Re: [Users] I don't know how to add AD users

2012-11-21 Thread Itamar Heim 

On 11/21/2012 10:58 PM, Cristian Falcas wrote:




...


I'm glad to help. Can someone help me with an account?




http://wiki.ovirt.org/wiki/Special:RequestAccount
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [Users] I don't know how to add AD users

2012-11-21 Thread Itamar Heim 

On 11/21/2012 09:40 PM, Cristian Falcas wrote:




On Wed, Nov 21, 2012 at 9:37 PM, Cristian Falcas
mailto:cristi.fal...@gmail.com>> wrote:




On Wed, Nov 21, 2012 at 8:10 AM, Itamar Heim mailto:ih...@redhat.com>> wrote:

On 11/21/2012 08:09 AM, Oved Ourfalli wrote:



- Original Message -

From: "Cristian Falcas" mailto:cristi.fal...@gmail.com>>
To: "Yair Zaslavsky" mailto:yzasl...@redhat.com>>
Cc: users@ovirt.org <mailto:users@ovirt.org>
Sent: Wednesday, November 21, 2012 6:40:34 AM
                Subject: Re: [Users] I don't know how to add AD users







On Wed, Nov 21, 2012 at 5:05 AM, Yair Zaslavsky <
yzasl...@redhat.com <mailto:yzasl...@redhat.com>

wrote:










From: "Cristian Falcas" < cristi.fal...@gmail.com
<mailto:cristi.fal...@gmail.com> >
To: "Itamar Heim" < ih...@redhat.com
<mailto:ih...@redhat.com> >
Cc: "Yair Zaslavsky" < yzasl...@redhat.com
<mailto:yzasl...@redhat.com> >, users@ovirt.org
        <mailto:users@ovirt.org>
Sent: Tuesday, November 20, 2012 7:33:39 PM

Subject: Re: [Users] I don't know how to add AD users








On Tue, Nov 20, 2012 at 3:08 PM, Itamar Heim <
ih...@redhat.com <mailto:ih...@redhat.com> >
wrote:



On 11/20/2012 03:00 PM, Cristian Falcas wrote:


Hi,

So there is no way to use the domain I have at work, right?

I will need to make a freeipa installation in order to
add new users.

there is no reason this shouldn't work with active
directory 2003
(assuming its forest level isn't still in AD 2000
compatibility
mode?).
tcpdump for the traffic during engine-manage-domains
should help
diagnosing why.





Cristian


On Tue, Nov 20, 2012 at 10:11 AM, Cristian Falcas

< cristi.fal...@gmail.com
<mailto:cristi.fal...@gmail.com> > wrote:




On Tue, Nov 20, 2012 at 9:58 AM, Itamar Heim <
ih...@redhat.com <mailto:ih...@redhat.com>

mailto:ih...@redhat.com> >>
wrote:

On 11/20/2012 09:56 AM, Cristian Falcas wrote:




On Tue, Nov 20, 2012 at 9:42 AM, Yair Zaslavsky
< yzasl...@redhat.com <mailto:yzasl...@redhat.com>
mailto:yzasl...@redhat.com> >


mailto:yzasl...@redhat.com> mailto:yzasl...@redhat.com> >>>
wrote:



On 11/20/2012 09:05 AM, Cristian Falcas wrote:




On Tue, Nov 20, 2012 at 8:36 AM, Yair Zaslavsky
< yzasl...@redhat.com <mailto:yzasl...@redhat.com>
mailto:yzasl...@redhat.com> >
mailto:yzasl...@redhat.com> mailto:yzasl...@redhat.com> >>
mailto:yzasl...@redhat.com>
mailto:yzasl...@redhat.com> > mailto:yzasl...@redhat.com>
mailto:yzasl...@redhat.com> >>> > wrote:



On 11/20/2012 12:39 AM, Cristian Falcas wrote:



On Mon, Nov 19, 2012 at 10:53 PM, Itamar Heim
< ih...@redhat.com <mailto:ih...@redhat.com> mailto:ih...@redhat.com> >
mailto:ih...@redhat.com>
mailto:ih...@redhat.com> >>
mailto:ih...@redhat.com>
mailto:ih...@redhat.com> >
mailto:ih...@redhat.com>
mailto:ih...@redhat.com> >>>
mailto:ih...@redhat.com>
mailto:ih...@redhat.com> >
mailto:ih...@redhat.com>
mailto:ih...@redhat.com> >>
mailto:ih...@redhat.com>
mailto:ih...@redhat.com> >
mailto:ih...@redhat.com>
mailto:ih...@redhat.com>
 >>>>> wrote:

On 11/19/2012 11:29 AM, Vinzenz
Feenstra wrote:

On 11/19/2012 10:01 AM, Cristian
Falcas wrote:

Hi,

I'm trying to add some users
to ovirt
using an AD.

This is the configuration I
used for a
mediawiki
site, which is

Re: [Users] I don't know how to add AD users

2012-11-20 Thread Itamar Heim 

On 11/21/2012 08:09 AM, Oved Ourfalli wrote:



- Original Message -

From: "Cristian Falcas" 
To: "Yair Zaslavsky" 
Cc: users@ovirt.org
Sent: Wednesday, November 21, 2012 6:40:34 AM
Subject: Re: [Users] I don't know how to add AD users







On Wed, Nov 21, 2012 at 5:05 AM, Yair Zaslavsky < yzasl...@redhat.com

wrote:










From: "Cristian Falcas" < cristi.fal...@gmail.com >
To: "Itamar Heim" < ih...@redhat.com >
Cc: "Yair Zaslavsky" < yzasl...@redhat.com >, users@ovirt.org
Sent: Tuesday, November 20, 2012 7:33:39 PM

Subject: Re: [Users] I don't know how to add AD users








On Tue, Nov 20, 2012 at 3:08 PM, Itamar Heim < ih...@redhat.com >
wrote:



On 11/20/2012 03:00 PM, Cristian Falcas wrote:


Hi,

So there is no way to use the domain I have at work, right?

I will need to make a freeipa installation in order to add new users.

there is no reason this shouldn't work with active directory 2003
(assuming its forest level isn't still in AD 2000 compatibility
mode?).
tcpdump for the traffic during engine-manage-domains should help
diagnosing why.





Cristian


On Tue, Nov 20, 2012 at 10:11 AM, Cristian Falcas

< cristi.fal...@gmail.com > wrote:




On Tue, Nov 20, 2012 at 9:58 AM, Itamar Heim < ih...@redhat.com

> wrote:

On 11/20/2012 09:56 AM, Cristian Falcas wrote:




On Tue, Nov 20, 2012 at 9:42 AM, Yair Zaslavsky
< yzasl...@redhat.com 


>>
wrote:



On 11/20/2012 09:05 AM, Cristian Falcas wrote:




On Tue, Nov 20, 2012 at 8:36 AM, Yair Zaslavsky
< yzasl...@redhat.com 
>
 >> > wrote:



On 11/20/2012 12:39 AM, Cristian Falcas wrote:



On Mon, Nov 19, 2012 at 10:53 PM, Itamar Heim
< ih...@redhat.com 
>
 >>
 >

>>>> wrote:

On 11/19/2012 11:29 AM, Vinzenz
Feenstra wrote:

On 11/19/2012 10:01 AM, Cristian
Falcas wrote:

Hi,

I'm trying to add some users
to ovirt
using an AD.

