----- Original Message -----
From: "Dead Horse" <deadhorseconsulting(a)gmail.com>
Sent: Thursday, August 8, 2013 7:51:03 PM
I verified the fix against current master with multiple installs and
browsers. Thanks guys!
Fix verified to work with:
Firefox Version 22.0-1
Google Chrome Version 28.0.1500.95
I still noted an odd issue with Firefox Version 17.0.8-1 (Current Firefox EL6
Version).
The login into the user portal succeeds and a successful login is logged,
however the login remains hung at the login dialog indefinitely.
Reloading the page and closing the browser does not change things.
Also removing ~/<username>/.mozilla and starting fresh results in the same.
Can someone else check and verify similar oddness with EL6 Firefox.
similar oddness was indeed encountered lately. Alexander (added) is currently
investigating.
@Alexander - can you please update on the investigation progress in this thread?
- DHC
On Wed, Aug 7, 2013 at 1:50 PM, Dead Horse < deadhorseconsulting(a)gmail.com >
wrote:
I see the fix in Gerrit/GIT. Thanks guys! I will test and update results
tomorrow morning.
- DHC
On Wed, Aug 7, 2013 at 1:01 PM, Yair Zaslavsky < yzaslavs(a)redhat.com > wrote:
----- Original Message -----
> From: "Yair Zaslavsky" < yzaslavs(a)redhat.com >
> To: "Dead Horse" < deadhorseconsulting(a)gmail.com >
> Cc: "engine-devel" < engine-devel(a)ovirt.org >
> Sent: Wednesday, August 7, 2013 9:00:34 PM
> Subject: Re: [Engine-devel] users cannot log into userportal
>
>
>
> ----- Original Message -----
> > From: "Dead Horse" < deadhorseconsulting(a)gmail.com >
> > To: "Itamar Heim" < iheim(a)redhat.com >
> > Cc: "engine-devel" < engine-devel(a)ovirt.org >, "Yair
Zaslavsky"
> > < yzaslavs(a)redhat.com >
> > Sent: Wednesday, August 7, 2013 6:14:02 PM
> > Subject: Re: [Engine-devel] users cannot log into userportal
> >
> > BZ994604 (
https://bugzilla.redhat.com/show_bug.cgi?id=994604 ) has been
> > opened.
> > - DHC
>
> Thanks for your help DHC,
> This was already fixed by rnori.
Of course "already fixed" comparing with current time. This was indeed a real
issue.
>
> >
> >
> > On Wed, Aug 7, 2013 at 5:35 AM, Itamar Heim < iheim(a)redhat.com > wrote:
> >
> > > On 08/07/2013 12:10 AM, Dead Horse wrote:
> > >
> > >> I have found some steps to reproduce this easily.
> > >>
> > >> Start the engine bound to an AD for authentication
> > >> log in to the user portal as an AD user which has been granted a Role
> > >> (I
> > >> used PowerUserRole)
> > >>
> > >> Result: Login will succeed
> > >> Data from engine.log:
> > >> 2013-08-06 15:54:10,088 INFO
> > >> [org.ovirt.engine.core.bll.**LoginUserCommand]
> > >> (ajp--127.0.0.1-8702-10)
> > >> Running command: LoginUserCommand internal: false.
> > >> 2013-08-06 15:54:10,139 INFO
> > >> [org.ovirt.engine.core.dal.**dbbroker.auditloghandling.**
> > >> AuditLogDirector]
> > >> (ajp--127.0.0.1-8702-10) Correlation ID: 23c4709, Call Stack: null,
> > >> Custom Event ID: -1, Message: User ovirttest logged in.
> > >>
> > >> log out of the user portal
> > >> Result: log out succeeds
> > >> Data from engine.log:
> > >> 2013-08-06 15:54:12,448 INFO
> > >> [org.ovirt.engine.core.bll.**LogoutUserCommand]
> > >> (ajp--127.0.0.1-8702-2)
> > >> Running command: LogoutUserCommand internal: false.
> > >> 2013-08-06 15:54:12,474 INFO
> > >> [org.ovirt.engine.core.dal.**dbbroker.auditloghandling.**
> > >> AuditLogDirector]
> > >> (ajp--127.0.0.1-8702-2) Correlation ID: 52a89e7d, Call Stack: null,
> > >> Custom Event ID: -1, Message: User ovirttest logged out.
> > >>
> > >> As the same user log in to the user portal again but this purposely
> > >> input the wrong password.
> > >> Result: log in will fail
> > >> Data from engine.log:
> > >> 2013-08-06 15:54:20,830 ERROR
> > >>
[org.ovirt.engine.core.bll.**adbroker.**GSSAPIDirContextAuthentication**
> > >> Strategy]
> > >> (ajp--127.0.0.1-8702-7) Kerberos error: Pre-authentication
information
> > >> was invalid (24)
> > >> 2013-08-06 15:54:20,832 ERROR
> > >>
[org.ovirt.engine.core.bll.**adbroker.**GSSAPIDirContextAuthentication**
> > >> Strategy]
> > >> (ajp--127.0.0.1-8702-7) Authentication Failed. Please verify the
> > >> username and password.
