Re: [Users] engine-manage-domains can't add user , domain
On 05/22/2012 08:34 AM, Oved Ourfalli wrote: - Original Message - From: T-Sinjontscbj1...@gmail.com To: Roy Golanrgo...@redhat.com Cc: Oved Ourfalliov...@redhat.com, users@ovirt.org Sent: Tuesday, May 22, 2012 5:33:06 AM Subject: Re: [Users] engine-manage-domains can't add user , domain HI, Roy I have update my engine to newest use ' rpm -Uvh ' - I used rpms from http://jenkins.ovirt.org/view/ovirt_engine/job/ovirt_engine_create_rpms/ . [root@ovirt-engine ~]# rpm -qa | grep ovirt-engine ovirt-engine-dbscripts-3.1.0_0001-1.8.fc16.x86_64 ovirt-engine-config-3.1.0_0001-1.8.fc16.x86_64 ovirt-engine-log-collector-3.1.0_0001-1.8.fc16.x86_64 ovirt-engine-3.1.0_0001-1.8.fc16.x86_64 ovirt-engine-image-uploader-3.1.0_0001-1.8.fc16.x86_64 ovirt-engine-restapi-3.1.0_0001-1.8.fc16.x86_64 ovirt-engine-sdk-1.3-1.fc16.noarch ovirt-engine-tools-common-3.1.0_0001-1.8.fc16.x86_64 ovirt-engine-backend-3.1.0_0001-1.8.fc16.x86_64 ovirt-engine-jbossas-1.2-2.fc16.x86_64 ovirt-engine-iso-uploader-3.1.0_0001-1.8.fc16.x86_64 ovirt-engine-setup-3.1.0_0001-1.8.fc16.x86_64 ovirt-engine-userportal-3.1.0_0001-1.8.fc16.x86_64 ovirt-engine-jboss-deps-3.1.0_0001-1.8.fc16.x86_64 ovirt-engine-webadmin-portal-3.1.0_0001-1.8.fc16.x86_64 ovirt-engine-genericapi-3.1.0_0001-1.8.fc16.x86_64 ovirt-engine-notification-service-3.1.0_0001-1.8.fc16.x86_64 and now I add domain again , it still have error and there's no log can find from engine-manage-domains.log, what should i do now ? [root@ovirt-engine ~]# engine-manage-domains -action=add -domain=local -user=admin -provider=IPA -interactive Failed reading current configuration. Details: Error Error fetching LDAPProviderTypes value: no such entry with version 'general'. while reading configuration value LDAPProviderTypes. Looks like your database isn't updated. I'm not sure whether a database upgrade is run automatically when you update the RPMs, but according to the error you get it is probably isn't. if rpm -Uvh didn't fire the upgrade script its a bug. pls attach /var/log/ovirt-engine/ovirt-engine-upgrade.log to see if something went wrong In the RPM ovirt-engine-dbscripts-3.1.0_0001-1.8.fc16.x86_64 you should have an upgrade script. (use rpm -qil on ovirt-engine-dbscripts-3.1.0_0001-1.8.fc16.x86_64 to find out where it is, as I'm not sure exactly where it's installed). Run it using the command ./upgrade.sh -u postgres It will upgrade your database. Oved On 15 May, 2012, at 5:10 PM, Roy Golan wrote: On 05/15/2012 08:48 AM, Yair Zaslavsky wrote: On 05/15/2012 08:35 AM, Oved Ourfalli wrote: - Original Message - From: T-Sinjontscbj1...@gmail.com To: Oved Ourfalliov...@redhat.com Cc: users@ovirt.org Sent: Tuesday, May 15, 2012 5:53:16 AM Subject: Re: [Users] engine-manage-domains can't add user , domain after use kinit login tsinjon , the error changes to , why this happened? [root@ovirt-engine ~]# engine-manage-domains -action=add -domain='local' -user='tsinjon' -interactive Enter password: No user in Directory was found for tsinjon@LOCAL. Trying next LDAP server in list Failure while testing domain local. Details: No user information was found for user Can't see why kinit matters here, but looking at your command I noticed you used single quotes for the user and domain name. I'm not sure it knows to handle this correctly. Did you try without the quotes? Also, what version are you working with? We had a problem a few weeks ago, of identifying the correct ldap provider. To fix that we added an option to specify the ldap provider type. It determines which query will be used in order to get the user details. cc-ing Roy, which added this. iirc it is mandatory to provide this option, so you probably don't have this option in your environment. Roy - is there an upstream release with this fix? Oved - this was merged upstream. T-Sinjon - have you cloned the git repo and compiled or are you using RPMs? T-Sinjon - once your updated you'll be able to specify the which type is your LDAP server and overcome this problem. e.g. engine-manage-domains -action=add -domain='local' -provider=ipa -user='tsinjon' -interactive Regards, Oved On 15 May, 2012, at 10:47 AM, T-Sinjon wrote: I have added those SRV info into my zone file , and it did go , the log looks fine , but engine-manage-domains still return error 2012-05-15 10:45:19,222 INFO [org.ovirt.engine.core.utils.kerberos.ManageDomains] Creating kerberos configuration for domain(s): local 2012-05-15 10:45:19,258 INFO [org.ovirt.engine.core.utils.kerberos.ManageDomains] Successfully created kerberos configuration for domain(s): local 2012-05-15 10:45:19,259 INFO [org.ovirt.engine.core.utils.kerberos.ManageDomains] Testing kerberos configuration for domain: local [root@ovirt-engine ~]# engine-manage-domains -action=add -domain='local' -user='tsinjon' -interactive Enter password: Error: exception message: Integrity check on decrypted field failed (31) - PREAUTH_FAILED Failure while testing
