<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<p>Hi, <br>
</p>
<p>I was trying 4.1 beta on a dev plateform in january when I first
wrote about this bug.</p>
<p>I'm now in 4.1 production, and the bug becomes really annoying
with serial console. Fortunately I can successfully continue to
log into webadmin with the same login.<br>
</p>
<p>ssh -vvv tells me the authentication succeeded, so it is nothing
to do with any special character in my password.</p>
<p>Here are my credentials:</p>
<p>[oVirt shell (connected)]# list users --show-all --kwargs
"last_name=*Blanchet"<br>
<br>
id : aa47e979-713b-421b-bee2-8c547c1ca57f<br>
name : Nathanaël<br>
domain-id : 616265732E66722D617574687A<br>
domain-name : abes.fr-authz<br>
domain_entry_id :
4634733074656957673061686946612B6E58416939773D3D<br>
email : <a class="moz-txt-link-abbreviated" href="mailto:blanchet@abes.fr">blanchet@abes.fr</a><br>
last_name : Blanchet<br>
namespace : DC=levant,DC=abes,DC=fr<br>
principal : <a class="moz-txt-link-abbreviated" href="mailto:sblanchet@levant.abes.fr">sblanchet@levant.abes.fr</a><br>
user_name : <a class="moz-txt-link-abbreviated" href="mailto:sblanchet@levant.abes.fr@abes.fr-authz">sblanchet@levant.abes.fr@abes.fr-authz</a></p>
<p>They are exaclty the same as my colleague who succeeds to
authenticate with ssh</p>
<p>[oVirt shell (connected)]# list users --show-all --kwargs
"last_name=Couren"<br>
<br>
id : 53c70b4a-e8e3-4fd3-b8db-cd518fc1a372<br>
name : Michaël<br>
domain-id : 616265732E66722D617574687A<br>
domain-name : abes.fr-authz<br>
domain_entry_id :
497338714735756636554F684255526544384F7476673D3D<br>
email : <a class="moz-txt-link-abbreviated" href="mailto:couren@abes.fr">couren@abes.fr</a><br>
last_name : Couren<br>
namespace : DC=levant,DC=abes,DC=fr<br>
principal : <a class="moz-txt-link-abbreviated" href="mailto:scouren@levant.abes.fr">scouren@levant.abes.fr</a><br>
user_name : <a class="moz-txt-link-abbreviated" href="mailto:scouren@levant.abes.fr@abes.fr-auth">scouren@levant.abes.fr@abes.fr-auth</a></p>
<p>Is there anything new?<br>
</p>
<p><br>
</p>
<div class="moz-cite-prefix">Le 02/03/2017 à 12:21, Eduardo Mayoral
a écrit :<br>
</div>
<blockquote cite="mid:fcc9bdee-bcff-3541-dc9e-eeca8fe40c9d@arsys.es"
type="cite">
<meta http-equiv="content-type" content="text/html; charset=utf-8">
<p>Hi, <br>
</p>
<p> I am getting exactly the same issue here with 4.1 , when
trying to log in to the serial console over SSH.</p>
<p><br>
</p>
<p>The user with domain is <a moz-do-not-send="true"
class="moz-txt-link-rfc2396E"
href="mailto:emayoral_adm@arsyslan.es">"emayoral_adm@arsyslan.es"</a>
(please note mailman may translate the "at" character to a
textual "_at_"). The First name and last name as read from
active directory is "Eduardo Mayoral" (with no quotes)<br>
</p>
<p>The password is: 08.HJYqoce,nrW (OK, this is not the real
password, but it has the same special characters and approximate
structure and length)<br>
</p>
<p>This is the engine.log output.<br>
</p>
<p><tt><font size="-1">2017-03-02 11:13:31,917Z INFO
[org.ovirt.engine.core.bll.aaa.LoginOnBehalfCommand]
(default task-25) [5d9b7d18] Running command:
LoginOnBehalfCommand internal: true.<br>
2017-03-02 11:13:31,938Z ERROR
[org.ovirt.engine.core.sso.utils.SsoUtils] (default task-33)
[] OAuthException server_error: java.text.ParseException:
Invalid character ' ' encountered.<br>
2017-03-02 11:13:31,939Z ERROR