This is the configuration I
used for a
mediawiki
site, which is
working correctly:
$wgAuth = new
LdapAuthenticationPlugin();
$wgLDAPUseLocal = true;
$wgLDAPDomainNames = array(
"a_domain");
$wgLDAPServerNames = array(
"a_domain"=>" site.example.com
< http://site.example.com > < http://site.example.com >
< http://site.example.com >
< http://site.example.com >
< http://site.example.com >");

$wgLDAPEncryptionType = array(
"a_domain"=>"clear");
$wgLDAPSearchStrings = array(

"a_domain"=>"rom_domain\\USER- NAME");
$wgLDAPBaseDNs = array(
"a_domain"=>"dc=company,dc=___ _com");






Those are the commands I
tried using:
engine-manage-domains -action=add
-domain= site.example.com
< http://site.example.com > < http://site.example.com >
< http://site.example.com >
< http://site.example.com >
< http://site.example.com >
-provider=ActiveDirectory
-user= user.name
< http://user.name > < http://user.name >
< http://user.name > < http://user.name >
< http://user.name > -interactive


engine-manage-domains -action=add
-domain=a_domain
-provider=ActiveDirectory
-user= user.n...@company.com

 >

 >__>

 >

 >__>__>

 >

 >__>


 >

 >__>__>__> -interactive


engine-manage-domains -action=add
-domain=a_domain
-provider=ActiveDirectory
-user=user.name@site.example._ ___com


.
.>__ exa m__p__le.com
< http://examp__le.com > < http://example.com >
__ exam p__le.com < http://example.com >
>>>


>.

>.>__ ex a__m__p__le.com
< http://exam__p__le.com >


< http://examp__le.com > < http://example.com >



.
.>__ exa m__p__le.com
< http://examp__le.com > < http://example.com >
__ exam p__le.com < http://example.com >
>>>> -interactive


You don't add an user this way.
You add the
domain. You
have to
pass the
domain admin user and the domain
admin password.


any domain user will do, doesn't have
to be an admin.
what does the log say?


Then you can use the domain
within the engine.
e.g. search
users, add
access rights for vms etc.
Even login to the engine and
assigning rights
within
the engine
you can
handle from the engine itself.

Regards,

And the output on all tries:
Enter password:

Error: Authentication Failed.
Please
verify the fully
qualified domain
name that is used for
authentication is
correct..
Problematic domain
is: domain_used_in_command
Failure while applying Kerberos
configuration. Details:
Authentication
Failed. Please verify the
fully qualified
domain
name that
is used for
authentication is correct.

Can someone help me with the
correct
parameters?


Best regards,
Cristian Falcas




__ _


Users mailing list
Users@ovirt.org 
>

>>

>
 &

Re: [Users] I don't know how to add AD users

2012-11-20 Thread Oved Ourfalli 


- Original Message -
> From: "Cristian Falcas" 
> To: "Yair Zaslavsky" 
> Cc: users@ovirt.org
> Sent: Wednesday, November 21, 2012 6:40:34 AM
> Subject: Re: [Users] I don't know how to add AD users
> 
> 
> 
> 
> 
> 
> 
> On Wed, Nov 21, 2012 at 5:05 AM, Yair Zaslavsky < yzasl...@redhat.com
> > wrote:
> 
> 
> 
> 
> 
> 
> 
> 
> 
> From: "Cristian Falcas" < cristi.fal...@gmail.com >
> To: "Itamar Heim" < ih...@redhat.com >
> Cc: "Yair Zaslavsky" < yzasl...@redhat.com >, users@ovirt.org
> Sent: Tuesday, November 20, 2012 7:33:39 PM
> 
> Subject: Re: [Users] I don't know how to add AD users
> 
> 
> 
> 
> 
> 
> 
> 
> On Tue, Nov 20, 2012 at 3:08 PM, Itamar Heim < ih...@redhat.com >
> wrote:
> 
> 
> 
> On 11/20/2012 03:00 PM, Cristian Falcas wrote:
> 
> 
> Hi,
> 
> So there is no way to use the domain I have at work, right?
> 
> I will need to make a freeipa installation in order to add new users.
> 
> there is no reason this shouldn't work with active directory 2003
> (assuming its forest level isn't still in AD 2000 compatibility
> mode?).
> tcpdump for the traffic during engine-manage-domains should help
> diagnosing why.
> 
> 
> 
> 
> 
> Cristian
> 
> 
> On Tue, Nov 20, 2012 at 10:11 AM, Cristian Falcas
> 
> < cristi.fal...@gmail.com > wrote:
> 
> 
> 
> 
> On Tue, Nov 20, 2012 at 9:58 AM, Itamar Heim < ih...@redhat.com
> 
> > wrote:
> 
> On 11/20/2012 09:56 AM, Cristian Falcas wrote:
> 
> 
> 
> 
> On Tue, Nov 20, 2012 at 9:42 AM, Yair Zaslavsky
> < yzasl...@redhat.com 
> 
> 
> >>
> wrote:
> 
> 
> 
> On 11/20/2012 09:05 AM, Cristian Falcas wrote:
> 
> 
> 
> 
> On Tue, Nov 20, 2012 at 8:36 AM, Yair Zaslavsky
> < yzasl...@redhat.com 
> >
>>> > wrote:
> 
> 
> 
> On 11/20/2012 12:39 AM, Cristian Falcas wrote:
> 
> 
> 
> On Mon, Nov 19, 2012 at 10:53 PM, Itamar Heim
> < ih...@redhat.com 
> >
>>>
>>
> 
> >>>> wrote:
> 
> On 11/19/2012 11:29 AM, Vinzenz
> Feenstra wrote:
> 
> On 11/19/2012 10:01 AM, Cristian
> Falcas wrote:
> 
> Hi,
> 
> I'm trying to add some users
> to ovirt
> using an AD.
> 
> This is the configuration I
> used for a
> mediawiki
> site, which is
> working correctly:
> $wgAuth = new
> LdapAuthenticationPlugin();
> $wgLDAPUseLocal = true;
> $wgLDAPDomainNames = array(
> "a_domain");
> $wgLDAPServerNames = array(
> "a_domain"=>" site.example.com
> < http://site.example.com > < http://site.example.com >
> < http://site.example.com >
> < http://site.example.com >
> < http://site.example.com >");
> 
> $wgLDAPEncryptionType = array(
> "a_domain"=>"clear");
> $wgLDAPSearchStrings = array(
> 
> "a_domain"=>"rom_domain\\USER- NAME");
> $wgLDAPBaseDNs = array(
> "a_domain"=>"dc=company,dc=___ _com");
> 
> 
> 
> 
> 
> 
> Those are the commands I
> tried using:
> engine-manage-domains -action=add
> -domain= site.example.com
> < http://site.example.com > < http://site.example.com >
> < http://site.example.com >
> < http://site.example.com >
> < http://site.example.com >
> -provider=ActiveDirectory
> -user= user.name
> < http://user.name > < http://user.name >
> < http://user.name > < http://user.name >
> < http://user.name > -interactive
> 
> 
> engine-manage-domains -action=add
> -domain=a_domain
> -provider=ActiveDirectory
> -user= user.n...@company.com
> 
>   >
> 
>   >__>
>  
>   >
>  
>   >__>__>
>  
>   >
>  
>   >__>
> 
>  
>   >
>  
>   >__>__>__> -interactive
> 
> 
> engine-manage-domains -action=add
> -domain=a_domain
> -provider=ActiveDirectory
> -user=user.name@site.example._ ___com
> 
> 
>  .
>  .>__ exa m__p__le.com
> < http://examp__le.com > < http://example.com >
>  __ exam p__le.com < http://example.com >
>  >>>
>  
> 
> >.
> 
>  >.>__ ex a__m__p__le.com
> < http://exam__p__le.com >
> 
> 
> < http://examp__le.com > < http://example.com >
> 
> 
> 
>  .
>  .>__ exa m__p__le.com
> < http://examp__le.com > < http://example.com >
>  __ exam

