<html><head><style type='text/css'>p { margin: 0; }</style></head><body><div style='font-family: times new roman,new york,times,serif; font-size: 12pt; color: #000000'><br><br><hr id="zwchr"><blockquote style="border-left:2px solid rgb(16, 16, 255);margin-left:5px;padding-left:5px;color:#000;font-weight:normal;font-style:normal;text-decoration:none;font-family:Helvetica,Arial,sans-serif;font-size:12pt;"><b>From: </b>"Cristian Falcas" <cristi.falcas@gmail.com><br><b>To: </b>"Itamar Heim" <iheim@redhat.com><br><b>Cc: </b>"Yair Zaslavsky" <yzaslavs@redhat.com>, users@ovirt.org<br><b>Sent: </b>Tuesday, November 20, 2012 7:33:39 PM<br><b>Subject: </b>Re: [Users] I don't know how to add AD users<br><br><br><div class="gmail_extra"><br><br><div class="gmail_quote">On Tue, Nov 20, 2012 at 3:08 PM, Itamar Heim <span dir="ltr"><<a href="mailto:iheim@redhat.com" target="_blank">iheim@redhat.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div class="im">On 11/20/2012 03:00 PM, Cristian Falcas wrote:<br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
Hi,<br>
<br>
So there is no way to use the domain I have at work, right?<br>
<br>
I will need to make a freeipa installation in order to add new users.<br>
</blockquote>
<br></div>
there is no reason this shouldn't work with active directory 2003 (assuming its forest level isn't still in AD 2000 compatibility mode?).<br>
tcpdump for the traffic during engine-manage-domains should help diagnosing why.<br>
<br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div class="im">
<br>
Cristian<br>
<br>
<br>
On Tue, Nov 20, 2012 at 10:11 AM, Cristian Falcas<br></div><div class="im">
<<a href="mailto:cristi.falcas@gmail.com" target="_blank">cristi.falcas@gmail.com</a> <mailto:<a href="mailto:cristi.falcas@gmail.com" target="_blank">cristi.falcas@gmail.<u></u>com</a>>> wrote:<br>
<br>
<br>
<br>
<br>
On Tue, Nov 20, 2012 at 9:58 AM, Itamar Heim <<a href="mailto:iheim@redhat.com" target="_blank">iheim@redhat.com</a><br></div><div class="im">
<mailto:<a href="mailto:iheim@redhat.com" target="_blank">iheim@redhat.com</a>>> wrote:<br>
<br>
On 11/20/2012 09:56 AM, Cristian Falcas wrote:<br>
<br>
<br>
<br>
<br>
On Tue, Nov 20, 2012 at 9:42 AM, Yair Zaslavsky<br>
<<a href="mailto:yzaslavs@redhat.com" target="_blank">yzaslavs@redhat.com</a> <mailto:<a href="mailto:yzaslavs@redhat.com" target="_blank">yzaslavs@redhat.com</a>><br></div><div><div class="h5">
<mailto:<a href="mailto:yzaslavs@redhat.com" target="_blank">yzaslavs@redhat.com</a> <mailto:<a href="mailto:yzaslavs@redhat.com" target="_blank">yzaslavs@redhat.com</a>>>><br>
wrote:<br>
<br>
<br>
<br>
On 11/20/2012 09:05 AM, Cristian Falcas wrote:<br>
<br>
<br>
<br>
<br>
On Tue, Nov 20, 2012 at 8:36 AM, Yair Zaslavsky<br>
<<a href="mailto:yzaslavs@redhat.com" target="_blank">yzaslavs@redhat.com</a> <mailto:<a href="mailto:yzaslavs@redhat.com" target="_blank">yzaslavs@redhat.com</a>><br>
<mailto:<a href="mailto:yzaslavs@redhat.com" target="_blank">yzaslavs@redhat.com</a> <mailto:<a href="mailto:yzaslavs@redhat.com" target="_blank">yzaslavs@redhat.com</a>>><br>
<mailto:<a href="mailto:yzaslavs@redhat.com" target="_blank">yzaslavs@redhat.com</a><br>
<mailto:<a href="mailto:yzaslavs@redhat.com" target="_blank">yzaslavs@redhat.com</a>> <mailto:<a href="mailto:yzaslavs@redhat.com" target="_blank">yzaslavs@redhat.com</a><br>
<mailto:<a href="mailto:yzaslavs@redhat.com" target="_blank">yzaslavs@redhat.com</a>>>><u></u>> wrote:<br>
<br>
<br>
<br>
On 11/20/2012 12:39 AM, Cristian Falcas wrote:<br>
<br>
<br>
<br>
On Mon, Nov 19, 2012 at 10:53 PM, Itamar Heim<br>
<<a href="mailto:iheim@redhat.com" target="_blank">iheim@redhat.com</a> <mailto:<a href="mailto:iheim@redhat.com" target="_blank">iheim@redhat.com</a>><br>
<mailto:<a href="mailto:iheim@redhat.com" target="_blank">iheim@redhat.com</a> <mailto:<a href="mailto:iheim@redhat.com" target="_blank">iheim@redhat.com</a>>><br>
<mailto:<a href="mailto:iheim@redhat.com" target="_blank">iheim@redhat.com</a><br>
<mailto:<a href="mailto:iheim@redhat.com" target="_blank">iheim@redhat.com</a>> <mailto:<a href="mailto:iheim@redhat.com" target="_blank">iheim@redhat.com</a><br>
<mailto:<a href="mailto:iheim@redhat.com" target="_blank">iheim@redhat.com</a>>>><br>
<mailto:<a href="mailto:iheim@redhat.com" target="_blank">iheim@redhat.com</a><br>
