<br><div class="gmail_extra"><br><br><div class="gmail_quote">On Wed, Nov 21, 2012 at 5:05 AM, Yair Zaslavsky <span dir="ltr">&lt;<a href="mailto:yzaslavs@redhat.com" target="_blank">yzaslavs@redhat.com</a>&gt;</span> wrote:<br>

<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div><div style="font-size:12pt;font-family:times new roman,new york,times,serif"><br><br><hr><blockquote style="padding-left:5px;font-size:12pt;font-style:normal;margin-left:5px;font-family:Helvetica,Arial,sans-serif;text-decoration:none;font-weight:normal;border-left:2px solid rgb(16,16,255)">

<b>From: </b>&quot;Cristian Falcas&quot; &lt;<a href="mailto:cristi.falcas@gmail.com" target="_blank">cristi.falcas@gmail.com</a>&gt;<br><b>To: </b>&quot;Itamar Heim&quot; &lt;<a href="mailto:iheim@redhat.com" target="_blank">iheim@redhat.com</a>&gt;<br>

<b>Cc: </b>&quot;Yair Zaslavsky&quot; &lt;<a href="mailto:yzaslavs@redhat.com" target="_blank">yzaslavs@redhat.com</a>&gt;, <a href="mailto:users@ovirt.org" target="_blank">users@ovirt.org</a><br><b>Sent: </b>Tuesday, November 20, 2012 7:33:39 PM<div class="im">

<br><b>Subject: </b>Re: [Users] I don&#39;t know how to add AD users<br><br><br></div><div class="gmail_extra"><br><br><div><div class="h5"><div class="gmail_quote">On Tue, Nov 20, 2012 at 3:08 PM, Itamar Heim <span dir="ltr">&lt;<a href="mailto:iheim@redhat.com" target="_blank">iheim@redhat.com</a>&gt;</span> wrote:<br>

<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">

<div>On 11/20/2012 03:00 PM, Cristian Falcas wrote:<br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
Hi,<br>
<br>
So there is no way to use the domain I have at work, right?<br>
<br>
I will need to make a freeipa installation in order to add new users.<br>
</blockquote>
<br></div>
there is no reason this shouldn&#39;t work with active directory 2003 (assuming its forest level isn&#39;t still in AD 2000 compatibility mode?).<br>
tcpdump for the traffic during engine-manage-domains should help diagnosing why.<br>
<br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div>
<br>
Cristian<br>
<br>
<br>
On Tue, Nov 20, 2012 at 10:11 AM, Cristian Falcas<br></div><div>
&lt;<a href="mailto:cristi.falcas@gmail.com" target="_blank">cristi.falcas@gmail.com</a> &lt;mailto:<a href="mailto:cristi.falcas@gmail.com" target="_blank">cristi.falcas@gmail.<u></u>com</a>&gt;&gt; wrote:<br>
<br>
<br>
<br>
<br>
    On Tue, Nov 20, 2012 at 9:58 AM, Itamar Heim &lt;<a href="mailto:iheim@redhat.com" target="_blank">iheim@redhat.com</a><br></div><div>
    &lt;mailto:<a href="mailto:iheim@redhat.com" target="_blank">iheim@redhat.com</a>&gt;&gt; wrote:<br>
<br>
        On 11/20/2012 09:56 AM, Cristian Falcas wrote:<br>
<br>
<br>
<br>
<br>
            On Tue, Nov 20, 2012 at 9:42 AM, Yair Zaslavsky<br>
            &lt;<a href="mailto:yzaslavs@redhat.com" target="_blank">yzaslavs@redhat.com</a> &lt;mailto:<a href="mailto:yzaslavs@redhat.com" target="_blank">yzaslavs@redhat.com</a>&gt;<br></div><div><div>
            &lt;mailto:<a href="mailto:yzaslavs@redhat.com" target="_blank">yzaslavs@redhat.com</a> &lt;mailto:<a href="mailto:yzaslavs@redhat.com" target="_blank">yzaslavs@redhat.com</a>&gt;&gt;&gt;<br>
            wrote:<br>
<br>
<br>
<br>
                 On 11/20/2012 09:05 AM, Cristian Falcas wrote:<br>
<br>
<br>
<br>
<br>
                     On Tue, Nov 20, 2012 at 8:36 AM, Yair Zaslavsky<br>
                     &lt;<a href="mailto:yzaslavs@redhat.com" target="_blank">yzaslavs@redhat.com</a> &lt;mailto:<a href="mailto:yzaslavs@redhat.com" target="_blank">yzaslavs@redhat.com</a>&gt;<br>
            &lt;mailto:<a href="mailto:yzaslavs@redhat.com" target="_blank">yzaslavs@redhat.com</a> &lt;mailto:<a href="mailto:yzaslavs@redhat.com" target="_blank">yzaslavs@redhat.com</a>&gt;&gt;<br>
                     &lt;mailto:<a href="mailto:yzaslavs@redhat.com" target="_blank">yzaslavs@redhat.com</a><br>
            &lt;mailto:<a href="mailto:yzaslavs@redhat.com" target="_blank">yzaslavs@redhat.com</a>&gt; &lt;mailto:<a href="mailto:yzaslavs@redhat.com" target="_blank">yzaslavs@redhat.com</a><br>
            &lt;mailto:<a href="mailto:yzaslavs@redhat.com" target="_blank">yzaslavs@redhat.com</a>&gt;&gt;&gt;<u></u>&gt; wrote:<br>
<br>
<br>
<br>
                          On 11/20/2012 12:39 AM, Cristian Falcas wrote:<br>
<br>
<br>
<br>
                              On Mon, Nov 19, 2012 at 10:53 PM, Itamar Heim<br>
                     &lt;<a href="mailto:iheim@redhat.com" target="_blank">iheim@redhat.com</a> &lt;mailto:<a href="mailto:iheim@redhat.com" target="_blank">iheim@redhat.com</a>&gt;<br>
            &lt;mailto:<a href="mailto:iheim@redhat.com" target="_blank">iheim@redhat.com</a> &lt;mailto:<a href="mailto:iheim@redhat.com" target="_blank">iheim@redhat.com</a>&gt;&gt;<br>
                              &lt;mailto:<a href="mailto:iheim@redhat.com" target="_blank">iheim@redhat.com</a><br>
            &lt;mailto:<a href="mailto:iheim@redhat.com" target="_blank">iheim@redhat.com</a>&gt; &lt;mailto:<a href="mailto:iheim@redhat.com" target="_blank">iheim@redhat.com</a><br>
            &lt;mailto:<a href="mailto:iheim@redhat.com" target="_blank">iheim@redhat.com</a>&gt;&gt;&gt;<br>
                              &lt;mailto:<a href="mailto:iheim@redhat.com" target="_blank">iheim@redhat.com</a><br>
            &lt;mailto:<a href="mailto:iheim@redhat.com" target="_blank">iheim@redhat.com</a>&gt; &lt;mailto:<a href="mailto:iheim@redhat.com" target="_blank">iheim@redhat.com</a><br>
            &lt;mailto:<a href="mailto:iheim@redhat.com" target="_blank">iheim@redhat.com</a>&gt;&gt;<br>
                     &lt;mailto:<a href="mailto:iheim@redhat.com" target="_blank">iheim@redhat.com</a> &lt;mailto:<a href="mailto:iheim@redhat.com" target="_blank">iheim@redhat.com</a>&gt;<br>
