What do you mean? Maybe the password delegation into the virtual machine? If engine does not know the password, it cannot delegate it to virtual machine. Solution is described here[1], so far no resources were allocated.
[1] http://www.ovirt.org/Features/SSO ----- Original Message ----- > From: "Cristian Mammoli" <[email protected]> > To: "Shahar Havivi" <[email protected]>, "Alon Bar-Lev" <[email protected]> > Cc: "users" <[email protected]> > Sent: Friday, October 30, 2015 9:33:02 PM > Subject: Re: [ovirt-users] ovirt-engine-extension-aaa-ldap and sysprep domain > join > > It works fine, but it kills SSO as user... > > Poking in the windows logs I see a failed login as: > > [email protected] !! > > Il 27/10/2015 11:51, Shahar Havivi ha scritto: > > On 27.10.15 05:25, Alon Bar-Lev wrote: > >> yes, you should probably only customize: $JoinDomain$, > >> $DomainAdminPassword$, $DomainAdmin$ > >> maybe, not sure: $JoinDomain$, $MachineObjectOU$ > >> the rest should be the same as any other. > > Please make sure that the file is the full sysprep file such as you can > > find > > in /packaging/conf/sysprep/sysprep.w7 which is a windows 7 sysprep file. > > You can leave the variables such as $OrgName$ which will be replaces (exept > > from the variables that Alon mentioned which where the original problem). > > > >> ----- Original Message ----- > >>> From: "Cristian Mammoli" <[email protected]> > >>> To: "Shahar Havivi" <[email protected]>, "Alon Bar-Lev" > >>> <[email protected]> > >>> Cc: "users" <[email protected]> > >>> Sent: Tuesday, October 27, 2015 11:19:02 AM > >>> Subject: Re: [ovirt-users] ovirt-engine-extension-aaa-ldap and sysprep > >>> domain join > >>> > >>> So just pasting there the contents of a modified > >>> /usr/share/ovirt-engine/conf/sysprep/sysprep.w7x64 (for example) should > >>> work right? > >>> > >>> The variables like '![CDATA[$OrgName$' will be replaced? > >>> > >>> Il 26/10/2015 12:43, Shahar Havivi ha scritto: > >>>> On 26.10.15 06:23, Alon Bar-Lev wrote: > >>>>> Hi, > >>>>> The usage of the engine-manage-domain user to anything else but ldap > >>>>> searches is something that is unexpected and insecure. > >>>>> As a solution, you may either paste a modified sysprep file into the > >>>>> pool > >>>>> at UI or set up a different osinfo profile with modified sysprep file, > >>>>> this modified sysprep file can contain the credentials of the user that > >>>>> is being used for joining the domain. > >>>>> CCing Shahar which may assist farther. > >>>> Hi, > >>>> You can paste a modified sysprep file to "new Pool"->"Initial > >>>> run"->"Custom > >>>> Script" > >>>> As Alon mentioned. > >>> -- > >>> Mammoli Cristian > >>> System administrator > >>> T. +39 0731 22911 > >>> Via Brodolini 6 | 60035 Jesi (an) > >>> > >>> > > -- > Mammoli Cristian > System administrator > T. +39 0731 22911 > Via Brodolini 6 | 60035 Jesi (an) > > _______________________________________________ Users mailing list [email protected] http://lists.ovirt.org/mailman/listinfo/users