Re: [Users] I don't know how to add AD users

2012-11-20 Thread Itamar Heim 

On 11/20/2012 03:00 PM, Cristian Falcas wrote:

Hi,

So there is no way to use the domain I have at work, right?

I will need to make a freeipa installation in order to add new users.


there is no reason this shouldn't work with active directory 2003 
(assuming its forest level isn't still in AD 2000 compatibility mode?).
tcpdump for the traffic during engine-manage-domains should help 
diagnosing why.




Cristian


On Tue, Nov 20, 2012 at 10:11 AM, Cristian Falcas
mailto:cristi.fal...@gmail.com>> wrote:




On Tue, Nov 20, 2012 at 9:58 AM, Itamar Heim mailto:ih...@redhat.com>> wrote:

On 11/20/2012 09:56 AM, Cristian Falcas wrote:




On Tue, Nov 20, 2012 at 9:42 AM, Yair Zaslavsky
mailto:yzasl...@redhat.com>
>>
wrote:



 On 11/20/2012 09:05 AM, Cristian Falcas wrote:




 On Tue, Nov 20, 2012 at 8:36 AM, Yair Zaslavsky
 mailto:yzasl...@redhat.com>
>
  
>
   >>
   >
 
 wrote:

   On 11/19/2012 11:29 AM, Vinzenz
Feenstra wrote:

   On 11/19/2012 10:01 AM, Cristian
Falcas wrote:

   Hi,

   I'm trying to add some users
to ovirt
 using an AD.

   This is the configuration I
used for a
 mediawiki
  site, which is
   working correctly:
   $wgAuth = new
LdapAuthenticationPlugin();
   $wgLDAPUseLocal = true;
   $wgLDAPDomainNames = array(
"a_domain");
   $wgLDAPServerNames = array(
  "a_domain"=>"site.example.com
 
 
   
   ");

   $wgLDAPEncryptionType = array(
 "a_domain"=>"clear");
   $wgLDAPSearchStrings = array(

"a_domain"=>"rom_domain\\USER-NAME");
   $wgLDAPBaseDNs = array(
  "a_domain"=>"dc=company,dc=com");




   Those are the commands I
tried using:
   engine-manage-domains -action=add
  -domain=site.example.com
 
 
   
   
 -provider=ActiveDirectory
   -user=user.name
 
  
    -interactive


   engine-manage-domains -action=add
 -domain=a_domain
   -provider=ActiveDirectory
  -user=user.n...@company.com

 >

 >__>

Re: [Users] I don't know how to add AD users

2012-11-20 Thread Cristian Falcas 
Hi,

So there is no way to use the domain I have at work, right?

I will need to make a freeipa installation in order to add new users.

Cristian


On Tue, Nov 20, 2012 at 10:11 AM, Cristian Falcas
wrote:

>
>
>
> On Tue, Nov 20, 2012 at 9:58 AM, Itamar Heim  wrote:
>
>> On 11/20/2012 09:56 AM, Cristian Falcas wrote:
>>
>>>
>>>
>>>
>>> On Tue, Nov 20, 2012 at 9:42 AM, Yair Zaslavsky >> > wrote:
>>>
>>>
>>>
>>> On 11/20/2012 09:05 AM, Cristian Falcas wrote:
>>>
>>>
>>>
>>>
>>> On Tue, Nov 20, 2012 at 8:36 AM, Yair Zaslavsky
>>> mailto:yzasl...@redhat.com>
>>> >>
>>> wrote:
>>>
>>>
>>>
>>>  On 11/20/2012 12:39 AM, Cristian Falcas wrote:
>>>
>>>
>>>
>>>  On Mon, Nov 19, 2012 at 10:53 PM, Itamar Heim
>>> mailto:ih...@redhat.com>
>>>  >
>>>  
>>> >>
>>>   On 11/19/2012 11:29 AM, Vinzenz Feenstra wrote:
>>>
>>>   On 11/19/2012 10:01 AM, Cristian Falcas wrote:
>>>
>>>   Hi,
>>>
>>>   I'm trying to add some users to ovirt
>>> using an AD.
>>>
>>>   This is the configuration I used for a
>>> mediawiki
>>>  site, which is
>>>   working correctly:
>>>   $wgAuth = new LdapAuthenticationPlugin();
>>>   $wgLDAPUseLocal = true;
>>>   $wgLDAPDomainNames = array( "a_domain");
>>>   $wgLDAPServerNames = array(
>>>  "a_domain"=>"site.example.com 
>>> 
>>>   
>>>   ");
>>>
>>>   $wgLDAPEncryptionType = array(
>>> "a_domain"=>"clear");
>>>   $wgLDAPSearchStrings = array(
>>>   "a_domain"=>"rom_domain\\USER-**
>>> __NAME");
>>>   $wgLDAPBaseDNs = array(
>>>  "a_domain"=>"dc=company,dc=___**___com");
>>>
>>>
>>>
>>>
>>>   Those are the commands I tried using:
>>>   engine-manage-domains -action=add
>>>  -domain=site.example.com 
>>> 
>>>   
>>>   
>>> -provider=ActiveDirectory
>>>   -user=user.name 
>>>  
>>>    -interactive
>>>
>>>
>>>   engine-manage-domains -action=add
>>> -domain=a_domain
>>>   -provider=ActiveDirectory
>>>  -user=user.n...@company.com
>>>  >> **>
>>>   >> 
>>>  >> **>__>
>>>   >> 
>>>  >> **>
>>>
>>>   >> 
>>>  >> **>__>__> -interactive
>>>
>>>
>>>   engine-manage-domains -action=add
>>> -domain=a_domain
>>>   -provider=ActiveDirectory
>>>  -user=user.name@site.example._**_com
>>>
>>>   >> __exam**p__le.com <
>>> http://example.com>
>>>  
>>> >> >>>
>>>   >> .
>>>  >> .>__exa**m__p__le.com
>>>  
>>>
>>>
>>>
>>>   >> __exam**p__le.com

Re: [Users] I don't know how to add AD users

2012-11-20 Thread Cristian Falcas 
On Tue, Nov 20, 2012 at 9:58 AM, Itamar Heim  wrote:

