<div dir="ltr">Hi<br><br>What version of the engine are you using exactly? And what is your<br>
authentication configuration?<br><div><br>[root@ovirt ~]# rpm -qa|grep ovirt-eng<br>ovirt-engine-3.5.0.1-1.el6.noarch<br><br># engine-manage-domains list<br>Domain: ov.jetlab.local<br> User name: pzelensky@OV.JETLAB.LOCAL<br>Manage Domains completed successfully<br><br># cat engine-manage-domains.conf <br>jaasFile=/usr/share/ovirt-engine/conf/jaas.conf<br>krb5confFile=/etc/ovirt-engine/krb5.conf<br>engineConfigExecutable=/usr/share/ovirt-engine/bin/engine-config.sh<br>localHostEntry=localhost<br>useDnsLookup=true<br>[root@ovirt engine-manage-domains]# cat /etc/ovirt-engine/krb5.conf <br><br>[libdefaults]<br><br>default_realm = OV.JETLAB.LOCAL<br>dns_lookup_realm = true<br>dns_lookup_kdc = true<br>ticket_lifetime = 10h<br>renew_lifetime = 7d<br>forwardable = no<br>default_tkt_enctypes = arcfour-hmac-md5<br>udp_preference_limit = 1<br><br>#realms<br><br></div><div>And also SDK version: ovirt_engine_sdk_python-3.5.0.8-py2.7<br></div><div>So oVirt authenticates users using connection to MS AD which is based on Windows 2012R2<br><br></div><div>--<br>Pavel<br></div><div><br></div><div> </div><br><div><div class="gmail_extra"><br><div class="gmail_quote">On Tue, Dec 16, 2014 at 12:04 PM, Juan Hernández <span dir="ltr"><<a href="mailto:jhernand@redhat.com" target="_blank">jhernand@redhat.com</a>></span> wrote:<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><span class="">On 12/15/2014 08:37 PM, Pavel Zelensky wrote:<br>
> Hi<br>
><br>
</span><span class="">> I think it's not good idea, but I've done it:<br>
><br>
> 2014-12-15 22:21:37,485 INFO [org.ovirt.engine.core.bll.VmLogonCommand]<br>
> (ajp--127.0.0.1-8702-6) [None] Running command: VmLogonCommand internal:<br>
> false. Entities affected : ID: 202ca21f-5167-4107-b1dd-2a7a5d64b32a<br>
> Type: VMAction group CONNECT_TO_VM with role type USER<br>
> 2014-12-15 22:21:37,495 INFO<br>
> [org.ovirt.engine.core.vdsbroker.vdsbroker.VmLogonVDSCommand]<br>
> (ajp--127.0.0.1-8702-6) [None] START, VmLogonVDSCommand(HostName =<br>
> ceph2, HostId = c7a7c873-b68a-44f8-bebf-37ca3aa1caa8,<br>
> vmId=202ca21f-5167-4107-b1dd-2a7a5d64b32a, domain=internal,<br>
> password=null, userName=admin), log id: 776ac4b1<br>
> 2014-12-15 22:21:37,514 INFO<br>
> [org.ovirt.engine.core.vdsbroker.vdsbroker.VmLogonVDSCommand]<br>
> (ajp--127.0.0.1-8702-6) [None] FINISH, VmLogonVDSCommand, log id: 776ac4b1<br>
> 2014-12-15 22:21:41,155 INFO<br>
> [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector]<br>
> (DefaultQuartzScheduler_Worker-47) Correlation ID: null, Call Stack:<br>
> null, Custom Event ID: -1, Message: User admin is connected to VM w7ent-01.<br>
><br>
> Looks pretty the same, also trying to login as admin@internal into Win7<br>
> workstation assigned to MS domain shouldn't work.<br>
><br>
<br>
</span>I just wanted to check if with admin@internal you still get<br>
password=null (they use different authentication mechanisms).<br>
<span class=""><br>
> BTW, when I'm connecting to the same VM using the same domain user<br>
> account through user portal - everything is Ok, and SSO works pretty<br>
> good. In that case in logfile I'm getting this (password=[asterisks]):<br>
> 2014-12-14 22:45:21,010 INFO<br>
