Re: [Users] DNS reverse configuration

2013-04-17 Thread Roy Golan

On 04/09/2013 03:12 PM, Eduardo Ramos wrote:

Hi Roy!

In fact engine-config -a works fine. It shows me the db config 
content. By the way, that engine is running ok as well. I just can't 
get engine connected to my samba4.


Watching postgresql log file, whenever I use engine-manage-domains or 
engine-config, the following messages are appended:


LOG:  connection received: host=localhost port=1
LOG:  connection authorized: user=engine database=engine
LOG:  unexpected EOF on client connection

please attach the engine-managed-domains log.

just throwing a bone here, could you try another user or just a 
different password and see if it fails different? say 123?


and BTW Rene has got samba4 working for him.


But engine-config works fine. I'm using CentOS 6.3 and using yum there 
are not update for postgresql or jdbc to update. The same with 
ovirt-engine.


I'm really not understanding why it doesn't works.


On 04/07/2013 05:57 AM, Roy Golan wrote:

On 04/04/2013 09:45 PM, Eduardo Ramos wrote:

Hi all!

I'm trying to connect my ovirt-engine in a samba4 server. Samba4 is 
ActiveDirectory complaint. But when I use engine-manage-domains, it 
returns me a strange message:


[root@ovirt-dir eduardo]# engine-manage-domains -action=add 
-domain=gsr.inpe.br -provider=activeDirectory -user=Administrator 
-interactive

Enter password:

Error: Authentication Failed. Error in DNS configuration. Please 
verify the oVirt Engine host has a valid reverse DNS (PTR) record.. 
Problematic domain is: getconnection: driver class 
name=org.postgresql.xa.pgxadatasourcegetconnection: 
url=jdbc:postgresql://localhost:5432/enginegetconnection: 
considering encrypted passord. 



it looks like engine-config have problems opening a db connection. 
The DNS reported error is a bug and is shown due to the connection 
error.


you should get that same error if you'll use
 $ engine.config -a

you have some problem connecting to the localhost postgres instance 
using the password entered during setup probably.


is your postgresql instance up the engine is able to connect to the 
db? engine-config is getting the password from the same source where 
the engine does.


also, a PTR record is no longer needed since openjdk 7 due to a 
change in the impl of the krb5 module.



secdomain=encryptdbpasswordexecute: beginning execution of action 
action_get.fetching key=domainname ver=general
Failure while applying Kerberos configuration. Details: 
Authentication Failed. Error in DNS configuration. Please verify the 
oVirt Engine host has a valid reverse DNS (PTR) record.


Using host command, I got the following results:

[root@ovirt-dir eduardo]# host ovirt-dir.gsr.inpe.br
ovirt-dir.gsr.inpe.br has address 150.163.80.125

[root@ovirt-dir eduardo]# host 150.163.80.125
125.80.163.150.in-addr.arpa domain name pointer ovirt-dir.gsr.inpe.br.

[root@ovirt-dir eduardo]# host -t srv _kerberos._tcp.gsr.inpe.br
_kerberos._tcp.gsr.inpe.br has SRV record 1 0 88 samba4.gsr.inpe.br.

[root@ovirt-dir eduardo]# host samba4.gsr.inpe.br
samba4.gsr.inpe.br has address 150.163.73.109

[root@ovirt-dir eduardo]# host 150.163.73.109
109.73.163.150.in-addr.arpa domain name pointer samba4.gsr.inpe.br.

As you can see, it is everything ok. No DNS problem.

Someone have any idea?

Thanks.


___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users




___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users




___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [Users] DNS reverse configuration

2013-04-16 Thread Juan Jose
Hello everybody,

Has Someone succefully connected ovirt engine to Samba4 to be able to
authenticate user from this kind of server?, Eduardo, have you succeed in
your attemp to connect engine to Samba4?, I would like to do the same and
engine can authenticate other users. I would like to do this without
Windows Active Directory.

Many thanks in avanced,

Juanjo.



On Tue, Apr 9, 2013 at 2:12 PM, Eduardo Ramos
edua...@freedominterface.orgwrote:

  Hi Roy!

 In fact engine-config -a works fine. It shows me the db config content.
 By the way, that engine is running ok as well. I just can't get engine
 connected to my samba4.