<mailto:<a href="mailto:iheim@redhat.com" target="_blank">iheim@redhat.com</a>> <mailto:<a href="mailto:iheim@redhat.com" target="_blank">iheim@redhat.com</a><br>
<mailto:<a href="mailto:iheim@redhat.com" target="_blank">iheim@redhat.com</a>>><br>
<mailto:<a href="mailto:iheim@redhat.com" target="_blank">iheim@redhat.com</a> <mailto:<a href="mailto:iheim@redhat.com" target="_blank">iheim@redhat.com</a>><br>
<mailto:<a href="mailto:iheim@redhat.com" target="_blank">iheim@redhat.com</a> <mailto:<a href="mailto:iheim@redhat.com" target="_blank">iheim@redhat.com</a>>>>>> wrote:<br>
<br>
On 11/19/2012 11:29 AM, Vinzenz<br>
Feenstra wrote:<br>
<br>
On 11/19/2012 10:01 AM, Cristian<br>
Falcas wrote:<br>
<br>
Hi,<br>
<br>
I'm trying to add some users<br>
to ovirt<br>
using an AD.<br>
<br>
This is the configuration I<br>
used for a<br>
mediawiki<br>
site, which is<br>
working correctly:<br>
$wgAuth = new<br>
LdapAuthenticationPlugin();<br>
$wgLDAPUseLocal = true;<br>
$wgLDAPDomainNames = array(<br>
"a_domain");<br>
$wgLDAPServerNames = array(<br>
"a_domain"=>"<a href="http://site.example.com" target="_blank">site.example.com</a><br>
<<a href="http://site.example.com" target="_blank">http://site.example.com</a>> <<a href="http://site.example.com" target="_blank">http://site.example.com</a>><br>
<<a href="http://site.example.com" target="_blank">http://site.example.com</a>><br>
<<a href="http://site.example.com" target="_blank">http://site.example.com</a>><br>
<<a href="http://site.example.com" target="_blank">http://site.example.com</a>>");<br>
<br>
$wgLDAPEncryptionType = array(<br>
"a_domain"=>"clear");<br>
$wgLDAPSearchStrings = array(<br>
<br></div></div>
"a_domain"=>"rom_domain\\USER-<u></u>________NAME");<br>
$wgLDAPBaseDNs = array(<br>
"a_domain"=>"dc=company,dc=___<u></u>_____com");<div><div class="h5"><br>
<br>
<br>
<br>
<br>
Those are the commands I<br>
tried using:<br>
engine-manage-domains -action=add<br>
-domain=<a href="http://site.example.com" target="_blank">site.example.com</a><br>
<<a href="http://site.example.com" target="_blank">http://site.example.com</a>> <<a href="http://site.example.com" target="_blank">http://site.example.com</a>><br>
<<a href="http://site.example.com" target="_blank">http://site.example.com</a>><br>
<<a href="http://site.example.com" target="_blank">http://site.example.com</a>><br>
<<a href="http://site.example.com" target="_blank">http://site.example.com</a>><br>
-provider=ActiveDirectory<br>
-user=<a href="http://user.name" target="_blank">user.name</a><br>
<<a href="http://user.name" target="_blank">http://user.name</a>> <<a href="http://user.name" target="_blank">http://user.name</a>><br>
<<a href="http://user.name" target="_blank">http://user.name</a>> <<a href="http://user.name" target="_blank">http://user.name</a>><br>
<<a href="http://user.name" target="_blank">http://user.name</a>> -interactive<br>
<br>
<br>
engine-manage-domains -action=add<br>
-domain=a_domain<br>
-provider=ActiveDirectory<br>
-user=<a href="mailto:user.name@company.com" target="_blank">user.name@company.com</a><br>
<mailto:<a href="mailto:user.name@company.com" target="_blank">user.name@company.com</a>><br>
<mailto:<a href="mailto:user.name@company.com" target="_blank">user.name@company.com</a><br>
<mailto:<a href="mailto:user.name@company.com" target="_blank">user.name@company.com</a>><u></u>><br>
<mailto:<a href="mailto:user.name@company.com" target="_blank">user.name@company.com</a> <mailto:<a href="mailto:user.name@company.com" target="_blank">user.name@company.com</a>><br>
<mailto:<a href="mailto:user.name@company.com" target="_blank">user.name@company.com</a><br>
<mailto:<a href="mailto:user.name@company.com" target="_blank">user.name@company.com</a>><u></u>>__><br>
<mailto:<a href="mailto:user.name@company.com" target="_blank">user.name@company.com</a><br>
<mailto:<a href="mailto:user.name@company.com" target="_blank">user.name@company.com</a>><br>
<mailto:<a href="mailto:user.name@company.com" target="_blank">user.name@company.com</a><br>
<mailto:<a href="mailto:user.name@company.com" target="_blank">user.name@company.com</a>><u></u>><br>
<mailto:<a href="mailto:user.name@company.com" target="_blank">user.name@company.com</a><br>
<mailto:<a href="mailto:user.name@company.com" target="_blank">user.name@company.com</a>><br>
<mailto:<a href="mailto:user.name@company.com" target="_blank">user.name@company.com</a><br>
