[ovirt-users] Upgrade to Ovirt 3.5.0 Authentication Fails to IPA

Hi, just tried it too. I was not successfull to reproduce, but the problem is that the domain part of LDAPSecurityAuthentication is uppercase as Cameron wrote. In 3.4 it is OK when it's upper case - everything works OK, but in 3.5 it's not. I checked differences and something like this would be

Re: [ovirt-users] Adding domain to oVirt to 3.5 issue

...@redhat.com, Ondra Machacek omach...@redhat.com Sent: Monday, November 24, 2014 1:27:39 PM Subject: Re: [ovirt-users] Adding domain to oVirt to 3.5 issue Yes, I think we just fixed this[1]. We can fix this manually, yair, ondra what is the easiest fix? BTW: you can also checkout the new ldap

Re: [ovirt-users] Adding domain to oVirt to 3.5 issue

...@redhat.com To: Ondra Machacek omach...@redhat.com Cc: jj197...@gmail.com, users@ovirt.org, Yair Zaslavsky yzasl...@redhat.com Sent: Monday, November 24, 2014 1:49:11 PM Subject: Re: [ovirt-users] Adding domain to oVirt to 3.5 issue - Original Message - From: Ondra Machacek omach

Re: [ovirt-users] Adding domain to oVirt to 3.5 issue

: psql: FATAL: Ident authentication failed for user engine Is there any problem? Many thanks in advanced, Juanjo. On Mon, Nov 24, 2014 at 1:57 PM, Ondra Machacek omach...@redhat.com wrote: I understood that domain can be deleted, but can't be added, so there won't be needed

Re: [ovirt-users] Adding domain to oVirt to 3.5 issue

alo...@redhat.com To: Juan Jose jj197...@gmail.com Cc: Ondra Machacek omach...@redhat.com, Yair Zaslavsky yzasl...@redhat.com, users@ovirt.org Sent: Tuesday, November 25, 2014 1:49:20 PM Subject: Re: [ovirt-users] Adding domain to oVirt to 3.5 issue 2014-11-25 12:54:10,687 ERROR

Re: [ovirt-users] Adding domain to oVirt to 3.5 issue

: Ondra Machacek omach...@redhat.com, Yair Zaslavsky yzasl...@redhat.com, users@ovirt.org Sent: Tuesday, November 25, 2014 1:49:20 PM Subject: Re: [ovirt-users] Adding domain to oVirt to 3.5 issue 2014-11-25 12:54:10,687 ERROR

Re: [ovirt-users] Adding domain to oVirt to 3.5 issue

- From: Juan Jose jj197...@gmail.com To: Alon Bar-Lev alo...@redhat.com Cc: Ondra Machacek omach...@redhat.com, Yair Zaslavsky yzasl...@redhat.com, users@ovirt.org Sent: Friday, November 28, 2014 1:03:30 PM Subject: Re: [ovirt-users] Adding domain to oVirt to 3.5 issue Hello everybody, I

Re: [ovirt-users] Info on changing IPA server hostname in oVirt

Hi, please take a look here[1]. [1] - https://bugzilla.redhat.com/show_bug.cgi?id=1156577 - Original Message - From: Gianluca Cecchi gianluca.cec...@gmail.com To: users users@ovirt.org Sent: Wednesday, December 10, 2014 4:11:30 PM Subject: [ovirt-users] Info on changing IPA server

Re: [ovirt-users] Info on changing IPA server hostname in oVirt

Machacek omach...@redhat.com Cc: users users@ovirt.org Sent: Wednesday, December 10, 2014 4:45:06 PM Subject: Re: [ovirt-users] Info on changing IPA server hostname in oVirt On Wed, Dec 10, 2014 at 4:20 PM, Ondra Machacek omach...@redhat.com wrote: Hi, please take a look here[1]. [1

Re: [ovirt-users] how to rename disk alias on python sdk

Hi, update method has now only vm disk, not floating disk. Ondra - Original Message - From: Amedeo Salvati ame...@oscert.net To: users@ovirt.org Sent: Thursday, December 11, 2014 11:29:07 AM Subject: [ovirt-users] how to rename disk alias on python sdk Hello all, I want to

Re: [ovirt-users] Ovirt qouta

Assigning it to group and add your users into that group should do the job. On 02/04/2015 11:04 PM, Donny Davis wrote: Does anyone know if there if a way to set quotas without manually doing it for each user. As many of you already know I am the proprietor of cloudspin.me where I offer IaaS

Re: [ovirt-users] Error authenticating bind using the AAA OpenLDAP module

On 01/15/2015 10:36 AM, Alon Bar-Lev wrote: - Original Message - From: Bruno Rodriguez br...@pic.es To: Ondra Machacek omach...@redhat.com Cc: Esther Accion esth...@pic.es, users@ovirt.org Sent: Thursday, January 15, 2015 11:20:57 AM Subject: Re: [ovirt-users] Error authenticating