 Watching postgresql log file, whenever I use engine-manage-domains or
 engine-config, the following messages are appended:

 LOG:  connection received: host=localhost port=1
 LOG:  connection authorized: user=engine database=engine
 LOG:  unexpected EOF on client connection

 But engine-config works fine. I'm using CentOS 6.3 and using yum there are
 not update for postgresql or jdbc to update. The same with ovirt-engine.

 I'm really not understanding why it doesn't works.



 On 04/07/2013 05:57 AM, Roy Golan wrote:

 On 04/04/2013 09:45 PM, Eduardo Ramos wrote:

 Hi all!

 I'm trying to connect my ovirt-engine in a samba4 server. Samba4 is
 ActiveDirectory complaint. But when I use engine-manage-domains, it returns
 me a strange message:

 [root@ovirt-dir eduardo]# engine-manage-domains -action=add -domain=
 gsr.inpe.br -provider=activeDirectory -user=Administrator -interactive
 Enter password:

 Error: Authentication Failed. Error in DNS configuration. Please verify
 the oVirt Engine host has a valid reverse DNS (PTR) record.. Problematic
 domain is: getconnection: driver class
 name=org.postgresql.xa.pgxadatasourcegetconnection:
 url=jdbc:postgresql://localhost:5432/enginegetconnection: considering
 encrypted passord.



 it looks like engine-config have problems opening a db connection. The DNS
 reported error is a bug and is shown due to the connection error.

 you should get that same error if you'll use
  $ engine.config -a

 you have some problem connecting to the localhost postgres instance using
 the password entered during setup probably.

 is your postgresql instance up the engine is able to connect to the db?
 engine-config is getting the password from the same source where the engine
 does.

 also, a PTR record is no longer needed since openjdk 7 due to a change in
 the impl of the krb5 module.


 secdomain=encryptdbpasswordexecute: beginning execution of action
 action_get.fetching key=domainname ver=general
 Failure while applying Kerberos configuration. Details: Authentication
 Failed. Error in DNS configuration. Please verify the oVirt Engine host has
 a valid reverse DNS (PTR) record.

 Using host command, I got the following results:

 [root@ovirt-dir eduardo]# host ovirt-dir.gsr.inpe.br
 ovirt-dir.gsr.inpe.br has address 150.163.80.125

 [root@ovirt-dir eduardo]# host 150.163.80.125
 125.80.163.150.in-addr.arpa domain name pointer ovirt-dir.gsr.inpe.br.

 [root@ovirt-dir eduardo]# host -t srv _kerberos._tcp.gsr.inpe.br
 _kerberos._tcp.gsr.inpe.br has SRV record 1 0 88 samba4.gsr.inpe.br.

 [root@ovirt-dir eduardo]# host samba4.gsr.inpe.br
 samba4.gsr.inpe.br has address 150.163.73.109

 [root@ovirt-dir eduardo]# host 150.163.73.109
 109.73.163.150.in-addr.arpa domain name pointer samba4.gsr.inpe.br.

 As you can see, it is everything ok. No DNS problem.

 Someone have any idea?

 Thanks.


 ___
 Users mailing listUsers@ovirt.orghttp://lists.ovirt.org/mailman/listinfo/users




 ___
 Users mailing listUsers@ovirt.orghttp://lists.ovirt.org/mailman/listinfo/users



 ___
 Users mailing list
 Users@ovirt.org
 http://lists.ovirt.org/mailman/listinfo/users


___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [Users] DNS reverse configuration

2013-04-09 Thread Eduardo Ramos

Hi Roy!

In fact engine-config -a works fine. It shows me the db config 
content. By the way, that engine is running ok as well. I just can't get 
engine connected to my samba4.


Watching postgresql log file, whenever I use engine-manage-domains or 
engine-config, the following messages are appended:


LOG:  connection received: host=localhost port=1
LOG:  connection authorized: user=engine database=engine
LOG:  unexpected EOF on client connection

But engine-config works fine. I'm using CentOS 6.3 and using yum there 
are not update for postgresql or jdbc to update. The same with ovirt-engine.


I'm really not understanding why it doesn't works.


On 04/07/2013 05:57 AM, Roy Golan wrote:

On 04/04/2013 09:45 PM, Eduardo Ramos wrote:

Hi all!

I'm trying to connect my ovirt-engine in a samba4 server. Samba4 is 
ActiveDirectory complaint. But when I use engine-manage-domains, it 
returns me a strange message:


[root@ovirt-dir eduardo]# engine-manage-domains -action=add 
-domain=gsr.inpe.br -provider=activeDirectory -user=Administrator 
-interactive

Enter password:

Error: Authentication Failed. Error in DNS configuration. Please 
verify the oVirt Engine host has a valid reverse DNS (PTR) record.. 
Problematic domain is: getconnection: driver class 
name=org.postgresql.xa.pgxadatasourcegetconnection: 
url=jdbc:postgresql://localhost:5432/enginegetconnection: considering 
encrypted passord. 



it looks like engine-config have problems opening a db connection. The 
DNS reported error is a bug and is shown due to the connection error.


you should get that same error if you'll use
 $ engine.config -a

you have some problem connecting to the localhost postgres instance 
using the password entered during setup probably.


is your postgresql instance up the engine is able to connect to the 
db? engine-config is getting the password from the same source where 
the engine does.


also, a PTR record is no longer needed since openjdk 7 due to a change 
in the impl of the krb5 module.



secdomain=encryptdbpasswordexecute: beginning execution of action 
action_get.fetching key=domainname ver=general
Failure while applying Kerberos configuration. Details: 
Authentication Failed. Error in DNS configuration. Please verify the 
oVirt Engine host has a valid reverse DNS (PTR) record.


Using host command, I got the following results:

[root@ovirt-dir eduardo]# host ovirt-dir.gsr.inpe.br
ovirt-dir.gsr.inpe.br has address 150.163.80.125

[root@ovirt-dir eduardo]# host 150.163.80.125
125.80.163.150.in-addr.arpa domain name pointer ovirt-dir.gsr.inpe.br.

[root@ovirt-dir eduardo]# host -t srv _kerberos._tcp.gsr.inpe.br
_kerberos._tcp.gsr.inpe.br has SRV record 1 0 88 samba4.gsr.inpe.br.

[root@ovirt-dir eduardo]# host samba4.gsr.inpe.br
samba4.gsr.inpe.br has address 150.163.73.109

[root@ovirt-dir eduardo]# host 150.163.73.109
109.73.163.150.in-addr.arpa domain name pointer samba4.gsr.inpe.br.

As you can see, it is everything ok. No DNS problem.

Someone have any idea?

Thanks.


___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users




___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [Users] DNS reverse configuration

2013-04-07 Thread Roy Golan

On 04/04/2013 09:45 PM, Eduardo Ramos wrote:

Hi all!

I'm trying to connect my ovirt-engine in a samba4 server. Samba4 is 
ActiveDirectory complaint. But when I use engine-manage-domains, it 
returns me a strange message:


[root@ovirt-dir eduardo]# engine-manage-domains -action=add 
-domain=gsr.inpe.br -provider=activeDirectory -user=Administrator 
-interactive

Enter password:

Error: Authentication Failed. Error in DNS configuration. Please 
verify the oVirt Engine host has a valid reverse DNS (PTR) record.. 
Problematic domain is: getconnection: driver class 
name=org.postgresql.xa.pgxadatasourcegetconnection: 
url=jdbc:postgresql://localhost:5432/enginegetconnection: considering 
encrypted passord. 



it looks like engine-config have problems opening a db connection. The 
DNS reported error is a bug and is shown due to the connection error.


you should get that same error if you'll use
 $ engine.config -a

you have some problem connecting to the localhost postgres instance 
using the password entered during setup probably.


is your postgresql instance up the engine is able to connect to the db? 
engine-config is getting the password from the same source where the 
engine does.


also, a PTR record is no longer needed since openjdk 7 due to a change 
in the impl of the krb5 module.



secdomain=encryptdbpasswordexecute: beginning execution of action 
action_get.fetching key=domainname ver=general
Failure while applying Kerberos configuration. Details: Authentication 
Failed. Error in DNS configuration. Please verify the oVirt Engine 
host has a valid reverse DNS (PTR) record.


Using host command, I got the following results:

[root@ovirt-dir eduardo]# host ovirt-dir.gsr.inpe.br
ovirt-dir.gsr.inpe.br has address 150.163.80.125

[root@ovirt-dir eduardo]# host 150.163.80.125
125.80.163.150.in-addr.arpa domain name pointer ovirt-dir.gsr.inpe.br.

[root@ovirt-dir eduardo]# host -t srv _kerberos._tcp.gsr.inpe.br
_kerberos._tcp.gsr.inpe.br has SRV record 1 0 88 samba4.gsr.inpe.br.

