Not too informative, so let's start and troubleshoot - a. please use dig to get SRV records for kerberos and ldap for the domain and attach it -
For example - for domain example.com (kerberos realm - EXAMPLE.COM) dig SRV _ldap._tcp.example.com dg SRV _kerberos._tcp.example.com b. Do you have a PTR record at your DNS defined for your IPA server? When looking at the code of the manage-domains tool I see the reason that the log is not informative enough is that our translator from "kerberos + ldap error codes" to "human readable" errors failed to translate the message. IMHO, we should send a patch for this + provide a way to get more descriptive logging in this case. Can you please let us know if the tips I suggested regarding DNS have helped? ----- Original Message ----- > From: "Ryan Wilkinson" <[email protected]> > To: "Yair Zaslavsky" <[email protected]> > Cc: [email protected] > Sent: Sunday, April 28, 2013 4:25:33 PM > Subject: Re: [Users] FreeIPA > Thanks, here is the engine-manage-domains log: > 2013-04-27 22:10:32,911 INFO [org.ovirt.engine.core.domains.ManageDomains] > Creating kerberos configuration for domain(s): wilk.local > 2013-04-27 22:10:32,936 INFO [org.ovirt.engine.core.domains.ManageDomains] > Successfully created kerberos configuration for domain(s): wilk.local > 2013-04-27 22:10:32,936 INFO [org.ovirt.engine.core.domains.ManageDomains] > Testing kerberos configuration for domain: wilk.local > 2013-04-27 22:10:33,219 ERROR > [org.ovirt.engine.core.utils.kerberos.KerberosConfigCheck] Error: exception > message: freeipa.wilk.local. > 2013-04-27 22:10:33,223 ERROR [org.ovirt.engine.core.domains.ManageDomains] > Failure while testing domain wilk.local. Details: Kerberos error. Please > check log for further details. > 2013-04-27 22:20:29,053 INFO [org.ovirt.engine.core.domains.ManageDomains] > Creating kerberos configuration for domain(s): wilk.local > 2013-04-27 22:20:29,078 INFO [org.ovirt.engine.core.domains.ManageDomains] > Successfully created kerberos configuration for domain(s): wilk.local > 2013-04-27 22:20:29,079 INFO [org.ovirt.engine.core.domains.ManageDomains] > Testing kerberos configuration for domain: wilk.local > 2013-04-27 22:20:29,257 ERROR > [org.ovirt.engine.core.utils.kerberos.KerberosConfigCheck] Error: exception > message: freeipa.wilk.local. > 2013-04-27 22:20:29,261 ERROR [org.ovirt.engine.core.domains.ManageDomains] > Failure while testing domain wilk.local. Details: Kerberos error. Please > check log for further details. > On Sun, Apr 28, 2013 at 1:17 AM, Yair Zaslavsky < [email protected] > > wrote: > > Can we get the log? > > > It would be helpful to understand the kerberos message to understand what > > have happened. > > > > From: "Ryan Wilkinson" < [email protected] > > > > > > > To: [email protected] > > > > > > Sent: Sunday, April 28, 2013 7:35:53 AM > > > > > > Subject: [Users] FreeIPA > > > > > > Getting this error when I try to configure ldap authentication for Ovirt > > > with > > > FreeIPA server: > > > > > > Error: exception message: freeipa.wilk.local. > > > > > > Failure while testing domain wilk.local. Details: Kerberos error. Please > > > check log for further details. > > > > > > Engine-manage-domains.log gives no further details. When I run > > > "engine-manage-domains -action=add -domain='wilk.local' -user='admin' > > > -provider=IPA -interactive" it is connecting and asking for the password > > > but > > > then giving the error. Any input would be appreciated. > > > > > > _______________________________________________ > > > > > > Users mailing list > > > > > > [email protected] > > > > > > http://lists.ovirt.org/mailman/listinfo/users > > >
_______________________________________________ Users mailing list [email protected] http://lists.ovirt.org/mailman/listinfo/users