Re: [ovirt-users] Error authenticating bind using the AAA OpenLDAP module

Hi, On 01/14/2015 04:53 PM, Bruno Rodriguez wrote: Good afternoon, We cannot access to Ovirt using LDAP authentication against our openldap server. We created the following files in /etc/ovirt-engine/extensions.d (the organization name is not example.org http://example.org and the passwords

Re: [ovirt-users] oVirt 3.5.1 user permissions

, Ondra Machacek omach...@redhat.com mailto:omach...@redhat.com wrote: On 01/29/2015 09:35 AM, Nikolai Bochev wrote: Hello, I've been running ovirt hosted engine for around a month already without any major interruptions. Last week i tied it to freeipa

Re: [ovirt-users] oVirt 3.5.1 user permissions

On 01/29/2015 09:35 AM, Nikolai Bochev wrote: Hello, I've been running ovirt hosted engine for around a month already without any major interruptions. Last week i tied it to freeipa, to be able to give permissions to other people, but so far no success because of the following problem : All

Re: [ovirt-users] AAA

. It searches for global catalog like this: dig @${vars.dns} -t SRV _gc._tcp.${vars.domain} So you need to have this SRV record in DNS, if you want to use srvrecord serverset type. Or you don't have to if you use single server type. Thanks for the reply! 2015-01-29 11:53 GMT+01:00 Ondra Machacek

Re: [ovirt-users] AAA

On 01/29/2015 11:41 AM, Koen Vanoppen wrote: Can somebody help me setting up AAA for ovirt 3.5.1? I'm getting this now: 2015-01-29 11:35:36,889 WARN [org.ovirt.engineextensions.aaa.ldap.AuthzExtension] (MSC service thread 1-1) [ovirt-engine-extension-aaa-ldap.authz::BRU_AIR-authz] Cannot

Re: [ovirt-users] AAA

: - Original Message - From: Ondra Machacek omach...@redhat.com mailto:omach...@redhat.com To: Koen Vanoppen vanoppen.k...@gmail.com mailto:vanoppen.k...@gmail.com, users@ovirt.org mailto:users@ovirt.org Sent: Thursday, January 29, 2015 1

Re: [ovirt-users] AAA

._tcp.ldap.mydomain.com http://tcp.ldap.mydomain.com': javax.naming.NameNotFoundException: DNS name not found [response code 3]; remaining name '_ldap._tcp.ldap.mydomain.com http://tcp.ldap.mydomain.com' And yes I replayed mydomain with the correct one... :-) 2015-01-29 14:40 GMT+01:00 Ondra Machacek

Re: [ovirt-users] AAA

didn't have them never and you just used '--ldapServers' parameter, that's why manage-domains worked with your domain. Now you are using DNS, not static configuration of ldap servers. 2015-01-29 14:48 GMT+01:00 Ondra Machacek omach...@redhat.com mailto:omach...@redhat.com: It's same

Re: [ovirt-users] Setting Base DN for LDAP authentication

Hi, On 01/09/2015 07:31 AM, jdel...@web.de wrote: Hello, I'm trying to configure LDAP authentication with oVirt 3.5 and ovirt-engine-extension-aaa-ldap. I chose the simple bind transport example. But the given examples are missing the explicit specification of a base dn. Could you please

Re: [ovirt-users] WebGUI: User permissions to Data Center

of use? But my next question is: Can VM Pools be created and managed from User Portal? No, it's not possible. You can only use it, if you have appropriate permissions. 2015-03-24 10:14 GMT+01:00 Ondra Machacek omach...@redhat.com: Hi, On 03/24/2015 09:52 AM, shimano wrote: Hi guys

Re: [ovirt-users] WebGUI: User permissions to Data Center

Hi, On 03/24/2015 09:52 AM, shimano wrote: Hi guys, I'd like my users to have access to their VMs via Web UserPortal. And I've got it but only in a half, because they see their VMs in Basic view where they cannot create or manage VMs. In Extended view they have an error: Not available

Re: [ovirt-users] LDAP bind DN generation problem

On 06/18/2015 02:07 PM, Mitja Mihelič wrote: Hi! Hi We just upgaded oVirt from 3.4 to 3.5 and now users cannot select the LDAP domain on the login screen. Only internal is available. Our LDAP server is actually a 389DS instance and we are using for authentication in oVirt without Kerberos.