Re: [Users] engine-manage-domains can't add user , domain
Thk Roy,it did help me ! when i update my database then engine-manage-domain goes fine! I really prefer to attach the log ,but there has no such file /var/log/ovirt-engine/ovirt-engine-upgrade.log [root@ovirt-engine ~]# ls -ld /var/log/ovirt-engine/ovirt-engine-upgrade.log ls: cannot access /var/log/ovirt-engine/ovirt-engine-upgrade.log: No such file or directory [root@ovirt-engine ~]# find /var/log/ -iname *upgrade* nothing.. Anything else can i help? On 22 May, 2012, at 3:04 PM, Roy Golan wrote: On 05/22/2012 08:34 AM, Oved Ourfalli wrote: - Original Message - From: T-Sinjontscbj1...@gmail.com To: Roy Golanrgo...@redhat.com Cc: Oved Ourfalliov...@redhat.com, users@ovirt.org Sent: Tuesday, May 22, 2012 5:33:06 AM Subject: Re: [Users] engine-manage-domains can't add user , domain HI, Roy I have update my engine to newest use ' rpm -Uvh ' - I used rpms from http://jenkins.ovirt.org/view/ovirt_engine/job/ovirt_engine_create_rpms/ . [root@ovirt-engine ~]# rpm -qa | grep ovirt-engine ovirt-engine-dbscripts-3.1.0_0001-1.8.fc16.x86_64 ovirt-engine-config-3.1.0_0001-1.8.fc16.x86_64 ovirt-engine-log-collector-3.1.0_0001-1.8.fc16.x86_64 ovirt-engine-3.1.0_0001-1.8.fc16.x86_64 ovirt-engine-image-uploader-3.1.0_0001-1.8.fc16.x86_64 ovirt-engine-restapi-3.1.0_0001-1.8.fc16.x86_64 ovirt-engine-sdk-1.3-1.fc16.noarch ovirt-engine-tools-common-3.1.0_0001-1.8.fc16.x86_64 ovirt-engine-backend-3.1.0_0001-1.8.fc16.x86_64 ovirt-engine-jbossas-1.2-2.fc16.x86_64 ovirt-engine-iso-uploader-3.1.0_0001-1.8.fc16.x86_64 ovirt-engine-setup-3.1.0_0001-1.8.fc16.x86_64 ovirt-engine-userportal-3.1.0_0001-1.8.fc16.x86_64 ovirt-engine-jboss-deps-3.1.0_0001-1.8.fc16.x86_64 ovirt-engine-webadmin-portal-3.1.0_0001-1.8.fc16.x86_64 ovirt-engine-genericapi-3.1.0_0001-1.8.fc16.x86_64 ovirt-engine-notification-service-3.1.0_0001-1.8.fc16.x86_64 and now I add domain again , it still have error and there's no log can find from engine-manage-domains.log, what should i do now ? [root@ovirt-engine ~]# engine-manage-domains -action=add -domain=local -user=admin -provider=IPA -interactive Failed reading current configuration. Details: Error Error fetching LDAPProviderTypes value: no such entry with version 'general'. while reading configuration value LDAPProviderTypes. Looks like your database isn't updated. I'm not sure whether a database upgrade is run automatically when you update the RPMs, but according to the error you get it is probably isn't. if rpm -Uvh didn't fire the upgrade script its a bug. pls attach /var/log/ovirt-engine/ovirt-engine-upgrade.log to see if something went wrong In the RPM ovirt-engine-dbscripts-3.1.0_0001-1.8.fc16.x86_64 you should have an upgrade script. (use rpm -qil on ovirt-engine-dbscripts-3.1.0_0001-1.8.fc16.x86_64 to find out where it is, as I'm not sure exactly where it's installed). Run it using the command ./upgrade.sh -u postgres It will upgrade your database. Oved On 15 May, 2012, at 5:10 PM, Roy Golan wrote: On 05/15/2012 08:48 AM, Yair Zaslavsky wrote: On 05/15/2012 08:35 AM, Oved Ourfalli wrote: - Original Message - From: T-Sinjontscbj1...@gmail.com To: Oved Ourfalliov...@redhat.com Cc: users@ovirt.org Sent: Tuesday, May 15, 2012 5:53:16 AM Subject: Re: [Users] engine-manage-domains can't add user , domain after use kinit login tsinjon , the error changes to , why this happened? [root@ovirt-engine ~]# engine-manage-domains -action=add -domain='local' -user='tsinjon' -interactive Enter password: No user in Directory was found for tsinjon@LOCAL. Trying next LDAP server in list Failure while testing domain local. Details: No user information was found for user Can't see why kinit matters here, but looking at your command I noticed you used single quotes for the user and domain name. I'm not sure it knows to handle this correctly. Did you try without the quotes? Also, what version are you working with? We had a problem a few weeks ago, of identifying the correct ldap provider. To fix that we added an option to specify the ldap provider type. It determines which query will be used in order to get the user details. cc-ing Roy, which added this. iirc it is mandatory to provide this option, so you probably don't have this option in your environment. Roy - is there an upstream release with this fix? Oved - this was merged upstream. T-Sinjon - have you cloned the git repo and compiled or are you using RPMs? T-Sinjon - once your updated you'll be able to specify the which type is your LDAP server and overcome this problem. e.g. engine-manage-domains -action=add -domain='local' -provider=ipa -user='tsinjon' -interactive Regards, Oved On 15 May, 2012, at 10:47 AM, T-Sinjon wrote: I have added those SRV info into my zone file , and it did go , the log looks fine , but engine-manage-domains still return error 2012-05-15 10:45:19,222 INFO
