<div dir="ltr">Hey everyone,<div><br></div><div>I had FreeIPA authentication set up on my oVirt instance and it was working great. Then something happened that disconnected my NFS storage and caused a problem with my hosted-engine. Once I got it back up and running again, my FreeIPA authentication was sill a choice for authentication, but it always rejects my password even though it is correct. I have tried running the setup again to no avail. Nothing shows up in the httpd error log when the login fails. The engine.log from ovirt-engine in /var/log shows the following upon attempting to authenticate with a user from freeIPA:</div><div><br></div><div><div><font face="monospace, monospace">2018-04-23 08:08:24,384-06 WARN [org.ovirt.engineextensions.aaa.ldap.Framework] (default task-34) [] Ignoring records from pool: 'authz'</font></div><div><font face="monospace, monospace">2018-04-23 08:08:24,384-06 ERROR [org.ovirt.engine.core.sso.servlets.InteractiveAuthServlet] (default task-34) [] Cannot authenticate user 'nesretep@IPA' connecting from 'UNKNOWN': The username or password is incorrect.</font></div><div><br></div><div>I'm not sure why 'authz' is being ignored but it is certainly why IPA authentication isn't working as 'username@authz' is how IPA logins show up in oVirt when they do work. Any ideas where to look next?</div>-- <br><div class="gmail-m_-1097563001929807465gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr">Kristian Petersen<div>System Administrator</div><div>BYU Dept. of Chemistry and Biochemistry</div></div></div></div></div></div></div>
</div></div>