I saw that when I pressed the send button. If I do that i again get the following:
2015-01-29 14:28:35,891 WARN [org.ovirt.engineextensions.aaa.ldap.AuthzExtension] (MSC service thread 1-1) [ovirt-engine-extension-aaa-ldap.authz::BRU_AIR-authz] Cannot initialize LDAP framework, deferring initialization. Error: An error occurred while attempting to query DNS in order to retrieve SRV records with name '_ldap._tcp.ldap.mydomain.com': javax.naming.NameNotFoundException: DNS name not found [response code 3]; remaining name '_ldap._tcp.ldap.mydomain.com' 2015-01-29 14:28:35,924 WARN [org.ovirt.engineextensions.aaa.ldap.AuthnExtension] (MSC service thread 1-1) [ovirt-engine-extension-aaa-ldap.authn::BRU_AIR-authn] Cannot initialize LDAP framework, deferring initialization. Error: An error occurred while attempting to query DNS in order to retrieve SRV records with name '_ldap._tcp.ldap.mydomain.com': javax.naming.NameNotFoundException: DNS name not found [response code 3]; remaining name '_ldap._tcp.ldap.mydomain.com' And yes I replayed mydomain with the correct one... :-) 2015-01-29 14:40 GMT+01:00 Ondra Machacek <omach...@redhat.com>: > > > On 01/29/2015 02:18 PM, Koen Vanoppen wrote: > >> OK... Now I have this one :-) >> WARN [org.ovirt.engineextensions.aaa.ldap.AuthnExtension] (MSC service >> thread 1-2) [ovirt-engine-extension-aaa-ldap.authn::BRU_AIR-authn] >> Cannot initialize LDAP framework, deferring initialization. Error: >> Invalid DNS pseudo-URL(s): >> > > uncomment vars.dns > > >> Changed the properties file to this: >> >> include = <ad.properties> >> >> # >> # Active directory domain name. >> # >> vars.domain = ldap.mydomain.com <http://ldap.mydomain.com> (this one >> resolves to and gives ping back, front end of the pool) >> >> # >> # Search user and its password. >> # >> vars.user = juniper-ad...@mydomain.com <mailto:juniper-ad...@mydomain.com >> > >> vars.password = ***** >> >> # >> # Optional DNS servers, if enterprise >> # DNS server cannot resolve the domain srvrecord. >> # >> #vars.dns = dns://srvdc03.my.domain dns://srvdc04.my.domain (these >> resolve and give a ping back) >> >> pool.default.serverset.type = srvrecord >> #pool.default.serverset.single.server = ${global:vars.server} >> pool.default.serverset.srvrecord.domain = ${global:vars.domain} >> pool.default.auth.simple.bindDN = ${global:vars.user} >> pool.default.auth.simple.password = ${global:vars.password} >> >> # Uncomment if using custom DNS >> pool.default.serverset.srvrecord.jndi-properties.java.naming.provider.url >> = >> ${global:vars.dns} >> pool.default.socketfactory.resolver.uRL = ${global:vars.dns} >> >> >> Thanks for your effort! >> >> >> 2015-01-29 13:50 GMT+01:00 Alon Bar-Lev <alo...@redhat.com >> <mailto:alo...@redhat.com>>: >> >> >> >> ----- Original Message ----- >> > From: "Koen Vanoppen" <vanoppen.k...@gmail.com <mailto: >> vanoppen.k...@gmail.com>> >> > To: "Alon Bar-Lev" <alo...@redhat.com <mailto:alo...@redhat.com>> >> > Cc:users@ovirt.org <mailto:users@ovirt.org> >> > Sent: Thursday, January 29, 2015 2:41:52 PM >> > Subject: Re: [ovirt-users] AAA >> > >> > Yes We have: >> > >> > [root@ovirtmgmt01prod ~]# dig @srvdc03.mydomain.com < >> http://srvdc03.mydomain.com> SRV _gc._ >> >tcp.mydomain.com <http://tcp.mydomain.com> >> > >> > ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.23.rc1.el6_5.1 <<>> @ >> srvdc03.mydomain.com <http://srvdc03.mydomain.com> >> > SRV _gc._tcp.mydomain.com <http://tcp.mydomain.com> >> > ; (1 server found) >> > ;; global options: +cmd >> > ;; Got answer: >> > ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 33340 >> > ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, >> ADDITIONAL: 0 >> > >> > ;; QUESTION SECTION: >> > ;_gc._tcp.mydomain.com <http://tcp.mydomain.com>. IN SRV >> >> this ^^^^^^^ means that you do not have srv record. are you sure you >> replace mydomain.com <http://mydomain.com> with your actual active >> directory domain name? >> have you tried to look into your dns manager for this information as >> well? >> >> > >> > ;; AUTHORITY SECTION: >> > mydomain.com <http://mydomain.com>. 