Never mind. It is apparently because my admin password contained an "illegal" character.
Haven On Aug 19, 2013, at 3:24 PM, "H. Haven Liu" <[email protected]> wrote: > Hello, > > I tried to add a IPA directory domain following these instructions: > https://www.rvanderlinden.net/wordpress/ovirt/administrator-portal/administrator-portal-authentication-via-ipa/ > > It appears the domain was added successfully, but cannot be validated: > > [root@vhost1 ~]# engine-manage-domains -action=add -domain=domain.local > -user=admin -provider=ipa -interactive > Enter password: > > The domain domain.local has been added to the engine as an authentication > source but no users from that domain have been granted permissions within the > oVirt Manager. > Users from this domain can be granted permissions from the Web administration > interface. > oVirt Engine restart is required in order for the changes to take place > (service ovirt-engine restart). > Manage Domains completed successfully > [root@vhost1 ~]# service ovirt-engine restart > Stopping engine-service: [ OK ] > Starting engine-service: [ OK ] > [root@vhost1 ~]# engine-manage-domains -action=validate -report > Error: exception message: Integrity check on decrypted field failed (31) - > PREAUTH_FAILED > WARNING, domain: domain.local may not be functional: Failure while testing > domain domain.local. Details: Kerberos error. Please check log for further > details. > Manage Domains completed successfully > [root@vhost1 ~]# > > krb5kdc.log has the following entries: > Aug 19 15:16:06 auth.domain.local krb5kdc[4572](info): AS_REQ (1 etypes {23}) > 10.0.1.12: NEEDED_PREAUTH: [email protected] for > krbtgt/[email protected], Additional pre-authentication required > Aug 19 15:16:06 auth.domain.local krb5kdc[4572](info): closing down fd 10 > Aug 19 15:16:06 auth.domain.local krb5kdc[4572](info): AS_REQ (1 etypes {23}) > 10.0.1.12: ISSUE: authtime 1376950566, etypes {rep=23 tkt=18 ses=23}, > [email protected] for krbtgt/[email protected] > Aug 19 15:16:06 auth.domain.local krb5kdc[4572](info): closing down fd 10 > Aug 19 15:16:06 auth.domain.local krb5kdc[4572](info): TGS_REQ (6 etypes {18 > 17 16 23 1 3}) 10.0.1.12: ISSUE: authtime 1376950566, etypes {rep=23 tkt=18 > ses=18}, [email protected] for ldap/[email protected] > Aug 19 15:16:06 auth.domain.local krb5kdc[4572](info): closing down fd 10 > > Any idea? > > Thanks, > > Haven > _______________________________________________ > Users mailing list > [email protected] > http://lists.ovirt.org/mailman/listinfo/users
_______________________________________________ Users mailing list [email protected] http://lists.ovirt.org/mailman/listinfo/users