<mailto:<a href="mailto:user.name@company.com" target="_blank">user.name@company.com</a>><u></u>>__>__><br>
<mailto:<a href="mailto:user.name@company.com" target="_blank">user.name@company.com</a><br>
<mailto:<a href="mailto:user.name@company.com" target="_blank">user.name@company.com</a>><br>
<mailto:<a href="mailto:user.name@company.com" target="_blank">user.name@company.com</a><br>
<mailto:<a href="mailto:user.name@company.com" target="_blank">user.name@company.com</a>><u></u>><br>
<mailto:<a href="mailto:user.name@company.com" target="_blank">user.name@company.com</a><br>
<mailto:<a href="mailto:user.name@company.com" target="_blank">user.name@company.com</a>><br>
<mailto:<a href="mailto:user.name@company.com" target="_blank">user.name@company.com</a><br>
<mailto:<a href="mailto:user.name@company.com" target="_blank">user.name@company.com</a>><u></u>>__><br>
<br>
<mailto:<a href="mailto:user.name@company.com" target="_blank">user.name@company.com</a><br>
<mailto:<a href="mailto:user.name@company.com" target="_blank">user.name@company.com</a>><br>
<mailto:<a href="mailto:user.name@company.com" target="_blank">user.name@company.com</a><br>
<mailto:<a href="mailto:user.name@company.com" target="_blank">user.name@company.com</a>><u></u>><br>
<mailto:<a href="mailto:user.name@company.com" target="_blank">user.name@company.com</a><br>
<mailto:<a href="mailto:user.name@company.com" target="_blank">user.name@company.com</a>><br>
<mailto:<a href="mailto:user.name@company.com" target="_blank">user.name@company.com</a><br></div></div>
<mailto:<a href="mailto:user.name@company.com" target="_blank">user.name@company.com</a>><u></u>>__>__>__> -interactive<br>
<br>
<br>
engine-manage-domains -action=add<br>
-domain=a_domain<br>
-provider=ActiveDirectory<br>
-user=user.name@site.example._<u></u>_______com<div class="im"><br>
<br>
<mailto:<a href="mailto:user.name@site" target="_blank">user.name@site</a><br>
<mailto:<a href="mailto:user.name@site" target="_blank">user.name@site</a>>.<br>
<mailto:<a href="mailto:user.name@site" target="_blank">user.name@site</a><br>
<mailto:<a href="mailto:user.name@site" target="_blank">user.name@site</a>>.>__<a href="http://exam__p__le.com" target="_blank">exa<u></u>m__p__le.com</a><br>
<<a href="http://examp__le.com" target="_blank">http://examp__le.com</a>> <<a href="http://example.com" target="_blank">http://example.com</a>><br>
<mailto:<a href="mailto:user.name@site" target="_blank">user.name@site</a>.<br>
<mailto:<a href="mailto:user.name@site" target="_blank">user.name@site</a>.>__<a href="http://examp__le.com" target="_blank">exam<u></u>p__le.com</a> <<a href="http://example.com" target="_blank">http://example.com</a>><br>
<mailto:<a href="mailto:user.name@site." target="_blank">user.name@site.</a>__<a href="http://example.com" target="_blank">examp<u></u>le.com</a><br>
<mailto:<a href="mailto:user.name@site.example.com" target="_blank">user.name@site.<u></u>example.com</a>>>>><br></div>
<mailto:<a href="mailto:user.name@site" target="_blank">user.name@site</a><br>
<mailto:<a href="mailto:user.name@site" target="_blank">user.name@site</a>><div class="im"><br>
<mailto:<a href="mailto:user.name@site" target="_blank">user.name@site</a> <mailto:<a href="mailto:user.name@site" target="_blank">user.name@site</a>>>.<br>
<mailto:<a href="mailto:user.name@site" target="_blank">user.name@site</a> <mailto:<a href="mailto:user.name@site" target="_blank">user.name@site</a>><br>
<mailto:<a href="mailto:user.name@site" target="_blank">user.name@site</a><br></div>
<mailto:<a href="mailto:user.name@site" target="_blank">user.name@site</a>>>.>__<a href="http://exa__m__p__le.com" target="_blank">ex<u></u>a__m__p__le.com</a><br>
<<a href="http://exam__p__le.com" target="_blank">http://exam__p__le.com</a>><div><div class="h5"><br>
<<a href="http://examp__le.com" target="_blank">http://examp__le.com</a>> <<a href="http://example.com" target="_blank">http://example.com</a>><br>
<br>
<br>
<br>
<mailto:<a href="mailto:user.name@site" target="_blank">user.name@site</a><br>
<mailto:<a href="mailto:user.name@site" target="_blank">user.name@site</a>>.<br>
<mailto:<a href="mailto:user.name@site" target="_blank">user.name@site</a><br>
<mailto:<a href="mailto:user.name@site" target="_blank">user.name@site</a>>.>__<a href="http://exam__p__le.com" target="_blank">exa<u></u>m__p__le.com</a><br>
