HI, Roy I have update my engine to newest use ' rpm -Uvh ' -
I used rpms from http://jenkins.ovirt.org/view/ovirt_engine/job/ovirt_engine_create_rpms/ . [root@ovirt-engine ~]# rpm -qa | grep ovirt-engine ovirt-engine-dbscripts-3.1.0_0001-1.8.fc16.x86_64 ovirt-engine-config-3.1.0_0001-1.8.fc16.x86_64 ovirt-engine-log-collector-3.1.0_0001-1.8.fc16.x86_64 ovirt-engine-3.1.0_0001-1.8.fc16.x86_64 ovirt-engine-image-uploader-3.1.0_0001-1.8.fc16.x86_64 ovirt-engine-restapi-3.1.0_0001-1.8.fc16.x86_64 ovirt-engine-sdk-1.3-1.fc16.noarch ovirt-engine-tools-common-3.1.0_0001-1.8.fc16.x86_64 ovirt-engine-backend-3.1.0_0001-1.8.fc16.x86_64 ovirt-engine-jbossas-1.2-2.fc16.x86_64 ovirt-engine-iso-uploader-3.1.0_0001-1.8.fc16.x86_64 ovirt-engine-setup-3.1.0_0001-1.8.fc16.x86_64 ovirt-engine-userportal-3.1.0_0001-1.8.fc16.x86_64 ovirt-engine-jboss-deps-3.1.0_0001-1.8.fc16.x86_64 ovirt-engine-webadmin-portal-3.1.0_0001-1.8.fc16.x86_64 ovirt-engine-genericapi-3.1.0_0001-1.8.fc16.x86_64 ovirt-engine-notification-service-3.1.0_0001-1.8.fc16.x86_64 and now I add domain again , it still have error and there's no log can find from engine-manage-domains.log, what should i do now ? [root@ovirt-engine ~]# engine-manage-domains -action=add -domain=local -user=admin -provider=IPA -interactive Failed reading current configuration. Details: Error "Error fetching LDAPProviderTypes value: no such entry with version 'general'." while reading configuration value LDAPProviderTypes. On 15 May, 2012, at 5:10 PM, Roy Golan wrote: > On 05/15/2012 08:48 AM, Yair Zaslavsky wrote: >> On 05/15/2012 08:35 AM, Oved Ourfalli wrote: >>> >>> ----- Original Message ----- >>>> From: "T-Sinjon"<tscbj1...@gmail.com> >>>> To: "Oved Ourfalli"<ov...@redhat.com> >>>> Cc: users@ovirt.org >>>> Sent: Tuesday, May 15, 2012 5:53:16 AM >>>> Subject: Re: [Users] engine-manage-domains can't add user , domain >>>> >>>> after use kinit login tsinjon , the error changes to , why this >>>> happened? >>>> >>>> [root@ovirt-engine ~]# engine-manage-domains -action=add >>>> -domain='local' -user='tsinjon' -interactive >>>> Enter password: >>>> >>>> No user in Directory was found for tsinjon@LOCAL. Trying next LDAP >>>> server in list >>>> Failure while testing domain local. Details: No user information was >>>> found for user >>>> >>> Can't see why kinit matters here, but looking at your command I noticed you >>> used single quotes for the user and domain name. >>> I'm not sure it knows to handle this correctly. >>> Did you try without the quotes? >>> >>> Also, what version are you working with? >>> We had a problem a few weeks ago, of identifying the correct ldap provider. >>> To fix that we added an option to specify the ldap provider type. It >>> determines which query will be used in order to get the user details. >>> >>> cc-ing Roy, which added this. iirc it is mandatory to provide this option, >>> so you probably don't have this option in your environment. >>> Roy - is there an upstream release with this fix? >> Oved - this was merged upstream. >> T-Sinjon - have you cloned the git repo and compiled or are you using RPMs? > T-Sinjon - once your updated you'll be able to specify the which type is your > LDAP server and overcome this problem. > > e.g. > engine-manage-domains -action=add -domain='local' -provider=ipa > -user='tsinjon' -interactive > > >> >> >>> Regards, >>> Oved >>>> On 15 May, 2012, at 10:47 AM, T-Sinjon wrote: >>>> >>>>> I have added those SRV info into my zone file , and it did go , >>>>> the log looks fine , but engine-manage-domains still return error >>>>> >>>>> 2012-05-15 10:45:19,222 INFO >>>>> [org.ovirt.engine.core.utils.kerberos.ManageDomains] Creating >>>>> kerberos configuration for domain(s): local >>>>> 2012-05-15 10:45:19,258 INFO >>>>> [org.ovirt.engine.core.utils.kerberos.ManageDomains] Successfully >>>>> created kerberos configuration for domain(s): local >>>>> 2012-05-15 10:45:19,259 INFO >>>>> [org.ovirt.engine.core.utils.kerberos.ManageDomains] Testing >>>>> kerberos configuration for domain: local >>>>> >>>>> [root@ovirt-engine ~]# engine-manage-domains -action=add >>>>> -domain='local' -user='tsinjon' -interactive >>>>> Enter password: >>>>> >>>>> Error: exception message: Integrity check on decrypted field >>>>> failed (31) - PREAUTH_FAILED >>>>> Failure while testing domain local. Details: Kerberos error. Please >>>>> check log for further details. >>>>> >>>>> >>>>> On 14 May, 2012, at 10:12 PM, Oved Ourfalli wrote: >>>>> >>>>>> >>>>>> ----- Original Message ----- >>>>>>> From: "T-Sinjon"<tscbj1...@gmail.com> >>>>>>> To: users@ovirt.org >>>>>>> Sent: Monday, May 14, 2012 5:07:46 PM >>>>>>> Subject: [Users] engine-manage-domains can't add user , domain >>>>>>> >>>>>>> >>>>>>> I use FreeIPA to authenticate users, ipa user-add has no >>>>>>> problem, >>>>>>> but when i do : >>>>>>> >>>>>>> [root@ovirt-engine ~]# engine-manage-domains -action=add >>>>>>> -domain='local' -user='tsinjon' -interactive >>>>>>> >>>>>>> Error: Authentication Failed. Please verify the fully qualified >>>>>>> domain name that is used for authentication is correct.. >>>>>>> Problematic >>>>>>> domain is: local >>>>>>> Failure while applying Kerberos configuration. Details: >>>>>>> Authentication Failed. Please verify the fully qualified domain >>>>>>> name >>>>>>> that is used for authentication is correct. >>>>>>> >>>>>>> and log from engine-manage-domains.log : >>>>>>> >>>>>>> 2012-05-14 21:58:47,892 INFO >>>>>>> [org.ovirt.engine.core.utils.kerberos.ManageDomains] Creating >>>>>>> kerberos configuration for domain(s): local >>>>>>> 2012-05-14 21:58:47,923 ERROR >>>>>>> [org.ovirt.engine.core.dns.DnsSRVLocator] Error in getting SRV >>>>>>> list >>>>>>> for protocol _tcp and domain LOCAL Exception message is DNS name >>>>>>> not >>>>>>> found [response code 3] >>>>>>> >>>>>>> my domain is 'local' , like ovirt-engine.local >>>>>>> 、ovirt-node-1.local >>>>>>> …etc >>>>>>> >>>>>>> What can i do to get through it? >>>>>>> >>>>>> The utility (and also the ovirt engine) are relying on DNS SRV >>>>>> records in order to find LDAP and kerberos servers (supporting >>>>>> Active directory, IPA or RHDS). >>>>>> So, in order to work with it you must have the following in the >>>>>> DNS >>>>>> 1. PTR record for your LDAP server >>>>>> 2. LDAP SRV record for your LDAP server >>>>>> 3. LDAP kerberos record for your LDAP server >>>>>> >>>>>> If you don't really have access to the DNS you can install a >>>>>> package called "dnsmasq", and perform this changes by yourself in >>>>>> its config file. >>>>>> >>>>>> Oved >>>>>>> _______________________________________________ >>>>>>> Users mailing list >>>>>>> Users@ovirt.org >>>>>>> http://lists.ovirt.org/mailman/listinfo/users >>>>>>> >>>> >>> _______________________________________________ >>> Users mailing list >>> Users@ovirt.org >>> http://lists.ovirt.org/mailman/listinfo/users > _______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users