Re: [Users] engine-manage-domains can't add user , domain
HI, Roy I have update my engine to newest use ' rpm -Uvh ' - I used rpms from http://jenkins.ovirt.org/view/ovirt_engine/job/ovirt_engine_create_rpms/ . [root@ovirt-engine ~]# rpm -qa | grep ovirt-engine ovirt-engine-dbscripts-3.1.0_0001-1.8.fc16.x86_64 ovirt-engine-config-3.1.0_0001-1.8.fc16.x86_64 ovirt-engine-log-collector-3.1.0_0001-1.8.fc16.x86_64 ovirt-engine-3.1.0_0001-1.8.fc16.x86_64 ovirt-engine-image-uploader-3.1.0_0001-1.8.fc16.x86_64 ovirt-engine-restapi-3.1.0_0001-1.8.fc16.x86_64 ovirt-engine-sdk-1.3-1.fc16.noarch ovirt-engine-tools-common-3.1.0_0001-1.8.fc16.x86_64 ovirt-engine-backend-3.1.0_0001-1.8.fc16.x86_64 ovirt-engine-jbossas-1.2-2.fc16.x86_64 ovirt-engine-iso-uploader-3.1.0_0001-1.8.fc16.x86_64 ovirt-engine-setup-3.1.0_0001-1.8.fc16.x86_64 ovirt-engine-userportal-3.1.0_0001-1.8.fc16.x86_64 ovirt-engine-jboss-deps-3.1.0_0001-1.8.fc16.x86_64 ovirt-engine-webadmin-portal-3.1.0_0001-1.8.fc16.x86_64 ovirt-engine-genericapi-3.1.0_0001-1.8.fc16.x86_64 ovirt-engine-notification-service-3.1.0_0001-1.8.fc16.x86_64 and now I add domain again , it still have error and there's no log can find from engine-manage-domains.log, what should i do now ? [root@ovirt-engine ~]# engine-manage-domains -action=add -domain=local -user=admin -provider=IPA -interactive Failed reading current configuration. Details: Error Error fetching LDAPProviderTypes value: no such entry with version 'general'. while reading configuration value LDAPProviderTypes. On 15 May, 2012, at 5:10 PM, Roy Golan wrote: On 05/15/2012 08:48 AM, Yair Zaslavsky wrote: On 05/15/2012 08:35 AM, Oved Ourfalli wrote: - Original Message - From: T-Sinjontscbj1...@gmail.com To: Oved Ourfalliov...@redhat.com Cc: users@ovirt.org Sent: Tuesday, May 15, 2012 5:53:16 AM Subject: Re: [Users] engine-manage-domains can't add user , domain after use kinit login tsinjon , the error changes to , why this happened? [root@ovirt-engine ~]# engine-manage-domains -action=add -domain='local' -user='tsinjon' -interactive Enter password: No user in Directory was found for tsinjon@LOCAL. Trying next LDAP server in list Failure while testing domain local. Details: No user information was found for user Can't see why kinit matters here, but looking at your command I noticed you used single quotes for the user and domain name. I'm not sure it knows to handle this correctly. Did you try without the quotes? Also, what version are you working with? We had a problem a few weeks ago, of identifying the correct ldap provider. To fix that we added an option to specify the ldap provider type. It determines which query will be used in order to get the user details. cc-ing Roy, which added this. iirc it is mandatory to provide this option, so you probably don't have this option in your environment. Roy - is there an upstream release with this fix? Oved - this was merged upstream. T-Sinjon - have you cloned the git repo and compiled or are you using RPMs? T-Sinjon - once your updated you'll be able to specify the which type is your LDAP server and overcome this problem. e.g. engine-manage-domains -action=add -domain='local' -provider=ipa -user='tsinjon' -interactive Regards, Oved On 15 May, 2012, at 10:47 AM, T-Sinjon wrote: I have added those SRV info into my zone file , and it did go , the log looks fine , but engine-manage-domains still return error 2012-05-15 10:45:19,222 INFO [org.ovirt.engine.core.utils.kerberos.ManageDomains] Creating kerberos configuration for domain(s): local 2012-05-15 10:45:19,258 INFO [org.ovirt.engine.core.utils.kerberos.ManageDomains] Successfully created kerberos configuration for domain(s): local 2012-05-15 10:45:19,259 INFO [org.ovirt.engine.core.utils.kerberos.ManageDomains] Testing kerberos configuration for domain: local [root@ovirt-engine ~]# engine-manage-domains -action=add -domain='local' -user='tsinjon' -interactive Enter password: Error: exception message: Integrity check on decrypted field failed (31) - PREAUTH_FAILED Failure while testing domain local. Details: Kerberos error. Please check log for further details. On 14 May, 2012, at 10:12 PM, Oved Ourfalli wrote: - Original Message - From: T-Sinjontscbj1...@gmail.com To: users@ovirt.org Sent: Monday, May 14, 2012 5:07:46 PM Subject: [Users] engine-manage-domains can't add user , domain I use FreeIPA to authenticate users, ipa user-add has no problem, but when i do : [root@ovirt-engine ~]# engine-manage-domains -action=add -domain='local' -user='tsinjon' -interactive Error: Authentication Failed. Please verify the fully qualified domain name that is used for authentication is correct.. Problematic domain is: local Failure while applying Kerberos configuration. Details: Authentication Failed. Please verify the fully qualified domain name that is used for authentication is correct. and log from engine-manage-domains.log