<<a href="http://examp__le.com" target="_blank">http://examp__le.com</a>> <<a href="http://example.com" target="_blank">http://example.com</a>><br>
<mailto:<a href="mailto:user.name@site" target="_blank">user.name@site</a>.<br>
<mailto:<a href="mailto:user.name@site" target="_blank">user.name@site</a>.>__<a href="http://examp__le.com" target="_blank">exam<u></u>p__le.com</a> <<a href="http://example.com" target="_blank">http://example.com</a>><br>
<mailto:<a href="mailto:user.name@site." target="_blank">user.name@site.</a>__<a href="http://example.com" target="_blank">examp<u></u>le.com</a><br>
<mailto:<a href="mailto:user.name@site.example.com" target="_blank">user.name@site.<u></u>example.com</a>>>>>> -interactive<br>
<br>
<br>
You don't add an user this way.<br>
You add the<br>
domain. You<br>
have to<br>
pass the<br>
domain admin user and the domain<br>
admin password.<br>
<br>
<br>
any domain user will do, doesn't have<br>
to be an admin.<br>
what does the log say?<br>
<br>
<br>
Then you can use the domain<br>
within the engine.<br>
e.g. search<br>
users, add<br>
access rights for vms etc.<br>
Even login to the engine and<br>
assigning rights<br>
within<br>
the engine<br>
you can<br>
handle from the engine itself.<br>
<br>
Regards,<br>
<br>
And the output on all tries:<br>
Enter password:<br>
<br>
Error: Authentication Failed.<br>
Please<br>
verify the fully<br>
qualified domain<br>
name that is used for<br>
authentication is<br>
correct..<br>
Problematic domain<br>
is: domain_used_in_command<br>
Failure while applying Kerberos<br>
configuration. Details:<br>
Authentication<br>
Failed. Please verify the<br>
fully qualified<br>
domain<br>
name that<br>
is used for<br>
authentication is correct.<br>
<br>
Can someone help me with the<br>
correct<br>
parameters?<br>
<br>
<br>
Best regards,<br>
Cristian Falcas<br>
<br>
<br>
<br>
<br></div></div>
______________________________<u></u>_________________________<div class="im"><br>
<br>
Users mailing list<br>
<a href="mailto:Users@ovirt.org" target="_blank">Users@ovirt.org</a> <mailto:<a href="mailto:Users@ovirt.org" target="_blank">Users@ovirt.org</a>><br>
<mailto:<a href="mailto:Users@ovirt.org" target="_blank">Users@ovirt.org</a> <mailto:<a href="mailto:Users@ovirt.org" target="_blank">Users@ovirt.org</a>>><br>
<mailto:<a href="mailto:Users@ovirt.org" target="_blank">Users@ovirt.org</a> <mailto:<a href="mailto:Users@ovirt.org" target="_blank">Users@ovirt.org</a>><br>
<mailto:<a href="mailto:Users@ovirt.org" target="_blank">Users@ovirt.org</a> <mailto:<a href="mailto:Users@ovirt.org" target="_blank">Users@ovirt.org</a>>>><br>
<mailto:<a href="mailto:Users@ovirt.org" target="_blank">Users@ovirt.org</a> <mailto:<a href="mailto:Users@ovirt.org" target="_blank">Users@ovirt.org</a>><br>
<mailto:<a href="mailto:Users@ovirt.org" target="_blank">Users@ovirt.org</a> <mailto:<a href="mailto:Users@ovirt.org" target="_blank">Users@ovirt.org</a>>><br>
<mailto:<a href="mailto:Users@ovirt.org" target="_blank">Users@ovirt.org</a><br>
<mailto:<a href="mailto:Users@ovirt.org" target="_blank">Users@ovirt.org</a>> <mailto:<a href="mailto:Users@ovirt.org" target="_blank">Users@ovirt.org</a><br></div>
<mailto:<a href="mailto:Users@ovirt.org" target="_blank">Users@ovirt.org</a>>>>><br>
<a href="http://lists.ovirt.org/________mailman/listinfo/users" target="_blank">http://lists.ovirt.org/_______<u></u>_mailman/listinfo/users</a><br>
<<a href="http://lists.ovirt.org/______mailman/listinfo/users" target="_blank">http://lists.ovirt.org/______<u></u>mailman/listinfo/users</a>><div><div class="h5"><br>
<br>
<<a href="http://lists.ovirt.org/______mailman/listinfo/users" target="_blank">http://lists.ovirt.org/______<u></u>mailman/listinfo/users</a><br>
<<a href="http://lists.ovirt.org/____mailman/listinfo/users" target="_blank">http://lists.ovirt.org/____<u></u>mailman/listinfo/users</a>>><br>
<br>
<br>
<<a href="http://lists.ovirt.org/______mailman/listinfo/users" target="_blank">http://lists.ovirt.org/______<u></u>mailman/listinfo/users</a><br>
<<a href="http://lists.ovirt.org/____mailman/listinfo/users" target="_blank">http://lists.ovirt.org/____<u></u>mailman/listinfo/users</a>><br>
<<a href="http://lists.ovirt.org/____mailman/listinfo/users" target="_blank">http://lists.ovirt.org/____<u></u>mailman/listinfo/users</a><br>
<<a href="http://lists.ovirt.org/__mailman/listinfo/users" target="_blank">http://lists.ovirt.org/__<u></u>mailman/listinfo/users</a>>>><br>