> On 11/20/2012 09:56 AM, Cristian Falcas wrote:
>
>>
>>
>>
>> On Tue, Nov 20, 2012 at 9:42 AM, Yair Zaslavsky > > wrote:
>>
>>
>>
>> On 11/20/2012 09:05 AM, Cristian Falcas wrote:
>>
>>
>>
>>
>> On Tue, Nov 20, 2012 at 8:36 AM, Yair Zaslavsky
>> mailto:yzasl...@redhat.com>
>> >> wrote:
>>
>>
>>
>>  On 11/20/2012 12:39 AM, Cristian Falcas wrote:
>>
>>
>>
>>  On Mon, Nov 19, 2012 at 10:53 PM, Itamar Heim
>> mailto:ih...@redhat.com>
>>  >
>>  
>> >
>>   On 11/19/2012 11:29 AM, Vinzenz Feenstra wrote:
>>
>>   On 11/19/2012 10:01 AM, Cristian Falcas wrote:
>>
>>   Hi,
>>
>>   I'm trying to add some users to ovirt
>> using an AD.
>>
>>   This is the configuration I used for a
>> mediawiki
>>  site, which is
>>   working correctly:
>>   $wgAuth = new LdapAuthenticationPlugin();
>>   $wgLDAPUseLocal = true;
>>   $wgLDAPDomainNames = array( "a_domain");
>>   $wgLDAPServerNames = array(
>>  "a_domain"=>"site.example.com 
>> 
>>   
>>   ");
>>
>>   $wgLDAPEncryptionType = array(
>> "a_domain"=>"clear");
>>   $wgLDAPSearchStrings = array(
>>   "a_domain"=>"rom_domain\\USER-**
>> __NAME");
>>   $wgLDAPBaseDNs = array(
>>  "a_domain"=>"dc=company,dc=___**___com");
>>
>>
>>
>>
>>   Those are the commands I tried using:
>>   engine-manage-domains -action=add
>>  -domain=site.example.com 
>> 
>>   
>>   
>> -provider=ActiveDirectory
>>   -user=user.name 
>>  
>>    -interactive
>>
>>
>>   engine-manage-domains -action=add
>> -domain=a_domain
>>   -provider=ActiveDirectory
>>  -user=user.n...@company.com
>>  > **>
>>   > 
>>  > **>__>
>>   > 
>>  > **>
>>
>>   > 
>>  > **>__>__> -interactive
>>
>>
>>   engine-manage-domains -action=add
>> -domain=a_domain
>>   -provider=ActiveDirectory
>>  -user=user.name@site.example._**_com
>>
>>   > __exam**p__le.com <
>> http://example.com>
>>  
>> > >>>
>>   > .
>>  > .>__exa**m__p__le.com
>>  
>>
>>
>>
>>   > __exam**p__le.com <
>> http://example.com>
>>  
>> > -interactive
>>
>>
>>   You don't add an user this way. You add the
>> domain. You
>>  have to
>>   p

Re: [Users] I don't know how to add AD users

2012-11-19 Thread Itamar Heim 

On 11/20/2012 09:56 AM, Cristian Falcas wrote:




On Tue, Nov 20, 2012 at 9:42 AM, Yair Zaslavsky mailto:yzasl...@redhat.com>> wrote:



On 11/20/2012 09:05 AM, Cristian Falcas wrote:




On Tue, Nov 20, 2012 at 8:36 AM, Yair Zaslavsky
mailto:yzasl...@redhat.com>
>> wrote:



 On 11/20/2012 12:39 AM, Cristian Falcas wrote:



 On Mon, Nov 19, 2012 at 10:53 PM, Itamar Heim
mailto:ih...@redhat.com>
 >
 
"site.example.com 

  
  ");

  $wgLDAPEncryptionType = array(
"a_domain"=>"clear");
  $wgLDAPSearchStrings = array(
  "a_domain"=>"rom_domain\\USER-__NAME");
  $wgLDAPBaseDNs = array(
 "a_domain"=>"dc=company,dc=__com");



  Those are the commands I tried using:
  engine-manage-domains -action=add
 -domain=site.example.com 

  
  
-provider=ActiveDirectory
  -user=user.name 
 
   -interactive


  engine-manage-domains -action=add
-domain=a_domain
  -provider=ActiveDirectory
 -user=user.n...@company.com
 >
  
 >__>
  
 >

  
 >__>__> -interactive


  engine-manage-domains -action=add
-domain=a_domain
  -provider=ActiveDirectory
 -user=user.name@site.example.__com
  __examp__le.com 
 >>
  .
 .>__exam__p__le.com
 


  __examp__le.com

Re: [Users] I don't know how to add AD users

2012-11-19 Thread Cristian Falcas 
On Tue, Nov 20, 2012 at 9:42 AM, Yair Zaslavsky  wrote:

>
>
> On 11/20/2012 09:05 AM, Cristian Falcas wrote:
>
>>
>>
>>
>> On Tue, Nov 20, 2012 at 8:36 AM, Yair Zaslavsky > > wrote:
>>
>>
>>
>> On 11/20/2012 12:39 AM, Cristian Falcas wrote:
>>
>>
>>
>> On Mon, Nov 19, 2012 at 10:53 PM, Itamar Heim > 
>> >> wrote:
>>
>>  On 11/19/2012 11:29 AM, Vinzenz Feenstra wrote:
>>
>>  On 11/19/2012 10:01 AM, Cristian Falcas wrote:
>>
>>  Hi,
>>
>>  I'm trying to add some users to ovirt using an AD.
>>
>>  This is the configuration I used for a mediawiki
>> site, which is
>>  working correctly:
>>  $wgAuth = new LdapAuthenticationPlugin();
>>  $wgLDAPUseLocal = true;
>>  $wgLDAPDomainNames = array( "a_domain");
>>  $wgLDAPServerNames = array(
>> "a_domain"=>"site.example.com 
>>  
>>  ");
>>
>>  $wgLDAPEncryptionType = array( "a_domain"=>"clear");
>>  $wgLDAPSearchStrings = array(
>>  "a_domain"=>"rom_domain\\USER-**NAME");
>>  $wgLDAPBaseDNs = array(
>> "a_domain"=>"dc=company,dc=___**_com");
>>
>>
>>
>>  Those are the commands I tried using:
>>  engine-manage-domains -action=add
>> -domain=site.example.com 
>>  
>>   -provider=ActiveDirectory
>>  -user=user.name  > >
>>   -interactive
>>
>>
>>  engine-manage-domains -action=add -domain=a_domain
>>  -provider=ActiveDirectory
>> -user=user.n...@company.com 
>>  > **>
>>  > 
>>
>>  > **>__> -interactive
>>
>>
>>  engine-manage-domains -action=add -domain=a_domain
>>  -provider=ActiveDirectory
>> -user=user.name@site.example._**___com
>>  
>> 
>> > >>
>>  > __exam**p__le.com <
>> http://example.com>
>>
>>
>>  
>> 
>> >>
>> -interactive
>>
>>
>>  You don't add an user this way. You add the domain. You
>> have to
>>  pass the
>>  domain admin user and the domain admin password.
>>
>>
>>  any domain user will do, doesn't have to be an admin.
>>  what does the log say?
>>
>>
>>  Then you can use the domain within the engine. e.g.
>> search
>>  users, add
>>  access rights for vms etc.
>>  Even login to the engine and assigning rights within
>> the engine
>>  you can
>>  handle from the engine itself.
>>
>>  Regards,
>>
>>  And the output on all tries:
>>  Enter password:
>>
>>  Error: Authentication Failed. Please verify the fully
>>  qualified domain
>>  name that is used for authentication is correct..
>>  Problematic domain
>>  is: domain_used_in_command
>>  Failure while applying Kerberos configuration.
>> Details:
>>  Authentication
>>  Failed. Please verify the fully qualified domain
>> name that
>>  is used for
>>  authentication is correct.
>>
>>  Can someone help me with the correct parameters?
>>
>>
>>  Best regards,
>>  Cristian Falcas
>>
>>
>>  __**
>> _
>>  Users mailing list
>> Users@ovirt.org  > >
>> 
>> http://lists.ovirt.org/**mailman/listinfo/users

