Re: [Users] DNS reverse configuration
On 04/09/2013 03:12 PM, Eduardo Ramos wrote: Hi Roy! In fact engine-config -a works fine. It shows me the db config content. By the way, that engine is running ok as well. I just can't get engine connected to my samba4. Watching postgresql log file, whenever I use engine-manage-domains or engine-config, the following messages are appended: LOG: connection received: host=localhost port=1 LOG: connection authorized: user=engine database=engine LOG: unexpected EOF on client connection please attach the engine-managed-domains log. just throwing a bone here, could you try another user or just a different password and see if it fails different? say 123? and BTW Rene has got samba4 working for him. But engine-config works fine. I'm using CentOS 6.3 and using yum there are not update for postgresql or jdbc to update. The same with ovirt-engine. I'm really not understanding why it doesn't works. On 04/07/2013 05:57 AM, Roy Golan wrote: On 04/04/2013 09:45 PM, Eduardo Ramos wrote: Hi all! I'm trying to connect my ovirt-engine in a samba4 server. Samba4 is ActiveDirectory complaint. But when I use engine-manage-domains, it returns me a strange message: [root@ovirt-dir eduardo]# engine-manage-domains -action=add -domain=gsr.inpe.br -provider=activeDirectory -user=Administrator -interactive Enter password: Error: Authentication Failed. Error in DNS configuration. Please verify the oVirt Engine host has a valid reverse DNS (PTR) record.. Problematic domain is: getconnection: driver class name=org.postgresql.xa.pgxadatasourcegetconnection: url=jdbc:postgresql://localhost:5432/enginegetconnection: considering encrypted passord. it looks like engine-config have problems opening a db connection. The DNS reported error is a bug and is shown due to the connection error. you should get that same error if you'll use $ engine.config -a you have some problem connecting to the localhost postgres instance using the password entered during setup probably. is your postgresql instance up the engine is able to connect to the db? engine-config is getting the password from the same source where the engine does. also, a PTR record is no longer needed since openjdk 7 due to a change in the impl of the krb5 module. secdomain=encryptdbpasswordexecute: beginning execution of action action_get.fetching key=domainname ver=general Failure while applying Kerberos configuration. Details: Authentication Failed. Error in DNS configuration. Please verify the oVirt Engine host has a valid reverse DNS (PTR) record. Using host command, I got the following results: [root@ovirt-dir eduardo]# host ovirt-dir.gsr.inpe.br ovirt-dir.gsr.inpe.br has address 150.163.80.125 [root@ovirt-dir eduardo]# host 150.163.80.125 125.80.163.150.in-addr.arpa domain name pointer ovirt-dir.gsr.inpe.br. [root@ovirt-dir eduardo]# host -t srv _kerberos._tcp.gsr.inpe.br _kerberos._tcp.gsr.inpe.br has SRV record 1 0 88 samba4.gsr.inpe.br. [root@ovirt-dir eduardo]# host samba4.gsr.inpe.br samba4.gsr.inpe.br has address 150.163.73.109 [root@ovirt-dir eduardo]# host 150.163.73.109 109.73.163.150.in-addr.arpa domain name pointer samba4.gsr.inpe.br. As you can see, it is everything ok. No DNS problem. Someone have any idea? Thanks. ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] DNS reverse configuration
Hello everybody, Has Someone succefully connected ovirt engine to Samba4 to be able to authenticate user from this kind of server?, Eduardo, have you succeed in your attemp to connect engine to Samba4?, I would like to do the same and engine can authenticate other users. I would like to do this without Windows Active Directory. Many thanks in avanced, Juanjo. On Tue, Apr 9, 2013 at 2:12 PM, Eduardo Ramos edua...@freedominterface.orgwrote: Hi Roy! In fact engine-config -a works fine. It shows me the db config content. By the way, that engine is running ok as well. I just can't get engine connected to my samba4. Watching postgresql log file, whenever I use engine-manage-domains or engine-config, the following messages are appended: LOG: connection received: host=localhost port=1 LOG: connection authorized: user=engine database=engine LOG: unexpected EOF on client connection But engine-config works fine. I'm using CentOS 6.3 and using yum there are not update for postgresql or jdbc to update. The same with ovirt-engine. I'm really not understanding why it doesn't works. On 04/07/2013 05:57 AM, Roy Golan wrote: On 04/04/2013 09:45 PM, Eduardo Ramos wrote: Hi all! I'm trying to connect my ovirt-engine in a samba4 server. Samba4 is ActiveDirectory complaint. But when I use engine-manage-domains, it returns me a strange message: [root@ovirt-dir eduardo]# engine-manage-domains -action=add -domain= gsr.inpe.br -provider=activeDirectory -user=Administrator -interactive Enter password: Error: Authentication Failed. Error in DNS configuration. Please verify the oVirt Engine host has a valid reverse DNS (PTR) record.. Problematic domain is: getconnection: driver class name=org.postgresql.xa.pgxadatasourcegetconnection: url=jdbc:postgresql://localhost:5432/enginegetconnection: considering encrypted passord. it looks like engine-config have problems opening a db connection. The DNS reported error is a bug and is shown due to the connection error. you should get that same error if you'll use $ engine.config -a you have some problem connecting to the localhost postgres instance using the password entered during setup probably. is your postgresql instance up the engine is able to connect to the db? engine-config is getting the password from the same source where the engine does. also, a PTR record is no longer needed since openjdk 7 due to a change in the impl of the krb5 module. secdomain=encryptdbpasswordexecute: beginning execution of action action_get.fetching key=domainname ver=general Failure while applying Kerberos configuration. Details: Authentication Failed. Error in DNS configuration. Please verify the oVirt Engine host has a valid reverse DNS (PTR) record. Using host command, I got the following results: [root@ovirt-dir eduardo]# host ovirt-dir.gsr.inpe.br ovirt-dir.gsr.inpe.br has address 150.163.80.125 [root@ovirt-dir eduardo]# host 150.163.80.125 125.80.163.150.in-addr.arpa domain name pointer ovirt-dir.gsr.inpe.br. [root@ovirt-dir eduardo]# host -t srv _kerberos._tcp.gsr.inpe.br _kerberos._tcp.gsr.inpe.br has SRV record 1 0 88 samba4.gsr.inpe.br. [root@ovirt-dir eduardo]# host samba4.gsr.inpe.br samba4.gsr.inpe.br has address 150.163.73.109 [root@ovirt-dir eduardo]# host 150.163.73.109 109.73.163.150.in-addr.arpa domain name pointer samba4.gsr.inpe.br. As you can see, it is everything ok. No DNS problem. Someone have any idea? Thanks. ___ Users mailing listUsers@ovirt.orghttp://lists.ovirt.org/mailman/listinfo/users ___ Users mailing listUsers@ovirt.orghttp://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] DNS reverse configuration
Hi Roy! In fact engine-config -a works fine. It shows me the db config content. By the way, that engine is running ok as well. I just can't get engine connected to my samba4. Watching postgresql log file, whenever I use engine-manage-domains or engine-config, the following messages are appended: LOG: connection received: host=localhost port=1 LOG: connection authorized: user=engine database=engine LOG: unexpected EOF on client connection But engine-config works fine. I'm using CentOS 6.3 and using yum there are not update for postgresql or jdbc to update. The same with ovirt-engine. I'm really not understanding why it doesn't works. On 04/07/2013 05:57 AM, Roy Golan wrote: On 04/04/2013 09:45 PM, Eduardo Ramos wrote: Hi all! I'm trying to connect my ovirt-engine in a samba4 server. Samba4 is ActiveDirectory complaint. But when I use engine-manage-domains, it returns me a strange message: [root@ovirt-dir eduardo]# engine-manage-domains -action=add -domain=gsr.inpe.br -provider=activeDirectory -user=Administrator -interactive Enter password: Error: Authentication Failed. Error in DNS configuration. Please verify the oVirt Engine host has a valid reverse DNS (PTR) record.. Problematic domain is: getconnection: driver class name=org.postgresql.xa.pgxadatasourcegetconnection: url=jdbc:postgresql://localhost:5432/enginegetconnection: considering encrypted passord. it looks like engine-config have problems opening a db connection. The DNS reported error is a bug and is shown due to the connection error. you should get that same error if you'll use $ engine.config -a you have some problem connecting to the localhost postgres instance using the password entered during setup probably. is your postgresql instance up the engine is able to connect to the db? engine-config is getting the password from the same source where the engine does. also, a PTR record is no longer needed since openjdk 7 due to a change in the impl of the krb5 module. secdomain=encryptdbpasswordexecute: beginning execution of action action_get.fetching key=domainname ver=general Failure while applying Kerberos configuration. Details: Authentication Failed. Error in DNS configuration. Please verify the oVirt Engine host has a valid reverse DNS (PTR) record. Using host command, I got the following results: [root@ovirt-dir eduardo]# host ovirt-dir.gsr.inpe.br ovirt-dir.gsr.inpe.br has address 150.163.80.125 [root@ovirt-dir eduardo]# host 150.163.80.125 125.80.163.150.in-addr.arpa domain name pointer ovirt-dir.gsr.inpe.br. [root@ovirt-dir eduardo]# host -t srv _kerberos._tcp.gsr.inpe.br _kerberos._tcp.gsr.inpe.br has SRV record 1 0 88 samba4.gsr.inpe.br. [root@ovirt-dir eduardo]# host samba4.gsr.inpe.br samba4.gsr.inpe.br has address 150.163.73.109 [root@ovirt-dir eduardo]# host 150.163.73.109 109.73.163.150.in-addr.arpa domain name pointer samba4.gsr.inpe.br. As you can see, it is everything ok. No DNS problem. Someone have any idea? Thanks. ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] DNS reverse configuration