            &lt;mailto:<a href="mailto:iheim@redhat.com" target="_blank">iheim@redhat.com</a> &lt;mailto:<a href="mailto:iheim@redhat.com" target="_blank">iheim@redhat.com</a>&gt;&gt;&gt;&gt;&gt; wrote:<br>
<br>
                                   On 11/19/2012 11:29 AM, Vinzenz<br>
            Feenstra wrote:<br>
<br>
                                       On 11/19/2012 10:01 AM, Cristian<br>
            Falcas wrote:<br>
<br>
                                           Hi,<br>
<br>
                                           I&#39;m trying to add some users<br>
            to ovirt<br>
                     using an AD.<br>
<br>
                                           This is the configuration I<br>
            used for a<br>
                     mediawiki<br>
                              site, which is<br>
                                           working correctly:<br>
                                           $wgAuth = new<br>
            LdapAuthenticationPlugin();<br>
                                           $wgLDAPUseLocal = true;<br>
                                           $wgLDAPDomainNames = array(<br>
            &quot;a_domain&quot;);<br>
                                           $wgLDAPServerNames = array(<br>
                              &quot;a_domain&quot;=&gt;&quot;<a href="http://site.example.com" target="_blank">site.example.com</a><br>
            &lt;<a href="http://site.example.com" target="_blank">http://site.example.com</a>&gt; &lt;<a href="http://site.example.com" target="_blank">http://site.example.com</a>&gt;<br>
                     &lt;<a href="http://site.example.com" target="_blank">http://site.example.com</a>&gt;<br>
                                           &lt;<a href="http://site.example.com" target="_blank">http://site.example.com</a>&gt;<br>
                                           &lt;<a href="http://site.example.com" target="_blank">http://site.example.com</a>&gt;&quot;);<br>
<br>
                                           $wgLDAPEncryptionType = array(<br>
                     &quot;a_domain&quot;=&gt;&quot;clear&quot;);<br>
                                           $wgLDAPSearchStrings = array(<br>
<br></div></div>
            &quot;a_domain&quot;=&gt;&quot;rom_domain\\USER-<u></u>________NAME&quot;);<br>
                                           $wgLDAPBaseDNs = array(<br>
                              &quot;a_domain&quot;=&gt;&quot;dc=company,dc=___<u></u>_____com&quot;);<div><div><br>
<br>
<br>
<br>
<br>
                                           Those are the commands I<br>
            tried using:<br>
                                           engine-manage-domains -action=add<br>
                              -domain=<a href="http://site.example.com" target="_blank">site.example.com</a><br>
            &lt;<a href="http://site.example.com" target="_blank">http://site.example.com</a>&gt; &lt;<a href="http://site.example.com" target="_blank">http://site.example.com</a>&gt;<br>
                     &lt;<a href="http://site.example.com" target="_blank">http://site.example.com</a>&gt;<br>
                                           &lt;<a href="http://site.example.com" target="_blank">http://site.example.com</a>&gt;<br>
                                           &lt;<a href="http://site.example.com" target="_blank">http://site.example.com</a>&gt;<br>
                     -provider=ActiveDirectory<br>
                                           -user=<a href="http://user.name" target="_blank">user.name</a><br>
            &lt;<a href="http://user.name" target="_blank">http://user.name</a>&gt; &lt;<a href="http://user.name" target="_blank">http://user.name</a>&gt;<br>
                     &lt;<a href="http://user.name" target="_blank">http://user.name</a>&gt; &lt;<a href="http://user.name" target="_blank">http://user.name</a>&gt;<br>
                                           &lt;<a href="http://user.name" target="_blank">http://user.name</a>&gt; -interactive<br>
<br>
<br>
                                           engine-manage-domains -action=add<br>
                     -domain=a_domain<br>
                                           -provider=ActiveDirectory<br>
                              -user=<a href="mailto:user.name@company.com" target="_blank">user.name@company.com</a><br>
            &lt;mailto:<a href="mailto:user.name@company.com" target="_blank">user.name@company.com</a>&gt;<br>
                     &lt;mailto:<a href="mailto:user.name@company.com" target="_blank">user.name@company.com</a><br>
            &lt;mailto:<a href="mailto:user.name@company.com" target="_blank">user.name@company.com</a>&gt;<u></u>&gt;<br>
            &lt;mailto:<a href="mailto:user.name@company.com" target="_blank">user.name@company.com</a> &lt;mailto:<a href="mailto:user.name@company.com" target="_blank">user.name@company.com</a>&gt;<br>
                     &lt;mailto:<a href="mailto:user.name@company.com" target="_blank">user.name@company.com</a><br>
            &lt;mailto:<a href="mailto:user.name@company.com" target="_blank">user.name@company.com</a>&gt;<u></u>&gt;__&gt;<br>
                                           &lt;mailto:<a href="mailto:user.name@company.com" target="_blank">user.name@company.com</a><br>
            &lt;mailto:<a href="mailto:user.name@company.com" target="_blank">user.name@company.com</a>&gt;<br>
                     &lt;mailto:<a href="mailto:user.name@company.com" target="_blank">user.name@company.com</a><br>
            &lt;mailto:<a href="mailto:user.name@company.com" target="_blank">user.name@company.com</a>&gt;<u></u>&gt;<br>
                              &lt;mailto:<a href="mailto:user.name@company.com" target="_blank">user.name@company.com</a><br>
