Hi,
I can see that 'ovirt-engine-aaa-ldap-setup' successfully connect to
'ldap://bbgpvmas100.prozess.bbg:389', but later it says connection
refused on to 'bbgpvmas100.prozess.bbg/10.157.8.25:389'.
Don't you have more 'A' records set for 'bbgpvmas100.prozess.bbg'?
Can you please assure that you can run 'telnet 10.157.8.25 389' from
ovirt machine?
If yes, can you please send us debug log of
'ovirt-engine-extension-aaa-ldap-setup'.
It's stored in /tmp directory. It would be very helpful if you could
send us also debug log of migration tool, so we can see where is the
problem and fix.
Thanks in advance,
Ondra
On 01/18/2016 03:34 PM, [email protected] wrote:
Hello,
I'm also running in problemes moving to the new ldap authentification.
Different to Davids issue, I'm running IPV4 and I'm using SAMBA 4 as AD server.
Here we go with the output:
ovirt-engine-extension-aaa-ldap-setup
[ INFO ] Stage: Initializing
[ INFO ] Stage: Environment setup
Configuration files:
['/etc/ovirt-engine-extension-aaa-ldap-setup.conf.d/10-packaging.conf']
Log file:
/tmp/ovirt-engine-extension-aaa-ldap-setup-20160118152213-nod1wm.log
Version: otopi-1.4.0 (otopi-1.4.0-1.el6)
[ INFO ] Stage: Environment packages setup
[ INFO ] Stage: Programs detection
[ INFO ] Stage: Environment customization
Welcome to LDAP extension configuration program
Please specify profile name that will be visible to users: prozess
Available LDAP implementations:
1 - 389ds
2 - 389ds RFC-2307 Schema
3 - Active Directory
4 - IPA
5 - Novell eDirectory RFC-2307 Schema
6 - OpenLDAP RFC-2307 Schema
7 - OpenLDAP Standard Schema
8 - Oracle Unified Directory RFC-2307 Schema
9 - RFC-2307 Schema (Generic)
10 - RHDS
11 - RHDS RFC-2307 Schema
12 - iPlanet
Please select: 3
Please enter Active Directory Forest name: prozess.bbg
[ INFO ] Resolving Global Catalog SRV record for prozess.bbg
[ INFO ] Resolving LDAP SRV record for prozess.bbg
NOTE:
It is highly recommended to use secure protocol to access the LDAP
server.
Protocol startTLS is the standard recommended method to do so.
Only in cases in which the startTLS is not supported, fallback to
non standard ldaps protocol.
Use plain for test environments only.
Please select protocol to use (startTLS, ldaps, plain) [startTLS]:
plain
[ INFO ] Resolving SRV record 'prozess.bbg'
[ INFO ] Connecting to LDAP using 'ldap://bbgpvmas100.prozess.bbg:389'
[ INFO ] Connection succeeded
Enter search user DN (empty for anonymous): [email protected]
Enter search user password:
[ INFO ] Attempting to bind using '[email protected]'
[ INFO ] Stage: Setup validation
NOTE:
It is highly recommended to test drive the configuration before
applying it into engine.
Perform at least one Login sequence and one Search sequence.
Select test sequence to execute (Done, Abort, Login, Search)
[Abort]: Login
Enter search user name: [email protected]
Enter search user password:
[ INFO ] Executing login sequence...
