Re: [Users] Fwd: Trouble with SSO rhev-agent and rhev-agent-pam-rhev-cred
On 04/26/2013 11:12 AM, Karli Sjöberg wrote: Hi! I´m trying to get this working for our VDI solution, would be awfully cool. I have noticed lately that the SSO in ovirt seems to be broken on the engine side. The bug https://bugzilla.redhat.com/show_bug.cgi?id=922398 addresses this issue. And it has been fixed here: http://gerrit.ovirt.org/#/c/13667/ The reason for this is that the engine expects a certain package name to be reported by the guest agent to enable the SSO functionality on the engine side. If this information is not send the engine 'thinks' that there's no SSO capability. There'd be a way to enable the SSO capability by modifying the ovirt guest agent installation. e.g. you could install a fake rhev-agent package, however I personally would not recommend that. The ovirt 3.3 engine release should resolve this issue. But so far, this seems to be what´s stopping it: /var/log/ovirt-guest-agent/ovirt-guest-agent.log Dummy-1::DEBUG::2013-04-26 11:02:11,840::OVirtAgentLogic::178::root::AgentLogicBase::sendUserInfo - cur_user = '(unknown)' Over and over again. No. This is just reporting the currently logged in user. This is what´s installed in the Fedora 17 guest: # rpm -qa | grep ovirt- ovirt-guest-agent-common-1.0.6-6.fc17.noarch ovirt-guest-agent-gdm-plugin-1.0.6-6.fc17.x86_64 ovirt-guest-agent-pam-module-1.0.6-6.fc17.x86_64 And this is the engine: # rpm -qa | grep ovirt- ovirt-engine-config-3.1.0-4.fc17.noarch ovirt-engine-dbscripts-3.1.0-4.fc17.noarch ovirt-log-collector-3.1.0-0.git10d719.fc17.noarch ovirt-engine-restapi-3.1.0-4.fc17.noarch ovirt-image-uploader-3.1.0-0.git9c42c8.fc17.noarch ovirt-engine-genericapi-3.1.0-4.fc17.noarch ovirt-iso-uploader-3.1.0-0.git1841d9.fc17.noarch ovirt-engine-webadmin-portal-3.1.0-4.fc17.noarch ovirt-engine-setup-3.1.0-4.fc17.noarch ovirt-engine-sdk-3.2.0.2-1.fc17.noarch ovirt-engine-backend-3.1.0-4.fc17.noarch ovirt-engine-tools-common-3.1.0-4.fc17.noarch ovirt-engine-3.1.0-4.fc17.noarch ovirt-engine-userportal-3.1.0-4.fc17.noarch ovirt-engine-notification-service-3.1.0-4.fc17.noarch The engine is joined to our Active Directory domain, and the guest is as well, using winbind. Help? Best Regards Karli Sjöberg tis 2012-08-21 klockan 15:15 +0400 skrev Artem: Hi, i don't have /var/log/ovirt-guest-agent.log, i have /var/log/rhev-agent/rhev-agent.log. i set in /etc/rhev-agent.conf ... [logger_root] level=DEBUG ... but log file output ... Dummy-2::DEBUG::2012-08-21 15:09:56,698::vdsAgentLogic::160::root::AgentLogicBase::sendUserInfo - cur_user = 'root' Dummy-2::DEBUG::2012-08-21 15:10:06,719::vdsAgentLogic::160::root::AgentLogicBase::sendUserInfo - cur_user = 'root' Dummy-2::DEBUG::2012-08-21 15:10:16,739::vdsAgentLogic::160::root::AgentLogicBase::sendUserInfo - cur_user = 'root' Dummy-2::DEBUG::2012-08-21 15:10:26,836::vdsAgentLogic::160::root::AgentLogicBase::sendUserInfo - cur_user = 'root' Dummy-2::DEBUG::2012-08-21 15:10:36,857::vdsAgentLogic::160::root::AgentLogicBase::sendUserInfo - cur_user = 'root' I cannot build ovirt-guest-agent for Centos 6 (aka Rhel 6) and used rhev-agent and rhev-agent-pam-rhev-cred. hmm.. Linux machine is not configure to work with the same authentication server ~]# getent passwd sirin sirin:*:19321:19321:sirin zarin:/home/sirin:/bin/sh User sirin used FreeIPA. Artem 2012/8/20 Gal Hammer gham...@redhat.com mailto:gham...