<div dir="ltr"><div><div>Hi guys,<br><br>I'm trying to work around the impossibility of adding local users into oVirt by setting up a FreeIPA server for my test rig... :(<br><br></div><div>Everything is Fedora 19 and whatever package versions come with it.<br>
</div><div><br></div>1) I have an A-record, a PTR-record and the necessary SRV records for my server in dnsmasq on my OpenWRT router:<br>ptr-record=60.2.168.192.in-addr.arpa,"<a href="http://freeipa.iiordanov.com">freeipa.iiordanov.com</a>"<br>
srv-host=_kerberos-master._tcp,<a href="http://freeipa.iiordanov.com">freeipa.iiordanov.com</a>,88,0,100<br>srv-host=_kerberos-master._udp,<a href="http://freeipa.iiordanov.com">freeipa.iiordanov.com</a>,88,0,100<br>srv-host=_kerberos._tcp,<a href="http://freeipa.iiordanov.com">freeipa.iiordanov.com</a>,88,0,100<br>
srv-host=_kerberos._udp,<a href="http://freeipa.iiordanov.com">freeipa.iiordanov.com</a>,88,0,100<br>srv-host=_kpasswd._tcp,<a href="http://freeipa.iiordanov.com">freeipa.iiordanov.com</a>,464,0,100<br>srv-host=_kpasswd._udp,<a href="http://freeipa.iiordanov.com">freeipa.iiordanov.com</a>,464,0,100<br>
srv-host=_ldap._tcp,<a href="http://freeipa.iiordanov.com">freeipa.iiordanov.com</a>,389,0,100<br><br></div>2) I have run ipa-server-install and everything completed without error. I've disabled the firewall on the server completely and the iptables chains are all clean. I've rebooted the server just in case.<br>
<div><br></div><div>3) When I try to add the IPA server to oVirt, I get a nasty error!<br><br></div><div># engine-manage-domains -action=add -domain=<a href="http://iiordanov.com">iiordanov.com</a> -user=admin -provider=ipa -interactive<br>
Enter password:<br><br>General error has occurednull<br>java.lang.NegativeArraySizeException<br> at sun.security.jgss.krb5.CipherHelper.aes256Encrypt(CipherHelper.java:1367)<br> at sun.security.jgss.krb5.CipherHelper.encryptData(CipherHelper.java:722)<br>
at sun.security.jgss.krb5.WrapToken_v2.<init>(WrapToken_v2.java:200)<br> at sun.security.jgss.krb5.Krb5Context.wrap(Krb5Context.java:861)<br> at sun.security.jgss.GSSContextImpl.wrap(GSSContextImpl.java:385)<br>
at com.sun.security.sasl.gsskerb.GssKrb5Base.wrap(GssKrb5Base.java:104)<br> at com.sun.jndi.ldap.sasl.SaslOutputStream.write(SaslOutputStream.java:89)<br> at com.sun.jndi.ldap.Connection.writeRequest(Connection.java:430)<br>
at com.sun.jndi.ldap.LdapClient.search(LdapClient.java:555)<br> at com.sun.jndi.ldap.LdapCtx.doSearch(LdapCtx.java:1985)<br> at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1847)<br> at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1772)<br>
at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:386)<br> at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:356)<br> at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:339)<br>
at javax.naming.directory.InitialDirContext.search(InitialDirContext.java:267)<br> at org.ovirt.engine.core.ldap.RootDSEData.<init>(RootDSEData.java:52)<br> at org.ovirt.engine.core.utils.kerberos.JndiAction.getDomainDN(JndiAction.java:257)<br>
at org.ovirt.engine.core.utils.kerberos.JndiAction.run(JndiAction.java:87)<br> at java.security.AccessController.doPrivileged(Native Method)<br> at javax.security.auth.Subject.doAs(Subject.java:356)<br> at org.ovirt.engine.core.utils.kerberos.KerberosConfigCheck.promptSuccessfulAuthentication(KerberosConfigCheck.java:174)<br>
at org.ovirt.engine.core.utils.kerberos.KerberosConfigCheck.validateKerberosInstallation(KerberosConfigCheck.java:150)<br> at org.ovirt.engine.core.utils.kerberos.KerberosConfigCheck.checkInstallation(KerberosConfigCheck.java:135)<br>
at org.ovirt.engine.core.domains.ManageDomains.checkKerberosConfiguration(ManageDomains.java:746)<br> at org.ovirt.engine.core.domains.ManageDomains.testConfiguration(ManageDomains.java:917)<br> at org.ovirt.engine.core.domains.ManageDomains.addDomain(ManageDomains.java:539)<br>
at org.ovirt.engine.core.domains.ManageDomains.runCommand(ManageDomains.java:311)<br> at org.ovirt.engine.core.domains.ManageDomains.main(ManageDomains.java:206)<br> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)<br>
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)<br> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)<br> at java.lang.reflect.Method.invoke(Method.java:606)<br>
at org.jboss.modules.Module.run(Module.java:260)<br> at org.jboss.modules.Main.main(Main.java:291)<br>Failure while testing domain %1$s. Details: %2$s: One of the parameters for this error is null and no default message to show<br clear="all">
<div><div><div><div><br><br></div><div>Can anybody spot the trouble here? Any help is appreciated!<br><br>Many thanks!<br>iordan<br></div><div><br>-- <br>The conscious mind has only one thread of execution.
</div></div></div></div></div></div>