Re: [Users] I don't know how to add AD users

2012-11-19 Thread Yair Zaslavsky 



On 11/20/2012 09:05 AM, Cristian Falcas wrote:




On Tue, Nov 20, 2012 at 8:36 AM, Yair Zaslavsky mailto:yzasl...@redhat.com>> wrote:



On 11/20/2012 12:39 AM, Cristian Falcas wrote:



On Mon, Nov 19, 2012 at 10:53 PM, Itamar Heim mailto:ih...@redhat.com>
>> wrote:

 On 11/19/2012 11:29 AM, Vinzenz Feenstra wrote:

 On 11/19/2012 10:01 AM, Cristian Falcas wrote:

 Hi,

 I'm trying to add some users to ovirt using an AD.

 This is the configuration I used for a mediawiki
site, which is
 working correctly:
 $wgAuth = new LdapAuthenticationPlugin();
 $wgLDAPUseLocal = true;
 $wgLDAPDomainNames = array( "a_domain");
 $wgLDAPServerNames = array(
"a_domain"=>"site.example.com 
 
 ");

 $wgLDAPEncryptionType = array( "a_domain"=>"clear");
 $wgLDAPSearchStrings = array(
 "a_domain"=>"rom_domain\\USER-NAME");
 $wgLDAPBaseDNs = array(
"a_domain"=>"dc=company,dc=com");


 Those are the commands I tried using:
 engine-manage-domains -action=add
-domain=site.example.com 
 
  -provider=ActiveDirectory
 -user=user.name  
  -interactive


 engine-manage-domains -action=add -domain=a_domain
 -provider=ActiveDirectory
-user=user.n...@company.com 
 >
 

 >__> -interactive


 engine-manage-domains -action=add -domain=a_domain
 -provider=ActiveDirectory
-user=user.name@site.example.com
 >
 __examp__le.com 

 >> -interactive


 You don't add an user this way. You add the domain. You
have to
 pass the
 domain admin user and the domain admin password.


 any domain user will do, doesn't have to be an admin.
 what does the log say?


 Then you can use the domain within the engine. e.g. search
 users, add
 access rights for vms etc.
 Even login to the engine and assigning rights within
the engine
 you can
 handle from the engine itself.

 Regards,

 And the output on all tries:
 Enter password:

 Error: Authentication Failed. Please verify the fully
 qualified domain
 name that is used for authentication is correct..
 Problematic domain
 is: domain_used_in_command
 Failure while applying Kerberos configuration. Details:
 Authentication
 Failed. Please verify the fully qualified domain
name that
 is used for
 authentication is correct.

 Can someone help me with the correct parameters?


 Best regards,
 Cristian Falcas


 ___
 Users mailing list
Users@ovirt.org  >
http://lists.ovirt.org/mailman/listinfo/users


 >



 --
 Regards,

 Vinzenz Feenstra | Senior Software Engineer
 RedHat Engineering Virtualization R & D
 Phone: +420 532 294 625 


 IRC: vfeenstr or evilissimo

 Better technology. Faster innovation. Powered by community

Re: [Users] I don't know how to add AD users

2012-11-19 Thread Cristian Falcas 
On Tue, Nov 20, 2012 at 8:36 AM, Yair Zaslavsky  wrote:

>
>
> On 11/20/2012 12:39 AM, Cristian Falcas wrote:
>
>>
>>
>> On Mon, Nov 19, 2012 at 10:53 PM, Itamar Heim > > wrote:
>>
>> On 11/19/2012 11:29 AM, Vinzenz Feenstra wrote:
>>
>> On 11/19/2012 10:01 AM, Cristian Falcas wrote:
>>
>> Hi,
>>
>> I'm trying to add some users to ovirt using an AD.
>>
>> This is the configuration I used for a mediawiki site, which
>> is
>> working correctly:
>> $wgAuth = new LdapAuthenticationPlugin();
>> $wgLDAPUseLocal = true;
>> $wgLDAPDomainNames = array( "a_domain");
>> $wgLDAPServerNames = array( "a_domain"=>"site.example.com
>> 
>> ");
>>
>> $wgLDAPEncryptionType = array( "a_domain"=>"clear");
>> $wgLDAPSearchStrings = array(
>> "a_domain"=>"rom_domain\\USER-**__NAME");
>> $wgLDAPBaseDNs = array( "a_domain"=>"dc=company,dc=__**com");
>>
>>
>> Those are the commands I tried using:
>> engine-manage-domains -action=add -domain=site.example.com
>> 
>>  -provider=ActiveDirectory
>> -user=user.name 
>>  -interactive
>>
>>
>> engine-manage-domains -action=add -domain=a_domain
>> -provider=ActiveDirectory -user=user.n...@company.com
>> 
>> >
>> **> -interactive
>>
>>
>> engine-manage-domains -action=add -domain=a_domain
>> -provider=ActiveDirectory -user=user.name@site.example._**
>> _com
>> > >
>> 
>>
>> 
>> >
>> -interactive
>>
>>
>> You don't add an user this way. You add the domain. You have to
>> pass the
>> domain admin user and the domain admin password.
>>
>>
>> any domain user will do, doesn't have to be an admin.
>> what does the log say?
>>
>>
>> Then you can use the domain within the engine. e.g. search
>> users, add
>> access rights for vms etc.
>> Even login to the engine and assigning rights within the engine
>> you can
>> handle from the engine itself.
>>
>> Regards,
>>
>> And the output on all tries:
>> Enter password:
>>
>> Error: Authentication Failed. Please verify the fully
>> qualified domain
>> name that is used for authentication is correct..
>> Problematic domain
>> is: domain_used_in_command
>> Failure while applying Kerberos configuration. Details:
>> Authentication
>> Failed. Please verify the fully qualified domain name that
>> is used for
>> authentication is correct.
>>
>> Can someone help me with the correct parameters?
>>
>>
>> Best regards,
>> Cristian Falcas
>>
>>
>> __**___
>> Users mailing list
>> Users@ovirt.org 
>> 
>> http://lists.ovirt.org/__**mailman/listinfo/users
>>
>> 
>> 
>> >
>>
>>
>>
>> --
>> Regards,
>>
>> Vinzenz Feenstra | Senior Software Engineer
>> RedHat Engineering Virtualization R & D
>> Phone: +420 532 294 625 
>>
>> IRC: vfeenstr or evilissimo
>>
>> Better technology. Faster innovation. Powered by community
>> collaboration.
>> See how it works at redhat.com 
>>
>>
>>
>> __**___
>> Users mailing list
>> Users@ovirt.org 
>> 
>> http://lists.ovirt.org/__**mailman/listinfo/users
>> 
>> 
>> >
>>
>>
>>
>> __**___
>> Users mailing list
>> Users@ovirt.org 
>> 
>> http://lists.ovirt.org/__**mailman/listinfo/users
>>
>> 
>> 
>> >
>>
>>
>>
>>
>> Hi,
>>
>> This is the command I used (the same error is with -interactive
>> parameter):
>>
>>