@redhat.com On 20/08/2012 08:31, Roy Golan wrote: Cannot login with SSO on system... cat /var/log/secure Aug 19 03:54:43 ws2 pam: gdm-rhevcred[2618]: pam_unix(gdm-rhevcred:auth): conversation failed Aug 19 03:54:43 ws2 pam: gdm-rhevcred[2618]: pam_unix(gdm-rhevcred:auth): auth could not identify password for [sirin] Aug 19 03:54:43 ws2 pam: gdm-rhevcred[2618]: pam_sss(gdm-rhevcred:auth): system info: [Cannot read password] Aug 19 03:54:43 ws2 pam: gdm-rhevcred[2618]: pam_sss(gdm-rhevcred:auth): authentication failure; logname= uid=0 euid=0 tty=:0 ruser= rhost= user=sirin Aug 19 03:54:43 ws2 pam: gdm-rhevcred[2618]: pam_sss(gdm-rhevcred:auth): received for user sirin: 4 (System error) Aug 19 03:54:43 ws2 pam: gdm-password[2617]: pam_unix(gdm-password:auth): conversation failed Aug 19 03:54:43 ws2 pam: gdm-password[2617]: pam_unix(gdm-password:auth): auth could not identify password for [sirin] Aug 19 03:54:43 ws2 pam: gdm-password[2617]: pam_sss(gdm-password:auth): system info: [Cannot read password] Aug 19 03:54:43 ws2 pam: gdm-password[2617]: pam_sss(gdm-password:auth): authentication failure; logname= uid=0 euid=0 tty=:0 ruser= rhost= user=sirin Aug 19 03:54:43 ws2 pam: gdm-password[2617]: pam_sss(gdm-password:auth): received for user sirin: 4 (System error) Aug 19 03:54:43 ws2 pam:
Re: [Users] Fwd: Trouble with SSO rhev-agent and rhev-agent-pam-rhev-cred
mån 2013-04-29 klockan 14:50 +0200 skrev Vinzenz Feenstra: On 04/26/2013 11:12 AM, Karli Sjöberg wrote: Hi! I´m trying to get this working for our VDI solution, would be awfully cool. I have noticed lately that the SSO in ovirt seems to be broken on the engine side. The bug https://bugzilla.redhat.com/show_bug.cgi?id=922398 addresses this issue. And it has been fixed here: http://gerrit.ovirt.org/#/c/13667/ The reason for this is that the engine expects a certain package name to be reported by the guest agent to enable the SSO functionality on the engine side. If this information is not send the engine 'thinks' that there's no SSO capability. Ahh, OK. Bummer. There'd be a way to enable the SSO capability by modifying the ovirt guest agent installation. e.g. you could install a fake rhev-agent package, however I personally would not recommend that. The ovirt 3.3 engine release should resolve this issue. And here I thought I was having enough trouble trying to upgrade from 3.1 to 3.2;P But so far, this seems to be what´s stopping it: /var/log/ovirt-guest-agent/ovirt-guest-agent.log Dummy-1::DEBUG::2013-04-26 11:02:11,840::OVirtAgentLogic::178::root::AgentLogicBase::sendUserInfo - cur_user = '(unknown)' Over and over again. No. This is just reporting the currently logged in user. Yeah, I noticed that it actually changed to my user name as soon as I logged and reverted when I logged out again. Thank you for the explanation! /Karli This is what´s installed in the Fedora 17 guest: # rpm -qa | grep ovirt- ovirt-guest-agent-common-1.0.6-6.fc17.noarch ovirt-guest-agent-gdm-plugin-1.0.6-6.fc17.x86_64 ovirt-guest-agent-pam-module-1.0.6-6.fc17.x86_64 And this is the engine: # rpm -qa | grep ovirt- ovirt-engine-config-3.1.0-4.fc17.noarch ovirt-engine-dbscripts-3.1.0-4.fc17.noarch ovirt-log-collector-3.1.0-0.git10d719.fc17.noarch ovirt-engine-restapi-3.1.0-4.fc17.noarch ovirt-image-uploader-3.1.0-0.git9c42c8.fc17.noarch ovirt-engine-genericapi-3.1.0-4.fc17.noarch ovirt-iso-uploader-3.1.0-0.git1841d9.fc17.noarch ovirt-engine-webadmin-portal-3.1.0-4.fc17.noarch ovirt-engine-setup-3.1.0-4.fc17.noarch ovirt-engine-sdk-3.2.0.2-1.fc17.noarch ovirt-engine-backend-3.1.0-4.fc17.noarch ovirt-engine-tools-common-3.1.0-4.fc17.noarch ovirt-engine-3.1.0-4.fc17.noarch ovirt-engine-userportal-3.1.0-4.fc17.noarch ovirt-engine-notification-service-3.1.0-4.fc17.noarch The engine is joined to our Active Directory domain, and the guest is as well, using winbind. Help? Best Regards Karli Sjöberg tis 2012-08-21 klockan 15:15 +0400 skrev Artem: Hi, i don't have /var/log/ovirt-guest-agent.log, i have /var/log/rhev-agent/rhev-agent.log. i set in /etc/rhev-agent.conf ... [logger_root] level=DEBUG ... but log file output ... Dummy-2::DEBUG::2012-08-21 15:09:56,698::vdsAgentLogic::160::root::AgentLogicBase::sendUserInfo - cur_user = 'root' Dummy-2::DEBUG::2012-08-21 