            &lt;mailto:<a href="mailto:user.name@company.com" target="_blank">user.name@company.com</a>&gt;<br>
                     &lt;mailto:<a href="mailto:user.name@company.com" target="_blank">user.name@company.com</a><br>
            &lt;mailto:<a href="mailto:user.name@company.com" target="_blank">user.name@company.com</a>&gt;<u></u>&gt;__&gt;__&gt;<br>
                                           &lt;mailto:<a href="mailto:user.name@company.com" target="_blank">user.name@company.com</a><br>
            &lt;mailto:<a href="mailto:user.name@company.com" target="_blank">user.name@company.com</a>&gt;<br>
                     &lt;mailto:<a href="mailto:user.name@company.com" target="_blank">user.name@company.com</a><br>
            &lt;mailto:<a href="mailto:user.name@company.com" target="_blank">user.name@company.com</a>&gt;<u></u>&gt;<br>
                              &lt;mailto:<a href="mailto:user.name@company.com" target="_blank">user.name@company.com</a><br>
            &lt;mailto:<a href="mailto:user.name@company.com" target="_blank">user.name@company.com</a>&gt;<br>
                     &lt;mailto:<a href="mailto:user.name@company.com" target="_blank">user.name@company.com</a><br>
            &lt;mailto:<a href="mailto:user.name@company.com" target="_blank">user.name@company.com</a>&gt;<u></u>&gt;__&gt;<br>
<br>
                                           &lt;mailto:<a href="mailto:user.name@company.com" target="_blank">user.name@company.com</a><br>
            &lt;mailto:<a href="mailto:user.name@company.com" target="_blank">user.name@company.com</a>&gt;<br>
                     &lt;mailto:<a href="mailto:user.name@company.com" target="_blank">user.name@company.com</a><br>
            &lt;mailto:<a href="mailto:user.name@company.com" target="_blank">user.name@company.com</a>&gt;<u></u>&gt;<br>
                              &lt;mailto:<a href="mailto:user.name@company.com" target="_blank">user.name@company.com</a><br>
            &lt;mailto:<a href="mailto:user.name@company.com" target="_blank">user.name@company.com</a>&gt;<br>
                     &lt;mailto:<a href="mailto:user.name@company.com" target="_blank">user.name@company.com</a><br></div></div>
            &lt;mailto:<a href="mailto:user.name@company.com" target="_blank">user.name@company.com</a>&gt;<u></u>&gt;__&gt;__&gt;__&gt; -interactive<br>
<br>
<br>
                                           engine-manage-domains -action=add<br>
                     -domain=a_domain<br>
                                           -provider=ActiveDirectory<br>
                              -user=user.name@site.example._<u></u>_______com<div><br>
<br>
                                           &lt;mailto:<a href="mailto:user.name@site" target="_blank">user.name@site</a><br>
            &lt;mailto:<a href="mailto:user.name@site" target="_blank">user.name@site</a>&gt;.<br>
                     &lt;mailto:<a href="mailto:user.name@site" target="_blank">user.name@site</a><br>
            &lt;mailto:<a href="mailto:user.name@site" target="_blank">user.name@site</a>&gt;.&gt;__<a href="http://exam__p__le.com" target="_blank">exa<u></u>m__p__le.com</a><br>
            &lt;<a href="http://examp__le.com" target="_blank">http://examp__le.com</a>&gt; &lt;<a href="http://example.com" target="_blank">http://example.com</a>&gt;<br>
                              &lt;mailto:<a href="mailto:user.name@site" target="_blank">user.name@site</a>.<br>
            &lt;mailto:<a href="mailto:user.name@site" target="_blank">user.name@site</a>.&gt;__<a href="http://examp__le.com" target="_blank">exam<u></u>p__le.com</a> &lt;<a href="http://example.com" target="_blank">http://example.com</a>&gt;<br>




                     &lt;mailto:<a href="mailto:user.name@site." target="_blank">user.name@site.</a>__<a href="http://example.com" target="_blank">examp<u></u>le.com</a><br>
            &lt;mailto:<a href="mailto:user.name@site.example.com" target="_blank">user.name@site.<u></u>example.com</a>&gt;&gt;&gt;&gt;<br></div>
                                           &lt;mailto:<a href="mailto:user.name@site" target="_blank">user.name@site</a><br>
            &lt;mailto:<a href="mailto:user.name@site" target="_blank">user.name@site</a>&gt;<div><br>
                     &lt;mailto:<a href="mailto:user.name@site" target="_blank">user.name@site</a> &lt;mailto:<a href="mailto:user.name@site" target="_blank">user.name@site</a>&gt;&gt;.<br>
                              &lt;mailto:<a href="mailto:user.name@site" target="_blank">user.name@site</a> &lt;mailto:<a href="mailto:user.name@site" target="_blank">user.name@site</a>&gt;<br>
                     &lt;mailto:<a href="mailto:user.name@site" target="_blank">user.name@site</a><br></div>
            &lt;mailto:<a href="mailto:user.name@site" target="_blank">user.name@site</a>&gt;&gt;.&gt;__<a href="http://exa__m__p__le.com" target="_blank">ex<u></u>a__m__p__le.com</a><br>
            &lt;<a href="http://exam__p__le.com" target="_blank">http://exam__p__le.com</a>&gt;<div><div><br>
                     &lt;<a href="http://examp__le.com" target="_blank">http://examp__le.com</a>&gt; &lt;<a href="http://example.com" target="_blank">http://example.com</a>&gt;<br>
<br>
<br>
<br>
                                           &lt;mailto:<a href="mailto:user.name@site" target="_blank">user.name@site</a><br>
            &lt;mailto:<a href="mailto:user.name@site" target="_blank">user.name@site</a>&gt;.<br>
                     &lt;mailto:<a href="mailto:user.name@site" target="_blank">user.name@site</a><br>
            &lt;mailto:<a href="mailto:user.name@site" target="_blank">user.name@site</a>&gt;.&gt;__<a href="http://exam__p__le.com" target="_blank">exa<u></u>m__p__le.com</a><br>