Re: [Users] I don't know how to add AD users

2012-11-19 Thread Yair Zaslavsky 



On 11/20/2012 12:39 AM, Cristian Falcas wrote:



On Mon, Nov 19, 2012 at 10:53 PM, Itamar Heim mailto:ih...@redhat.com>> wrote:

On 11/19/2012 11:29 AM, Vinzenz Feenstra wrote:

On 11/19/2012 10:01 AM, Cristian Falcas wrote:

Hi,

I'm trying to add some users to ovirt using an AD.

This is the configuration I used for a mediawiki site, which is
working correctly:
$wgAuth = new LdapAuthenticationPlugin();
$wgLDAPUseLocal = true;
$wgLDAPDomainNames = array( "a_domain");
$wgLDAPServerNames = array( "a_domain"=>"site.example.com

");

$wgLDAPEncryptionType = array( "a_domain"=>"clear");
$wgLDAPSearchStrings = array(
"a_domain"=>"rom_domain\\USER-__NAME");
$wgLDAPBaseDNs = array( "a_domain"=>"dc=company,dc=__com");

Those are the commands I tried using:
engine-manage-domains -action=add -domain=site.example.com

 -provider=ActiveDirectory
-user=user.name 
 -interactive


engine-manage-domains -action=add -domain=a_domain
-provider=ActiveDirectory -user=user.n...@company.com

> -interactive


engine-manage-domains -action=add -domain=a_domain
-provider=ActiveDirectory -user=user.name@site.example.__com

> -interactive


You don't add an user this way. You add the domain. You have to
pass the
domain admin user and the domain admin password.


any domain user will do, doesn't have to be an admin.
what does the log say?


Then you can use the domain within the engine. e.g. search
users, add
access rights for vms etc.
Even login to the engine and assigning rights within the engine
you can
handle from the engine itself.

Regards,

And the output on all tries:
Enter password:

Error: Authentication Failed. Please verify the fully
qualified domain
name that is used for authentication is correct..
Problematic domain
is: domain_used_in_command
Failure while applying Kerberos configuration. Details:
Authentication
Failed. Please verify the fully qualified domain name that
is used for
authentication is correct.

Can someone help me with the correct parameters?


Best regards,
Cristian Falcas


_
Users mailing list
Users@ovirt.org 
http://lists.ovirt.org/__mailman/listinfo/users




--
Regards,

Vinzenz Feenstra | Senior Software Engineer
RedHat Engineering Virtualization R & D
Phone: +420 532 294 625 
IRC: vfeenstr or evilissimo

Better technology. Faster innovation. Powered by community
collaboration.
See how it works at redhat.com 



_
Users mailing list
Users@ovirt.org 
http://lists.ovirt.org/__mailman/listinfo/users




_
Users mailing list
Users@ovirt.org 
http://lists.ovirt.org/__mailman/listinfo/users





Hi,

This is the command I used (the same error is with -interactive parameter):

engine-manage-domains -action=add -domain=example.com
 -provider=ActiveDirectory -user=user.name@a_domain
-passwordFile=/tmp/pass

[root@localhost ~]# cat /tmp/pass
qwerty[root@localhost ~]#

This is the log:

2012-11-20 00:30:40,443 INFO
[org.ovirt.engine.core.utils.kerberos.ManageDomains] Creating kerberos
configuration for domain(s): example.com 
2012-11-20 00:30:40,525 INFO
[org.ovirt.engine.core.utils.kerberos.ManageDomains] Successfully
created kerberos configuration for domain(s): example.com

2012-11-20 00:30:40,526 INFO
[org.ovirt.engine.core.utils.kerberos.ManageDomains] Testing kerberos
configuration for domain: example.com 
2012-11-20 00:30:40,830 ERROR
[org.ovirt.engine.core.utils.kerberos.KerberosConfigCheck] Error:
exception

Re: [Users] I don't know how to add AD users

2012-11-19 Thread Cristian Falcas 
On Mon, Nov 19, 2012 at 10:53 PM, Itamar Heim  wrote:

> On 11/19/2012 11:29 AM, Vinzenz Feenstra wrote:
>
>> On 11/19/2012 10:01 AM, Cristian Falcas wrote:
>>
>>> Hi,
>>>
>>> I'm trying to add some users to ovirt using an AD.
>>>
>>> This is the configuration I used for a mediawiki site, which is
>>> working correctly:
>>> $wgAuth = new LdapAuthenticationPlugin();
>>> $wgLDAPUseLocal = true;
>>> $wgLDAPDomainNames = array( "a_domain");
>>> $wgLDAPServerNames = array( "a_domain"=>"site.example.com
>>> ");
>>>
>>> $wgLDAPEncryptionType = array( "a_domain"=>"clear");
>>> $wgLDAPSearchStrings = array( "a_domain"=>"rom_domain\\USER-**NAME");
>>> $wgLDAPBaseDNs = array( "a_domain"=>"dc=company,dc=**com");
>>>
>>> Those are the commands I tried using:
>>> engine-manage-domains -action=add -domain=site.example.com
>>>  -provider=ActiveDirectory -user=user.name
>>>  -interactive
>>>
>>>
>>> engine-manage-domains -action=add -domain=a_domain
>>> -provider=ActiveDirectory -user=user.n...@company.com
>>>  -interactive
>>>
>>>
>>> engine-manage-domains -action=add -domain=a_domain
>>> -provider=ActiveDirectory 
>>> -user=user.name@site.example.**com
>>> 
>>> -interactive
>>>
>>>
>>>  You don't add an user this way. You add the domain. You have to pass the
>> domain admin user and the domain admin password.
>>
>
> any domain user will do, doesn't have to be an admin.
> what does the log say?
>
>
>  Then you can use the domain within the engine. e.g. search users, add
>> access rights for vms etc.
>> Even login to the engine and assigning rights within the engine you can
>> handle from the engine itself.
>>
>> Regards,
>>
>>> And the output on all tries:
>>> Enter password:
>>>
>>> Error: Authentication Failed. Please verify the fully qualified domain
>>> name that is used for authentication is correct.. Problematic domain
>>> is: domain_used_in_command
>>> Failure while applying Kerberos configuration. Details: Authentication
>>> Failed. Please verify the fully qualified domain name that is used for
>>> authentication is correct.
>>>
>>> Can someone help me with the correct parameters?
>>>
>>>
>>> Best regards,
>>> Cristian Falcas
>>>
>>>
>>> __**_
>>> Users mailing list
>>> Users@ovirt.org
>>> http://lists.ovirt.org/**mailman/listinfo/users
>>>
>>
>>
>> --
>> Regards,
>>
>> Vinzenz Feenstra | Senior Software Engineer
>> RedHat Engineering Virtualization R & D
>> Phone: +420 532 294 625
>> IRC: vfeenstr or evilissimo
>>
>> Better technology. Faster innovation. Powered by community collaboration.
>> See how it works at redhat.com
>>
>>
>>
>> __**_
>> Users mailing list
>> Users@ovirt.org
>> http://lists.ovirt.org/**mailman/listinfo/users
>>
>>
>
> __**_
> Users mailing list
> Users@ovirt.org
> http://lists.ovirt.org/**mailman/listinfo/users
>



Hi,

This is the command I used (the same error is with -interactive parameter):

engine-manage-domains -action=add
-domain=example.com-provider=ActiveDirectory
-user=user.name@a_domain-passwordFile=/tmp/pass

[root@localhost ~]# cat /tmp/pass
qwerty[root@localhost ~]#

This is the log:

2012-11-20 00:30:40,443 INFO
[org.ovirt.engine.core.utils.kerberos.ManageDomains] Creating kerberos
configuration for domain(s): example.com
2012-11-20 00:30:40,525 INFO
[org.ovirt.engine.core.utils.kerberos.ManageDomains] Successfully created
kerberos configuration for domain(s): example.com
2012-11-20 00:30:40,526 INFO
[org.ovirt.engine.core.utils.kerberos.ManageDomains] Testing kerberos
configuration for domain: example.com
2012-11-20 00:30:40,830 ERROR
[org.ovirt.engine.core.utils.kerberos.KerberosConfigCheck] Error:
exception message: Cannot locate KDC
2012-11-20 00:30:40,851 ERROR
[org.ovirt.engine.core.utils.kerberos.ManageDomains] Failure while testing
domain example.com. Details: Kerberos error. Please check log for further
details.

This is the ldapsearch command that works (it retrieves users) from the
same machine:

ldapsearch -H ldap://example.com -b dc=example,dc=com -D
user.name@a_domain-w qwerty


Best regards,
Cristian Falcas
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [Users] I don't know how to add AD users

2012-11-19 Thread Itamar Heim 

On 11/19/2012 11:29 AM, Vinzenz Feenstra wrote:

On 11/19/2012 10:01 AM, Cristian Falcas wrote:

Hi,

I'm trying to add some users to ovirt using an AD.

This is the configuration I used for a mediawiki site, which is
working correctly:
$wgAuth = new LdapAuthenticationPlugin();
$wgLDAPUseLocal = true;
$wgLDAPDomainNames = array( "a_domain");
$wgLDAPServerNames = array( "a_domain"=>"site.example.com
");
$wgLDAPEncryptionType = array( "a_domain"=>"clear");
$wgLDAPSearchStrings = array( "a_domain"=>"rom_domain\\USER-NAME");
$wgLDAPBaseDNs = array( "a_domain"=>"dc=company,dc=com");

Those are the commands I tried using:
engine-manage-domains -action=add -domain=site.example.com
 -provider=ActiveDirectory -user=user.name
 -interactive

engine-manage-domains -action=add -domain=a_domain
-provider=ActiveDirectory -user=user.n...@company.com
 -interactive

engine-manage-domains -action=add -domain=a_domain
-provider=ActiveDirectory -user=user.n...@site.example.com
 -interactive



You don't add an user this way. You add the domain. You have to pass the
domain admin user and the domain admin password.


any domain user will do, doesn't have to be an admin.
what does the log say?


Then you can use the domain within the engine. e.g. search users, add
access rights for vms etc.
Even login to the engine and assigning rights within the engine you can
handle from the engine itself.

Regards,

And the output on all tries:
Enter password:

Error: Authentication Failed. Please verify the fully qualified domain
name that is used for authentication is correct.. Problematic domain
is: domain_used_in_command
Failure while applying Kerberos configuration. Details: Authentication
Failed. Please verify the fully qualified domain name that is used for
authentication is correct.

Can someone help me with the correct parameters?


Best regards,
Cristian Falcas


___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users



--
Regards,

Vinzenz Feenstra | Senior Software Engineer
RedHat Engineering Virtualization R & D
Phone: +420 532 294 625
IRC: vfeenstr or evilissimo

Better technology. Faster innovation. Powered by community collaboration.
See how it works at redhat.com



___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users




___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [Users] I don't know how to add AD users

2012-11-19 Thread Cristian Falcas 
On Mon, Nov 19, 2012 at 12:15 PM, Yair Zaslavsky wrote:

> + LdapEncryptionType clear is not understandable.
> What did you mean by that?
>
>
> --
>
> *From: *"Vinzenz Feenstra" 
> *To: *users@ovirt.org
> *Sent: *Monday, November 19, 2012 11:29:42 AM
> *Subject: *Re: [Users] I don't know how to add AD users
>
>
> On 11/19/2012 10:01 AM, Cristian Falcas wrote:
>
> Hi,
>
> I'm trying to add some users to ovirt using an AD.
>
> This is the configuration I used for a mediawiki site, which is working
> correctly:
> $wgAuth = new LdapAuthenticationPlugin();
> $wgLDAPUseLocal = true;
> $wgLDAPDomainNames = array( "a_domain");
> $wgLDAPServerNames = array( "a_domain"=>"site.example.com");
> $wgLDAPEncryptionType = array( "a_domain"=>"clear");
> $wgLDAPSearchStrings = array( "a_domain"=>"rom_domain\\USER-NAME");
> $wgLDAPBaseDNs = array( "a_domain"=>"dc=company,dc=com");
>
> Those are the commands I tried using:
> engine-manage-domains -action=add 
> -domain=site.example.com-provider=ActiveDirectory -user=
> user.name -interactive
>
> engine-manage-domains -action=add -domain=a_domain
> -provider=ActiveDirectory -user=user.n...@company.com -interactive
>
> engine-manage-domains -action=add -domain=a_domain
> -provider=ActiveDirectory -user=user.n...@site.example.com -interactive
>
>
>  You don't add an user this way. You add the domain. You have to pass the
> domain admin user and the domain admin password.
> Then you can use the domain within the engine. e.g. search users, add
> access rights for vms etc.
> Even login to the engine and assigning rights within the engine you can
> handle from the engine itself.
>
> Regards,
>
> And the output on all tries:
> Enter password:
>
> Error: Authentication Failed. Please verify the fully qualified domain
> name that is used for authentication is correct.. Problematic domain is:
> domain_used_in_command
> Failure while applying Kerberos configuration. Details: Authentication
> Failed. Please verify the fully qualified domain name that is used for
> authentication is correct.
>
> Can someone help me with the correct parameters?
>
>
> Best regards,
> Cristian Falcas
>
>
> ___
> Users mailing listUsers@ovirt.orghttp://lists.ovirt.org/mailman/listinfo/users
>
>
>
> --
> Regards,
>
> Vinzenz Feenstra | Senior Software Engineer
> RedHat Engineering Virtualization R & D
> Phone: +420 532 294 625
> IRC: vfeenstr or evilissimo
>
> Better technology. Faster innovation. Powered by community collaboration.
> See how it works at redhat.com
>
>
> ___
> Users mailing list
> Users@ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
>
>
>
> ___
> Users mailing list
> Users@ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
>
>

That was the configuration needed for the wiki extension used for ldap
authentication.