15:10:06,719::vdsAgentLogic::160::root::AgentLogicBase::sendUserInfo - cur_user = 'root' Dummy-2::DEBUG::2012-08-21 15:10:16,739::vdsAgentLogic::160::root::AgentLogicBase::sendUserInfo - cur_user = 'root' Dummy-2::DEBUG::2012-08-21 15:10:26,836::vdsAgentLogic::160::root::AgentLogicBase::sendUserInfo - cur_user = 'root' Dummy-2::DEBUG::2012-08-21 15:10:36,857::vdsAgentLogic::160::root::AgentLogicBase::sendUserInfo - cur_user = 'root' I cannot build ovirt-guest-agent for Centos 6 (aka Rhel 6) and used rhev-agent and rhev-agent-pam-rhev-cred. hmm.. Linux machine is not configure to work with the same authentication server ~]# getent passwd sirin sirin:*:19321:19321:sirin zarin:/home/sirin:/bin/sh User sirin used FreeIPA. Artem 2012/8/20 Gal Hammer gham...@redhat.commailto:gham...@redhat.com On 20/08/2012 08:31, Roy Golan wrote: Cannot login with SSO on system... cat /var/log/secure Aug 19 03:54:43 ws2 pam: gdm-rhevcred[2618]: pam_unix(gdm-rhevcred:auth): conversation failed Aug 19 03:54:43 ws2 pam: gdm-rhevcred[2618]: pam_unix(gdm-rhevcred:auth): auth could not identify password for [sirin] Aug 19 03:54:43 ws2 pam: gdm-rhevcred[2618]: pam_sss(gdm-rhevcred:auth): system info: [Cannot read password] Aug 19 03:54:43 ws2 pam: gdm-rhevcred[2618]: pam_sss(gdm-rhevcred:auth): authentication failure; logname= uid=0 euid=0 tty=:0 ruser= rhost= user=sirin Aug 19 03:54:43 ws2 pam: gdm-rhevcred[2618]: pam_sss(gdm-rhevcred:auth): received for user sirin: 4 (System error) Aug 19 03:54:43 ws2 pam: gdm-password[2617]: pam_unix(gdm-password:auth): conversation failed Aug 19 03:54:43 ws2 pam: gdm-password[2617]: pam_unix(gdm-password:auth): auth could not identify password for [sirin] Aug 19 03:54:43 ws2 pam: gdm-password[2617]: pam_sss(gdm-password:auth): system info: [Cannot read password] Aug 19 03:54:43 ws2 pam: gdm-password[2617]: pam_sss(gdm-password:auth): authentication failure; logname= uid=0 euid=0 tty=:0 ruser= rhost= user=sirin Aug 19 03:54:43 ws2 pam: gdm-password[2617]: pam_sss(gdm-password:auth): received for user sirin:
Re: [Users] Fwd: Trouble with SSO rhev-agent and rhev-agent-pam-rhev-cred
On 20/08/2012 08:31, Roy Golan wrote: Cannot login with SSO on system... cat /var/log/secure Aug 19 03:54:43 ws2 pam: gdm-rhevcred[2618]: pam_unix(gdm-rhevcred:auth): conversation failed Aug 19 03:54:43 ws2 pam: gdm-rhevcred[2618]: pam_unix(gdm-rhevcred:auth): auth could not identify password for [sirin] Aug 19 03:54:43 ws2 pam: gdm-rhevcred[2618]: pam_sss(gdm-rhevcred:auth): system info: [Cannot read password] Aug 19 03:54:43 ws2 pam: gdm-rhevcred[2618]: pam_sss(gdm-rhevcred:auth): authentication failure; logname= uid=0 euid=0 tty=:0 ruser= rhost= user=sirin Aug 19 03:54:43 ws2 pam: gdm-rhevcred[2618]: pam_sss(gdm-rhevcred:auth): received for user sirin: 4 (System error) Aug 19 03:54:43 ws2 pam: gdm-password[2617]: pam_unix(gdm-password:auth): conversation failed Aug 19 03:54:43 ws2 pam: gdm-password[2617]: pam_unix(gdm-password:auth): auth could not identify password for [sirin] Aug 19 03:54:43 ws2 pam: gdm-password[2617]: pam_sss(gdm-password:auth): system info: [Cannot read password] Aug 19 03:54:43 ws2 pam: gdm-password[2617]: pam_sss(gdm-password:auth): authentication failure; logname= uid=0 euid=0 tty=:0 ruser= rhost= user=sirin Aug 19 03:54:43 ws2 pam: gdm-password[2617]: pam_sss(gdm-password:auth): received for user sirin: 4 (System error) Aug 19 03:54:43 ws2 pam: gdm-password[2617]: gkr-pam: no password is available for user But login with user and password done... I use FreeIPA for this user. What could be wrong? What does the agent's log say (/var/log/ovirt-guest-agent.log)? Usually, if everything is running as it should, the problem is that the Linux machine is not configure to work with the same authentication server as the one that the RHEV-M is using. Gal. ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
