So returning. I got a machine, I installed Fedora 17 on it. With that I managed to install FreeIPA. FreeIPA configured, and managed to add the domain with the tool "oVirt-manage-domains".
Created in FreeIPA users, set their passwords. I gave permission for them. However, I can only login with the admin user in the new domain. With users that I created, is giving the following message: Can not Login. User Password has expired, Please change your password. So, I need to give any more permission for users to login? Att, 2012/12/6 Yair Zaslavsky <[email protected]> > > > ------------------------------ > > *From: *"victor nunes" <[email protected]> > *To: *"Yair Zaslavsky" <[email protected]> > *Cc: *[email protected], "Itamar Heim" <[email protected]> > *Sent: *Thursday, December 6, 2012 2:14:49 AM > > *Subject: *Re: [Users] tool engine-manage-domains > > Hello, > > I'm going to do all these tests, but a question. > > I need to configure Kerberos on the server LDAP? > > Att, > > Yes. > > > > 2012/12/4 Yair Zaslavsky <[email protected]> > >> Hi, >> Several things - >> a. I think logging at this point should be improved >> b. Since the log is not informative enough, please try the following: >> 1. Check that your credentials are correct >> 2. Check you have no clock skew issue (the time difference between the >> machine running manage-domains and your ldap server should be less or equal >> to 5 minutes). >> 3. Connection refused so there is some connectivity issue - >> please query your ldap SRV records for the domain (IMHO dig SRV >> _ldap._tcp.viperde.com.br should do the trick) >> please try to connect to these ldap servers manually - >> >> For example, if the returned host from the dig SRV query is >> aaa.viperde.com.br >> >> perform: >> telnet aaa.viperde.com.br 389 >> >> Turns out that I did not have telnet installed on my fc17 machine - >> I used yum install telnet to install it. >> >> Kind regards, >> >> Yair >> >> >> ------------------------------ >> >> *From: *"victor nunes" <[email protected]> >> *To: *"Itamar Heim" <[email protected]> >> *Cc: *"Yair Zaslavsky" <[email protected]>, [email protected] >> *Sent: *Tuesday, December 4, 2012 3:28:56 AM >> *Subject: *Re: [Users] tool engine-manage-domains >> >> >> Thanks for the reply. >> >> I do not have another machine to the power configuar FreeIPA. >> >> I have a machine, I do not have access, which is an LDAP server installed >> on it. >> I configured a machine that is oVirt-manage as ldap client, I configured >> the dns, but in time to include the domain happens the following error: >> >> Error: exception message: Connection refused >> Failure while testing domain viprede.com.br. Details: Kerberos error. >> Please check log for further Top details. >> >> in the logs, I have the following lines: >> >> 03/12/2012 20:25:26,390 INFO >> [org.ovirt.engine.core.utils.kerberos.ManageDomains] Creating kerberos >> configuration for domain (s): viprede.com.br >> 03/12/2012 20:25:26,422 INFO >> [org.ovirt.engine.core.utils.kerberos.ManageDomains] Successfully created >> kerberos configuration for domain (s): viprede.com.br >> 03/12/2012 20:25:26,422 INFO >> [org.ovirt.engine.core.utils.kerberos.ManageDomains] Testing kerberos >> configuration for domain: viprede.com.br. >> >> So what could be this error? >> >> 2012/11/29 Itamar Heim <[email protected]> >> >>> On 11/29/2012 05:58 AM, victor nunes wrote: >>> >>>> >>>> >>>> 2012/11/29 Yair Zaslavsky <[email protected] <mailto: >>>> [email protected]>> >>>> >>>> >>>> Hi, >>>> Can you redirect your question to [email protected] >>>> <mailto:[email protected]>? >>>> >>>> I think others will help you to forward your question to relevant >>>> people here (not sure I can provide a good answer). >>>> >>>> >>>> >>>> On 11/29/2012 03:26 AM, victor nunes wrote: >>>> >>>> So I'm trying to install FreeIPA on the same machine that >>>> oVirt-manage, >>>> but at the time of installation, the following error occurs: >>>> >>>> FreeIPA-server conflicts with 1: mod_ssl-2.2.22-4.fc17.x86_64 >>>> >>>> >>>> Looking for a solution to the problem, I discovered that this is >>>> a bug >>>> reported by others. >>>> >>>> Follow the link to the bug reported: >>>> >>>> https://bugzilla.redhat.com/__**show_bug.cgi?id=840098<https://bugzilla.redhat.com/__show_bug.cgi?id=840098> >>>> >>>> >>>> <https://bugzilla.redhat.com/**show_bug.cgi?id=840098<https://bugzilla.redhat.com/show_bug.cgi?id=840098> >>>> > >>>> >>>> Then, using oo FreeIPA not be possible, which otherwise I have >>>> to add >>>> new domains and users? >>>> >>>> Em 8 de novembro de 2012 02:41, Yair Zaslavsky >>>> <[email protected] <mailto:[email protected]> >>>> <mailto:[email protected] <mailto:[email protected]>>> >>>> escreveu: >>>> >>>> >>>> >>>> Hi, >>>> You cannot create new users for the internal domain. >>>> The internal domain was developed for quick POC, just to >>>> allow login >>>> to the system without the need for ldap provider. >>>> I recommend you install some ldap server (i.e - free IPA) >>>> and try to >>>> work with it. >>>> >>>> >>>> >>>> On 11/08/2012 01:08 AM, victor nunes wrote: >>>> >>>> Sorry. >>>> >>>> Att, >>>> >>>> 2012/11/7 victor nunes <[email protected] >>>> <mailto:[email protected]**> >>>> <mailto:[email protected] >>>> <mailto:[email protected]**>__> >>>> <mailto:[email protected] >>>> <mailto:[email protected]**> <mailto: >>>> [email protected] >>>> <mailto:[email protected]**>__>__>> >>>> >>>> >>>> >>>> >>>> Thanks for the reply. >>>> >>>> As the command "engine-manage-domains" works with >>>> ldap, how >>>> can I >>>> create another user in the field "internal", and >>>> user >>>> "admin" that >>>> is created when you installed the engine-setup? >>>> >>>> 2012/11/4 Yair Zaslavsky <[email protected] >>>> <mailto:[email protected]> >>>> <mailto:[email protected] <mailto: >>>> [email protected]>> >>>> <mailto:[email protected] >>>> <mailto:[email protected]> <mailto:[email protected] >>>> <mailto:[email protected]>>>**> >>>> >>>> >>>> >>>> Hi, >>>> The specified tool handle only ldap domains, >>>> and not the >>>> internal domain. >>>> What would you like to change at the internal >>>> domain? >>>> I suggest you try to use engine-config for >>>> this. >>>> >>>> >>>> >>>> >>>> ------------------------------**____--------------------------* >>>> *--__--__------------ >>>> >>>> >>>> >>>> *From: *"victor nunes" >>>> <[email protected] <mailto:[email protected]**> >>>> <mailto:[email protected] >>>> <mailto:[email protected]**>__> >>>> <mailto:[email protected] >>>> <mailto:[email protected]**> >>>> <mailto:[email protected] >>>> <mailto:[email protected]**>__>__>> >>>> >>>> *To: *[email protected] >>>> <mailto:[email protected]> <mailto:[email protected] >>>> <mailto:[email protected]>> >>>> <mailto:[email protected] <mailto:[email protected]> >>>> <mailto:[email protected] <mailto:[email protected]>>> >>>> >>>> *Sent: *Sunday, November 4, 2012 12:18:55 >>>> AM >>>> *Subject: *[Users] tool >>>> engine-manage-domains >>>> >>>> >>>> >>>> I'm trying to change the default domain, >>>> the >>>> "internal" with >>>> the following command: >>>> >>>> engine-manage-domains -action=edit >>>> -domain=internal >>>> >>>> However, i am getting the following >>>> message: >>>> >>>> "Domain internal doesn't exist int the >>>> configuration" >>>> >>>> This is my domain admin user that is >>>> configured in the >>>> installation ovirt-setup. >>>> >>>> So, how can i fix it to include a user in >>>> this domain? >>>> >>>> >>>> Att, >>>> >>>> >>>> >>>> >>>> -- >>>> “Encarada do ponto de vista da juventude, >>>> a vida >>>> parece um >>>> futuro >>>> indefinidamente longo, ao passo que, na >>>> velhice, >>>> ela parece >>>> um passado >>>> deveras curto. Assim, a vida no seu >>>> início se >>>> apresenta do >>>> mesmo modo >>>> que as coisas quando as olhamos através >>>> de um >>>> binóculo usado >>>> ao contrário; mas, ao >>>> seu final, ela se parece com as coisas >>>> tal qual >>>> são vistas >>>> quando o binóculo >>>> é usado de modo normal. Um homem precisa >>>> ter >>>> envelhecido e >>>> vivido >>>> bastante para perceber como a vida é >>>> curta”. >>>> >>>> (Poema de Arthur Schopenhauer) >>>> >>>> >>>> ______________________________**_____________________ >>>> >>>> Users mailing list >>>> [email protected] <mailto:[email protected]> <mailto: >>>> [email protected] >>>> <mailto:[email protected]>> <mailto:[email protected] >>>> <mailto:[email protected]> >>>> <mailto:[email protected] <mailto:[email protected]>>> >>>> >>>> >>>> http://lists.ovirt.org/____**mailman/listinfo/users<http://lists.ovirt.org/____mailman/listinfo/users> >>>> >>>> <http://lists.ovirt.org/__**mailman/listinfo/users<http://lists.ovirt.org/__mailman/listinfo/users> >>>> > >>>> >>>> >>>> >>>> <http://lists.ovirt.org/__**mailman/listinfo/users<http://lists.ovirt.org/__mailman/listinfo/users> >>>> >>>> <http://lists.ovirt.org/**mailman/listinfo/users<http://lists.ovirt.org/mailman/listinfo/users> >>>> >> >>>> >>>> >>>> >>>> >>>> >>>> -- >>>> “Encarada do ponto de vista da juventude, a vida >>>> parece um >>>> futuro >>>> indefinidamente longo, ao passo que, na velhice, >>>> ela parece >>>> um passado >>>> deveras curto. Assim, a vida no seu início se >>>> apresenta do >>>> mesmo modo >>>> que as coisas quando as olhamos através de um >>>> binóculo usado ao >>>> contrário; mas, ao >>>> seu final, ela se parece com as coisas tal qual >>>> são vistas >>>> quando o >>>> binóculo >>>> é usado de modo normal. Um homem precisa ter >>>> envelhecido e >>>> vivido >>>> bastante para perceber como a vida é curta”. >>>> >>>> (Poema de Arthur Schopenhauer) >>>> >>>> >>>> >>>> >>>> -- >>>> “Encarada do ponto de vista da juventude, a vida parece >>>> um futuro >>>> indefinidamente longo, ao passo que, na velhice, ela >>>> parece um >>>> passado >>>> deveras curto. Assim, a vida no seu início se apresenta >>>> do mesmo >>>> modo >>>> que as coisas quando as olhamos através de um binóculo >>>> usado ao >>>> contrário; mas, ao >>>> seu final, ela se parece com as coisas tal qual são >>>> vistas quando o >>>> binóculo >>>> é usado de modo normal. Um homem precisa ter >>>> envelhecido e vivido >>>> bastante para perceber como a vida é curta”. >>>> >>>> (Poema de Arthur Schopenhauer) >>>> >>>> >>>> >>>> >>>> -- >>>> “Encarada do ponto de vista da juventude, a vida parece um >>>> futuro >>>> indefinidamente longo, ao passo que, na velhice, ela parece um >>>> passado >>>> deveras curto. Assim, a vida no seu início se apresenta do mesmo >>>> modo >>>> que as coisas quando as olhamos através de um binóculo usado ao >>>> contrário; mas, ao >>>> seu final, ela se parece com as coisas tal qual são vistas >>>> quando o >>>> binóculo >>>> é usado de modo normal. Um homem precisa ter envelhecido e >>>> vivido >>>> bastante para perceber como a vida é curta”. >>>> >>>> (Poema de Arthur Schopenhauer) >>>> >>>> >>>> >>>> >>>> -- >>>> “Encarada do ponto de vista da juventude, a vida parece um futuro >>>> indefinidamente longo, ao passo que, na velhice, ela parece um passado >>>> deveras curto. Assim, a vida no seu início se apresenta do mesmo modo >>>> que as coisas quando as olhamos através de um binóculo usado ao >>>> contrário; mas, ao >>>> seu final, ela se parece com as coisas tal qual são vistas quando o >>>> binóculo >>>> é usado de modo normal. Um homem precisa ter envelhecido e vivido >>>> bastante para perceber como a vida é curta”. >>>> >>>> (Poema de Arthur Schopenhauer) >>>> >>>> >>>> ______________________________**_________________ >>>> Users mailing list >>>> [email protected] >>>> http://lists.ovirt.org/**mailman/listinfo/users<http://lists.ovirt.org/mailman/listinfo/users> >>>> >>>> >>> there are three issues with installing freeipa on same machine as ovirt: >>> 1. the mod_ssl, which is solvable, but requires some work on our side. >>> 2. we faced some upgrade issues around this use case, though non are >>> relevant right now iirc. >>> 3. freeipa will override the default apache homepage redirection ovirt >>> placed. >>> >>> have you considered running freeipa in a guest? you can still use >>> admin@internal for issues with that guest if needed. >>> >> >> >> >> -- >> “Encarada do ponto de vista da juventude, a vida parece um futuro >> indefinidamente longo, ao passo que, na velhice, ela parece um passado >> deveras curto. Assim, a vida no seu início se apresenta do mesmo modo >> que as coisas quando as olhamos através de um binóculo usado ao >> contrário; mas, ao >> seu final, ela se parece com as coisas tal qual são vistas quando o >> binóculo >> é usado de modo normal. Um homem precisa ter envelhecido e vivido >> bastante para perceber como a vida é curta”. >> >> (Poema de Arthur Schopenhauer) >> >> >> > > > -- > “Encarada do ponto de vista da juventude, a vida parece um futuro > indefinidamente longo, ao passo que, na velhice, ela parece um passado > deveras curto. Assim, a vida no seu início se apresenta do mesmo modo > que as coisas quando as olhamos através de um binóculo usado ao contrário; > mas, ao > seu final, ela se parece com as coisas tal qual são vistas quando o > binóculo > é usado de modo normal. Um homem precisa ter envelhecido e vivido > bastante para perceber como a vida é curta”. > > (Poema de Arthur Schopenhauer) > > > -- “Encarada do ponto de vista da juventude, a vida parece um futuro indefinidamente longo, ao passo que, na velhice, ela parece um passado deveras curto. Assim, a vida no seu início se apresenta do mesmo modo que as coisas quando as olhamos através de um binóculo usado ao contrário; mas, ao seu final, ela se parece com as coisas tal qual são vistas quando o binóculo é usado de modo normal. Um homem precisa ter envelhecido e vivido bastante para perceber como a vida é curta”. (Poema de Arthur Schopenhauer)
_______________________________________________ Users mailing list [email protected] http://lists.ovirt.org/mailman/listinfo/users