            &lt;<a href="http://examp__le.com" target="_blank">http://examp__le.com</a>&gt; &lt;<a href="http://example.com" target="_blank">http://example.com</a>&gt;<br>
                              &lt;mailto:<a href="mailto:user.name@site" target="_blank">user.name@site</a>.<br>
            &lt;mailto:<a href="mailto:user.name@site" target="_blank">user.name@site</a>.&gt;__<a href="http://examp__le.com" target="_blank">exam<u></u>p__le.com</a> &lt;<a href="http://example.com" target="_blank">http://example.com</a>&gt;<br>




                     &lt;mailto:<a href="mailto:user.name@site." target="_blank">user.name@site.</a>__<a href="http://example.com" target="_blank">examp<u></u>le.com</a><br>
            &lt;mailto:<a href="mailto:user.name@site.example.com" target="_blank">user.name@site.<u></u>example.com</a>&gt;&gt;&gt;&gt;&gt; -interactive<br>
<br>
<br>
                                       You don&#39;t add an user this way.<br>
            You add the<br>
                     domain. You<br>
                              have to<br>
                                       pass the<br>
                                       domain admin user and the domain<br>
            admin password.<br>
<br>
<br>
                                   any domain user will do, doesn&#39;t have<br>
            to be an admin.<br>
                                   what does the log say?<br>
<br>
<br>
                                       Then you can use the domain<br>
            within the engine.<br>
                     e.g. search<br>
                                       users, add<br>
                                       access rights for vms etc.<br>
                                       Even login to the engine and<br>
            assigning rights<br>
                     within<br>
                              the engine<br>
                                       you can<br>
                                       handle from the engine itself.<br>
<br>
                                       Regards,<br>
<br>
                                           And the output on all tries:<br>
                                           Enter password:<br>
<br>
                                           Error: Authentication Failed.<br>
            Please<br>
                     verify the fully<br>
                                           qualified domain<br>
                                           name that is used for<br>
            authentication is<br>
                     correct..<br>
                                           Problematic domain<br>
                                           is: domain_used_in_command<br>
                                           Failure while applying Kerberos<br>
                     configuration. Details:<br>
                                           Authentication<br>
                                           Failed. Please verify the<br>
            fully qualified<br>
                     domain<br>
                              name that<br>
                                           is used for<br>
                                           authentication is correct.<br>
<br>
                                           Can someone help me with the<br>
            correct<br>
                     parameters?<br>
<br>
<br>
                                           Best regards,<br>
                                           Cristian Falcas<br>
<br>
<br>
<br>
<br></div></div>
            ______________________________<u></u>_________________________<div><br>
<br>
                                           Users mailing list<br>
            <a href="mailto:Users@ovirt.org" target="_blank">Users@ovirt.org</a> &lt;mailto:<a href="mailto:Users@ovirt.org" target="_blank">Users@ovirt.org</a>&gt;<br>
            &lt;mailto:<a href="mailto:Users@ovirt.org" target="_blank">Users@ovirt.org</a> &lt;mailto:<a href="mailto:Users@ovirt.org" target="_blank">Users@ovirt.org</a>&gt;&gt;<br>
            &lt;mailto:<a href="mailto:Users@ovirt.org" target="_blank">Users@ovirt.org</a> &lt;mailto:<a href="mailto:Users@ovirt.org" target="_blank">Users@ovirt.org</a>&gt;<br>
                     &lt;mailto:<a href="mailto:Users@ovirt.org" target="_blank">Users@ovirt.org</a> &lt;mailto:<a href="mailto:Users@ovirt.org" target="_blank">Users@ovirt.org</a>&gt;&gt;&gt;<br>
            &lt;mailto:<a href="mailto:Users@ovirt.org" target="_blank">Users@ovirt.org</a> &lt;mailto:<a href="mailto:Users@ovirt.org" target="_blank">Users@ovirt.org</a>&gt;<br>
                     &lt;mailto:<a href="mailto:Users@ovirt.org" target="_blank">Users@ovirt.org</a> &lt;mailto:<a href="mailto:Users@ovirt.org" target="_blank">Users@ovirt.org</a>&gt;&gt;<br>
                              &lt;mailto:<a href="mailto:Users@ovirt.org" target="_blank">Users@ovirt.org</a><br>
            &lt;mailto:<a href="mailto:Users@ovirt.org" target="_blank">Users@ovirt.org</a>&gt; &lt;mailto:<a href="mailto:Users@ovirt.org" target="_blank">Users@ovirt.org</a><br></div>
            &lt;mailto:<a href="mailto:Users@ovirt.org" target="_blank">Users@ovirt.org</a>&gt;&gt;&gt;&gt;<br>
            <a href="http://lists.ovirt.org/________mailman/listinfo/users" target="_blank">http://lists.ovirt.org/_______<u></u>_mailman/listinfo/users</a><br>
            &lt;<a href="http://lists.ovirt.org/______mailman/listinfo/users" target="_blank">http://lists.ovirt.org/______<u></u>mailman/listinfo/users</a>&gt;<div><div><br>
<br>
            &lt;<a href="http://lists.ovirt.org/______mailman/listinfo/users" target="_blank">http://lists.ovirt.org/______<u></u>mailman/listinfo/users</a><br>
            &lt;<a href="http://lists.ovirt.org/____mailman/listinfo/users" target="_blank">http://lists.ovirt.org/____<u></u>mailman/listinfo/users</a>&gt;&gt;<br>
<br>
<br>