<br>
<br>
<br>
<br>
<<a href="http://lists.ovirt.org/______mailman/listinfo/users" target="_blank">http://lists.ovirt.org/______<u></u>mailman/listinfo/users</a><br>
<<a href="http://lists.ovirt.org/____mailman/listinfo/users" target="_blank">http://lists.ovirt.org/____<u></u>mailman/listinfo/users</a>><br>
<<a href="http://lists.ovirt.org/____mailman/listinfo/users" target="_blank">http://lists.ovirt.org/____<u></u>mailman/listinfo/users</a><br>
<<a href="http://lists.ovirt.org/__mailman/listinfo/users" target="_blank">http://lists.ovirt.org/__<u></u>mailman/listinfo/users</a>>><br>
<br>
<<a href="http://lists.ovirt.org/____mailman/listinfo/users" target="_blank">http://lists.ovirt.org/____<u></u>mailman/listinfo/users</a><br>
<<a href="http://lists.ovirt.org/__mailman/listinfo/users" target="_blank">http://lists.ovirt.org/__<u></u>mailman/listinfo/users</a>><br>
<<a href="http://lists.ovirt.org/__mailman/listinfo/users" target="_blank">http://lists.ovirt.org/__<u></u>mailman/listinfo/users</a><br>
<<a href="http://lists.ovirt.org/mailman/listinfo/users" target="_blank">http://lists.ovirt.org/<u></u>mailman/listinfo/users</a>>>>><br>
<br>
<br>
<br>
--<br>
Regards,<br>
<br>
Vinzenz Feenstra | Senior<br>
Software Engineer<br>
RedHat Engineering Virtualization<br>
R & D<br>
Phone: <a href="tel:%2B420%20532%20294%20625" target="_blank">+420 532 294 625</a><br>
<tel:%2B420%20532%20294%20625><br>
<tel:%2B420%20532%20294%20625><br>
<tel:%2B420%20532%20294%20625><br>
<tel:%2B420%20532%20294%20625><br>
<br>
IRC: vfeenstr or evilissimo<br>
<br>
Better technology. Faster<br>
innovation. Powered<br>
by community<br>
collaboration.<br>
See how it works at <a href="http://redhat.com" target="_blank">redhat.com</a><br>
<<a href="http://redhat.com" target="_blank">http://redhat.com</a>><br>
<<a href="http://redhat.com" target="_blank">http://redhat.com</a>> <<a href="http://redhat.com" target="_blank">http://redhat.com</a>><br></div></div>
<<a href="http://redhat.com" target="_blank">http://redhat.com</a>><br>
<br>
<br>
<br>
<br>
<br>
______________________________<u></u>_________________________<div class="im"><br>
<br>
Users mailing list<br>
<a href="mailto:Users@ovirt.org" target="_blank">Users@ovirt.org</a> <mailto:<a href="mailto:Users@ovirt.org" target="_blank">Users@ovirt.org</a>><br>
<mailto:<a href="mailto:Users@ovirt.org" target="_blank">Users@ovirt.org</a> <mailto:<a href="mailto:Users@ovirt.org" target="_blank">Users@ovirt.org</a>>><br>
<mailto:<a href="mailto:Users@ovirt.org" target="_blank">Users@ovirt.org</a> <mailto:<a href="mailto:Users@ovirt.org" target="_blank">Users@ovirt.org</a>><br>
<mailto:<a href="mailto:Users@ovirt.org" target="_blank">Users@ovirt.org</a> <mailto:<a href="mailto:Users@ovirt.org" target="_blank">Users@ovirt.org</a>>>><br>
<mailto:<a href="mailto:Users@ovirt.org" target="_blank">Users@ovirt.org</a> <mailto:<a href="mailto:Users@ovirt.org" target="_blank">Users@ovirt.org</a>><br>
<mailto:<a href="mailto:Users@ovirt.org" target="_blank">Users@ovirt.org</a> <mailto:<a href="mailto:Users@ovirt.org" target="_blank">Users@ovirt.org</a>>><br>
<mailto:<a href="mailto:Users@ovirt.org" target="_blank">Users@ovirt.org</a><br>
<mailto:<a href="mailto:Users@ovirt.org" target="_blank">Users@ovirt.org</a>> <mailto:<a href="mailto:Users@ovirt.org" target="_blank">Users@ovirt.org</a><br></div>
<mailto:<a href="mailto:Users@ovirt.org" target="_blank">Users@ovirt.org</a>>>>><br>
<a href="http://lists.ovirt.org/________mailman/listinfo/users" target="_blank">http://lists.ovirt.org/_______<u></u>_mailman/listinfo/users</a><br>
<<a href="http://lists.ovirt.org/______mailman/listinfo/users" target="_blank">http://lists.ovirt.org/______<u></u>mailman/listinfo/users</a>><div class="im"><br>
<br>
<<a href="http://lists.ovirt.org/______mailman/listinfo/users" target="_blank">http://lists.ovirt.org/______<u></u>mailman/listinfo/users</a><br>
<<a href="http://lists.ovirt.org/____mailman/listinfo/users" target="_blank">http://lists.ovirt.org/____<u></u>mailman/listinfo/users</a>>><br>
<br>
<br>
<<a href="http://lists.ovirt.org/______mailman/listinfo/users" target="_blank">http://lists.ovirt.org/______<u></u>mailman/listinfo/users</a><br>
<<a href="http://lists.ovirt.org/____mailman/listinfo/users" target="_blank">http://lists.ovirt.org/____<u></u>mailman/listinfo/users</a>><br>