[org.ovirt.engine.core.bll.aaa.LoginOnBehalfCommand]
(default task-25) [5d9b7d18] Unable to create engine
session: EngineException: user <a moz-do-not-send="true"
class="moz-txt-link-abbreviated"
href="mailto:emayoral_adm@arsyslan.es">emayoral_adm@arsyslan.es</a>
in domain 'arsyslan.es-authz (Failed with error
PRINCIPAL_NOT_FOUND and code 5200)<br>
2017-03-02 11:13:31,945Z ERROR
[org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector]
(default task-25) [5d9b7d18] EVENT_ID:
USER_LOGIN_ON_BEHALF_FAILED(1,402), Correlation ID:
5d9b7d18, Call Stack: null, Custom Event ID: -1, Message:
Failed to execute login on behalf - for user <a
moz-do-not-send="true" class="moz-txt-link-abbreviated"
href="mailto:emayoral_adm@arsyslan.es">emayoral_adm@arsyslan.es</a>.<br>
2017-03-02 11:13:31,945Z ERROR
[org.ovirt.engine.core.services.VMConsoleProxyServlet]
(default task-25) [5d9b7d18] Error processing request: :
java.lang.RuntimeException: Unable to create session using
LoginOnBehalf<br>
at
org.ovirt.engine.core.services.VMConsoleProxyServlet.availableConsoles(VMConsoleProxyServlet.java:102)
[services.jar:]<br>
at
org.ovirt.engine.core.services.VMConsoleProxyServlet.produceContentFromParameters(VMConsoleProxyServlet.java:177)
[services.jar:]<br>
at
org.ovirt.engine.core.services.VMConsoleProxyServlet.doPost(VMConsoleProxyServlet.java:213)
[services.jar:]<br>
at
javax.servlet.http.HttpServlet.service(HttpServlet.java:707)
[jboss-servlet-api_3.1_spec-1.0.0.Final.jar:1.0.0.Final]<br>
at
javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
[jboss-servlet-api_3.1_spec-1.0.0.Final.jar:1.0.0.Final]<br>
at
io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:85)
[undertow-servlet-1.4.0.Final.jar:1.4.0.Final]<br>
at
io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:129)
[undertow-servlet-1.4.0.Final.jar:1.4.0.Final]<br>
at
org.ovirt.engine.core.utils.servlet.LocaleFilter.doFilter(LocaleFilter.java:66)
[utils.jar:]<br>
at
io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
[undertow-servlet-1.4.0.Final.jar:1.4.0.Final]<br>
at
io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
[undertow-servlet-1.4.0.Final.jar:1.4.0.Final]<br>
at
io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84)
[undertow-servlet-1.4.0.Final.jar:1.4.0.Final]<br>
at
io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
[undertow-servlet-1.4.0.Final.jar:1.4.0.Final]<br>
at
io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
[undertow-servlet-1.4.0.Final.jar:1.4.0.Final]<br>
at
org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)<br>
at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
[undertow-core-1.4.0.Final.jar:1.4.0.Final]<br>
at
io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:131)
[undertow-servlet-1.4.0.Final.jar:1.4.0.Final]<br>
at
io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57)
[undertow-servlet-1.4.0.Final.jar:1.4.0.Final]<br>
at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
[undertow-core-1.4.0.Final.jar:1.4.0.Final]<br>
at
io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
[undertow-core-1.4.0.Final.jar:1.4.0.Final]<br>
at
io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
[undertow-servlet-1.4.0.Final.jar:1.4.0.Final]<br>
at
io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60)
[undertow-core-1.4.0.Final.jar:1.4.0.Final]<br>
at
io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)
[undertow-servlet-1.4.0.Final.jar:1.4.0.Final]<br>
