[email protected]> http://lists.openshift.redhat.com/openshiftmm/listinfo/dev
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ dev mailing list [email protected] http://lists.openshift.redhat.com/openshiftmm/listinfo/dev