Re: [ovirt-users] Adding a new quota via the ovirt-shell

Hi, cli/sdks are built on top of REST API, but there is no support for quota in 3.5 in REST API. But see[1], should be supported in 3.6. [1] https://bugzilla.redhat.com/show_bug.cgi?id=893927 On 06/18/2015 03:49 PM, nico...@devels.es wrote: Hi, Is it currently possible to define a new

Re: [ovirt-users] ovirt 3.6 engine-setup failed db consisty check failed

Hi, please take a look at this bz[1] Ondra [1] https://bugzilla.redhat.com/show_bug.cgi?id=1254639 On 08/21/2015 10:54 AM, Marc Werner wrote: Hi Im runnin ovirt 3.6 and want to upgrade the engine to the newest version… db consisty check failed I tracked it down to engine=# select

Re: [ovirt-users] [ATN] LDAP Users please read

Hi, On 08/06/2015 03:28 PM, Joop wrote: Hi Alon, I'll take the bait :-) I have just installed the extension and the examples are there. I also installed the migration tool. Now it comes. We use Samba4 as our AD provider and have succesfully connected Foreman-1.8 to it using the cert that I

Re: [ovirt-users] api access with poweruser role

On 10/29/2015 03:56 PM, Ondra Machacek wrote: On 10/28/2015 11:29 AM, Jorick Astrego wrote: On 10/26/2015 03:14 PM, Jorick Astrego wrote: On 10/26/2015 02:57 PM, Ondra Machacek wrote: On 10/26/2015 02:53 PM, Jorick Astrego wrote: Hi, Currently I'm trying to add an ovirt compute

Re: [ovirt-users] api access with poweruser role

On 10/28/2015 11:29 AM, Jorick Astrego wrote: On 10/26/2015 03:14 PM, Jorick Astrego wrote: On 10/26/2015 02:57 PM, Ondra Machacek wrote: On 10/26/2015 02:53 PM, Jorick Astrego wrote: Hi, Currently I'm trying to add an ovirt compute resource in forman that is limited to the VM's

Re: [ovirt-users] api access with poweruser role

On 10/26/2015 02:53 PM, Jorick Astrego wrote: Hi, Currently I'm trying to add an ovirt compute resource in forman that is limited to the VM's of the user. When I give this user the PowerUser role, I cannot access the api: query execution failed due to insufficient permissions Are

Re: [ovirt-users] [3.6] Change admin password

-11-06 07:09:37Z Account Without Password: false Last successful Login At: 2015-11-13 14:28:33Z Last unsuccessful Login At: 2015-11-13 14:37:35Z Password Valid To: 2215-09-19 07:09:38Z Ok how can I set my password ??? On Fri, Nov 13, 2015 at 3:30 PM, Ondra Machacek <omach...@redhat.com>

Re: [ovirt-users] AIO UPG Error from 3.5 to 3.6

5-1.el7.centos ovirt-3.6 *From:*Ondra Machacek [mailto:omach...@redhat.com] *Sent:* Mittwoch, 04. November 2015 20:35 *To:* Christian Rebel; 'Artyom Lukianov' *Cc:* users@ovirt.org *Subject:* Re: [ovirt-users] AIO UPG Error from 3.5 to 3.6 Try: yum update ovirt-engine-setup and then

Re: [ovirt-users] AIO UPG Error from 3.5 to 3.6

Try: yum update ovirt-engine-setup and then engine-setup On 11/04/2015 08:16 PM, Christian Rebel wrote: Seems not to be working, any other ideas? _yum update --skip-broken:_ Skipped (dependency problems): glusterfs.x86_64 0:3.7.5-1.el7 glusterfs-api.x86_64 0:3.7.5-1.el7

Re: [ovirt-users] Admin internal inlog problems with clean install 3.6RC

led to execute stage 'Closing up': Failed to stop service 'ovirt-vmconsole-proxy-sshd'" So, while I've got it working, I still don't have a good explanation of why it didn't work before and does again now. I rebuild a few more times and see if I can get it to happen again. Christopher On 1

Re: [ovirt-users] [3.6] API - Internal Server Error

Can you send debug log please? On 11/18/2015 05:56 PM, Maksim Naumov wrote: After some time, API stopped work. When I try to run any request I see only "Internal Server Error" and the log like this: 2015-11-18 17:53:05,634 ERROR

Re: [ovirt-users] [3.6] Change admin password

$ ovirt-aaa-jdbc-tool user password-reset admin --password=pass:YourNewPassword Go over it's help to understand all options. On 11/13/2015 03:23 PM, Maksim Naumov wrote: Hello How can I change admin password? I tried # engine-config -s AdminPassword=interactive Error setting

Re: [ovirt-users] [3.6] Change admin password

unsuccessful Login At: 2015-11-13 14:37:35Z Password Valid To: 2215-09-19 07:09:38Z Ok how can I set my password ??? On Fri, Nov 13, 2015 at 3:30 PM, Ondra Machacek <omach...@redhat.com <mailto:omach...@redhat.com>> wrote: $ ovirt-aaa-jdbc-tool user password-reset admin

Re: [ovirt-users] Problem with kerberos authentication and ovirt-engine-sdk-python

Hi, maybe I am wrong, but I think you didn't properly setup your ovirt to support kerberos. You have to use new AAA, do you use it? It's not working with legacy manage-domains. Please see these[1][2] links. Ondra [1] http://www.ovirt.org/Features/AAA [2]

Re: [ovirt-users] Admin@internal inlog problems with clean install 3.6RC

Hi, You can change admin account expiration as below: $ ovirt-aaa-jdbc-tool user edit admin --account-valid-to="2100-01-01 00:00:00Z" Ondra On 09/30/2015 04:08 PM, Joop wrote: I just installed 3.6RC and got Cannot Login. User Account has expired, Please contact your system administrator.

