<div dir="ltr"><div><div><div><div><div><div><div><div>oVirt: <span class="">3.6.2<br><br></span></div><span class="">Trying to use:<br><br><a href="https://github.com/machacekondra/ovirt-engine-kerbldap-migration">https://github.com/machacekondra/ovirt-engine-kerbldap-migration</a><br><br></span></div><span class="">First use:<br><br>engine-manage-domains add --domain=<a href="http://udistritaloas.edu.co">udistritaloas.edu.co</a> --provider=ipa --user=admin --ldap-servers=<a href="http://freeipa.udistritaloas.edu.co">freeipa.udistritaloas.edu.co</a><br><br></span></div><span class="">The domain was added, but a I can&#39;t access to the webadmin portal :/<br><br></span></div><span class="">I get the message:<br><br>&quot;User is not authorized to perform this action.&quot;<br><br></span></div><span class="">In ovirt-cli<br><br>[401] - Unauthorized<br><br>tail -n 5000 /var/log/ovirt-engine/engine.log | grep admin@internal<br><br>2016-06-20 10:52:22,835 ERROR [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] (default task-32) [] Correlation ID: null, Call Stack: null, Custom Event ID: -1, Message: User admin@internal failed to log in.<br>2016-06-20 10:52:22,836 WARN  [org.ovirt.engine.core.bll.aaa.LoginAdminUserCommand] (default task-32) [] CanDoAction of action &#39;LoginAdminUser&#39; failed for user admin@internal. Reasons: USER_NOT_AUTHORIZED_TO_PERFORM_ACTION<br>2016-06-20 11:00:37,679 ERROR [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] (default task-3) [] Correlation ID: null, Call Stack: null, Custom Event ID: -1, Message: User admin@internal failed to log in.<br>2016-06-20 11:00:37,679 WARN  [org.ovirt.engine.core.bll.aaa.LoginUserCommand] (default task-3) [] CanDoAction of action &#39;LoginUser&#39; failed for user admin@internal. Reasons: USER_NOT_AUTHORIZED_TO_PERFORM_ACTION<br>2016-06-20 11:01:04,016 ERROR [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] (default task-4) [] Correlation ID: null, Call Stack: null, Custom Event ID: -1, Message: User admin@internal failed to log in.<br>2016-06-20 11:01:04,016 WARN  [org.ovirt.engine.core.bll.aaa.LoginUserCommand] (default task-4) [] CanDoAction of action &#39;LoginUser&#39; failed for user admin@internal. Reasons: USER_NOT_AUTHORIZED_TO_PERFORM_ACTION<br><br></span></div><span class="">Properties of Internal domain:<br><br>cat /etc/ovirt-engine/aaa/internal.properties<br><br><a href="http://ovirt.engine.extension.name">ovirt.engine.extension.name</a> = internal-authn<br>ovirt.engine.extension.bindings.method = jbossmodule<br>ovirt.engine.extension.binding.jbossmodule.module = org.ovirt.engine.extension.aaa.jdbc<br>ovirt.engine.extension.binding.jbossmodule.class = org.ovirt.engine.extension.aaa.jdbc.binding.api.AuthnExtension<br>ovirt.engine.extension.provides = org.ovirt.engine.api.extensions.aaa.Authn<br><a href="http://ovirt.engine.aaa.authn.profile.name">ovirt.engine.aaa.authn.profile.name</a> = internal<br>ovirt.engine.aaa.authn.authz.plugin = internal-authz<br>config.datasource.file = /etc/ovirt-engine/aaa/internal.properties<br><br>cat /etc/ovirt-engine/extensions.d/internal-authn.properties<br><br><a href="http://ovirt.engine.extension.name">ovirt.engine.extension.name</a> = internal-authn<br>ovirt.engine.extension.bindings.method = jbossmodule<br>ovirt.engine.extension.binding.jbossmodule.module = org.ovirt.engine.extension.aaa.jdbc<br>ovirt.engine.extension.binding.jbossmodule.class = org.ovirt.engine.extension.aaa.jdbc.binding.api.AuthnExtension<br>ovirt.engine.extension.provides = org.ovirt.engine.api.extensions.aaa.Authn<br><a href="http://ovirt.engine.aaa.authn.profile.name">ovirt.engine.aaa.authn.profile.name</a> = internal<br>ovirt.engine.aaa.authn.authz.plugin = internal-authz<br>config.datasource.file = /etc/ovirt-engine/aaa/internal.properties<br><br>cat /etc/ovirt-engine/extensions.d/internal-authz.properties<br><br><a href="http://ovirt.engine.extension.name">ovirt.engine.extension.name</a> = internal-authz<br>ovirt.engine.extension.bindings.method = jbossmodule<br>ovirt.engine.extension.binding.jbossmodule.module = org.ovirt.engine.extension.aaa.jdbc<br>ovirt.engine.extension.binding.jbossmodule.class = org.ovirt.engine.extension.aaa.jdbc.binding.api.AuthzExtension<br>ovirt.engine.extension.provides = org.ovirt.engine.api.extensions.aaa.Authz<br>config.datasource.file = /etc/ovirt-engine/aaa/internal.properties<br><br></span></div><span class="">Properties of admin@internal user:<br><br>ovirt-aaa-jdbc-tool user show admin<br><br>-- User admin(fdfc627c-d875-11e0-90f0-83df133b58cc) --<br>Namespace: *<br>Name: admin<br>ID: fdfc627c-d875-11e0-90f0-83df133b58cc<br>Display Name:<br>Email:<br>First Name: admin<br>Last Name:<br>Department:<br>Title:<br>Description:<br>Account Disabled: false<br>Account Unlocked At: 1970-01-01 00:00:00Z<br>Account Valid From: 2015-10-01 00:00:00Z<br>Account Valid To: 2100-01-01 00:00:00Z<br>Account Without Password: false<br>Last successful Login At: 2016-06-20 16:01:03Z<br>Last unsuccessful Login At: 2016-06-19 16:53:07Z<br>Password Valid To: 2100-01-01 00:00:00Z<br><br></span></div><span class="">¿ Can I assign privilegies to the user ? ¿ Any idea ?<br></span></div>