<<a href="http://lists.ovirt.org/____mailman/listinfo/users" target="_blank">http://lists.ovirt.org/____<u></u>mailman/listinfo/users</a><br>
<<a href="http://lists.ovirt.org/__mailman/listinfo/users" target="_blank">http://lists.ovirt.org/__<u></u>mailman/listinfo/users</a>>>><br>
<br>
<br>
<<a href="http://lists.ovirt.org/______mailman/listinfo/users" target="_blank">http://lists.ovirt.org/______<u></u>mailman/listinfo/users</a><br>
<<a href="http://lists.ovirt.org/____mailman/listinfo/users" target="_blank">http://lists.ovirt.org/____<u></u>mailman/listinfo/users</a>><br>
<<a href="http://lists.ovirt.org/____mailman/listinfo/users" target="_blank">http://lists.ovirt.org/____<u></u>mailman/listinfo/users</a><br>
<<a href="http://lists.ovirt.org/__mailman/listinfo/users" target="_blank">http://lists.ovirt.org/__<u></u>mailman/listinfo/users</a>>><br>
<br>
<<a href="http://lists.ovirt.org/____mailman/listinfo/users" target="_blank">http://lists.ovirt.org/____<u></u>mailman/listinfo/users</a><br>
<<a href="http://lists.ovirt.org/__mailman/listinfo/users" target="_blank">http://lists.ovirt.org/__<u></u>mailman/listinfo/users</a>><br>
<<a href="http://lists.ovirt.org/__mailman/listinfo/users" target="_blank">http://lists.ovirt.org/__<u></u>mailman/listinfo/users</a><br>
<<a href="http://lists.ovirt.org/mailman/listinfo/users" target="_blank">http://lists.ovirt.org/<u></u>mailman/listinfo/users</a>>>>><br>
<br>
<br>
<br>
<br></div>
______________________________<u></u>_________________________<div class="im"><br>
<br>
Users mailing list<br>
<a href="mailto:Users@ovirt.org" target="_blank">Users@ovirt.org</a> <mailto:<a href="mailto:Users@ovirt.org" target="_blank">Users@ovirt.org</a>><br>
<mailto:<a href="mailto:Users@ovirt.org" target="_blank">Users@ovirt.org</a> <mailto:<a href="mailto:Users@ovirt.org" target="_blank">Users@ovirt.org</a>>><br>
<mailto:<a href="mailto:Users@ovirt.org" target="_blank">Users@ovirt.org</a> <mailto:<a href="mailto:Users@ovirt.org" target="_blank">Users@ovirt.org</a>><br>
<mailto:<a href="mailto:Users@ovirt.org" target="_blank">Users@ovirt.org</a> <mailto:<a href="mailto:Users@ovirt.org" target="_blank">Users@ovirt.org</a>>>><br>
<mailto:<a href="mailto:Users@ovirt.org" target="_blank">Users@ovirt.org</a> <mailto:<a href="mailto:Users@ovirt.org" target="_blank">Users@ovirt.org</a>><br>
<mailto:<a href="mailto:Users@ovirt.org" target="_blank">Users@ovirt.org</a> <mailto:<a href="mailto:Users@ovirt.org" target="_blank">Users@ovirt.org</a>>><br>
<mailto:<a href="mailto:Users@ovirt.org" target="_blank">Users@ovirt.org</a><br>
<mailto:<a href="mailto:Users@ovirt.org" target="_blank">Users@ovirt.org</a>> <mailto:<a href="mailto:Users@ovirt.org" target="_blank">Users@ovirt.org</a><br></div>
<mailto:<a href="mailto:Users@ovirt.org" target="_blank">Users@ovirt.org</a>>>>><br>
<a href="http://lists.ovirt.org/________mailman/listinfo/users" target="_blank">http://lists.ovirt.org/_______<u></u>_mailman/listinfo/users</a><br>
<<a href="http://lists.ovirt.org/______mailman/listinfo/users" target="_blank">http://lists.ovirt.org/______<u></u>mailman/listinfo/users</a>><div class="im"><br>
<br>
<<a href="http://lists.ovirt.org/______mailman/listinfo/users" target="_blank">http://lists.ovirt.org/______<u></u>mailman/listinfo/users</a><br>
<<a href="http://lists.ovirt.org/____mailman/listinfo/users" target="_blank">http://lists.ovirt.org/____<u></u>mailman/listinfo/users</a>>><br>
<br>
<<a href="http://lists.ovirt.org/______mailman/listinfo/users" target="_blank">http://lists.ovirt.org/______<u></u>mailman/listinfo/users</a><br>
<<a href="http://lists.ovirt.org/____mailman/listinfo/users" target="_blank">http://lists.ovirt.org/____<u></u>mailman/listinfo/users</a>><br>
<<a href="http://lists.ovirt.org/____mailman/listinfo/users" target="_blank">http://lists.ovirt.org/____<u></u>mailman/listinfo/users</a><br>
<<a href="http://lists.ovirt.org/__mailman/listinfo/users" target="_blank">http://lists.ovirt.org/__<u></u>mailman/listinfo/users</a>>>><br>
<br>
<br>
<br></div><div class="im">
<<a href="http://lists.ovirt.org/______mailman/listinfo/users" target="_blank">http://lists.ovirt.org/______<u></u>mailman/listinfo/users</a><br>
<<a href="http://lists.ovirt.org/____mailman/listinfo/users" target="_blank">http://lists.ovirt.org/____<u></u>mailman/listinfo/users</a>><br>
<<a href="http://lists.ovirt.org/____mailman/listinfo/users" target="_blank">http://lists.ovirt.org/____<u></u>mailman/listinfo/users</a><br>
