<div dir="ltr"><div>[root@usarpaovrtengine01 ~]# psql select username, group_ids from users;</div><div>psql: warning: extra command-line argument "group_ids" ignored</div><div>psql: warning: extra command-line argument "from" ignored</div>
<div>psql: warning: extra command-line argument "users" ignored</div><div>psql: FATAL: Ident authentication failed for user "username,"</div><div>[root@usarpaovrtengine01 ~]#</div><div><br></div><div>
I can log into the admin portal fine with my admin users. I can log into the user portal fine with the admin users. I can not log into the user portal with a regular user account. </div><div><br></div><div>Here's the engine.log for when I try to log in to user portal with that user account:</div>
<div><br></div><div><div>2014-04-06 20:51:59,208 WARN [org.ovirt.engine.core.bll.LoginUserCommand] (ajp--127.0.0.1-8702-7) CanDoAction of action LoginUser failed. Reasons:USER_NOT_AUTHORIZED_TO_PERFORM_ACTION</div><div>
<br>
</div></div><div><br></div><div>The user account "ovirt" (which I've added to my AD) is what I'm trying to log in with. That user account is not specifically showing up in the admin portal user list; however, the group Domain\Users does show up. The 'ovirt' user is a member of Domain\Users.</div>
</div><div class="gmail_extra"><br><br><div class="gmail_quote">On Sun, Apr 6, 2014 at 8:38 PM, Yair Zaslavsky <span dir="ltr"><<a href="mailto:yzaslavs@redhat.com" target="_blank">yzaslavs@redhat.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class=""><br>
<br>
----- Original Message -----<br>
> From: "Jeff Clay" <<a href="mailto:jeffclay@gmail.com">jeffclay@gmail.com</a>><br>
</div><div class="">> To: "Yair Zaslavsky" <<a href="mailto:yzaslavs@redhat.com">yzaslavs@redhat.com</a>>, <a href="mailto:users@ovirt.org">users@ovirt.org</a><br>
> Sent: Monday, April 7, 2014 4:28:09 AM<br>
> Subject: Re: [Users] Unable to log into user portal with user account<br>
><br>
> I added the domain using engine-manage-domains and then I went into the<br>
> engine admin portal and added the groups I mentioned and assigned those<br>
> groups to the UserRole for ovirt. I'm not familiar with psql at all, every<br>
> iteration of running the queries you requested has failed.<br>
<br>
</div>Ok, after you fail to login to userportal, can you login to the admin portal, and check for the user you tried to login with what are the permissions he has?<br>
<br>
Thanks,<br>
Yair<br>
<div class=""><br>
><br>
><br>
> On Sun, Apr 6, 2014 at 7:27 PM, Yair Zaslavsky <<a href="mailto:yzaslavs@redhat.com">yzaslavs@redhat.com</a>> wrote:<br>
><br>
> > Hi,<br>
> > 1. When you log in to to the admin portal, and check the permissions the<br>
> > user have, does it have the UserRole?<br>
> > 2. Can you please provide us the following SQL queries (using psql)<br>
> ><br>
> > select user_name, groupIds from users;<br>
<br>
</div>Should be select username, group_ids from users; - sorry, my bad.<br>
<div class="HOEnZb"><div class="h5"><br>
> ><br>
> > select id,name from ad_groups;<br>
> ><br>
> ><br>
> > 3. In addition - have you manually added your user to oVirt before the<br>
> > login attempt, or did you just add the mentioned group + gave it<br>
> > permissions?<br>
> ><br>
> > Thanks,<br>
> > Yair<br>
> ><br>
> ><br>
> ><br>
> > ----- Original Message -----<br>
> > > From: "Jeff Clay" <<a href="mailto:jeffclay@gmail.com">jeffclay@gmail.com</a>><br>
> > > To: <a href="mailto:users@ovirt.org">users@ovirt.org</a><br>
> > > Sent: Monday, April 7, 2014 3:01:55 AM<br>
> > > Subject: [Users] Unable to log into user portal with user account<br>
> > ><br>
> > > I have attached an AD domain. I can log in to the admin and user portals<br>
> > > with the credentials used to add the domain. I made a new user on the AD<br>
> > > for testing. I have added BuiltIn\Users and Domain\Users to the UserRole<br>
> > in<br>
> > > Ovirt. When I try to log in to the UserPortal with a regular user<br>
> > account I<br>
> > > get the error that the user isn't authorized to perform the action.<br>
> > ><br>
> > > _______________________________________________<br>
> > > Users mailing list<br>
> > > <a href="mailto:Users@ovirt.org">Users@ovirt.org</a><br>
> > > <a href="http://lists.ovirt.org/mailman/listinfo/users" target="_blank">http://lists.ovirt.org/mailman/listinfo/users</a><br>
> > ><br>
> ><br>
><br>
</div></div></blockquote></div><br></div>