              &lt;<a href="http://lists.ovirt.org/______mailman/listinfo/users" target="_blank">http://lists.ovirt.org/______<u></u>mailman/listinfo/users</a><br>
            &lt;<a href="http://lists.ovirt.org/____mailman/listinfo/users" target="_blank">http://lists.ovirt.org/____<u></u>mailman/listinfo/users</a>&gt;<br>
                     &lt;<a href="http://lists.ovirt.org/____mailman/listinfo/users" target="_blank">http://lists.ovirt.org/____<u></u>mailman/listinfo/users</a><br>
            &lt;<a href="http://lists.ovirt.org/__mailman/listinfo/users" target="_blank">http://lists.ovirt.org/__<u></u>mailman/listinfo/users</a>&gt;&gt;&gt;<br>
<br>
<br>
<br>
<br>
            &lt;<a href="http://lists.ovirt.org/______mailman/listinfo/users" target="_blank">http://lists.ovirt.org/______<u></u>mailman/listinfo/users</a><br>
            &lt;<a href="http://lists.ovirt.org/____mailman/listinfo/users" target="_blank">http://lists.ovirt.org/____<u></u>mailman/listinfo/users</a>&gt;<br>
                     &lt;<a href="http://lists.ovirt.org/____mailman/listinfo/users" target="_blank">http://lists.ovirt.org/____<u></u>mailman/listinfo/users</a><br>
            &lt;<a href="http://lists.ovirt.org/__mailman/listinfo/users" target="_blank">http://lists.ovirt.org/__<u></u>mailman/listinfo/users</a>&gt;&gt;<br>
<br>
              &lt;<a href="http://lists.ovirt.org/____mailman/listinfo/users" target="_blank">http://lists.ovirt.org/____<u></u>mailman/listinfo/users</a><br>
            &lt;<a href="http://lists.ovirt.org/__mailman/listinfo/users" target="_blank">http://lists.ovirt.org/__<u></u>mailman/listinfo/users</a>&gt;<br>
                     &lt;<a href="http://lists.ovirt.org/__mailman/listinfo/users" target="_blank">http://lists.ovirt.org/__<u></u>mailman/listinfo/users</a><br>
            &lt;<a href="http://lists.ovirt.org/mailman/listinfo/users" target="_blank">http://lists.ovirt.org/<u></u>mailman/listinfo/users</a>&gt;&gt;&gt;&gt;<br>
<br>
<br>
<br>
                                       --<br>
                                       Regards,<br>
<br>
                                       Vinzenz Feenstra | Senior<br>
            Software Engineer<br>
                                       RedHat Engineering Virtualization<br>
            R &amp; D<br>
                                       Phone: <a href="tel:%2B420%20532%20294%20625" target="_blank">+420 532 294 625</a><br>
            &lt;tel:%2B420%20532%20294%20625&gt;<br>
                     &lt;tel:%2B420%20532%20294%20625&gt;<br>
            &lt;tel:%2B420%20532%20294%20625&gt;<br>
                              &lt;tel:%2B420%20532%20294%20625&gt;<br>
<br>
                                       IRC: vfeenstr or evilissimo<br>
<br>
                                       Better technology. Faster<br>
            innovation. Powered<br>
                     by community<br>
                                       collaboration.<br>
                                       See how it works at <a href="http://redhat.com" target="_blank">redhat.com</a><br>
            &lt;<a href="http://redhat.com" target="_blank">http://redhat.com</a>&gt;<br>
                     &lt;<a href="http://redhat.com" target="_blank">http://redhat.com</a>&gt; &lt;<a href="http://redhat.com" target="_blank">http://redhat.com</a>&gt;<br></div></div>
                              &lt;<a href="http://redhat.com" target="_blank">http://redhat.com</a>&gt;<br>
<br>
<br>
<br>
<br>
<br>
            ______________________________<u></u>_________________________<div><br>
<br>
                                       Users mailing list<br>
            <a href="mailto:Users@ovirt.org" target="_blank">Users@ovirt.org</a> &lt;mailto:<a href="mailto:Users@ovirt.org" target="_blank">Users@ovirt.org</a>&gt;<br>
            &lt;mailto:<a href="mailto:Users@ovirt.org" target="_blank">Users@ovirt.org</a> &lt;mailto:<a href="mailto:Users@ovirt.org" target="_blank">Users@ovirt.org</a>&gt;&gt;<br>
            &lt;mailto:<a href="mailto:Users@ovirt.org" target="_blank">Users@ovirt.org</a> &lt;mailto:<a href="mailto:Users@ovirt.org" target="_blank">Users@ovirt.org</a>&gt;<br>
                     &lt;mailto:<a href="mailto:Users@ovirt.org" target="_blank">Users@ovirt.org</a> &lt;mailto:<a href="mailto:Users@ovirt.org" target="_blank">Users@ovirt.org</a>&gt;&gt;&gt;<br>
            &lt;mailto:<a href="mailto:Users@ovirt.org" target="_blank">Users@ovirt.org</a> &lt;mailto:<a href="mailto:Users@ovirt.org" target="_blank">Users@ovirt.org</a>&gt;<br>
                     &lt;mailto:<a href="mailto:Users@ovirt.org" target="_blank">Users@ovirt.org</a> &lt;mailto:<a href="mailto:Users@ovirt.org" target="_blank">Users@ovirt.org</a>&gt;&gt;<br>
                              &lt;mailto:<a href="mailto:Users@ovirt.org" target="_blank">Users@ovirt.org</a><br>
            &lt;mailto:<a href="mailto:Users@ovirt.org" target="_blank">Users@ovirt.org</a>&gt; &lt;mailto:<a href="mailto:Users@ovirt.org" target="_blank">Users@ovirt.org</a><br></div>
            &lt;mailto:<a href="mailto:Users@ovirt.org" target="_blank">Users@ovirt.org</a>&gt;&gt;&gt;&gt;<br>
            <a href="http://lists.ovirt.org/________mailman/listinfo/users" target="_blank">http://lists.ovirt.org/_______<u></u>_mailman/listinfo/users</a><br>
            &lt;<a href="http://lists.ovirt.org/______mailman/listinfo/users" target="_blank">http://lists.ovirt.org/______<u></u>mailman/listinfo/users</a>&gt;<div><br>
<br>
            &lt;<a href="http://lists.ovirt.org/______mailman/listinfo/users" target="_blank">http://lists.ovirt.org/______<u></u>mailman/listinfo/users</a><br>
            &lt;<a href="http://lists.ovirt.org/____mailman/listinfo/users" target="_blank">http://lists.ovirt.org/____<u></u>mailman/listinfo/users</a>&gt;&gt;<br>