Re: [Users] engine-manage-domains can't add user , domain
help info like this [root@ovirt-engine ~]# engine-manage-domains engine-manage-domains: add/edit/delete/validate/list domains USAGE: engine-manage-domains -action=ACTION [-domain=DOMAIN -user=USER -passwordFile=PASSWORD_FILE -interactive -configFile=PATH] -report Where: ACTION action to perform (add/edit/delete/validate/list). See details below. DOMAIN (mandatory for add, edit and delete) the domain you wish to perform the action on. USER (optional for edit, mandatory for add) the domain user. PASSWORD_FILE(optional for edit, mandatory for add) a file containing the password in the first line. interactivealternative for using -passwordFile - read the password interactively. PATH (optional) use the given alternate configuration file. Available actions: add Examples: -action=add -domain=example.com -user=admin -passwordFile=/tmp/.pwd Add a domain called example.com, using user admin and read the password from /tmp/.pwd. -action=edit -domain=example.com -passwordFile=/tmp/.new_password Edit the domain example.com, using another password file. -action=delete -domain=example.com Delete the domain example.com. -action=validate Validate the current configuration (go over all the domains, try to authenticate to each domain using the configured user/password.). -report In combination with -action=validate will report all validation error, if occured. Default behaviour is to exit when a validation error occurs. -action=list Lists the current configuration. -h Show this help. On 15 May, 2012, at 2:22 PM, Yair Zaslavsky wrote: On 05/15/2012 09:17 AM, T-Sinjon wrote: Oved: 1,Yes , I used RPMs ovirt-engine-restapi-3.0.0_0001-1.6.fc16.x86_64 ovirt-engine-dbscripts-3.0.0_0001-1.6.fc16.x86_64 ovirt-engine-notification-service-3.0.0_0001-1.6.fc16.x86_64 ovirt-engine-backend-3.0.0_0001-1.6.fc16.x86_64 ovirt-engine-jboss-deps-3.0.0_0001-1.6.fc16.x86_64 ovirt-engine-config-3.0.0_0001-1.6.fc16.x86_64 ovirt-engine-webadmin-portal-3.0.0_0001-1.6.fc16.x86_64 ovirt-engine-sdk-1.3-1.fc16.noarch ovirt-engine-jbossas-1.2-2.fc16.x86_64 ovirt-engine-iso-uploader-3.0.0_0001-1.6.fc16.x86_64 ovirt-engine-setup-3.0.0_0001-1.6.fc16.x86_64 ovirt-engine-userportal-3.0.0_0001-1.6.fc16.x86_64 ovirt-node-2.2.2-2.fc16.noarch ovirt-engine-genericapi-3.0.0_0001-1.6.fc16.x86_64 ovirt-engine-tools-common-3.0.0_0001-1.6.fc16.x86_64 ovirt-node-tools-2.2.2-2.fc16.noarch ovirt-engine-log-collector-3.0.0_0001-1.6.fc16.x86_64 ovirt-engine-3.0.0_0001-1.6.fc16.x86_64 2,they are same whether use single quota or not [root@ovirt-engine ~]# engine-manage-domains -action=add -domain=local -user=tsinjon -passwordFile=/root/tsinjon No user in Directory was found for tsinjon@LOCAL. Trying next LDAP server in list Failure while testing domain local. Details: No user information was found for user When you run engine-manage-domains without parameters, what do you get? On 15 May, 2012, at 1:47 PM, Oved Ourfalli wrote: - Original Message - From: Yair Zaslavsky yzasl...@redhat.com To: Oved Ourfalli ov...@redhat.com Cc: T-Sinjon tscbj1...@gmail.com, users@ovirt.org Sent: Tuesday, May 15, 2012 8:48:26 AM Subject: Re: [Users] engine-manage-domains can't add user , domain On 05/15/2012 08:35 AM, Oved Ourfalli wrote: - Original Message - From: T-Sinjon tscbj1...@gmail.com To: Oved Ourfalli ov...@redhat.com Cc: users@ovirt.org Sent: Tuesday, May 15, 2012 5:53:16 AM Subject: Re: [Users] engine-manage-domains can't add user , domain after use kinit login tsinjon , the error changes to , why this happened? [root@ovirt-engine ~]# engine-manage-domains -action=add -domain='local' -user='tsinjon' -interactive Enter password: No user in Directory was found for tsinjon@LOCAL. Trying next LDAP server in list Failure while testing domain local. Details: No user information was found for user Can't see why kinit matters here, but looking at your command I noticed you used single quotes for the user and domain name. I'm not sure it knows to handle this correctly. Did you try without the quotes? Also, what version are you working with? We had a problem a few weeks ago, of identifying the correct ldap provider. To fix that we added an option to specify the ldap provider type. It determines which query will be used in order to get the user details. cc-ing Roy, which added this. iirc it is mandatory to provide this option, so you probably don't have this option in your environment. Roy - is there an upstream