3600 IN SOA >> srvdc03.mydomain.com <http://srvdc03.mydomain.com>. >> > hostmaster.airport. 1398582 900 600 86400 3600 >> > >> > ;; Query time: 12 msec >> > ;; SERVER: 10.110.3.123#53(10.110.3.123) >> > ;; WHEN: Thu Jan 29 13:40:41 2015 >> > ;; MSG SIZE rcvd: 98 >> > >> > >> > >> > 2015-01-29 13:33 GMT+01:00 Alon Bar-Lev <alo...@redhat.com >> <mailto:alo...@redhat.com>>: >> > >> > > >> > > >> > > ----- Original Message ----- >> > > > From: "Koen Vanoppen" <vanoppen.k...@gmail.com >> <mailto:vanoppen.k...@gmail.com>> >> > > > To: "Alon Bar-Lev" <alo...@redhat.com >> <mailto:alo...@redhat.com>>, users@ovirt.org <mailto:users@ovirt.org> >> > > > Sent: Thursday, January 29, 2015 2:19:32 PM >> > > > Subject: Re: [ovirt-users] AAA >> > > > >> > > > Big thanks for your help, but still the same: >> > > > >> > > > # >> > > > # Active directory domain name. >> > > > # >> > > > vars.domain = mydomain.com <http://mydomain.com> >> > > > >> > > > # >> > > > # Search user and its password. >> > > > # >> > > > vars.user = admin@${global:vars.domain} >> > > > vars.password = ***** >> > > > >> > > > # >> > > > # Optional DNS servers, if enterprise >> > > > # DNS server cannot resolve the domain srvrecord. >> > > > # >> > > > vars.dns = dns://srvdc03.${global:vars.domain} >> > > > dns://srvdc04.${global:vars.domain} >> > > > >> > > > pool.default.serverset.type = srvrecord >> > > > pool.default.serverset.srvrecord.domain = >> ${global:vars.domain} >> > > > pool.default.auth.simple.bindDN = ${global:vars.user} >> > > > pool.default.auth.simple.password = ${global:vars.password} >> > > > >> > > > # Uncomment if using custom DNS >> > > > >> > > >> pool.default.serverset.srvrecord.jndi-properties. >> java.naming.provider.url >> = >> > > > ${global:vars.dns} >> > > > pool.default.socketfactory.resolver.uRL = ${global:vars.dns} >> > > > >> > > > >> > > > >> > > > [ovirt-engine-extension-aaa-ldap.authz::BRU_AIR-authz] >> Cannot initialize >> > > > LDAP framework, deferring initialization. Error: No DNS SRV >> records were >> > > > found with record name '_gc._tcp.brussels.airport'. >> > > > >> > > > And I can't put '_gc._tcp.mydomain.com >> <http://tcp.mydomain.com> in the dns... Isn't there another >> > > > way it just resolves the dns servers I gave him? >> > > > >> > > >> > > Microsoft Domain controller must have gc service entry within >> DNS to work >> > > properly. >> > > 1. Are you sure you have Microsoft DNS installed on >> srvdc03.mydomain.com <http://srvdc03.mydomain.com> ? >> > > 2. Can you please execute: >> > > $ dig @srvdc03.mydomain.com <http://srvdc03.mydomain.com> SRV >> _gc._tcp.mydomain.com <http://tcp.mydomain.com> >> > > 3. Can you please open the DNS manager within your domain and >> search for >> > > srv records? Maybe you have DNS installed only on few servers, >> using the >> > > DNS manager you can also see which. >> > > >> > > > >> > > > 2015-01-29 13:02 GMT+01:00 Alon Bar-Lev <alo...@redhat.com >> <mailto:alo...@redhat.com>>: >> > > > >> > > > > >> > > > > >> > > > > ----- Original Message ----- >> > > > > > From: "Ondra Machacek" <omach...@redhat.com >> <mailto:omach...@redhat.com>> >> > > > > > To: "Koen Vanoppen" <vanoppen.k...@gmail.com >> <mailto:vanoppen.k...