> > >> 2013-08-06 15:54:20,843 ERROR
> > >> [org.ovirt.engine.core.bll.**adbroker.DirectorySearcher]
> > >> (ajp--127.0.0.1-8702-7) Failed ldap search server
> > >> LDAP://foodc02.foo.test.com:**389 <
http://foodc02.foo.test.com:389
>
> > >> <
> > >>
http://foodc02.foo.test.com:**389 <
http://foodc02.foo.test.com:389
>>
> > >> using
> > >> user ovirttest(a)FOO.TEST.COM <mailto: ovirttest(a)FOO.TEST.COM **>
due to
> > >>
> > >> Authentication Failed. Please verify the username and password.. We
> > >> should not try the next server
> > >> 2013-08-06 15:54:20,850 ERROR
> > >>
[org.ovirt.engine.core.bll.**adbroker.**GSSAPIDirContextAuthentication**
> > >> Strategy]
> > >> (ajp--127.0.0.1-8702-7) Kerberos error: Pre-authentication
information
> > >> was invalid (24)
> > >> 2013-08-06 15:54:20,851 ERROR
> > >>
[org.ovirt.engine.core.bll.**adbroker.**GSSAPIDirContextAuthentication**
> > >> Strategy]
> > >> (ajp--127.0.0.1-8702-7) Authentication Failed. Please verify the
> > >> username and password.
> > >> 2013-08-06 15:54:20,852 ERROR
> > >> [org.ovirt.engine.core.bll.**adbroker.DirectorySearcher]
> > >> (ajp--127.0.0.1-8702-7) Failed ldap search server
> > >> LDAP://foodc01.foo.test.com:**389 <
http://foodc01.foo.test.com:389
>
> > >> <
> > >>
http://foodc01.foo.test.com:**389 <
http://foodc01.foo.test.com:389
>>
> > >> using
> > >> user ovirttest(a)FOO.TEST.COM <mailto: ovirttest(a)FOO.TEST.COM **>
due to
> > >>
> > >> Authentication Failed. Please verify the username and password.. We
> > >> should not try the next server
> > >> 2013-08-06 15:54:20,853 ERROR
> > >> [org.ovirt.engine.core.bll.**adbroker.**LdapAuthenticateUserCommand]
> > >> (ajp--127.0.0.1-8702-7) Failed authenticating user: ovirttest to
> > >> domain
> > >>
gso.med.ge.com <
http://gso.med.ge.com >. Ldap Query Type is
> > >> getUserByName
> > >>
> > >> 2013-08-06 15:54:20,854 ERROR
> > >> [org.ovirt.engine.core.bll.**adbroker.**LdapAuthenticateUserCommand]
> > >> (ajp--127.0.0.1-8702-7) Authentication Failed. Please verify the
> > >> username and password.
> > >> 2013-08-06 15:54:20,855 ERROR
> > >> [org.ovirt.engine.core.bll.**LoginUserCommand]
(ajp--127.0.0.1-8702-7)
> > >> USER_FAILED_TO_AUTHENTICATE_**WRONG_USERNAME_OR_PASSWORD : ovirttest
> > >> 2013-08-06 15:54:20,856 WARN
> > >> [org.ovirt.engine.core.bll.**LoginUserCommand]
(ajp--127.0.0.1-8702-7)
> > >> CanDoAction of action LoginUser failed.
> > >> Reasons:USER_FAILED_TO_**AUTHENTICATE_WRONG_USERNAME_**OR_PASSWORD
> > >>
> > >> Try again to log in as the same user this time typing the correct
> > >> password.
> > >> Result: Login fails!
> > >> Data from engine.log:
> > >> 2013-08-06 15:54:25,186 ERROR
> > >> [org.ovirt.engine.core.bll.**adbroker.**LdapAuthenticateUserCommand]
> > >> (ajp--127.0.0.1-8702-7) Failed authenticating user: ovirttest to
> > >> domain
> > >>
gso.med.ge.com <
http://gso.med.ge.com >. Ldap Query Type is
> > >> getUserByName
> > >>
> > >> 2013-08-06 15:54:25,187 ERROR
> > >> [org.ovirt.engine.core.bll.**LoginUserCommand]
(ajp--127.0.0.1-8702-7)
> > >> USER_FAILED_TO_AUTHENTICATE : ovirttest
> > >> 2013-08-06 15:54:25,187 WARN
> > >> [org.ovirt.engine.core.bll.**LoginUserCommand]
(ajp--127.0.0.1-8702-7)
> > >> CanDoAction of action LoginUser failed. Reasons:USER_FAILED_TO_**
> > >> AUTHENTICATE
> > >>
> > >> Try again with another AD user.
> > >> Result: Login fails!