Re: [Users] engine-manage-domains can't add user , domain
On 05/15/2012 08:48 AM, Yair Zaslavsky wrote: On 05/15/2012 08:35 AM, Oved Ourfalli wrote: - Original Message - From: T-Sinjontscbj1...@gmail.com To: Oved Ourfalliov...@redhat.com Cc: users@ovirt.org Sent: Tuesday, May 15, 2012 5:53:16 AM Subject: Re: [Users] engine-manage-domains can't add user , domain after use kinit login tsinjon , the error changes to , why this happened? [root@ovirt-engine ~]# engine-manage-domains -action=add -domain='local' -user='tsinjon' -interactive Enter password: No user in Directory was found for tsinjon@LOCAL. Trying next LDAP server in list Failure while testing domain local. Details: No user information was found for user Can't see why kinit matters here, but looking at your command I noticed you used single quotes for the user and domain name. I'm not sure it knows to handle this correctly. Did you try without the quotes? Also, what version are you working with? We had a problem a few weeks ago, of identifying the correct ldap provider. To fix that we added an option to specify the ldap provider type. It determines which query will be used in order to get the user details. cc-ing Roy, which added this. iirc it is mandatory to provide this option, so you probably don't have this option in your environment. Roy - is there an upstream release with this fix? Oved - this was merged upstream. T-Sinjon - have you cloned the git repo and compiled or are you using RPMs? T-Sinjon - once your updated you'll be able to specify the which type is your LDAP server and overcome this problem. e.g. engine-manage-domains -action=add -domain='local' -provider=ipa -user='tsinjon' -interactive Regards, Oved On 15 May, 2012, at 10:47 AM, T-Sinjon wrote: I have added those SRV info into my zone file , and it did go , the log looks fine , but engine-manage-domains still return error 2012-05-15 10:45:19,222 INFO [org.ovirt.engine.core.utils.kerberos.ManageDomains] Creating kerberos configuration for domain(s): local 2012-05-15 10:45:19,258 INFO [org.ovirt.engine.core.utils.kerberos.ManageDomains] Successfully created kerberos configuration for domain(s): local 2012-05-15 10:45:19,259 INFO [org.ovirt.engine.core.utils.kerberos.ManageDomains] Testing kerberos configuration for domain: local [root@ovirt-engine ~]# engine-manage-domains -action=add -domain='local' -user='tsinjon' -interactive Enter password: Error: exception message: Integrity check on decrypted field failed (31) - PREAUTH_FAILED Failure while testing domain local. Details: Kerberos error. Please check log for further details. On 14 May, 2012, at 10:12 PM, Oved Ourfalli wrote: - Original Message - From: T-Sinjontscbj1...@gmail.com To: users@ovirt.org Sent: Monday, May 14, 2012 5:07:46 PM Subject: [Users] engine-manage-domains can't add user , domain I use FreeIPA to authenticate users, ipa user-add has no problem, but when i do : [root@ovirt-engine ~]# engine-manage-domains -action=add -domain='local' -user='tsinjon' -interactive Error: Authentication Failed. Please verify the fully qualified domain name that is used for authentication is correct.. Problematic domain is: local Failure while applying Kerberos configuration. Details: Authentication Failed. Please verify the fully qualified domain name that is used for authentication is correct. and log from engine-manage-domains.log : 2012-05-14 21:58:47,892 INFO [org.ovirt.engine.core.utils.kerberos.ManageDomains] Creating kerberos configuration for domain(s): local 2012-05-14 21:58:47,923 ERROR [org.ovirt.engine.core.dns.DnsSRVLocator] Error in getting SRV list for protocol _tcp and domain LOCAL Exception message is DNS name not found [response code 3] my domain is 'local' , like ovirt-engine.local 、ovirt-node-1.local …etc What can i do to get through it? The utility (and also the ovirt engine) are relying on DNS SRV records in order to find LDAP and kerberos servers (supporting Active directory, IPA or RHDS). So, in order to work with it you must have the following in the DNS 1. PTR record for your LDAP server 2. LDAP SRV record for your LDAP server 3. LDAP kerberos record for your LDAP server If you don't really have access to the DNS you can install a package called dnsmasq, and perform this changes by yourself in its config file. Oved ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