@gmail.com>>, users@ovirt.org >> <mailto:users@ovirt.org> >> > > > > > Sent: Thursday, January 29, 2015 1:49:00 PM >> > > > > > Subject: Re: [ovirt-users] AAA >> > > > > > >> > > > > > >> > > > > > On 01/29/2015 12:30 PM, Koen Vanoppen wrote: >> > > > > > > No, I don't. and I wouldn't know how he got to this >> name... >> > > > > > >> > > > > > Well, then you have to, if you want to use >> > > 'pool.default.serverset.type >> > > > > > = srvrecord'. >> > > > > > >> > > > > > It just need to know where your global catalog is >> running, since it's >> > > > > > needed for new provider. >> > > > > > >> > > > > > It searches for global catalog like this: >> > > > > > dig @${vars.dns} -t SRV _gc._tcp.${vars.domain} >> > > > > > >> > > > > > So you need to have this SRV record in DNS, if you want >> to use >> > > srvrecord >> > > > > > serverset type. Or you don't have to if you use single >> server type. >> > > > > >> > > > > active directory will not work without access to global >> catalog. >> > > > > please set one or more of the domain controllers as dns >> server, for >> > > > > example: >> > > > > >> > > > > vars.dns = dns://dc1.${global:vars.domain} >> > > dns://dc2.${global:vars.domain} >> > > > > >> > > > > please also uncomment/add these lines to make vars.dns >> effective. >> > > > > >> > > > > >> > > >> pool.default.serverset.srvrecord.jndi-properties. >> java.naming.provider.url >> > > > > = ${global:vars.dns} >> > > > > pool.default.socketfactory.resolver.uRL = ${global:vars.dns} >> > > > > >> > > > > Thanks! >> > > > > >> > > > > > >> > > > > > > >> > > > > > > Thanks for the reply! >> > > > > > > >> > > > > > > 2015-01-29 11:53 GMT+01:00 Ondra Machacek >> <omach...@redhat.com <mailto:omach...@redhat.com> >> > > > > > > <mailto:omach...@redhat.com <mailto:omach...@redhat.com >> >>>: >> >> > > > > > > >> > > > > > > On 01/29/2015 11:41 AM, Koen Vanoppen wrote: >> > > > > > > >> > > > > > > Can somebody help me setting up AAA for ovirt >> 3.5.1? >> > > > > > > >> > > > > > > I'm getting this now: >> > > > > > > >> > > > > > > 2015-01-29 11:35:36,889 WARN >> > > > > > > >> [org.ovirt.engineextensions.__aaa.ldap.AuthzExtension] (MSC >> > > > > > > service thread >> > > > > > > 1-1) >> > > [ovirt-engine-extension-aaa-__ldap.authz::BRU_AIR-authz] >> > > > > > > Cannot >> > > > > > > initialize LDAP framework, deferring >> initialization. >> > > Error: An >> > > > > > > error >> > > > > > > occurred while attempting to query DNS in order >> to >> > > retrieve SRV >> > > > > > > records >> > > > > > > with name '_gc._tcp.brussels.airport': >> > > > > > > javax.naming.__NameNotFoundException: DNS name >> not found >> > > > > > > [response code >> > > > > > > 3]; remaining name '_gc._tcp.brussels.airport' >> > > > > > > >> > > > > > > >> > > > > > > Do you have this '_gc._tcp.brussels.airport' SRV >> record in DNS >> > > ? >> > > > > > > >> > > > > > > >> > > > > > > my 3 configs: >> > > > > > > _*BRU_AIR-authn.properties*_ >> > > > > > > ovirt.engine.extension.name >> <http://ovirt.engine.extension.name> < >> > > > > http://ovirt.engine.extension.name> >> > > > > > > <http://ovirt.engine.__extension.name >> <http://extension.name> >> > > > > > > <http://ovirt.engine.extension.name>> = >> > > > > > > BRU_AIR-authn >> > > > > > > ovirt.engine.extension.__bindings.method = >> jbossmodule >> > > > > > > >> ovirt.engine.extension.__binding.jbossmodule.module = >> > > > > > > org.ovirt.engine-extensions.__aaa.ldap >> > > > > > > >> ovirt.engine.extension.__binding.jbossmodule.class = >> > > > > > > >> org.ovirt.engineextensions.__aaa.ldap.AuthnExtension >> > > > > > > ovirt.engine.extension.__provides = >> > > > > > > org.ovirt.engine.api.__extensions.aaa.Authn >> > > > > > > ovirt.engine.aaa.authn.__profile.name >> <http://profile.name> >> > > > > > > <http://ovirt.engine.aaa.authn.profile.name> >> > > > > > > <http://ovirt.engine.aaa.