[root@ovirt-dir eduardo]# host samba4.gsr.inpe.br
samba4.gsr.inpe.br has address 150.163.73.109

[root@ovirt-dir eduardo]# host 150.163.73.109
109.73.163.150.in-addr.arpa domain name pointer samba4.gsr.inpe.br.

As you can see, it is everything ok. No DNS problem.

Someone have any idea?

Thanks.


___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [Users] DNS reverse configuration

2013-04-05 Thread Koch (ovido)

On Thu, 2013-04-04 at 18:48 +, Chris Noffsinger wrote:
 I have successfully gotten samba4 to work with ovirt but I could not use the 
 Administrator user.
 
 I had to create another admin user to. Get it to work.

I can confirm that it's possible to use oVirt/RHEV with Samba 4 - tested
RHEV 3.0/3.1 with Univention Corporate Server which is a SBS server on
Linux base with Samba 4.

For RHEV it's  not recommended to use Administrator for Active Directory
even if it works mostly. Did it several times where it worked fine with
Microsoft Active Directory - not sure if I faced isses with
Administrator user.
But in general it's better to have an other user with admin permissions,
as this will always work (if you set up DNS correctly).


Regards,
René



 Chris Noffsinger
 
 -Original Message-
 From: Eduardo Ramos edua...@freedominterface.org
 Sender: users-boun...@ovirt.org
 Date: Thu, 04 Apr 2013 15:45:36 
 To: users@ovirt.org
 Subject: [Users] DNS reverse configuration
 
 ___
 Users mailing list
 Users@ovirt.org
 http://lists.ovirt.org/mailman/listinfo/users
 
 
 ___
 Users mailing list
 Users@ovirt.org
 http://lists.ovirt.org/mailman/listinfo/users

___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [Users] DNS reverse configuration

2013-04-05 Thread Eduardo Ramos
Even though ovirt-engine did not tried connect to samba4, I used another 
user. The issue is that engine-manage-domains said not found PTR entry, 
although host/nslookup/dig command say the opposite. Is there any detail?


On 04/04/2013 05:36 PM, Gianluca Cecchi wrote:

On Thu, Apr 4, 2013 at 8:48 PM, Chris Noffsinger wrote:

I have successfully gotten samba4 to work with ovirt but I could not use the 
Administrator user.

I had to create another admin user to. Get it to work.
Chris Noffsinger

It is intended to be so and I think it is the right thing to separate
respective roles.
I had to do the same with FreeIPA.

Gianluca


___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [Users] DNS reverse configuration

2013-04-05 Thread Juan Jose
Hello everybody,

Is there some howto or some procedure to connect Samba4 to oVirt 3.1 and
what components are necessary to install and configure?,  René, can you
post all steps to configure it to have oVirt working with Sanba 4, please?

Many thanks in avanced,

Juanjo.


On Fri, Apr 5, 2013 at 1:28 PM, Eduardo Ramos
edua...@freedominterface.orgwrote:

 Even though ovirt-engine did not tried connect to samba4, I used another
 user. The issue is that engine-manage-domains said not found PTR entry,
 although host/nslookup/dig command say the opposite. Is there any detail?


 On 04/04/2013 05:36 PM, Gianluca Cecchi wrote:

 On Thu, Apr 4, 2013 at 8:48 PM, Chris Noffsinger wrote:

 I have successfully gotten samba4 to work with ovirt but I could not use
 the Administrator user.

 I had to create another admin user to. Get it to work.
 Chris Noffsinger

 It is intended to be so and I think it is the right thing to separate
 respective roles.
 I had to do the same with FreeIPA.

 Gianluca


 __**_
 Users mailing list
 Users@ovirt.org
 http://lists.ovirt.org/**mailman/listinfo/usershttp://lists.ovirt.org/mailman/listinfo/users

___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [Users] DNS reverse configuration

2013-04-05 Thread Koch (ovido)

On Fri, 2013-04-05 at 14:21 +0200, Juan Jose wrote:
 
 Hello everybody,
 
 
 Is there some howto or some procedure to connect Samba4 to oVirt 3.1
 and what components are necessary to install and configure?,  René,
 can you post all steps to configure it to have oVirt working with
 Sanba 4, please?

Sorry, can't give you detailed information on how to create a Samba 4
directory (use UCS appliance) - there is plenty of documentation in the
internet on how to do that.