<<a href="http://lists.ovirt.org/__mailman/listinfo/users" target="_blank">http://lists.ovirt.org/__<u></u>mailman/listinfo/users</a>>><br>
<br>
<<a href="http://lists.ovirt.org/____mailman/listinfo/users" target="_blank">http://lists.ovirt.org/____<u></u>mailman/listinfo/users</a><br>
<<a href="http://lists.ovirt.org/__mailman/listinfo/users" target="_blank">http://lists.ovirt.org/__<u></u>mailman/listinfo/users</a>><br>
<<a href="http://lists.ovirt.org/__mailman/listinfo/users" target="_blank">http://lists.ovirt.org/__<u></u>mailman/listinfo/users</a><br>
<<a href="http://lists.ovirt.org/mailman/listinfo/users" target="_blank">http://lists.ovirt.org/<u></u>mailman/listinfo/users</a>>>>><br>
<br>
<br>
<br>
<br>
Hi,<br>
<br>
This is the command I used (the same error<br>
is with<br>
-interactive<br>
parameter):<br>
<br>
engine-manage-domains -action=add<br>
-domain=<a href="http://example.com" target="_blank">example.com</a> <<a href="http://example.com" target="_blank">http://example.com</a>><br>
<<a href="http://example.com" target="_blank">http://example.com</a>><br>
<<a href="http://example.com" target="_blank">http://example.com</a>><br>
<<a href="http://example.com" target="_blank">http://example.com</a>> -provider=ActiveDirectory<br>
-user=user.name@a_domain<br>
<br>
-passwordFile=/tmp/pass<br>
<br>
[root@localhost ~]# cat /tmp/pass<br>
qwerty[root@localhost ~]#<br>
<br>
This is the log:<br>
<br>
2012-11-20 00:30:40,443 INFO<br>
<br>
<br></div>
[org.ovirt.engine.core.utils._<u></u>_____kerberos.ManageDomains]<div class="im"><br>
Creating<br>
<br>
<br>
kerberos<br>
configuration for domain(s): <a href="http://example.com" target="_blank">example.com</a><br>
<<a href="http://example.com" target="_blank">http://example.com</a>><br>
<<a href="http://example.com" target="_blank">http://example.com</a>> <<a href="http://example.com" target="_blank">http://example.com</a>><br>
<<a href="http://example.com" target="_blank">http://example.com</a>><br>
<br>
2012-11-20 00:30:40,525 INFO<br>
<br>
<br></div>
[org.ovirt.engine.core.utils._<u></u>_____kerberos.ManageDomains]<div class="im"><br>
<br>
Successfully<br>
<br>
created kerberos configuration for domain(s):<br>
<a href="http://example.com" target="_blank">example.com</a> <<a href="http://example.com" target="_blank">http://example.com</a>> <<a href="http://example.com" target="_blank">http://example.com</a>><br>
<<a href="http://example.com" target="_blank">http://example.com</a>><br>
<<a href="http://example.com" target="_blank">http://example.com</a>><br>
<br>
2012-11-20 00:30:40,526 INFO<br>
<br>
<br></div>
[org.ovirt.engine.core.utils._<u></u>_____kerberos.ManageDomains]<div class="im"><br>
Testing<br>
<br>
<br>
kerberos<br>
configuration for domain: <a href="http://example.com" target="_blank">example.com</a><br>
<<a href="http://example.com" target="_blank">http://example.com</a>><br>
<<a href="http://example.com" target="_blank">http://example.com</a>> <<a href="http://example.com" target="_blank">http://example.com</a>><br>
<<a href="http://example.com" target="_blank">http://example.com</a>><br>
<br>
2012-11-20 00:30:40,830 ERROR<br>
<br>
<br></div>
[org.ovirt.engine.core.utils._<u></u>_____kerberos.__<u></u>KerberosConfigCheck]<div class="im"><br>
<br>
Error:<br>
<br>
exception message: Cannot locate KDC<br>
2012-11-20 00:30:40,851 ERROR<br>
<br>
<br></div>
[org.ovirt.engine.core.utils._<u></u>_____kerberos.ManageDomains]<div><div class="h5"><br>
Failure<br>
<br>
while<br>
<br>
testing domain <a href="http://example.com" target="_blank">example.com</a><br>
<<a href="http://example.com" target="_blank">http://example.com</a>> <<a href="http://example.com" target="_blank">http://example.com</a>><br>
<<a href="http://example.com" target="_blank">http://example.com</a>><br>
<<a href="http://example.com" target="_blank">http://example.com</a>>. Details: Kerberos<br>
<br>
error. Please check log for further details.<br>
<br>
<br>
Hi, the error indicates you don't have<br>
kerberos configured.<br>
manage-domains validates by default using<br>
GSSAPI/Kerberos (if I<br>
understand correctly, this is equivalent to<br>
run ldapsearch<br>
with -Y<br>
gssapi option).<br>
I wonder if -x (simple authentication) will<br>
work for you as<br>
well (as<br>
manage-domains contains code for simple<br>
authentication as<br>