Re: [ovirt-users] FreeIPA

*De: *"Ondra Machacek" <omach...@redhat.com> *Para: *supo...@logicworks.pt, users@ovirt.org *Enviadas: *Quarta-feira, 23 De Setembro de 2015 7:40:12 *Assunto: *Re: [ovirt-users] FreeIPA Just for clarification - ovirt-engine-extension-aaa-ldap-setup is available from oVi

Re: [ovirt-users] FreeIPA

gging/logger=org.ovirt.engineextensions.aaa.ldap:write-attribute(name=level,value=ALL)" get this error: Duplicate argument '--command'/'--commands'. can't see why ---- *De: *"Ondra Machacek" <omach...@r

Re: [ovirt-users] FreeIPA

rue' *De: *"Ondra Machacek" <omach...@redhat.com> *Para: *supo...@logicworks.pt *Cc: *users@ovirt.org *Enviadas: *Quarta-feira, 23 De Setembro de 2015 15:02:54 *Assunto: *Re: [ovirt-users] FreeIPA Try this[1] easier approach. [1] https://gerrit

Re: [ovirt-users] FreeIPA

to the agent on the guest, it may be unresponsive or not installed. As a result, some features may not work. What kind of agent shoul I install on the guests? Thaks a lot *De: *"Ondra Machacek" <omach...@redh

Re: [ovirt-users] LDAP Authentication

Hi, as Alon already said, you have trailing space in your configuration 'my.abc.net ' <-- space at the end Please remove this space and try again. Ondra On 09/23/2015 05:35 AM, Budur Nagaraju wrote: HI Alon, Tried all the options but no luck , I have copied the logs in the pastebin below

Re: [ovirt-users] LDAP Authentication

easons: USER_NOT_AUTHORIZED_TO_PERFORM_ACTION Thanks, Nagaraju On Wed, Sep 23, 2015 at 12:13 PM, Ondra Machacek <omach...@redhat.com <mailto:omach...@redhat.com>> wrote: Hi, as Alon already said, you have trailing space in your configuration 'my.abc.net <http://my.abc.net>

Re: [ovirt-users] FreeIPA

Just for clarification - ovirt-engine-extension-aaa-ldap-setup is available from oVirt 3.6 Can you send engine.log, hard to say what's wrong from configuration, it looks good. On 09/22/2015 09:55 PM, Ravi Nori wrote: Once you have installed ovirt-engine-extension-aaa-ldap and

Re: [ovirt-users] LDAP Authentication

With UserRole you can only login to UserPortal, not webadmin. Do you have this issue when you try to login to UserPortal? On 09/23/2015 09:22 AM, Budur Nagaraju wrote: Provided the "user role" permissions still same issue On Wed, Sep 23, 2015 at 12:48 PM, Ondra Machacek <omach.

Re: [ovirt-users] LDAP Authentication

/2015 09:29 AM, Budur Nagaraju wrote: yeah facing issues while logging to the user portal. On Wed, Sep 23, 2015 at 12:54 PM, Ondra Machacek <omach...@redhat.com <mailto:omach...@redhat.com>> wrote: With UserRole you can only login to UserPortal, not webadmin. Do you have thi

Re: [ovirt-users] Admin internal inlog problems with clean install 3.6RC

Hi, I believe this should solve your problem: $ ovirt-aaa-jdbc-tool user edit admin --account-valid-to="2100-01-01 00:00:00Z" (feel free change the date to whatever suites you) If it won't help, can you please send output of this psql command? # select valid_to from aaa_jdbc.users where

Re: [ovirt-users] Strange issue after upgrade

Hi, do you use ovirt-3.6? If yes and you run 'yum update', then please run also 'engine-setup' again. For more info please read: /usr/share/doc/ovirt-engine-extension-aaa-jdbc-1.0.4/README.admin Ondra On 12/16/2015 11:55 AM, Stefano Danzi wrote: Hello, today yum ugraded my ovirt

Re: [ovirt-users] Bug?

