Hi all,
We have had our ovirt instance connected to our internal AD for users to log
into the VM portal for the last year, linked to studentdomene.noroff.no. This
has been working without any problems. We had it set up and the DNS server had
a forward record to the DC's. All good.
Then, of course, the institution decided to introduce student emails and they
decided to add the domain stud.noroff.no for student emails and made this the
primary domain in the AD. The problem is that when this is changed, students
can no longer log into the engine. I have of course changed the ldap settings
and added a forward record on the DNS to the new domain. However, it seems that
the domain is studentdomene.noroff.no, but with an added UPN suffix with
stud.noroff.no
When students try to log in, with the config changes, they get this error in
the browser:
server_error: An error occurred while attempting to query DNS in order to
retrieve SRV records with name '_ldap._tcp.stud.noroff.no':
NameNotFoundException(DNS name not found [response code 3]),
ldapSDKVersion=4.0.7, revision=b28fb50058dfe2864171df2448ad2ad2b4c2ad58
Any ideas on how to solve this issue?
My config looks like this:
sudo cat /etc/ovirt-engine/aaa/Students.properties
[sudo] password for noroffadmin:
include = <ad.properties>
vars.domain = studentdomene.noroff.no
vars.user = CN=ovirt auth,CN=Users,DC=stud,DC=noroff,DC=no
vars.password = PASSWORD
pool.default.auth.simple.bindDN = ${global:vars.user}
pool.default.auth.simple.password = ${global:vars.password}
pool.default.serverset.type = srvrecord
pool.default.serverset.srvrecord.domain = ${global:vars.domain}
my forward on the DNS server looks like this:
sudo cat /etc/named/named.conf.local
[sudo] password for noroffadmin:
zone "platform.noroff.no"{
type master;
file "/etc/named/zones/db.platform.noroff.no"; # zone file path
};
zone "stud.noroff.no" {
type forward;
forward only;
forwarders { 172.24.111.20; 172.27.111.20; 172.21.111.20;
172.16.111.20; };
};
zone "studentdomene.noroff.no" {
type forward;
forward only;
forwarders { 172.24.111.20; 172.27.111.20; 172.21.111.20;
172.16.111.20; };
};
zone "122.16.172.in-addr.arpa" {
type master;
file "/etc/named/zones/db.122.16.172"; # 172.16.122.0/24 subnet
};
Any pointers would be greatly appreciated :)
Kim
_______________________________________________
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct:
https://www.ovirt.org/community/about/community-guidelines/
List Archives:
https://lists.ovirt.org/archives/list/users@ovirt.org/message/4NUUMBLEUD2MYZVAMGY2AJVBS235CEQK/