> > >> Data from engine.log:
> > >> 2013-08-06 15:54:38,056 ERROR
> > >> [org.ovirt.engine.core.bll.**adbroker.**LdapAuthenticateUserCommand]
> > >> (ajp--127.0.0.1-8702-5) Failed authenticating user: ovirtadmin to
> > >> domain
> > >>
gso.med.ge.com <
http://gso.med.ge.com >. Ldap Query Type is
> > >> getUserByName
> > >>
> > >> 2013-08-06 15:54:38,057 ERROR
> > >> [org.ovirt.engine.core.bll.**LoginUserCommand]
(ajp--127.0.0.1-8702-5)
> > >> USER_FAILED_TO_AUTHENTICATE : ovirtadmin
> > >> 2013-08-06 15:54:38,058 WARN
> > >> [org.ovirt.engine.core.bll.**LoginUserCommand]
(ajp--127.0.0.1-8702-5)
> > >> CanDoAction of action LoginUser failed. Reasons:USER_FAILED_TO_**
> > >> AUTHENTICATE
> > >>
> > >> Logging into the admin portal as the admin@internal user will yield
> > >> that
> > >> engine seems to have forgotten about and can no longer enumerate AD
> > >> users and groups.
> > >> engine stays in this state until it has been restarted.
> > >>
> > >> I also note the two following errors in the engine log file as well:
> > >> 2013-08-06 15:53:41,098 ERROR
> > >> [org.ovirt.engine.core.dal.**dbbroker.generic.**DBConfigUtils] (MSC
> > >> service
> > >> thread 1-9) Could not parse option AutoRecoveryAllowedTypes value.
> > >> 2013-08-06 15:53:41,161 ERROR
> > >> [org.ovirt.engine.core.dal.**dbbroker.generic.**DBConfigUtils] (MSC
> > >> service
> > >> thread 1-9) Failed to decrypt value for property
> > >> AttestationTruststorePass will be used encrypted value:
> > >> javax.crypto.**BadPaddingException: Data must start with zero
> > >>
> > >> - DHC
> > >>
> > >>
> > >>
> > >> On Tue, Aug 6, 2013 at 1:31 PM, Dead Horse
> > >> < deadhorseconsulting(a)gmail.com
> > >> <mailto: deadhorseconsulting@ **
gmail.com <
> > >> deadhorseconsulting(a)gmail.com >
> > >> >>
> > >>
> > >> wrote:
> > >>
> > >> Really attaching logs from other install.
> > >> - DHC
> > >>
> > >>
> > >> On Tue, Aug 6, 2013 at 1:30 PM, Dead Horse
> > >> < deadhorseconsulting(a)gmail.com
> > >> <mailto: deadhorseconsulting@ **
gmail.com <
> > >> deadhorseconsulting(a)gmail.com >>>
> > >> wrote:
> > >>
> > >> Also I note that he login does succeed in the AD servers logs as
> > >> well as the engine also acknowledges the same. However the login
> > >> ends up in either the user logging in and the dialog sitting in
> > >> space forever and/or the engine no longer enumerating the AD
> > >> users/groups.
> > >>
> > >> Attached are logs from another install seeing the same thing.
> > >> -DHC
> > >>
> > >>
> > >> On Tue, Aug 6, 2013 at 1:20 PM, Dead Horse
> > >> < deadhorseconsulting(a)gmail.com
> > >> <mailto: deadhorseconsulting@ **
gmail.com <
> > >> deadhorseconsulting(a)gmail.com >>>
> > >> wrote:
> > >>
> > >>
> > >> Seeing and issue where users are not able to log in. Also
> > >> for some reason the engine is seemingly forgeting about AD
> > >> users. Removing the AD domain via engine-manage-domains and
> > >> re-adding it works for enumerating the users, however the
> > >> first attempt to login as a user results in the engine no
> > >> longer enumerating the users nor allowing logins.
> > >> Attached are the pertinent logs.
> > >>
> > >> Engine is built and running from current master as of this
> > >> morning, and was installed/built and upgraded via RPMs
> > >> yum/engine-upgrade
> > >>
> > >> - DHC
> > >>
> > >>
> > >>
> > >>
> > >>
> > >>
> > >> ______________________________**_________________
> > >> Engine-devel mailing list
> > >> Engine-devel(a)ovirt.org
> > >>
http://lists.ovirt.org/**mailman/listinfo/engine-devel <
> > >>
http://lists.ovirt.org/mailman/listinfo/engine-devel >
> > >>
> > >>
> > > thanks for reproducing with such clear steps. can you please open a
> > > bug?
> > > yair - can you try and reproduce as well (I tried on an older rhev 3.2
> > > i
> > > have and couldn't with the IPA provider)
> > >
> >
> _______________________________________________
> Engine-devel mailing list
> Engine-devel(a)ovirt.org
>
http://lists.ovirt.org/mailman/listinfo/engine-devel
>
_______________________________________________
Engine-devel mailing list
Engine-devel(a)ovirt.org
http://lists.ovirt.org/mailman/listinfo/engine-devel