__authn.profile.name >> <http://authn.profile.name> >> > > > > > > <http://ovirt.engine.aaa.authn.profile.name>> = >> BRU-AIR >> > > > > > > ovirt.engine.aaa.authn.authz.__plugin = >> BRU_AIR-authz >> > > > > > > config.profile.file.1 = >> > > > > /etc/ovirt-engine/aaa/BRU_AIR.__properties >> > > > > > > >> > > > > > > _*BRU_AIR-authz.properties*_ >> > > > > > > ovirt.engine.extension.name >> <http://ovirt.engine.extension.name> < >> > > > > http://ovirt.engine.extension.name> >> > > > > > > <http://ovirt.engine.__extension.name >> <http://extension.name> >> >> > > > > > > <http://ovirt.engine.extension.name>> = >> > > > > > > BRU_AIR-authz >> > > > > > > ovirt.engine.extension.__bindings.method = >> jbossmodule >> > > > > > > >> ovirt.engine.extension.__binding.jbossmodule.module = >> > > > > > > org.ovirt.engine-extensions.__aaa.ldap >> > > > > > > >> ovirt.engine.extension.__binding.jbossmodule.class = >> > > > > > > >> org.ovirt.engineextensions.__aaa.ldap.AuthzExtension >> > > > > > > ovirt.engine.extension.__provides = >> > > > > > > org.ovirt.engine.api.__extensions.aaa.Authz >> > > > > > > config.profile.file.1 = >> > > > > /etc/ovirt-engine/aaa/BRU_AIR.__properties >> > > > > > > >> > > > > > > _*BRU_AIR.properties*_ >> > > > > > > include = <ad.properties> >> > > > > > > >> > > > > > > # >> > > > > > > # Active directory domain name. >> > > > > > > # >> > > > > > > vars.domain = mydomain.com >> <http://mydomain.com> <http://mydomain.com> >> > > > > > > <http://mydomain.com> >> > > > > > > >> > > > > > > # >> > > > > > > # Search user and its password. >> > > > > > > # >> > > > > > > vars.user = admin@${global:vars.domain} >> > > > > > > vars.password = *********** >> > > > > > > >> > > > > > > # >> > > > > > > # Optional DNS servers, if enterprise >> > > > > > > # DNS server cannot resolve the domain srvrecord. >> > > > > > > # >> > > > > > > vars.dns = dns://dc01.mydomain.com >> <http://dc01.mydomain.com> < >> > > http://dc01.mydomain.com> >> > > > > > > <http://dc01.mydomain.com> >> > > > > > > >> > > > > > > pool.default.serverset.type = srvrecord >> > > > > > > pool.default.serverset.__srvrecord.domain = >> > > > > ${global:vars.domain} >> > > > > > > pool.default.auth.simple.__bindDN = >> ${global:vars.user} >> > > > > > > pool.default.auth.simple.__password = >> > > ${global:vars.password >> > > > > > > >> > > > > > > In the GUI for adding user I get this: >> > > > > > > >> > > > > > > An error occurred while attempting to query DNS >> in order to >> > > > > > > retrieve SRV >> > > > > > > records with name '_gc__tcp_brussels_airport': >> > > > > > > javax_naming___NameNotFoundException: DNS name >> not found >> > > > > > > [response code >> > > > > > > 3]; remaining name '_gc__tcp_brussels_airport' >> > > > > > > >> > > > > > > Any ideas? I ran out... >> > > > > > > >> > > > > > > Kind regards, >> > > > > > > >> > > > > > > Koen >> > > > > > > >> > > > > > > >> > > > > > > ______________________________ >> ___________________ >> > > > > > > Users mailing list >> > > > > > > Users@ovirt.org <mailto:Users@ovirt.org> >> <mailto:Users@ovirt.org <mailto:Users@ovirt.org>> >> > > > > > > http://lists.ovirt.org/__mailman/listinfo/users >> > > > > > > <http://lists.ovirt.org/mailman/listinfo/users> >> > > > > > > >> > > > > > > >> > > > > > _______________________________________________ >> > > > > > Users mailing list >> > > > > > Users@ovirt.org <mailto:Users@ovirt.org> >> > > > > > http://lists.ovirt.org/mailman/listinfo/users >> > > > > > >> > > > > >> > > > >> > > >> > >> >> >> >> >> _______________________________________________ >> Users mailing list >> Users@ovirt.org >> http://lists.ovirt.org/mailman/listinfo/users >> >>
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