[Users] engine-manage-domains can't add user , domain
I use FreeIPA to authenticate users, ipa user-add has no problem, but when i do : [root@ovirt-engine ~]# engine-manage-domains -action=add -domain='local' -user='tsinjon' -interactive Error: Authentication Failed. Please verify the fully qualified domain name that is used for authentication is correct.. Problematic domain is: local Failure while applying Kerberos configuration. Details: Authentication Failed. Please verify the fully qualified domain name that is used for authentication is correct. and log from engine-manage-domains.log : 2012-05-14 21:58:47,892 INFO [org.ovirt.engine.core.utils.kerberos.ManageDomains] Creating kerberos configuration for domain(s): local 2012-05-14 21:58:47,923 ERROR [org.ovirt.engine.core.dns.DnsSRVLocator] Error in getting SRV list for protocol _tcp and domain LOCAL Exception message is DNS name not found [response code 3] my domain is 'local' , like ovirt-engine.local 、ovirt-node-1.local …etc What can i do to get through it? ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] engine-manage-domains can't add user , domain
- Original Message - From: T-Sinjon tscbj1...@gmail.com To: users@ovirt.org Sent: Monday, May 14, 2012 5:07:46 PM Subject: [Users] engine-manage-domains can't add user , domain I use FreeIPA to authenticate users, ipa user-add has no problem, but when i do : [root@ovirt-engine ~]# engine-manage-domains -action=add -domain='local' -user='tsinjon' -interactive Error: Authentication Failed. Please verify the fully qualified domain name that is used for authentication is correct.. Problematic domain is: local Failure while applying Kerberos configuration. Details: Authentication Failed. Please verify the fully qualified domain name that is used for authentication is correct. and log from engine-manage-domains.log : 2012-05-14 21:58:47,892 INFO [org.ovirt.engine.core.utils.kerberos.ManageDomains] Creating kerberos configuration for domain(s): local 2012-05-14 21:58:47,923 ERROR [org.ovirt.engine.core.dns.DnsSRVLocator] Error in getting SRV list for protocol _tcp and domain LOCAL Exception message is DNS name not found [response code 3] my domain is 'local' , like ovirt-engine.local 、ovirt-node-1.local …etc What can i do to get through it? The utility (and also the ovirt engine) are relying on DNS SRV records in order to find LDAP and kerberos servers (supporting Active directory, IPA or RHDS). So, in order to work with it you must have the following in the DNS 1. PTR record for your LDAP server 2. LDAP SRV record for your LDAP server 3. LDAP kerberos record for your LDAP server If you don't really have access to the DNS you can install a package called dnsmasq, and perform this changes by yourself in its config file. Oved ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] engine-manage-domains can't add user , domain
I have added those SRV info into my zone file , and it did go , the log looks fine , but engine-manage-domains still return error 2012-05-15 10:45:19,222 INFO [org.ovirt.engine.core.utils.kerberos.ManageDomains] Creating kerberos configuration for domain(s): local 2012-05-15 10:45:19,258 INFO [org.ovirt.engine.core.utils.kerberos.ManageDomains] Successfully created kerberos configuration for domain(s): local 2012-05-15 10:45:19,259 INFO [org.ovirt.engine.core.utils.kerberos.ManageDomains] Testing kerberos configuration for domain: local [root@ovirt-engine ~]# engine-manage-domains -action=add -domain='local' -user='tsinjon' -interactive Enter password: Error: exception message: Integrity check on decrypted field failed (31) - PREAUTH_FAILED Failure while testing domain local. Details: Kerberos error. Please check log for further details. On 14 May, 2012, at 10:12 PM, Oved Ourfalli wrote: - Original Message - From: T-Sinjon tscbj1...@gmail.com To: users@ovirt.org Sent: Monday, May 14, 2012 5:07:46 PM Subject: [Users] engine-manage-domains can't add user , domain I use FreeIPA to authenticate users, ipa user-add has no problem, but when i do : [root@ovirt-engine ~]# engine-manage-domains -action=add -domain='local' -user='tsinjon' -interactive Error: Authentication Failed. Please verify the fully qualified domain name that is used for authentication is correct.. Problematic domain is: local Failure while applying Kerberos configuration. Details: Authentication Failed. Please verify the fully qualified domain name that is used for authentication is correct. and log from engine-manage-domains.log : 2012-05-14 21:58:47,892 INFO [org.ovirt.engine.core.utils.kerberos.ManageDomains] Creating kerberos configuration