Login output:
2016-01-18 15:23:22 INFORMATION
========================================================================
2016-01-18 15:23:22 INFORMATION ============================
Initialization ============================
2016-01-18 15:23:22 INFORMATION
========================================================================
2016-01-18 15:23:22 INFORMATION Loading extension 'prozess-authn'
2016-01-18 15:23:22 INFORMATION Extension 'prozess-authn' loaded
2016-01-18 15:23:22 INFORMATION Loading extension 'prozess-authz'
2016-01-18 15:23:22 INFORMATION Extension 'prozess-authz' loaded
2016-01-18 15:23:22 INFORMATION Initializing extension
'prozess-authn'
2016-01-18 15:23:22 INFORMATION
[ovirt-engine-extension-aaa-ldap.authn::prozess-authn] Creating LDAP pool
'authz'
2016-01-18 15:23:26 WARNUNG
[ovirt-engine-extension-aaa-ldap.authn::prozess-authn] Cannot initialize LDAP
framework, deferring initialization. Error: An error occurred while attempting
to connect to server bbgpvmas100.prozess.bbg:389: java.io.IOException: An
error occurred while attempting to establish a connection to server
bbgpvmas100.prozess.bbg/10.157.8.25:389: java.net.ConnectException:
Verbindungsaufbau abgelehnt
2016-01-18 15:23:26 INFORMATION Extension 'prozess-authn' initialized
2016-01-18 15:23:26 INFORMATION Initializing extension
'prozess-authz'
2016-01-18 15:23:26 INFORMATION
[ovirt-engine-extension-aaa-ldap.authz::prozess-authz] Creating LDAP pool
'authz'
2016-01-18 15:23:26 WARNUNG
[ovirt-engine-extension-aaa-ldap.authz::prozess-authz] Cannot initialize LDAP
framework, deferring initialization. Error: An error occurred while attempting
to connect to server bbgpvmas100.prozess.bbg:389: java.io.IOException: An
error occurred while attempting to establish a connection to server
bbgpvmas100.prozess.bbg/10.157.8.25:389: java.net.ConnectException:
Verbindungsaufbau abgelehnt
2016-01-18 15:23:26 INFORMATION Extension 'prozess-authz' initialized
2016-01-18 15:23:26 INFORMATION Start of enabled extensions list
2016-01-18 15:23:26 INFORMATION Instance name: 'prozess-authn',
Extension name: 'ovirt-engine-extension-aaa-ldap.authn', Version: '1.1.2',
Notes: 'Display name: ovirt-engine-extension-aaa-ldap-1.1.2-1.el6', License:
'ASL 2.0', Home: 'http://www.ovirt.org', Author 'The oVirt Project', Build
interface Version: '0', File:
'/tmp/tmpEgSCuC/extensions.d/prozess-authn.properties', Initialized: 'true'
2016-01-18 15:23:26 INFORMATION Instance name: 'prozess-authz',
Extension name: 'ovirt-engine-extension-aaa-ldap.authz', Version: '1.1.2',
Notes: 'Display name: ovirt-engine-extension-aaa-ldap-1.1.2-1.el6', License:
'ASL 2.0', Home: 'http://www.ovirt.org', Author 'The oVirt Project', Build
interface Version: '0', File:
'/tmp/tmpEgSCuC/extensions.d/prozess-authz.properties', Initialized: 'true'
2016-01-18 15:23:26 INFORMATION End of enabled extensions list
2016-01-18 15:23:26 INFORMATION
========================================================================
2016-01-18 15:23:26 INFORMATION ==============================
Execution ===============================
2016-01-18 15:23:26 INFORMATION
========================================================================
2016-01-18 15:23:26 INFORMATION Profile='prozess'
authn='prozess-authn' authz='prozess-authz' mapping='null'
2016-01-18 15:23:26 INFORMATION API:
-->Authn.InvokeCommands.AUTHENTICATE_CREDENTIALS user='[email protected]'
2016-01-18 15:23:26 INFORMATION
[ovirt-engine-extension-aaa-ldap.authn::prozess-authn] Creating LDAP pool
'authz'
2016-01-18 15:23:27 WARNUNG
[ovirt-engine-extension-aaa-ldap.authn::prozess-authn] Cannot initialize LDAP
framework, deferring initialization. Error: An error occurred while attempting
to connect to server bbgpvmas100.prozess.bbg:389: java.io.IOException: An
error occurred while attempting to establish a connection to server
bbgpvmas100.prozess.bbg/10.157.8.25:389: java.net.ConnectException:
Verbindungsaufbau abgelehnt
2016-01-18 15:23:27 SCHWERWIEGEND An error occurred while attempting
to connect to server bbgpvmas100.prozess.bbg:389: java.io.IOException: An
error occurred while attempting to establish a connection to server
bbgpvmas100.prozess.bbg/10.157.8.25:389: java.net.ConnectException:
Verbindungsaufbau abgelehnt
[ ERROR ] Sequence failed
Select test sequence to execute (Done, Abort, Login, Search)
[Abort]: abort
[ ERROR ] Failed to execute stage 'Setup validation': Aborted by user
[ INFO ] Stage: Clean up
Log file is available at
/tmp/ovirt-engine-extension-aaa-ldap-setup-20160118152213-nod1wm.log:
[ INFO ] Stage: Pre-termination
[ INFO ] Stage: Termination
Thank you for your help.
Hans-Joachim
BTW.: I even tried the ovirt-engine-kerbldap-migration-tool for moving.. but
without success.
_______________________________________________
Users mailing list
[email protected]
http://lists.ovirt.org/mailman/listinfo/users
_______________________________________________
Users mailing list
[email protected]
http://lists.ovirt.org/mailman/listinfo/users