well).<br>
<br>
<br>
<br>
This is the ldapsearch command that works<br>
(it retrieves<br>
users)<br>
from the<br>
same machine:<br>
<br>
<br>
<br>
ldapsearch -H ldap://<a href="http://example.com" target="_blank">example.com</a><br>
<<a href="http://example.com" target="_blank">http://example.com</a>> <<a href="http://example.com" target="_blank">http://example.com</a>><br>
<<a href="http://example.com" target="_blank">http://example.com</a>><br>
<<a href="http://example.com" target="_blank">http://example.com</a>> -b<br>
<br>
dc=example,dc=com -D user.name@a_domain -w<br>
qwerty<br>
<br>
<br>
Best regards,<br>
Cristian Falcas<br>
<br>
<br>
<br>
<br></div></div><div class="im">
______________________________<u></u>_______________________<br>
Users mailing list<br>
<a href="mailto:Users@ovirt.org" target="_blank">Users@ovirt.org</a> <mailto:<a href="mailto:Users@ovirt.org" target="_blank">Users@ovirt.org</a>><br>
<mailto:<a href="mailto:Users@ovirt.org" target="_blank">Users@ovirt.org</a> <mailto:<a href="mailto:Users@ovirt.org" target="_blank">Users@ovirt.org</a>>><br>
<mailto:<a href="mailto:Users@ovirt.org" target="_blank">Users@ovirt.org</a> <mailto:<a href="mailto:Users@ovirt.org" target="_blank">Users@ovirt.org</a>><br>
<mailto:<a href="mailto:Users@ovirt.org" target="_blank">Users@ovirt.org</a> <mailto:<a href="mailto:Users@ovirt.org" target="_blank">Users@ovirt.org</a>>>><br>
<a href="http://lists.ovirt.org/______mailman/listinfo/users" target="_blank">http://lists.ovirt.org/______<u></u>mailman/listinfo/users</a><br>
<<a href="http://lists.ovirt.org/____mailman/listinfo/users" target="_blank">http://lists.ovirt.org/____<u></u>mailman/listinfo/users</a>><br>
<<a href="http://lists.ovirt.org/____mailman/listinfo/users" target="_blank">http://lists.ovirt.org/____<u></u>mailman/listinfo/users</a><br>
<<a href="http://lists.ovirt.org/__mailman/listinfo/users" target="_blank">http://lists.ovirt.org/__<u></u>mailman/listinfo/users</a>>><br>
<br>
<<a href="http://lists.ovirt.org/____mailman/listinfo/users" target="_blank">http://lists.ovirt.org/____<u></u>mailman/listinfo/users</a><br>
<<a href="http://lists.ovirt.org/__mailman/listinfo/users" target="_blank">http://lists.ovirt.org/__<u></u>mailman/listinfo/users</a>><br>
<<a href="http://lists.ovirt.org/__mailman/listinfo/users" target="_blank">http://lists.ovirt.org/__<u></u>mailman/listinfo/users</a><br>
<<a href="http://lists.ovirt.org/mailman/listinfo/users" target="_blank">http://lists.ovirt.org/<u></u>mailman/listinfo/users</a>>>><br>
<br>
<br>
<br>
<br>
Hi,<br>
<br></div><div class="im">
I used "-x" for ldapsearch and the result is the<br>
same: list<br>
retrieved.<br>
Is there any equivalent for engine-manage-domains?<br>
<br>
Cristian<br>
<br>
Hi Christian, there is no code allowing to add<br>
simple-authentication<br>
domains to Manage-Domains.<br>
In the past we did have the ability to do that, but<br>
there are<br>
several problematic issues.<br>
What ldap server are you working against? Maybe I<br>
missed that<br>
<br>
<br>
<br>
<br>
Hi,<br>
<br>
The server is a Microfost AD 2003.<br>
<br>
Best regards,<br>
Cristian Falcas<br>
<br>
<br>
this should work, is the AD also the DNS server for the ovirt<br>
engine machine?<br>
<br>
<br>
<br>
yes<br>
<br>
<br>
</div></blockquote>
<br>
<br>
</blockquote></div><br>Could you take a look at the tcp dump? There are only 2 messages relevant to this (let me know if you want the full dump):<br><br>- 2091 12.423634 10.0.0.xx 10.0.0.yyy DNS 87 Standard query SRV _kerberos._<a href="http://tcp.EXAMPLE.COM" target="_blank">tcp.EXAMPLE.COM</a><br>
- 2092 12.424357 10.0.0.yyy 10.0.0.xx DNS 245 Standard query response SRV 0 100 88 <a href="http://site1.example.com" target="_blank">site1.example.com</a> SRV 0 100 88 <a href="http://site2.example.com" target="_blank">site2.example.com</a> SRV 0 100 88 <a href="http://site3.example.com" target="_blank">site3.example.com</a><br>
<br>Also, I tries to run ldapsearch with -Y gssapi:<br>ldap_sasl_interactive_bind_s: Unknown authentication method (-6)<br> additional info: SASL(-4): no mechanism available: No worthy mechs found<br><br>Best regards, <br>
Cristian Falcas<br></div>
</blockquote>The SRV records look fine.<div>If I remember correctly, your DNS should have a reverse-resolve PTR record to your engine machine. Does it exists?</div><div><br></div></div></body></html>