for domain(s): local 2012-05-14 21:58:47,923 ERROR [org.ovirt.engine.core.dns.DnsSRVLocator] Error in getting SRV list for protocol _tcp and domain LOCAL Exception message is DNS name not found [response code 3] my domain is 'local' , like ovirt-engine.local 、ovirt-node-1.local …etc What can i do to get through it? The utility (and also the ovirt engine) are relying on DNS SRV records in order to find LDAP and kerberos servers (supporting Active directory, IPA or RHDS). So, in order to work with it you must have the following in the DNS 1. PTR record for your LDAP server 2. LDAP SRV record for your LDAP server 3. LDAP kerberos record for your LDAP server If you don't really have access to the DNS you can install a package called dnsmasq, and perform this changes by yourself in its config file. Oved ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] engine-manage-domains can't add user , domain
On 05/15/2012 08:35 AM, Oved Ourfalli wrote: - Original Message - From: T-Sinjon tscbj1...@gmail.com To: Oved Ourfalli ov...@redhat.com Cc: users@ovirt.org Sent: Tuesday, May 15, 2012 5:53:16 AM Subject: Re: [Users] engine-manage-domains can't add user , domain after use kinit login tsinjon , the error changes to , why this happened? [root@ovirt-engine ~]# engine-manage-domains -action=add -domain='local' -user='tsinjon' -interactive Enter password: No user in Directory was found for tsinjon@LOCAL. Trying next LDAP server in list Failure while testing domain local. Details: No user information was found for user Can't see why kinit matters here, but looking at your command I noticed you used single quotes for the user and domain name. I'm not sure it knows to handle this correctly. Did you try without the quotes? Also, what version are you working with? We had a problem a few weeks ago, of identifying the correct ldap provider. To fix that we added an option to specify the ldap provider type. It determines which query will be used in order to get the user details. cc-ing Roy, which added this. iirc it is mandatory to provide this option, so you probably don't have this option in your environment. Roy - is there an upstream release with this fix? Oved - this was merged upstream. T-Sinjon - have you cloned the git repo and compiled or are you using RPMs? Regards, Oved On 15 May, 2012, at 10:47 AM, T-Sinjon wrote: I have added those SRV info into my zone file , and it did go , the log looks fine , but engine-manage-domains still return error 2012-05-15 10:45:19,222 INFO [org.ovirt.engine.core.utils.kerberos.ManageDomains] Creating kerberos configuration for domain(s): local 2012-05-15 10:45:19,258 INFO [org.ovirt.engine.core.utils.kerberos.ManageDomains] Successfully created kerberos configuration for domain(s): local 2012-05-15 10:45:19,259 INFO [org.ovirt.engine.core.utils.kerberos.ManageDomains] Testing kerberos configuration for domain: local [root@ovirt-engine ~]# engine-manage-domains -action=add -domain='local' -user='tsinjon' -interactive Enter password: Error: exception message: Integrity check on decrypted field failed (31) - PREAUTH_FAILED Failure while testing domain local. Details: Kerberos error. Please check log for further details. On 14 May, 2012, at 10:12 PM, Oved Ourfalli wrote: - Original Message - From: T-Sinjon tscbj1...@gmail.com To: users@ovirt.org Sent: Monday, May 14, 2012 5:07:46 PM Subject: [Users] engine-manage-domains can't add user , domain I use FreeIPA to authenticate users, ipa user-add has no problem, but when i do : [root@ovirt-engine ~]# engine-manage-domains -action=add -domain='local' -user='tsinjon' -interactive Error: Authentication Failed. Please verify the fully qualified domain name that is used for authentication is correct.. Problematic domain is: local Failure while applying Kerberos configuration. Details: Authentication Failed. Please verify the fully qualified domain name that is used for authentication is correct. and log from engine-manage-domains.log : 2012-05-14 21:58:47,892 INFO [org.ovirt.engine.core.utils.kerberos.ManageDomains] Creating kerberos configuration for domain(s): local 2012-05-14 21:58:47,923 ERROR [org.ovirt.engine.core.dns.DnsSRVLocator] Error in getting SRV list for protocol _tcp and domain LOCAL Exception message is DNS name not found [response code 3] my domain is 'local' , like ovirt-engine.local 、ovirt-node-1.local …etc What can i do to get through it? The utility (and also the ovirt engine) are relying on DNS SRV records in order to find LDAP and kerberos servers (supporting Active directory, IPA or RHDS). So, in order to work with it you must have the following in the DNS 1. PTR record for your LDAP server 2. LDAP SRV record for your LDAP server 3. LDAP kerberos record for your LDAP server If you don't really have access to the DNS you can install a package called dnsmasq, and perform this changes by yourself in its config file. Oved ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] engine-manage-domains can't add user , domain