Hi, this error usually mean, that your user can't be translated to userprincipalname. The strange thing is that it worked, but stopped. Can you please assure, that your user has userprincipalname atttribute? $ ldapsearch -H ldap://ldapserver:3268/ -x -D 'searchu...@company.be' -w password -b

Re: [ovirt-users] free-IPA Multi-Master Authentication Problem

On 06/03/2016 05:44 PM, Kilian Ries wrote: Hi, i have two free-IPA directories setup in multi-master replication. Both are running on CentOS 7.2 with latest Software installed. Replication between both IPAs is setup correctly and i am able to authenticate against each of the two manually.

Re: [ovirt-users] free-IPA Multi-Master Authentication Problem

as soon as possible. Greets Kilian Von: Ondra Machacek <omach...@redhat.com> Gesendet: Montag, 6. Juni 2016 09:48 An: Kilian Ries; users@ovirt.org Betreff: Re: [ovirt-users] free-IPA Multi-Master Authentication Problem On 06/03/2016 05:44 PM, Kilian Ries

Re: [ovirt-users] Can't perform search after setting up an Active Directory

On 05/25/2016 03:47 PM, Alexis HAUSER wrote: Can you please send what's happening during initialization of engine? (logs right after ovirt-engine is restarted). Or run this command and send output of file 'login.log': $ ovirt-engine-extensions-tool --log-level=FINEST

Re: [ovirt-users] VDI experience to share?

On 06/15/2016 12:26 PM, Michal Skrivanek wrote: On 15 Jun 2016, at 12:18, Giorgio Bersano wrote: Hi everyone, I've been asked to deploy a VDI solution based on our oVirt infrastructure. What we have in production is a 3.6 manager (standalone, not HE) with a 3.5

Re: [ovirt-users] Can't perform search after setting up an Active Directory

On 05/30/2016 12:03 PM, Alexis HAUSER wrote: 'ovirt-engine-extensions-tool' logs would be more helpfull. Here it is : https://bpaste.net/show/a166df875909 I can't see anything else than this SSL error and what seems to be a missing python module : "ImportError: No module named dnf" Can you

Re: [ovirt-users] Can't perform search after setting up an Active Directory

On 05/30/2016 03:11 PM, Alexis HAUSER wrote: This is output of installation script 'ovirt-engine-extension-aaa-ldap-setup', which is written in python, but aaa-ldap extension in Java. So the strange thing is that you can connect via startTLS in python script, but later you can't connect with

Re: [ovirt-users] Can't perform search after setting up an Active Directory

On 05/27/2016 11:15 AM, Alexis HAUSER wrote: you use '_ldaps._tcp' in ovirt not '_ldap._tcp' as in dig. And '_ldaps' is what's missing in your DNS. Oh ! you're right, I didn't even see that ! I was confused by all this. I'll ask someone to add these SRV records. Unfortunatelly using

Re: [ovirt-users] Can't perform search after setting up an Active Directory

On 05/26/2016 05:28 PM, Alexis HAUSER wrote: This is really weird : If I manually run : dig _ldap._tcp.my_forst_name.com SRV ^_ldap I can see the 4 AD servers in ANSWER, AUTHORITY and ADDITIONAL SECTION If I use : pool.default.serverset.srvrecord.service = ldaps In the logs I see this : "An

Re: [ovirt-users] Can't perform search after setting up an Active Directory

On 05/26/2016 10:11 AM, Alexis HAUSER wrote: You use 389 with SSL? I guess you wrongly specified it. But, if you want to use SSL and you have it on 636, then you should create new SRV dns records for example: _ldaps._tcp.university.mydomain.com ... 636 Where should I add this ? in /etc/hosts ?

Re: [ovirt-users] Can't perform search after setting up an Active Directory

On 05/26/2016 11:56 AM, Alexis HAUSER wrote: Where should I add this ? in /etc/hosts ? Somewhere in the ovirt config ? On the DNS server I'm using ? On DNS you are using, usually on AD DNS. Well actually this DNS name doesn't exist and seem to be only an unspecified variable in ovirt...I

Re: [ovirt-users] Can't perform search after setting up an Active Directory

On 05/26/2016 03:35 PM, Alexis HAUSER wrote: So it means that aaa-ldap then tries to do following: LDAPTLS_CACERT=/somewhere/myca.pem ldapsearch -H ldaps://mydomain.com:389 -x -D 'CN=Something,DC=myserver,DC=come' -w 'mypaswd' -b 'CN=users,DC=something,DC=com' Which won't work, because you do

Re: [ovirt-users] Can't perform search after setting up an Active Directory

On 05/30/2016 06:17 PM, Alexis HAUSER wrote: Default password is 'changeit' (without quotes). Hmm, can you please try use the .jks file generated by aaa-ldap-setup tool? Just to be sure. I still have the same error with the default jks Anyway, the strange thing is that aaa-ldap-setup

