Hi,
The IPA (or Active Directory) admin user doesn't get admin permissions anymore.
You can change this with option -addPermissions:
-addPermissions In combination with -action=add/edit will add
engine superuser permissions to the user.
Default behaviour is not to add permissions.
Or login with admin@internal and give your IPA admin superuser permissions in
webadmin.
--
Best Regards
René Koch
Senior Solution Architect
============================================
ovido gmbh - "Das Linux Systemhaus"
Brünner Straße 163, A-1210 Wien
Phone: +43 720 / 530 670 - 0
Mobile: +43 660 / 512 21 31
E-Mail: [email protected]
============================================
-----Original message-----
> From:Gianluca Cecchi <[email protected]>
> Sent: Saturday 2nd February 2013 0:22
> To: users <[email protected]>
> Subject: [Users] 3.2 beta and IPA domain question
>
> Hello,
> I seem to remember in RHEV 3.0 that when you configured an IPA domain,
> its admin was automatically configured as an admin for RHEV itself.
> Is it true and in case does remain true for oVirt?
>
> I configured IPA as shipped on CentOS 6.3+updates
> ipa-server-2.2.0-17.el6_3.1.x86_64
>
> I successfully added it to y oVirt 3.2 beta setup
>
> [root@f18engine ~]# engine-manage-domains -action=add
> -domain=LOCALDOMAIN.LOCAL -user=admin -provider=IPA -interactive
> Enter password:
>
> The domain localdomain.local has been added to the engine as an
> authentication source but no users from that domain have been granted
> permissions within the oVirt Manager.
> Users from this domain can be granted permissions from the Web
> administration interface.
> oVirt Engine restart is required in order for the changes to take
> place (service ovirt-engine restart).
> Manage Domains completed successfully
>
> Then
> [root@f18engine ~]# systemctl try-restart ovirt-engine.service
> [root@f18engine ~]# systemctl status ovirt-engine.service
> ovirt-engine.service - oVirt Engine
> Loaded: loaded (/usr/lib/systemd/system/ovirt-engine.service; enabled)
> Active: active (running) since Sat 2013-02-02 00:10:29 CET; 10s ago
> Process: 32512 ExecStop=/usr/bin/engine-service stop (code=exited,
> status=0/SUCCESS)
> Process: 32520 ExecStart=/usr/bin/engine-service start (code=exited,
> status=0/SUCCESS)
> Main PID: 32521 (java)
> CGroup: name=systemd:/system/ovirt-engine.service
> └─32521 engine-service -server -XX:+TieredCompilation -Xms1g -Xmx1g
> -XX:PermSize=256m -XX:MaxPe...
>
> Feb 02 00:10:28 f18engine.localdomain.local systemd[1]: Starting oVirt
> Engine...
> Feb 02 00:10:29 f18engine.localdomain.local engine-service[32520]:
> Started engine process 32521.
> Feb 02 00:10:29 f18engine.localdomain.local engine-service[32520]:
> Starting engine-service: [ OK ]
> Feb 02 00:10:29 f18engine.localdomain.local systemd[1]: Started oVirt Engine.
>
>
> Now from web admin portal I can choose the "localdomain.local" domain
> in drop down menu.
> But when I try to enter the webadmin portal I get:
>
> User is not authorized to perform this action.
>
>
> Do I need to grant IPA admin user from internal admin before, or
> should it just work?
>
> Gianluca
> _______________________________________________
> Users mailing list
> [email protected]
> http://lists.ovirt.org/mailman/listinfo/users
>
_______________________________________________
Users mailing list
[email protected]
http://lists.ovirt.org/mailman/listinfo/users