On 04/04/2013 09:45 PM, Eduardo Ramos wrote: Hi all! I'm trying to connect my ovirt-engine in a samba4 server. Samba4 is ActiveDirectory complaint. But when I use engine-manage-domains, it returns me a strange message: [root@ovirt-dir eduardo]# engine-manage-domains -action=add -domain=gsr.inpe.br -provider=activeDirectory -user=Administrator -interactive Enter password: Error: Authentication Failed. Error in DNS configuration. Please verify the oVirt Engine host has a valid reverse DNS (PTR) record.. Problematic domain is: getconnection: driver class name=org.postgresql.xa.pgxadatasourcegetconnection: url=jdbc:postgresql://localhost:5432/enginegetconnection: considering encrypted passord. it looks like engine-config have problems opening a db connection. The DNS reported error is a bug and is shown due to the connection error. you should get that same error if you'll use $ engine.config -a you have some problem connecting to the localhost postgres instance using the password entered during setup probably. is your postgresql instance up the engine is able to connect to the db? engine-config is getting the password from the same source where the engine does. also, a PTR record is no longer needed since openjdk 7 due to a change in the impl of the krb5 module. secdomain=encryptdbpasswordexecute: beginning execution of action action_get.fetching key=domainname ver=general Failure while applying Kerberos configuration. Details: Authentication Failed. Error in DNS configuration. Please verify the oVirt Engine host has a valid reverse DNS (PTR) record. Using host command, I got the following results: [root@ovirt-dir eduardo]# host ovirt-dir.gsr.inpe.br ovirt-dir.gsr.inpe.br has address 150.163.80.125 [root@ovirt-dir eduardo]# host 150.163.80.125 125.80.163.150.in-addr.arpa domain name pointer ovirt-dir.gsr.inpe.br. [root@ovirt-dir eduardo]# host -t srv _kerberos._tcp.gsr.inpe.br _kerberos._tcp.gsr.inpe.br has SRV record 1 0 88 samba4.gsr.inpe.br. [root@ovirt-dir eduardo]# host samba4.gsr.inpe.br samba4.gsr.inpe.br has address 150.163.73.109 [root@ovirt-dir eduardo]# host 150.163.73.109 109.73.163.150.in-addr.arpa domain name pointer samba4.gsr.inpe.br. As you can see, it is everything ok. No DNS problem. Someone have any idea? Thanks. ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] DNS reverse configuration
On Thu, 2013-04-04 at 18:48 +, Chris Noffsinger wrote: I have successfully gotten samba4 to work with ovirt but I could not use the Administrator user. I had to create another admin user to. Get it to work. I can confirm that it's possible to use oVirt/RHEV with Samba 4 - tested RHEV 3.0/3.1 with Univention Corporate Server which is a SBS server on Linux base with Samba 4. For RHEV it's not recommended to use Administrator for Active Directory even if it works mostly. Did it several times where it worked fine with Microsoft Active Directory - not sure if I faced isses with Administrator user. But in general it's better to have an other user with admin permissions, as this will always work (if you set up DNS correctly). Regards, René Chris Noffsinger -Original Message- From: Eduardo Ramos edua...@freedominterface.org Sender: users-boun...@ovirt.org Date: Thu, 04 Apr 2013 15:45:36 To: users@ovirt.org Subject: [Users] DNS reverse configuration ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] DNS reverse configuration
Even though ovirt-engine did not tried connect to samba4, I used another user. The issue is that engine-manage-domains said not found PTR entry, although host/nslookup/dig command say the opposite. Is there any detail? On 04/04/2013 05:36 PM, Gianluca Cecchi wrote: On Thu, Apr 4, 2013 at 8:48 PM, Chris Noffsinger wrote: I have successfully gotten samba4 to work with ovirt but I could not use the Administrator user. I had to create another admin user to. Get it to work. Chris Noffsinger It is intended to be so and I think it is the right thing to separate respective roles. I had to do the same with FreeIPA. Gianluca ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] DNS reverse configuration