Re: [ovirt-users] Can't perform search after setting up an Active Directory

On 05/31/2016 12:03 PM, Alexis HAUSER wrote: Oh, I see it, we was blind all the time. The problem is in AD2 and AD3. AD1 and AD4 are fine. So yes the problem is on AD side but only for AD2 and AD3, that's why it worked for aaa-ldap-setup :) So actually this command shouldn't work for you:

Re: [ovirt-users] Can't perform search after setting up an Active Directory

On 05/31/2016 03:29 PM, Alexis HAUSER wrote: Until administrators will fix AD servers, in order to use SSL you can temporarily use following setup: pool.default.serverset.single.server = AD1 pool.default.dc-resolve.enable = false pool.default.ssl.startTLS = true But this is only temporary

Re: [ovirt-users] User admin@internal can't login in oVirt 3.6

665842 e8abc833-b860-451c-b580-780c7d1049d4 | defa----deff | fdfc627c-d875-11e0-90f0-83df133b58cc | 8fa947f7-c698-4661-aea4-a093bbd0ba0b | 4 | 1457665842 c4d609ca-f2de-4c13-a9a6-b73e9dd9c34c | defa-000

Re: [ovirt-users] User admin@internal can't login in oVirt 3.6

On 06/22/2016 05:21 PM, Julián Tete wrote: S-O-L-V-E-D!!! You are a Wizard Ondra Machacek!!! Thank you very much !!! How Apache says: "It works" Great! You are welcome A have a question for you In the command su - postgres -c "psql -t engine -c \"insert int

Re: [ovirt-users] User admin@internal can't login in oVirt 3.6

="2100-01-01 00:00:00Z" 422 systemctl restart ovirt-engine.service 423 history 424 ovirt-aaa-jdbc-tool query --what=user 425 updatedb 426 locate internal 427 yum install -y ovirt-engine-cli 428 cd /opt 429 cd /opt/ 2016-06-20 13:24 GMT-05:00 Ondra Mach

Re: [ovirt-users] User admin@internal can't login in oVirt 3.6

---defb | fdfc627c-d875-11e0-90f0-83df133b58cc | 9881e686-90d0-4da3-85b4-b8a1b3638396 | 19 |1463161875 2016-06-21 9:18 GMT-05:00 Ondra Machacek <omach...@redhat.com <mailto:omach...@redhat.com>>: On 06/20/2016 08:33 PM, Julián Tete wrote:

Re: [ovirt-users] User admin@internal can't login in oVirt 3.6

On 06/20/2016 06:36 PM, Julián Tete wrote: oVirt: 3.6.2 Trying to use: https://github.com/machacekondra/ovirt-engine-kerbldap-migration First use: engine-manage-domains add --domain=udistritaloas.edu.co --provider=ipa --user=admin

Re: [ovirt-users] [BUG] Cannot remove quota

One possible way is to change DataCenter quota mode to Disabled. Then you can remove quota which is assigned to vm. On 01/15/2016 10:41 AM, zhangjian2011 wrote: HI, all: I found that if the quota is applied to a VM, then the quota can’t be remove. (Even if I change DataCenter to

Re: [ovirt-users] [BUG] Cannot remove quota

tab disappeared) So I can't remove quota. Is there any other way to delete it?? Regards, Jian On 01/15/2016 11:29 PM, Ondra Machacek wrote: One possible way is to change DataCenter quota mode to Disabled. Then you can remove quota which is assigned to vm. On 01/15/2016 10:41 AM

Re: [ovirt-users] AAA/ldap/3.6 Issues - WARNING [ovirt-engine-extension-aaa-ldap.authn::LDAP-authn] Cannot initialize LDAP framework, deferring initialization.

Hi, I can see that 'ovirt-engine-aaa-ldap-setup' successfully connect to 'ldap://bbgpvmas100.prozess.bbg:389', but later it says connection refused on to 'bbgpvmas100.prozess.bbg/10.157.8.25:389'. Don't you have more 'A' records set for 'bbgpvmas100.prozess.bbg'? Can you please assure that

Re: [ovirt-users] not able to select profile in console after update

Hi, You cannot see it only in UserPortal or also in Webadmin? Can you please send engine.log? Maybe you hit same issue as described here[1]. Ondra [1] http://lists.ovirt.org/pipermail/users/2016-January/037313.html On 01/18/2016 05:24 PM, Johan Vermeulen wrote: Hello All, I have installed

Re: [ovirt-users] AAA/ldap/3.6 Issues - WARNING [ovirt-engine-extension-aaa-ldap.authn::LDAP-authn] Cannot initialize LDAP framework, deferring initialization.

Hi, if I read your logs correctly than you are using IPv6 and no IPv4, right? ovirt-engine-extension-aaa-ldap-setup was designed to be easy and support only very basic setups, so there is not support to properly configure it. If the above is true, you have two options, which should help you.