<br>
<br>
              &lt;<a href="http://lists.ovirt.org/______mailman/listinfo/users" target="_blank">http://lists.ovirt.org/______<u></u>mailman/listinfo/users</a><br>
            &lt;<a href="http://lists.ovirt.org/____mailman/listinfo/users" target="_blank">http://lists.ovirt.org/____<u></u>mailman/listinfo/users</a>&gt;<br>
                     &lt;<a href="http://lists.ovirt.org/____mailman/listinfo/users" target="_blank">http://lists.ovirt.org/____<u></u>mailman/listinfo/users</a><br>
            &lt;<a href="http://lists.ovirt.org/__mailman/listinfo/users" target="_blank">http://lists.ovirt.org/__<u></u>mailman/listinfo/users</a>&gt;&gt;&gt;<br>
<br>
<br>
            &lt;<a href="http://lists.ovirt.org/______mailman/listinfo/users" target="_blank">http://lists.ovirt.org/______<u></u>mailman/listinfo/users</a><br>
            &lt;<a href="http://lists.ovirt.org/____mailman/listinfo/users" target="_blank">http://lists.ovirt.org/____<u></u>mailman/listinfo/users</a>&gt;<br>
                     &lt;<a href="http://lists.ovirt.org/____mailman/listinfo/users" target="_blank">http://lists.ovirt.org/____<u></u>mailman/listinfo/users</a><br>
            &lt;<a href="http://lists.ovirt.org/__mailman/listinfo/users" target="_blank">http://lists.ovirt.org/__<u></u>mailman/listinfo/users</a>&gt;&gt;<br>
<br>
              &lt;<a href="http://lists.ovirt.org/____mailman/listinfo/users" target="_blank">http://lists.ovirt.org/____<u></u>mailman/listinfo/users</a><br>
            &lt;<a href="http://lists.ovirt.org/__mailman/listinfo/users" target="_blank">http://lists.ovirt.org/__<u></u>mailman/listinfo/users</a>&gt;<br>
                     &lt;<a href="http://lists.ovirt.org/__mailman/listinfo/users" target="_blank">http://lists.ovirt.org/__<u></u>mailman/listinfo/users</a><br>
            &lt;<a href="http://lists.ovirt.org/mailman/listinfo/users" target="_blank">http://lists.ovirt.org/<u></u>mailman/listinfo/users</a>&gt;&gt;&gt;&gt;<br>
<br>
<br>
<br>
<br></div>
            ______________________________<u></u>_________________________<div><br>
<br>
                                   Users mailing list<br>
            <a href="mailto:Users@ovirt.org" target="_blank">Users@ovirt.org</a> &lt;mailto:<a href="mailto:Users@ovirt.org" target="_blank">Users@ovirt.org</a>&gt;<br>
            &lt;mailto:<a href="mailto:Users@ovirt.org" target="_blank">Users@ovirt.org</a> &lt;mailto:<a href="mailto:Users@ovirt.org" target="_blank">Users@ovirt.org</a>&gt;&gt;<br>
            &lt;mailto:<a href="mailto:Users@ovirt.org" target="_blank">Users@ovirt.org</a> &lt;mailto:<a href="mailto:Users@ovirt.org" target="_blank">Users@ovirt.org</a>&gt;<br>
                     &lt;mailto:<a href="mailto:Users@ovirt.org" target="_blank">Users@ovirt.org</a> &lt;mailto:<a href="mailto:Users@ovirt.org" target="_blank">Users@ovirt.org</a>&gt;&gt;&gt;<br>
            &lt;mailto:<a href="mailto:Users@ovirt.org" target="_blank">Users@ovirt.org</a> &lt;mailto:<a href="mailto:Users@ovirt.org" target="_blank">Users@ovirt.org</a>&gt;<br>
                     &lt;mailto:<a href="mailto:Users@ovirt.org" target="_blank">Users@ovirt.org</a> &lt;mailto:<a href="mailto:Users@ovirt.org" target="_blank">Users@ovirt.org</a>&gt;&gt;<br>
                              &lt;mailto:<a href="mailto:Users@ovirt.org" target="_blank">Users@ovirt.org</a><br>
            &lt;mailto:<a href="mailto:Users@ovirt.org" target="_blank">Users@ovirt.org</a>&gt; &lt;mailto:<a href="mailto:Users@ovirt.org" target="_blank">Users@ovirt.org</a><br></div>
            &lt;mailto:<a href="mailto:Users@ovirt.org" target="_blank">Users@ovirt.org</a>&gt;&gt;&gt;&gt;<br>
            <a href="http://lists.ovirt.org/________mailman/listinfo/users" target="_blank">http://lists.ovirt.org/_______<u></u>_mailman/listinfo/users</a><br>
            &lt;<a href="http://lists.ovirt.org/______mailman/listinfo/users" target="_blank">http://lists.ovirt.org/______<u></u>mailman/listinfo/users</a>&gt;<div><br>
<br>
            &lt;<a href="http://lists.ovirt.org/______mailman/listinfo/users" target="_blank">http://lists.ovirt.org/______<u></u>mailman/listinfo/users</a><br>
            &lt;<a href="http://lists.ovirt.org/____mailman/listinfo/users" target="_blank">http://lists.ovirt.org/____<u></u>mailman/listinfo/users</a>&gt;&gt;<br>
<br>
              &lt;<a href="http://lists.ovirt.org/______mailman/listinfo/users" target="_blank">http://lists.ovirt.org/______<u></u>mailman/listinfo/users</a><br>
            &lt;<a href="http://lists.ovirt.org/____mailman/listinfo/users" target="_blank">http://lists.ovirt.org/____<u></u>mailman/listinfo/users</a>&gt;<br>
                     &lt;<a href="http://lists.ovirt.org/____mailman/listinfo/users" target="_blank">http://lists.ovirt.org/____<u></u>mailman/listinfo/users</a><br>
            &lt;<a href="http://lists.ovirt.org/__mailman/listinfo/users" target="_blank">http://lists.ovirt.org/__<u></u>mailman/listinfo/users</a>&gt;&gt;&gt;<br>
<br>
<br>
<br></div><div>
            &lt;<a href="http://lists.ovirt.org/______mailman/listinfo/users" target="_blank">http://lists.ovirt.org/______<u></u>mailman/listinfo/users</a><br>
            &lt;<a href="http://lists.ovirt.org/____mailman/listinfo/users" target="_blank">http://lists.ovirt.org/____<u></u>mailman/listinfo/users</a>&gt;<br>
                     &lt;<a href="http://lists.ovirt.org/____mailman/listinfo/users" target="_blank">http://lists.ovirt.org/____<u></u>mailman/listinfo/users</a><br>
            &lt;<a href="http://lists.ovirt.org/__mailman/listinfo/users" target="_blank">http://lists.ovirt.org/__<u></u>mailman/listinfo/users</a>&gt;&gt;<br>
<br>
              &lt;<a href="http://lists.ovirt.org/____mailman/listinfo/users" target="_blank">http://lists.ovirt.org/____<u></u>mailman/listinfo/users</a><br>