To connect oVirt to your existing Samba domain, use the DNS server from
your samba server on your ovirt-engine host (don't do replication to
external bind servers, as this causes some issues). You have to make
sure, that you have valid forward (A) and reverse (PTR) DNS entries for
your ovirt-engine host and SRV records for LDAP, Kerberos,... (but these
should be created by default and are required for your Windows clients,
too).

You can join your Samba4 domain with engine-manage-domains
-provider=ActiveDirectory ...


I hope this helps you a bit.

 
 
 Many thanks in avanced,
 
 
 Juanjo.
 
 
 On Fri, Apr 5, 2013 at 1:28 PM, Eduardo Ramos
 edua...@freedominterface.org wrote:
 Even though ovirt-engine did not tried connect to samba4, I
 used another user. The issue is that engine-manage-domains
 said not found PTR entry, although host/nslookup/dig command
 say the opposite. Is there any detail?
 
 
 On 04/04/2013 05:36 PM, Gianluca Cecchi wrote:
 On Thu, Apr 4, 2013 at 8:48 PM, Chris Noffsinger
 wrote:
 I have successfully gotten samba4 to work with
 ovirt but I could not use the Administrator
 user.
 
 I had to create another admin user to. Get it
 to work.
 Chris Noffsinger
 It is intended to be so and I think it is the right
 thing to separate
 respective roles.
 I had to do the same with FreeIPA.
 
 Gianluca
 
 ___
 Users mailing list
 Users@ovirt.org
 http://lists.ovirt.org/mailman/listinfo/users
 
 
 
 ___
 Users mailing list
 Users@ovirt.org
 http://lists.ovirt.org/mailman/listinfo/users

___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [Users] DNS reverse configuration

2013-04-05 Thread Chris Noffsinger
I wish that I had documented it, because I have now reinstalled that
management server.

But I do believe that I had to put my realms manually into /etc/krb5.conf
to get it to work.

On Fri, Apr 5, 2013 at 8:21 AM, Juan Jose jj197...@gmail.com wrote:


 Hello everybody,

 Is there some howto or some procedure to connect Samba4 to oVirt 3.1 and
 what components are necessary to install and configure?,  René, can you
 post all steps to configure it to have oVirt working with Sanba 4, please?

 Many thanks in avanced,

 Juanjo.


 On Fri, Apr 5, 2013 at 1:28 PM, Eduardo Ramos 
 edua...@freedominterface.org wrote:

 Even though ovirt-engine did not tried connect to samba4, I used another
 user. The issue is that engine-manage-domains said not found PTR entry,
 although host/nslookup/dig command say the opposite. Is there any detail?


 On 04/04/2013 05:36 PM, Gianluca Cecchi wrote:

 On Thu, Apr 4, 2013 at 8:48 PM, Chris Noffsinger wrote:

 I have successfully gotten samba4 to work with ovirt but I could not
 use the Administrator user.

 I had to create another admin user to. Get it to work.
 Chris Noffsinger

 It is intended to be so and I think it is the right thing to separate
 respective roles.
 I had to do the same with FreeIPA.

 Gianluca


 __**_
 Users mailing list
 Users@ovirt.org
 http://lists.ovirt.org/**mailman/listinfo/usershttp://lists.ovirt.org/mailman/listinfo/users



 ___
 Users mailing list
 Users@ovirt.org
 http://lists.ovirt.org/mailman/listinfo/users




-- 
Chris Noffsinger
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [Users] DNS reverse configuration

2013-04-04 Thread Chris Noffsinger
I have successfully gotten samba4 to work with ovirt but I could not use the 
Administrator user.

I had to create another admin user to. Get it to work.
Chris Noffsinger

-Original Message-
From: Eduardo Ramos edua...@freedominterface.org
Sender: users-boun...@ovirt.org
Date: Thu, 04 Apr 2013 15:45:36 
To: users@ovirt.org
Subject: [Users] DNS reverse configuration

___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [Users] DNS reverse configuration

2013-04-04 Thread Gianluca Cecchi
On Thu, Apr 4, 2013 at 8:48 PM, Chris Noffsinger wrote:
 I have successfully gotten samba4 to work with ovirt but I could not use the 
 Administrator user.

 I had to create another admin user to. Get it to work.
 Chris Noffsinger

It is intended to be so and I think it is the right thing to separate
respective roles.
I had to do the same with FreeIPA.

Gianluca
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users