Re: [ovirt-users] oVirt 3.6.1 with FreeIPA Auth domain performance

Hi, the best thing you can do is to migrate to new AAA ldap[1], as anyway you will have to do so in 4.0, as manage-domains will be removed, so I think better invest time to migration, then to searching for root cause. We will be happy to help you with migration. You can also try migration

Re: [ovirt-users] User cannot add a disk to a VM - permission error

On 03/09/2016 05:02 AM, Will Dennis wrote: Trying to understand the oVirt user permissions system… I have a user who I have granted the “PowerUserRole” role to, with the role description being “User Role, allowed to create VMs, Templates and Disks.” When I log into the User Portal with this

Re: [ovirt-users] User with extended tab in User Panel?

It's bug[1], should be fixed in 3.6.5. [1] https://bugzilla.redhat.com/show_bug.cgi?id=1316849 On 03/19/2016 09:11 AM, James Michels wrote: Sorry, there was an another one: UserProfileEditor on (System) which someone mistakenly granted probably, but removing it makes no difference, user still

Re: [ovirt-users] Hosted engine Single Sign-On to VM with freeIPA not working

Hi, your authz name should match kerberos name. So please change your authz name from 'DOMAIN-authz' to 'DOMAIN' Please see this bz[1] for more detail. Ondra [1] https://bugzilla.redhat.com/show_bug.cgi?id=1133137#c7 On 03/17/2016 04:22 PM, Paul wrote: Hi, I am having an issue with getting

Re: [ovirt-users] Hosted engine Single Sign-On to VM with freeIPA not working

redentials) Any suggestions? -Original Message----- From: Ondra Machacek [mailto:omach...@redhat.com] Sent: donderdag 17 maart 2016 16:58 To: Paul <p...@kenla.nl>; users@ovirt.org Subject: Re: [ovirt-users] Hosted engine Single Sign-On to VM with freeIPA not working Hi, your authz name should m

Re: [ovirt-users] Active Directory (LDAP) user auth is slow

Hi, if you remove user, then also permissions of that user to vms will be removed. And yes, you will have to add all those permissions back to users from new profile. But, you can try migration tool[1], to migrate all users to new AAA profile. If you have any problem with it, you can ask.

Re: [ovirt-users] Active Directory (LDAP) user auth is slow

On 03/24/2016 03:02 PM, Karli Sjöberg wrote: Den 24 mars 2016 13:49 skrev Ondra Machacek <omach...@redhat.com>: > > Hi, > > if you remove user, then also permissions of that user to vms will be > removed. > And yes, you will have to add all those permissions b

Re: [ovirt-users] oVirt 3.6 AAA LDAP cannot not log in when end of UPN is different from domain base

On 03/24/2016 06:16 PM, Karli Sjöberg wrote: Hi! Starting new thread instead of jacking someone else´s. Managed to migrate from old 'engine-manage-domains' auth to aaa-ldap using: #| ovirt-engine-kerbldap-migration-tool --domain baz.foo.bar --cacert /tmp/ca.crt --apply | All OK, no

Re: [ovirt-users] oVirt 3.6 AAA LDAP cannot not log in when end of UPN is different from domain base

lease advice! /K On 03/25/2016 12:26 AM, Karli Sjöberg wrote: Den 25 mars 2016 12:10 fm skrev Karli Sjöberg <karli.sjob...@slu.se>: > > > Den 24 mars 2016 11:26 em skrev Ondra Machacek <omach...@redhat.com>: > > > > On 03/24/2016 11:14 PM, Karli Sjöberg wr

Re: [ovirt-users] oVirt 3.6 AAA LDAP cannot not log in when end of UPN is different from domain base

On 03/26/2016 02:09 PM, Karli Sjöberg wrote: On 26 Mar 2016, at 13:49, Karli Sjöberg <karli.sjob...@slu.se <mailto:karli.sjob...@slu.se>> wrote: On 26 Mar 2016, at 11:35, Ondra Machacek <omach...@redhat.com <mailto:omach...@redhat.com>> wrote: For me it's

Re: [ovirt-users] oVirt 3.6 AAA LDAP cannot not log in when end of UPN is different from domain base

On 03/24/2016 11:14 PM, Karli Sjöberg wrote: Den 24 mars 2016 7:26 em skrev Ondra Machacek <omach...@redhat.com>: > > On 03/24/2016 06:16 PM, Karli Sjöberg wrote: > > Hi! > > > > > > Starting new thread instead of jacking someone else´s. > > &g

Re: [ovirt-users] User permission error in add new disk using API

On 03/30/2016 01:31 PM, Vishal Panchal wrote: Hello, I got following error during add new disk using API but on other side from admin panel I can create new disk. *Error :* Cannot add Virtual Machine Disk. The user doesn't have permissions to attach Disk Profile to the Disk.* Please see

Re: [ovirt-users] User permission error in add new disk using API

uot;:"51200","size":"51200","interface":"virtio","format":"cow","sparse":true,"bootable":true} That request is syntactically correct. But as explained by Ondra Machacek there is a bug that makes this f

Re: [ovirt-users] RESTAPI and kerberos authentication

On 04/13/2016 10:43 PM, Marcel Galke wrote: Hello, I need to automatically create a list of all the VMs and the storage path to their disks in the data center for offline storage for desaster recovery. We have oVirt 3.6 and IPA 4.2.0. To achieve this my idea was to query the API using Kerberos

Re: [ovirt-users] RESTAPI and kerberos authentication

el On 14.04.2016 08:11, Ondra Machacek wrote: On 04/14/2016 08:06 AM, Ondra Machacek wrote: On 04/13/2016 10:43 PM, Marcel Galke wrote: Hello, I need to automatically create a list of all the VMs and the storage path to their disks in the data center for offline storage for desaster recovery. W

Re: [ovirt-users] Errors while trying to join an external LDPA provider

On 04/28/2016 02:59 PM, Alexis HAUSER wrote: Hi, I'm using 3.6.3.4-1.el7.centos and I'm having troubles joining an LDAP provider. When I try to login into the new profile, I get a "general command validation failure" error. This is what I can get from ovirt-engine/engine.log : tail -n 400

Re: [ovirt-users] Errors while trying to join an external LDPA provider

On 04/29/2016 03:03 PM, Alexis HAUSER wrote: pool.default.ssl.truststore.file = /tmp/.jks Maybe trailing space here ^ ? pool.default.ssl.truststore.password = Sadly it doesn't help So please ensure also that file '/tmp/.jks' is readable by ovirt user. The configuration

Re: [ovirt-users] Errors while trying to join an external LDPA provider

On 04/29/2016 02:27 PM, Alexis HAUSER wrote: pool.default.ssl.truststore.file = /tmp/.jks Maybe trailing space here ^ ? pool.default.ssl.truststore.password = Sadly it doesn't help So please ensure also that file '/tmp/.jks' is readable by ovirt user. The configuration

Re: [ovirt-users] Errors while trying to join an external LDPA provider

On 04/28/2016 06:02 PM, Alexis HAUSER wrote: pool.default.ssl.truststore.file = /tmp/.jks Maybe trailing space here ^ ? pool.default.ssl.truststore.password = Sadly it doesn't help So please ensure also that file '/tmp/.jks' is readable by ovirt user. The configuration

Re: [ovirt-users] AAA LDAP timeout

Hi, thanks for the point, we will add it to the doc. The configuration option you are interested in is this: pool.default.connection-options.responseTimeoutMillis = 6 just add it to your profile properties (/etc/ovirt-engine/aaa/your_profile.properties) Ondra On 05/18/2016 11:34 AM,

Re: [ovirt-users] Errors while trying to join an external LDPA provider

On 05/03/2016 11:03 AM, Alexis HAUSER wrote: However, I can't login with any user...But with ldapsearch I can find those users with uid=user I used ovirt-engine-extensions-tool aaa login-user --profile=xxx --user-name=xxx and I realize now what is the problem : the available namespaces

Re: [ovirt-users] Errors while trying to join an external LDPA provider

On 05/03/2016 10:28 AM, Alexis HAUSER wrote: Are you sure you've specified correct CA? Can you try running this command: LDAPTLS_CACERT=your_ldap_ca_cert.crt ldapsearch -H ldaps://@HOST@ -x -D '@USERDN@' -w '@USERPW@' -b '@BASEDN@' If it fail then most probably you have incorrect CA

Re: [ovirt-users] Errors while trying to join an external LDPA provider

On 05/03/2016 11:58 AM, Alexis HAUSER wrote: Thank you, now I see the correct namespace shown, but still no way to login with any user...Any idea ? Hard to say without logs, can you please share log output of ovirt-engine-extensions-tool? Please run it with: ovirt-engine-extensions-tool

Re: [ovirt-users] Errors while trying to join an external LDPA provider

On 05/03/2016 03:13 PM, Alexis HAUSER wrote: Or do you use rfc2307? You can find out running this command: LDAPTLS_REQCERT=never ldapsearch -x -H ldaps://myldap -b 'ou=people,o=unix,dc=somewhere,dc=any' -D 'cn=mysearchuser,ou=admin,o=unix,dc=somewhere,dc=any' -W

Re: [ovirt-users] Errors while trying to join an external LDPA provider

On 05/02/2016 03:02 PM, Alexis HAUSER wrote: I am unsure I understand. What is missing in interactive setup to properly setup TLS? You just enter CA certificte path/url/system and Java keystore file is created for you by the tool. I'll try to generate a new file with the interactive setup

  1   2   3   4   >