- Original Message - From: Yair Zaslavsky yzasl...@redhat.com To: Oved Ourfalli ov...@redhat.com Cc: T-Sinjon tscbj1...@gmail.com, users@ovirt.org Sent: Tuesday, May 15, 2012 8:48:26 AM Subject: Re: [Users] engine-manage-domains can't add user , domain On 05/15/2012 08:35 AM, Oved Ourfalli wrote: - Original Message - From: T-Sinjon tscbj1...@gmail.com To: Oved Ourfalli ov...@redhat.com Cc: users@ovirt.org Sent: Tuesday, May 15, 2012 5:53:16 AM Subject: Re: [Users] engine-manage-domains can't add user , domain after use kinit login tsinjon , the error changes to , why this happened? [root@ovirt-engine ~]# engine-manage-domains -action=add -domain='local' -user='tsinjon' -interactive Enter password: No user in Directory was found for tsinjon@LOCAL. Trying next LDAP server in list Failure while testing domain local. Details: No user information was found for user Can't see why kinit matters here, but looking at your command I noticed you used single quotes for the user and domain name. I'm not sure it knows to handle this correctly. Did you try without the quotes? Also, what version are you working with? We had a problem a few weeks ago, of identifying the correct ldap provider. To fix that we added an option to specify the ldap provider type. It determines which query will be used in order to get the user details. cc-ing Roy, which added this. iirc it is mandatory to provide this option, so you probably don't have this option in your environment. Roy - is there an upstream release with this fix? Oved - this was merged upstream. T-Sinjon - have you cloned the git repo and compiled or are you using RPMs? Yair - he is probably using the RPMs, as it is harder to run the utility from the git repo. Regards, Oved On 15 May, 2012, at 10:47 AM, T-Sinjon wrote: I have added those SRV info into my zone file , and it did go , the log looks fine , but engine-manage-domains still return error 2012-05-15 10:45:19,222 INFO [org.ovirt.engine.core.utils.kerberos.ManageDomains] Creating kerberos configuration for domain(s): local 2012-05-15 10:45:19,258 INFO [org.ovirt.engine.core.utils.kerberos.ManageDomains] Successfully created kerberos configuration for domain(s): local 2012-05-15 10:45:19,259 INFO [org.ovirt.engine.core.utils.kerberos.ManageDomains] Testing kerberos configuration for domain: local [root@ovirt-engine ~]# engine-manage-domains -action=add -domain='local' -user='tsinjon' -interactive Enter password: Error: exception message: Integrity check on decrypted field failed (31) - PREAUTH_FAILED Failure while testing domain local. Details: Kerberos error. Please check log for further details. On 14 May, 2012, at 10:12 PM, Oved Ourfalli wrote: - Original Message - From: T-Sinjon tscbj1...@gmail.com To: users@ovirt.org Sent: Monday, May 14, 2012 5:07:46 PM Subject: [Users] engine-manage-domains can't add user , domain I use FreeIPA to authenticate users, ipa user-add has no problem, but when i do : [root@ovirt-engine ~]# engine-manage-domains -action=add -domain='local' -user='tsinjon' -interactive Error: Authentication Failed. Please verify the fully qualified domain name that is used for authentication is correct.. Problematic domain is: local Failure while applying Kerberos configuration. Details: Authentication Failed. Please verify the fully qualified domain name that is used for authentication is correct. and log from engine-manage-domains.log : 2012-05-14 21:58:47,892 INFO [org.ovirt.engine.core.utils.kerberos.ManageDomains] Creating kerberos configuration for domain(s): local 2012-05-14 21:58:47,923 ERROR [org.ovirt.engine.core.dns.DnsSRVLocator] Error in getting SRV list for protocol _tcp and domain LOCAL Exception message is DNS name not found [response code 3] my domain is 'local' , like ovirt-engine.local 、ovirt-node-1.local …etc What can i do to get through it? The utility (and also the ovirt engine) are relying on DNS SRV records in order to find LDAP and kerberos servers (supporting Active directory, IPA or RHDS). So, in order to work with it you must have the following in the DNS 1. PTR record for your LDAP server 2. LDAP SRV record for your LDAP server 3. LDAP kerberos record for your LDAP server If you don't really have access to the DNS you can install a package called dnsmasq, and perform this changes by yourself in its config file. Oved ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing