after use kinit login tsinjon , the error changes to , why this happened? [root@ovirt-engine ~]# engine-manage-domains -action=add -domain='local' -user='tsinjon' -interactive Enter password:
No user in Directory was found for tsinjon@LOCAL. Trying next LDAP server in list Failure while testing domain local. Details: No user information was found for user On 15 May, 2012, at 10:47 AM, T-Sinjon wrote: > > I have added those SRV info into my zone file , and it did go , the log > looks fine , but engine-manage-domains still return error > > 2012-05-15 10:45:19,222 INFO > [org.ovirt.engine.core.utils.kerberos.ManageDomains] Creating kerberos > configuration for domain(s): local > 2012-05-15 10:45:19,258 INFO > [org.ovirt.engine.core.utils.kerberos.ManageDomains] Successfully created > kerberos configuration for domain(s): local > 2012-05-15 10:45:19,259 INFO > [org.ovirt.engine.core.utils.kerberos.ManageDomains] Testing kerberos > configuration for domain: local > > [root@ovirt-engine ~]# engine-manage-domains -action=add -domain='local' > -user='tsinjon' -interactive > Enter password: > > Error: exception message: Integrity check on decrypted field failed (31) - > PREAUTH_FAILED > Failure while testing domain local. Details: Kerberos error. Please check log > for further details. > > > On 14 May, 2012, at 10:12 PM, Oved Ourfalli wrote: > >> >> >> ----- Original Message ----- >>> From: "T-Sinjon" <tscbj1...@gmail.com> >>> To: users@ovirt.org >>> Sent: Monday, May 14, 2012 5:07:46 PM >>> Subject: [Users] engine-manage-domains can't add user , domain >>> >>> >>> I use FreeIPA to authenticate users, ipa user-add has no problem, >>> but when i do : >>> >>> [root@ovirt-engine ~]# engine-manage-domains -action=add >>> -domain='local' -user='tsinjon' -interactive >>> >>> Error: Authentication Failed. Please verify the fully qualified >>> domain name that is used for authentication is correct.. Problematic >>> domain is: local >>> Failure while applying Kerberos configuration. Details: >>> Authentication Failed. Please verify the fully qualified domain name >>> that is used for authentication is correct. >>> >>> and log from engine-manage-domains.log : >>> >>> 2012-05-14 21:58:47,892 INFO >>> [org.ovirt.engine.core.utils.kerberos.ManageDomains] Creating >>> kerberos configuration for domain(s): local >>> 2012-05-14 21:58:47,923 ERROR >>> [org.ovirt.engine.core.dns.DnsSRVLocator] Error in getting SRV list >>> for protocol _tcp and domain LOCAL Exception message is DNS name not >>> found [response code 3] >>> >>> my domain is 'local' , like ovirt-engine.local 、ovirt-node-1.local >>> …etc >>> >>> What can i do to get through it? >>> >> The utility (and also the ovirt engine) are relying on DNS SRV records in >> order to find LDAP and kerberos servers (supporting Active directory, IPA or >> RHDS). >> So, in order to work with it you must have the following in the DNS >> 1. PTR record for your LDAP server >> 2. LDAP SRV record for your LDAP server >> 3. LDAP kerberos record for your LDAP server >> >> If you don't really have access to the DNS you can install a package called >> "dnsmasq", and perform this changes by yourself in its config file. >> >> Oved >>> >>> _______________________________________________ >>> Users mailing list >>> Users@ovirt.org >>> http://lists.ovirt.org/mailman/listinfo/users >>> > _______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users