> [org.ovirt.engine.core.vdsbroker.vdsbroker.VmLogonVDSCommand]<br>
> (ajp--127.0.0.1-8702-4) [6f5a076f] START, VmLogonVDSCommand(HostName =<br>
> ceph2, HostId = c7a7c873-b68a-44f8-bebf-37ca3aa1caa8,<br>
> vmId=202ca21f-5167-4107-b1dd-2a7a5d64b32a, domain=ov.jetlab.local,<br>
> password=******, userName=test4), log id: 7cc2d16a<br>
><br>
> that's why I think that problem is in python sdk. It uses JSESSIONID and<br>
> not sending password every time it executing command through REST API.<br>
> May be with api.vm.logon() method It should send password again? But how<br>
> I can do it?<br>
><br>
> Pavel<br>
><br>
<br>
</span>No, you shouldn't (and can't) sent the password again. This isn't a<br>
problem in the Python SDK, but in the backend or the RESTAPI.<br>
<br></blockquote><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<span class="im"><br>
><br>
> On Mon, Dec 15, 2014 at 8:41 PM, Juan Hernández <<a href="mailto:jhernand@redhat.com">jhernand@redhat.com</a><br>
</span><div class=""><div class="h5">> <mailto:<a href="mailto:jhernand@redhat.com">jhernand@redhat.com</a>>> wrote:<br>
><br>
> On 12/15/2014 05:57 PM, Pavel Zelensky wrote:<br>
> ><br>
> > Hi guys,<br>
> ><br>
> > I'm expiriencing some problems trying to invoke api.vm.logon() method<br>
> > which I believe will call for desktopLogin on the VM and provide vm<br>
> > console with user logged in for remote-viewer.<br>
> ><br>
> > But it results in the following records in logfile:<br>
> > 2014-12-12 16:07:01,314 INFO<br>
> [org.ovirt.engine.core.bll.VmLogonCommand]<br>
> > (ajp--127.0.0.1-8702-3) [7cfe61d3] Running command: VmLogonCommand<br>
> > internal: false. Entities affected : ID:<br>
> > a7c151a4-2d63-4172-a840-190748a3dbc1 Type: VMAction group<br>
> CONNECT_TO_VM<br>
> > with role type USER<br>
> > 2014-12-12 16:07:01,320 INFO<br>
> > [org.ovirt.engine.core.vdsbroker.vdsbroker.VmLogonVDSCommand]<br>
> > (ajp--127.0.0.1-8702-3) [7cfe61d3] START, VmLogonVDSCommand(HostName =<br>
> > ceph4, HostId = bbaad505-34a3-4a52-ab52-0446724cae30,<br>
> > vmId=a7c151a4-2d63-4172-a840-190748a3dbc1, domain=ov.jetlab.local,<br>
> > password=null, userName=test4), log id: 5d458d88<br>
> > 2014-12-12 16:07:01,536 INFO<br>
> > [org.ovirt.engine.core.vdsbroker.vdsbroker.VmLogonVDSCommand]<br>
> > (ajp--127.0.0.1-8702-3) [7cfe61d3] FINISH, VmLogonVDSCommand, log id:<br>
> > 5d458d88<br>
> ><br>
> > I think that problem is in second line: 'password=null'. Engine<br>
> doesn't<br>
> > get user password thus desktopLogin fails. In remote-viewer I'm<br>
> getting<br>
> > black screen instead of users's desktop.<br>
> ><br>
> > Is there any solution for this?<br>
> ><br>
><br>
> Looks like an authentication problem. Can you try the same with<br>
> admin@internal?<br>
><br>
> --<br>
> Dirección Comercial: C/Jose Bardasano Baos, 9, Edif. Gorbea 3, planta<br>
> 3ºD, 28016 Madrid, Spain<br>
> Inscrita en el Reg. Mercantil de Madrid – C.I.F. B82657941 - Red Hat<br>
> S.L.<br>
><br>
><br>
><br>
> --<br>
> Pavel<br>
<br>
<br>
--<br>
Dirección Comercial: C/Jose Bardasano Baos, 9, Edif. Gorbea 3, planta<br>
3ºD, 28016 Madrid, Spain<br>
Inscrita en el Reg. Mercantil de Madrid – C.I.F. B82657941 - Red Hat S.L.<br>
</div></div></blockquote></div><br clear="all"><br>-- <br><div class="gmail_signature"><div dir="ltr">ПЗ<br></div></div>
</div></div></div>