Hello everybody, Is there some howto or some procedure to connect Samba4 to oVirt 3.1 and what components are necessary to install and configure?, René, can you post all steps to configure it to have oVirt working with Sanba 4, please? Many thanks in avanced, Juanjo. On Fri, Apr 5, 2013 at 1:28 PM, Eduardo Ramos edua...@freedominterface.orgwrote: Even though ovirt-engine did not tried connect to samba4, I used another user. The issue is that engine-manage-domains said not found PTR entry, although host/nslookup/dig command say the opposite. Is there any detail? On 04/04/2013 05:36 PM, Gianluca Cecchi wrote: On Thu, Apr 4, 2013 at 8:48 PM, Chris Noffsinger wrote: I have successfully gotten samba4 to work with ovirt but I could not use the Administrator user. I had to create another admin user to. Get it to work. Chris Noffsinger It is intended to be so and I think it is the right thing to separate respective roles. I had to do the same with FreeIPA. Gianluca __**_ Users mailing list Users@ovirt.org http://lists.ovirt.org/**mailman/listinfo/usershttp://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] DNS reverse configuration
On Fri, 2013-04-05 at 14:21 +0200, Juan Jose wrote: Hello everybody, Is there some howto or some procedure to connect Samba4 to oVirt 3.1 and what components are necessary to install and configure?, René, can you post all steps to configure it to have oVirt working with Sanba 4, please? Sorry, can't give you detailed information on how to create a Samba 4 directory (use UCS appliance) - there is plenty of documentation in the internet on how to do that. To connect oVirt to your existing Samba domain, use the DNS server from your samba server on your ovirt-engine host (don't do replication to external bind servers, as this causes some issues). You have to make sure, that you have valid forward (A) and reverse (PTR) DNS entries for your ovirt-engine host and SRV records for LDAP, Kerberos,... (but these should be created by default and are required for your Windows clients, too). You can join your Samba4 domain with engine-manage-domains -provider=ActiveDirectory ... I hope this helps you a bit. Many thanks in avanced, Juanjo. On Fri, Apr 5, 2013 at 1:28 PM, Eduardo Ramos edua...@freedominterface.org wrote: Even though ovirt-engine did not tried connect to samba4, I used another user. The issue is that engine-manage-domains said not found PTR entry, although host/nslookup/dig command say the opposite. Is there any detail? On 04/04/2013 05:36 PM, Gianluca Cecchi wrote: On Thu, Apr 4, 2013 at 8:48 PM, Chris Noffsinger wrote: I have successfully gotten samba4 to work with ovirt but I could not use the Administrator user. I had to create another admin user to. Get it to work. Chris Noffsinger It is intended to be so and I think it is the right thing to separate respective roles. I had to do the same with FreeIPA. Gianluca ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] DNS reverse configuration
I wish that I had documented it, because I have now reinstalled that management server. But I do believe that I had to put my realms manually into /etc/krb5.conf to get it to work. On Fri, Apr 5, 2013 at 8:21 AM, Juan Jose jj197...@gmail.com wrote: Hello everybody, Is there some howto or some procedure to connect Samba4 to oVirt 3.1 and what components are necessary to install and configure?, René, can you post all steps to configure it to have oVirt working with Sanba 4, please? Many thanks in avanced, Juanjo. On Fri, Apr 5, 2013 at 1:28 PM, Eduardo Ramos edua...@freedominterface.org wrote: Even though ovirt-engine did not tried connect to samba4, I used another user. The issue is that engine-manage-domains said not found PTR entry, although host/nslookup/dig command say the opposite. Is there any detail? On 04/04/2013 05:36 PM, Gianluca Cecchi wrote: On Thu, Apr 4, 2013 at 8:48 PM, Chris Noffsinger wrote: I have successfully gotten samba4 to work with ovirt but I could not use the Administrator user. I had to create another admin user to. Get it to work. Chris Noffsinger It is intended to be so and I think it is the right thing to separate respective roles. I had to do the same with FreeIPA. Gianluca __**_ Users mailing list Users@ovirt.org http://lists.ovirt.org/**mailman/listinfo/usershttp://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users -- Chris Noffsinger ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] DNS reverse configuration
I have successfully gotten samba4 to work with ovirt but I could not use the Administrator user. I had to create another admin user to. Get it to work. Chris Noffsinger -Original Message- From: Eduardo Ramos edua...@freedominterface.org Sender: users-boun...@ovirt.org Date: Thu, 04 Apr 2013 15:45:36 To: users@ovirt.org Subject: [Users] DNS reverse configuration ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] DNS reverse configuration
On Thu, Apr 4, 2013 at 8:48 PM, Chris Noffsinger wrote: I have successfully gotten samba4 to work with ovirt but I could not use the Administrator user. I had to create another admin user to. Get it to work. Chris Noffsinger It is intended to be so and I think it is the right thing to separate respective roles. I had to do the same with FreeIPA. Gianluca ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users