Thanks! That fixed it (I just added the Admin user back to SuperUser group via
the web interface with an LDAP account that had SuperUser).
From: Ravi Shankar Nori <rn...@redhat.com>
Sent: November 26, 2018 12:14 PM
To: Greg Sheremeta <gsher...@redhat.com>
Cc: Shawn Southern <shawn.south...@entegrus.com>; users@oVirt.org
Subject: Re: [ovirt-users] The user admin@internal is not authorized to perform
login
Looks like the permissions for admin@internal were removed by another admin user
You can try the following
1. Get the admin user external id
select external_id from users where name = 'admin' and domain = 'internal-authz'
2. Add permissions for admin user
select attach_user_to_role(
'admin',
'internal-authz',
'*',
'b71c937c-441b-42cc-bf21-33fa2d9704ce', <=== the external
id from above
'SuperUser'
)
Let us know if it helps
On Sat, Nov 24, 2018 at 9:22 AM Greg Sheremeta
<gsher...@redhat.com<mailto:gsher...@redhat.com>> wrote:
Perhaps Ravi can assist with this.
---------- Forwarded message ---------
From: Shawn Southern
<shawn.south...@entegrus.com<mailto:shawn.south...@entegrus.com>>
Date: Fri, Nov 23, 2018 at 9:52 PM
Subject: [ovirt-users] The user admin@internal is not authorized to perform
login
To: users@ovirt.org<mailto:users@ovirt.org>
<users@ovirt.org<mailto:users@ovirt.org>>
No one can log in to our oVirt instance today. LDAP users cannot authenticate,
and the internal ‘admin’ user gets “The user admin@internal is not authorized
to perform login” after being authenticated.
From engine.log:
2018-11-23 10:17:12,454-05 INFO
[org.ovirt.engine.core.sso.utils.AuthenticationUtils] (default task-24) [] User
admin@internal successfully logged in with scopes: ovirt-app-admin
ovirt-app-api ovirt-app-portal ovirt-ext=auth:sequence-priority=~
ovirt-ext=revoke:revoke-all ovirt-ext=token-info:authz-search
ovirt-ext=token-info:public-authz-search ovirt-ext=token-info:validate
ovirt-ext=token:password-access
2018-11-23 10:17:12,576-05 INFO
[org.ovirt.engine.core.bll.aaa.CreateUserSessionCommand] (default task-24)
[43bd2e4f] Running command: CreateUserSessionCommand internal: false.
2018-11-23 10:17:12,584-05 ERROR
[org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] (default
task-24) [43bd2e4f] EVENT_ID: USER_VDC_LOGIN_FAILED(114), User
admin@internal-authz connecting from '10.11.12.13' failed to log in<UNKNOWN>.
2018-11-23 10:17:12,585-05 ERROR
[org.ovirt.engine.core.aaa.servlet.SsoPostLoginServlet] (default task-24) []
The user admin@internal is not authorized to perform login
Where do I go from here?
_______________________________________________
Users mailing list -- users@ovirt.org<mailto:users@ovirt.org>
To unsubscribe send an email to
users-le...@ovirt.org<mailto:users-le...@ovirt.org>
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct:
https://www.ovirt.org/community/about/community-guidelines/
List Archives:
https://lists.ovirt.org/archives/list/users@ovirt.org/message/OQNDRRXT3EZGGKGMBDIRZRLJYC2546N4/
--
GREG SHEREMETA
SENIOR SOFTWARE ENGINEER - TEAM LEAD - RHV UX
Red Hat NA
<https://www.redhat.com/>
gsher...@redhat.com<mailto:gsher...@redhat.com> IRC: gshereme
[Image removed by sender.]<https://red.ht/sig>
_______________________________________________
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct:
https://www.ovirt.org/community/about/community-guidelines/
List Archives:
https://lists.ovirt.org/archives/list/users@ovirt.org/message/LZ3UXATM5HY66G6ZWIROJNO2IWUSJWKD/