So the admin users is needed in order to retrieve the list of users only?

Can someone recommend the simplest ldap server installation I could use for
this? I was thinking first at freeipa, but it's not compatible with
mod_ssl, which is required by ovirt.

Best regards,
Cristian Falcas
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [Users] I don't know how to add AD users

2012-11-19 Thread Yair Zaslavsky 
+ LdapEncryptionType clear is not understandable. 
What did you mean by that? 

- Original Message -

> From: "Vinzenz Feenstra" 
> To: users@ovirt.org
> Sent: Monday, November 19, 2012 11:29:42 AM
> Subject: Re: [Users] I don't know how to add AD users

> On 11/19/2012 10:01 AM, Cristian Falcas wrote:

> > Hi,
> 

> > I'm trying to add some users to ovirt using an AD.
> 

> > This is the configuration I used for a mediawiki site, which is
> > working correctly:
> 
> > $wgAuth = new LdapAuthenticationPlugin();
> 
> > $wgLDAPUseLocal = true;
> 
> > $wgLDAPDomainNames = array( "a_domain");
> 
> > $wgLDAPServerNames = array( "a_domain"=>" site.example.com ");
> 
> > $wgLDAPEncryptionType = array( "a_domain"=>"clear");
> 
> > $wgLDAPSearchStrings = array( "a_domain"=>"rom_domain\\USER-NAME");
> 
> > $wgLDAPBaseDNs = array( "a_domain"=>"dc=company,dc=com");
> 

> > Those are the commands I tried using:
> 
> > engine-manage-domains -action=add -domain= site.example.com
> > -provider=ActiveDirectory -user= user.name -interactive
> 

> > engine-manage-domains -action=add -domain=a_domain
> > -provider=ActiveDirectory -user= user.n...@company.com -interactive
> 

> > engine-manage-domains -action=add -domain=a_domain
> > -provider=ActiveDirectory -user= user.n...@site.example.com
> > -interactive
> 

> You don't add an user this way. You add the domain. You have to pass
> the domain admin user and the domain admin password.
> Then you can use the domain within the engine. e.g. search users, add
> access rights for vms etc.
> Even login to the engine and assigning rights within the engine you
> can handle from the engine itself.

> Regards,

> > And the output on all tries:
> 
> > Enter password:
> 

> > Error: Authentication Failed. Please verify the fully qualified
> > domain name that is used for authentication is correct..
> > Problematic
> > domain is: domain_used_in_command
> 
> > Failure while applying Kerberos configuration. Details:
> > Authentication Failed. Please verify the fully qualified domain
> > name
> > that is used for authentication is correct.
> 

> > Can someone help me with the correct parameters?
> 

> > Best regards,
> 
> > Cristian Falcas
> 

> > ___
> 
> > Users mailing list Users@ovirt.org
> > http://lists.ovirt.org/mailman/listinfo/users
> 
> --
> Regards,

> Vinzenz Feenstra | Senior Software Engineer
> RedHat Engineering Virtualization R & D
> Phone: +420 532 294 625
> IRC: vfeenstr or evilissimo

> Better technology. Faster innovation. Powered by community
> collaboration.
> See how it works at redhat.com
> ___
> Users mailing list
> Users@ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [Users] I don't know how to add AD users

2012-11-19 Thread Vinzenz Feenstra 

On 11/19/2012 10:01 AM, Cristian Falcas wrote:

Hi,

I'm trying to add some users to ovirt using an AD.

This is the configuration I used for a mediawiki site, which is 
working correctly:

$wgAuth = new LdapAuthenticationPlugin();
$wgLDAPUseLocal = true;
$wgLDAPDomainNames = array( "a_domain");
$wgLDAPServerNames = array( "a_domain"=>"site.example.com 
");

$wgLDAPEncryptionType = array( "a_domain"=>"clear");
$wgLDAPSearchStrings = array( "a_domain"=>"rom_domain\\USER-NAME");
$wgLDAPBaseDNs = array( "a_domain"=>"dc=company,dc=com");

Those are the commands I tried using:
engine-manage-domains -action=add -domain=site.example.com 
 -provider=ActiveDirectory -user=user.name 
 -interactive


engine-manage-domains -action=add -domain=a_domain 
-provider=ActiveDirectory -user=user.n...@company.com 
 -interactive


engine-manage-domains -action=add -domain=a_domain 
-provider=ActiveDirectory -user=user.n...@site.example.com 
 -interactive



You don't add an user this way. You add the domain. You have to pass the 
domain admin user and the domain admin password.
Then you can use the domain within the engine. e.g. search users, add 
access rights for vms etc.
Even login to the engine and assigning rights within the engine you can 
handle from the engine itself.


Regards,

And the output on all tries:
Enter password:

Error: Authentication Failed. Please verify the fully qualified domain 
name that is used for authentication is correct.. Problematic domain 
is: domain_used_in_command
Failure while applying Kerberos configuration. Details: Authentication 
Failed. Please verify the fully qualified domain name that is used for 
authentication is correct.


Can someone help me with the correct parameters?


Best regards,
Cristian Falcas


___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users



--
Regards,

Vinzenz Feenstra | Senior Software Engineer
RedHat Engineering Virtualization R & D
Phone: +420 532 294 625
IRC: vfeenstr or evilissimo

Better technology. Faster innovation. Powered by community collaboration.
See how it works at redhat.com

___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

[Users] I don't know how to add AD users

2012-11-19 Thread Cristian Falcas 
Hi,

I'm trying to add some users to ovirt using an AD.

This is the configuration I used for a mediawiki site, which is working
correctly:
$wgAuth = new LdapAuthenticationPlugin();
$wgLDAPUseLocal = true;
$wgLDAPDomainNames = array( "a_domain");
$wgLDAPServerNames = array( "a_domain"=>"site.example.com");
$wgLDAPEncryptionType = array( "a_domain"=>"clear");
$wgLDAPSearchStrings = array( "a_domain"=>"rom_domain\\USER-NAME");
$wgLDAPBaseDNs = array( "a_domain"=>"dc=company,dc=com");

Those are the commands I tried using:
engine-manage-domains -action=add
-domain=site.example.com-provider=ActiveDirectory -user=
user.name -interactive

engine-manage-domains -action=add -domain=a_domain
-provider=ActiveDirectory -user=user.n...@company.com -interactive

engine-manage-domains -action=add -domain=a_domain
-provider=ActiveDirectory -user=user.n...@site.example.com -interactive


And the output on all tries:
Enter password:

Error: Authentication Failed. Please verify the fully qualified domain name
that is used for authentication is correct.. Problematic domain is:
domain_used_in_command
Failure while applying Kerberos configuration. Details: Authentication
Failed. Please verify the fully qualified domain name that is used for
authentication is correct.

Can someone help me with the correct parameters?


Best regards,
Cristian Falcas
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users