at
io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50)
[undertow-core-1.4.0.Final.jar:1.4.0.Final]<br>
at
io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)
[undertow-core-1.4.0.Final.jar:1.4.0.Final]<br>
at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
[undertow-core-1.4.0.Final.jar:1.4.0.Final]<br>
at
org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)<br>
at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
[undertow-core-1.4.0.Final.jar:1.4.0.Final]<br>
at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
[undertow-core-1.4.0.Final.jar:1.4.0.Final]<br>
at
io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:292)
[undertow-servlet-1.4.0.Final.jar:1.4.0.Final]<br>
at
io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:81)
[undertow-servlet-1.4.0.Final.jar:1.4.0.Final]<br>
at
io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:138)
[undertow-servlet-1.4.0.Final.jar:1.4.0.Final]<br>
at
io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:135)
[undertow-servlet-1.4.0.Final.jar:1.4.0.Final]<br>
at
io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48)
[undertow-servlet-1.4.0.Final.jar:1.4.0.Final]<br>
at
io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43)
[undertow-servlet-1.4.0.Final.jar:1.4.0.Final]<br>
at
io.undertow.servlet.api.LegacyThreadSetupActionWrapper$1.call(LegacyThreadSetupActionWrapper.java:44)
[undertow-servlet-1.4.0.Final.jar:1.4.0.Final]<br>
at
io.undertow.servlet.api.LegacyThreadSetupActionWrapper$1.call(LegacyThreadSetupActionWrapper.java:44)
[undertow-servlet-1.4.0.Final.jar:1.4.0.Final]<br>
at
io.undertow.servlet.api.LegacyThreadSetupActionWrapper$1.call(LegacyThreadSetupActionWrapper.java:44)
[undertow-servlet-1.4.0.Final.jar:1.4.0.Final]<br>
at
io.undertow.servlet.api.LegacyThreadSetupActionWrapper$1.call(LegacyThreadSetupActionWrapper.java:44)
[undertow-servlet-1.4.0.Final.jar:1.4.0.Final]<br>
at
io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:272)
[undertow-servlet-1.4.0.Final.jar:1.4.0.Final]<br>
at
io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81)
[undertow-servlet-1.4.0.Final.jar:1.4.0.Final]<br>
at
io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:104)
[undertow-servlet-1.4.0.Final.jar:1.4.0.Final]<br>
at
io.undertow.server.Connectors.executeRootHandler(Connectors.java:202)
[undertow-core-1.4.0.Final.jar:1.4.0.Final]<br>
at
io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:805)
[undertow-core-1.4.0.Final.jar:1.4.0.Final]<br>
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
[rt.jar:1.8.0_121]<br>
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
[rt.jar:1.8.0_121]<br>
at java.lang.Thread.run(Thread.java:745)
[rt.jar:1.8.0_121]<br>
</font></tt><br>
</p>
<p>Did you find the cause for this and possible fixes or
workarounds?<br>
</p>
<br>
<pre class="moz-signature" cols="72">--
Eduardo Mayoral Jimeno (<a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:emayoral@arsys.es">emayoral@arsys.es</a>)
Administrador de sistemas. Departamento de Plataformas. Arsys internet.
+34 941 620 145 ext. 5153</pre>
</blockquote>
<br>
<pre class="moz-signature" cols="72">--
Nathanaël Blanchet
Supervision réseau
Pôle Infrastrutures Informatiques
227 avenue Professeur-Jean-Louis-Viala
34193 MONTPELLIER CEDEX 5
Tél. 33 (0)4 67 54 84 55
Fax 33 (0)4 67 54 84 14
<a class="moz-txt-link-abbreviated" href="mailto:blanchet@abes.fr">blanchet@abes.fr</a> </pre>
</body>
</html>