            &lt;<a href="http://lists.ovirt.org/__mailman/listinfo/users" target="_blank">http://lists.ovirt.org/__<u></u>mailman/listinfo/users</a>&gt;<br>
                     &lt;<a href="http://lists.ovirt.org/__mailman/listinfo/users" target="_blank">http://lists.ovirt.org/__<u></u>mailman/listinfo/users</a><br>
            &lt;<a href="http://lists.ovirt.org/mailman/listinfo/users" target="_blank">http://lists.ovirt.org/<u></u>mailman/listinfo/users</a>&gt;&gt;&gt;&gt;<br>
<br>
<br>
<br>
<br>
                              Hi,<br>
<br>
                              This is the command I used (the same error<br>
            is with<br>
                     -interactive<br>
                              parameter):<br>
<br>
                              engine-manage-domains -action=add<br>
            -domain=<a href="http://example.com" target="_blank">example.com</a> &lt;<a href="http://example.com" target="_blank">http://example.com</a>&gt;<br>
                     &lt;<a href="http://example.com" target="_blank">http://example.com</a>&gt;<br>
                              &lt;<a href="http://example.com" target="_blank">http://example.com</a>&gt;<br>
                              &lt;<a href="http://example.com" target="_blank">http://example.com</a>&gt; -provider=ActiveDirectory<br>
                              -user=user.name@a_domain<br>
<br>
                              -passwordFile=/tmp/pass<br>
<br>
                              [root@localhost ~]# cat /tmp/pass<br>
                              qwerty[root@localhost ~]#<br>
<br>
                              This is the log:<br>
<br>
                              2012-11-20 00:30:40,443 INFO<br>
<br>
<br></div>
            [org.ovirt.engine.core.utils._<u></u>_____kerberos.ManageDomains]<div><br>
            Creating<br>
<br>
<br>
                              kerberos<br>
                              configuration for domain(s): <a href="http://example.com" target="_blank">example.com</a><br>
            &lt;<a href="http://example.com" target="_blank">http://example.com</a>&gt;<br>
                     &lt;<a href="http://example.com" target="_blank">http://example.com</a>&gt; &lt;<a href="http://example.com" target="_blank">http://example.com</a>&gt;<br>
                              &lt;<a href="http://example.com" target="_blank">http://example.com</a>&gt;<br>
<br>
                              2012-11-20 00:30:40,525 INFO<br>
<br>
<br></div>
            [org.ovirt.engine.core.utils._<u></u>_____kerberos.ManageDomains]<div><br>
<br>
                     Successfully<br>
<br>
                              created kerberos configuration for domain(s):<br>
            <a href="http://example.com" target="_blank">example.com</a> &lt;<a href="http://example.com" target="_blank">http://example.com</a>&gt; &lt;<a href="http://example.com" target="_blank">http://example.com</a>&gt;<br>




                              &lt;<a href="http://example.com" target="_blank">http://example.com</a>&gt;<br>
                              &lt;<a href="http://example.com" target="_blank">http://example.com</a>&gt;<br>
<br>
                              2012-11-20 00:30:40,526 INFO<br>
<br>
<br></div>
            [org.ovirt.engine.core.utils._<u></u>_____kerberos.ManageDomains]<div><br>
            Testing<br>
<br>
<br>
                              kerberos<br>
                              configuration for domain: <a href="http://example.com" target="_blank">example.com</a><br>
            &lt;<a href="http://example.com" target="_blank">http://example.com</a>&gt;<br>
                     &lt;<a href="http://example.com" target="_blank">http://example.com</a>&gt; &lt;<a href="http://example.com" target="_blank">http://example.com</a>&gt;<br>
                              &lt;<a href="http://example.com" target="_blank">http://example.com</a>&gt;<br>
<br>
                              2012-11-20 00:30:40,830 ERROR<br>
<br>
<br></div>
            [org.ovirt.engine.core.utils._<u></u>_____kerberos.__<u></u>KerberosConfigCheck]<div><br>
<br>
                     Error:<br>
<br>
                              exception message: Cannot locate KDC<br>
                              2012-11-20 00:30:40,851 ERROR<br>
<br>
<br></div>
            [org.ovirt.engine.core.utils._<u></u>_____kerberos.ManageDomains]<div><div><br>
            Failure<br>
<br>
                     while<br>
<br>
                              testing domain <a href="http://example.com" target="_blank">example.com</a><br>
            &lt;<a href="http://example.com" target="_blank">http://example.com</a>&gt; &lt;<a href="http://example.com" target="_blank">http://example.com</a>&gt;<br>
                     &lt;<a href="http://example.com" target="_blank">http://example.com</a>&gt;<br>
                              &lt;<a href="http://example.com" target="_blank">http://example.com</a>&gt;. Details: Kerberos<br>
<br>
                              error. Please check log for further details.<br>
<br>
<br>
                          Hi, the error indicates you don&#39;t have<br>
            kerberos configured.<br>
                          manage-domains validates by default using<br>
            GSSAPI/Kerberos (if I<br>
                          understand correctly, this is equivalent to<br>
            run ldapsearch<br>
                     with -Y<br>
                          gssapi option).<br>
                          I wonder if -x (simple authentication) will<br>
            work for you as<br>
                     well (as<br>
                          manage-domains contains code for simple<br>
            authentication as<br>
                     well).<br>
<br>
<br>
<br>
