On 04/23/2018 04:30 PM, Kristian Petersen wrote:
Hey everyone,
I had FreeIPA authentication set up on my oVirt instance and it was
working great. Then something happened that disconnected my NFS storage
and caused a problem with my hosted-engine. Once I got it back up and
running again, my FreeIPA authentication was sill a choice for
authentication, but it always rejects my password even though it is
correct. I have tried running the setup again to no avail. Nothing
shows up in the httpd error log when the login fails. The engine.log
from ovirt-engine in /var/log shows the following upon attempting to
authenticate with a user from freeIPA:
2018-04-23 08:08:24,384-06 WARN
[org.ovirt.engineextensions.aaa.ldap.Framework] (default task-34) []
Ignoring records from pool: 'authz'
2018-04-23 08:08:24,384-06 ERROR
[org.ovirt.engine.core.sso.servlets.InteractiveAuthServlet] (default
task-34) [] Cannot authenticate user 'nesretep@IPA' connecting from
'UNKNOWN': The username or password is incorrect.
Can you try to run this command:
$ ovirt-engine-extensions-tool --log-level=FINEST
--log-file=/tmp/aaa.log aaa login-user --user-name nesretep --profile IPA
and share /tmp/aaa.log?
I'm not sure why 'authz' is being ignored but it is certainly why IPA
authentication isn't working as 'username@authz' is how IPA logins show
up in oVirt when they do work. Any ideas where to look next?
--
Kristian Petersen
System Administrator
BYU Dept. of Chemistry and Biochemistry
_______________________________________________
Users mailing list
Users(a)ovirt.org
http://lists.ovirt.org/mailman/listinfo/users