Thanks!  That fixed it (I just added the Admin user back to SuperUser group via 
the web interface with an LDAP account that had SuperUser).

From: Ravi Shankar Nori <rn...@redhat.com>
Sent: November 26, 2018 12:14 PM
To: Greg Sheremeta <gsher...@redhat.com>
Cc: Shawn Southern <shawn.south...@entegrus.com>; users@oVirt.org
Subject: Re: [ovirt-users] The user admin@internal is not authorized to perform 
login

Looks like the permissions for admin@internal were removed by another admin user

You can try the following

1. Get the admin user external id

select external_id from users where name = 'admin' and domain = 'internal-authz'

2.  Add permissions for admin user

select attach_user_to_role(
                    'admin',
                    'internal-authz',
                    '*',
                    'b71c937c-441b-42cc-bf21-33fa2d9704ce', <=== the external 
id from above
                    'SuperUser'
                )

Let us know if it helps

On Sat, Nov 24, 2018 at 9:22 AM Greg Sheremeta 
<gsher...@redhat.com<mailto:gsher...@redhat.com>> wrote:
Perhaps Ravi can assist with this.
---------- Forwarded message ---------
From: Shawn Southern 
<shawn.south...@entegrus.com<mailto:shawn.south...@entegrus.com>>
Date: Fri, Nov 23, 2018 at 9:52 PM
Subject: [ovirt-users] The user admin@internal is not authorized to perform 
login
To: users@ovirt.org<mailto:users@ovirt.org> 
<users@ovirt.org<mailto:users@ovirt.org>>

No one can log in to our oVirt instance today.  LDAP users cannot authenticate, 
and the internal ‘admin’ user gets “The user admin@internal is not authorized 
to perform login” after being authenticated.

From engine.log:
2018-11-23 10:17:12,454-05 INFO  
[org.ovirt.engine.core.sso.utils.AuthenticationUtils] (default task-24) [] User 
admin@internal successfully logged in with scopes: ovirt-app-admin 
ovirt-app-api ovirt-app-portal ovirt-ext=auth:sequence-priority=~ 
ovirt-ext=revoke:revoke-all ovirt-ext=token-info:authz-search 
ovirt-ext=token-info:public-authz-search ovirt-ext=token-info:validate 
ovirt-ext=token:password-access
2018-11-23 10:17:12,576-05 INFO  
[org.ovirt.engine.core.bll.aaa.CreateUserSessionCommand] (default task-24) 
[43bd2e4f] Running command: CreateUserSessionCommand internal: false.
2018-11-23 10:17:12,584-05 ERROR 
[org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] (default 
task-24) [43bd2e4f] EVENT_ID: USER_VDC_LOGIN_FAILED(114), User 
admin@internal-authz connecting from '10.11.12.13' failed to log in<UNKNOWN>.
2018-11-23 10:17:12,585-05 ERROR 
[org.ovirt.engine.core.aaa.servlet.SsoPostLoginServlet] (default task-24) [] 
The user admin@internal is not authorized to perform login

Where do I go from here?
_______________________________________________
Users mailing list -- users@ovirt.org<mailto:users@ovirt.org>
To unsubscribe send an email to 
users-le...@ovirt.org<mailto:users-le...@ovirt.org>
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/OQNDRRXT3EZGGKGMBDIRZRLJYC2546N4/


--

GREG SHEREMETA

SENIOR SOFTWARE ENGINEER - TEAM LEAD - RHV UX

Red Hat NA

<https://www.redhat.com/>

gsher...@redhat.com<mailto:gsher...@redhat.com>    IRC: gshereme
[Image removed by sender.]<https://red.ht/sig>


_______________________________________________
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/LZ3UXATM5HY66G6ZWIROJNO2IWUSJWKD/

Reply via email to