                              This is the ldapsearch command that works<br>
            (it retrieves<br>
                     users)<br>
                              from the<br>
                              same machine:<br>
<br>
<br>
<br>
                              ldapsearch -H ldap://<a href="http://example.com" target="_blank">example.com</a><br>
            &lt;<a href="http://example.com" target="_blank">http://example.com</a>&gt; &lt;<a href="http://example.com" target="_blank">http://example.com</a>&gt;<br>
                     &lt;<a href="http://example.com" target="_blank">http://example.com</a>&gt;<br>
                              &lt;<a href="http://example.com" target="_blank">http://example.com</a>&gt; -b<br>
<br>
                              dc=example,dc=com -D user.name@a_domain -w<br>
            qwerty<br>
<br>
<br>
                              Best regards,<br>
                              Cristian Falcas<br>
<br>
<br>
<br>
<br></div></div><div>
              ______________________________<u></u>_______________________<br>
                              Users mailing list<br>
            <a href="mailto:Users@ovirt.org" target="_blank">Users@ovirt.org</a> &lt;mailto:<a href="mailto:Users@ovirt.org" target="_blank">Users@ovirt.org</a>&gt;<br>
            &lt;mailto:<a href="mailto:Users@ovirt.org" target="_blank">Users@ovirt.org</a> &lt;mailto:<a href="mailto:Users@ovirt.org" target="_blank">Users@ovirt.org</a>&gt;&gt;<br>
            &lt;mailto:<a href="mailto:Users@ovirt.org" target="_blank">Users@ovirt.org</a> &lt;mailto:<a href="mailto:Users@ovirt.org" target="_blank">Users@ovirt.org</a>&gt;<br>
                     &lt;mailto:<a href="mailto:Users@ovirt.org" target="_blank">Users@ovirt.org</a> &lt;mailto:<a href="mailto:Users@ovirt.org" target="_blank">Users@ovirt.org</a>&gt;&gt;&gt;<br>
            <a href="http://lists.ovirt.org/______mailman/listinfo/users" target="_blank">http://lists.ovirt.org/______<u></u>mailman/listinfo/users</a><br>
            &lt;<a href="http://lists.ovirt.org/____mailman/listinfo/users" target="_blank">http://lists.ovirt.org/____<u></u>mailman/listinfo/users</a>&gt;<br>
                     &lt;<a href="http://lists.ovirt.org/____mailman/listinfo/users" target="_blank">http://lists.ovirt.org/____<u></u>mailman/listinfo/users</a><br>
            &lt;<a href="http://lists.ovirt.org/__mailman/listinfo/users" target="_blank">http://lists.ovirt.org/__<u></u>mailman/listinfo/users</a>&gt;&gt;<br>
<br>
              &lt;<a href="http://lists.ovirt.org/____mailman/listinfo/users" target="_blank">http://lists.ovirt.org/____<u></u>mailman/listinfo/users</a><br>
            &lt;<a href="http://lists.ovirt.org/__mailman/listinfo/users" target="_blank">http://lists.ovirt.org/__<u></u>mailman/listinfo/users</a>&gt;<br>
                     &lt;<a href="http://lists.ovirt.org/__mailman/listinfo/users" target="_blank">http://lists.ovirt.org/__<u></u>mailman/listinfo/users</a><br>
            &lt;<a href="http://lists.ovirt.org/mailman/listinfo/users" target="_blank">http://lists.ovirt.org/<u></u>mailman/listinfo/users</a>&gt;&gt;&gt;<br>
<br>
<br>
<br>
<br>
                     Hi,<br>
<br></div><div>
                     I used &quot;-x&quot; for ldapsearch and the result is the<br>
            same: list<br>
                     retrieved.<br>
                     Is there any equivalent for engine-manage-domains?<br>
<br>
                     Cristian<br>
<br>
                 Hi Christian, there is no code allowing to add<br>
            simple-authentication<br>
                 domains to Manage-Domains.<br>
                 In the past we did have the ability to do that, but<br>
            there are<br>
                 several problematic issues.<br>
                 What ldap server are you working against? Maybe I<br>
            missed that<br>
<br>
<br>
<br>
<br>
            Hi,<br>
<br>
            The server is a Microfost AD 2003.<br>
<br>
            Best regards,<br>
            Cristian Falcas<br>
<br>
<br>
        this should work, is the AD also the DNS server for the ovirt<br>
        engine machine?<br>
<br>
<br>
<br>
    yes<br>
<br>
<br>
</div></blockquote>
<br>
<br>
</blockquote></div><br>Could you take a look at the tcp dump? There are only 2 messages relevant to this (let me know if you want the full dump):<br><br>- 2091    12.423634    10.0.0.xx    10.0.0.yyy    DNS    87    Standard query SRV _kerberos._<a href="http://tcp.EXAMPLE.COM" target="_blank">tcp.EXAMPLE.COM</a><br>



- 2092    12.424357    10.0.0.yyy    10.0.0.xx    DNS    245    Standard query response SRV 0 100 88 <a href="http://site1.example.com" target="_blank">site1.example.com</a> SRV 0 100 88 <a href="http://site2.example.com" target="_blank">site2.example.com</a> SRV 0 100 88 <a href="http://site3.example.com" target="_blank">site3.example.com</a><br>



<br>Also, I tries to run ldapsearch with -Y gssapi:<br>ldap_sasl_interactive_bind_s: Unknown authentication method (-6)<br>        additional info: SASL(-4): no mechanism available: No worthy mechs found<br><br>Best regards, <br>



Cristian Falcas<br></div></div></div>
</blockquote>The SRV records look fine.<div>If I remember correctly, your DNS should have a reverse-resolve PTR record to your engine machine. Does it exists?</div><div><br></div></div></div></blockquote></div><br><br>I don&#39;t think so (10.0.0.xx is engine machine, 10.0.0.yyy is dns):<br>

<br>[root@localhost ~]# nslookup 10.0.0.xx<br>Server:         10.0.0.yyy<br>Address:        10.0.0.yyy#53<br><br>** server can&#39;t find xx.0.0.10.in-addr.arpa.: NXDOMAIN<br><br>[root@localhost ~]# host 10.0.0.xx<br>Host xx.0.0.10.in-addr.arpa. not found: 3(NXDOMAIN)<br>

<br>I will ask them to add a DNS record for the machine.<br></div>