Re: [ovirt-users] FreeIPA with ovirt 4.1

--=_88f329a8-7b89-4d76-9087-ff4f0ae05113 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit Hello Ondra, I tried increase logging and command fail "outcome" => "failed", "failure-description" => "WFLYCTL0216: Management resource '[ (\"subsystem\" => \"logging\"), (\"logger\" => \"org.ovirt.engine.core.sso\") ]' not found", "rolled-back" => true } Slava, From: "Ondra Machacek" <omachace(a)redhat.com&gt; To: "Slava Bendersky" <volga629(a)networklab.ca&gt; Cc: "users" <users(a)ovirt.org&gt; Sent: Thursday, February 9, 2017 2:31:16 PM Subject: Re: [ovirt-users] FreeIPA with ovirt 4.1 Can you please enable DEBUG log of the SSO package and try login and then share the logs, please? You can enable the debug log as following (use admin@internal password): /usr/share/ovirt-engine-wildfly/bin/jboss-cli.sh --controller=127.0.0.1:8706 --connect --user=admin@internal "/subsystem=logging/logger=org.ovirt.engine.core.sso:add" && /usr/share/ovirt-engine-wildfly/bin/jboss-cli.sh --controller=127.0.0.1:8706 --connect --user=admin@internal "/subsystem=logging/logger=org.ovirt.engine.core.sso:write-attribute(name=level,value=DEBUG)" After tests you can disable it later as follows: $ /usr/share/ovirt-engine-wildfly/bin/jboss-cli.sh --controller=127.0.0.1:8706 --connect --user=admin@internal "/subsystem=logging/logger=org.ovirt.engine.core.sso:remove" On Thu, Feb 9, 2017 at 3:08 PM, Slava Bendersky <volga629(a)networklab.ca&gt; wrote: --=_88f329a8-7b89-4d76-9087-ff4f0ae05113 Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: quoted-printable <html><body><div style=3D"font-family: lucida console,sans-serif; font-size= : 12pt; color: #000000"><div>Hello Ondra,</div><div>I tried increase loggin= g and command fail</div><div><br data-mce-bogus=3D"1"></div><div><div>&nbsp= ; &nbsp; "outcome" =3D&gt; "failed",</div><div>&nbsp; &nbsp; "failure-descr= iption" =3D&gt; "WFLYCTL0216: Management resource '[</div><div>&nbsp; &nbsp= ; (\"subsystem\" =3D&gt; \"logging\"),</div><div>&nbsp; &nbsp; (\"logger\" = =3D&gt; \"org.ovirt.engine.core.sso\")</div><div>]' not found",</div><div>&= nbsp; &nbsp; "rolled-back" =3D&gt; true</div><div>}</div></div><div><br></d= iv><div><br data-mce-bogus=3D"1"></div><div>Slava,</div><div><br></div><hr = id=3D"zwchr" data-marker=3D"__DIVIDER__"><div data-marker=3D"__HEADERS__"><= b>From: </b>"Ondra Machacek" &amp;lt;omachace(a)redhat.com&amp;gt;&lt;br&gt;&lt;b&gt;To: </b>"Sla= va Bendersky" &amp;lt;volga629(a)networklab.ca&amp;gt;&lt;br&gt;&lt;b&gt;Cc: </b>"users" &lt;user= s(a)ovirt.org&amp;gt;&lt;br&gt;&lt;b&gt;Sent: </b>Thursday, February 9, 2017 2:31:16 PM<br><b= ta-marker=3D"__QUOTED_TEXT__">Can you please enable DEBUG log of the SSO pa= ckage and try login and<br>then share the logs, please?<br><br>You can enab= le the debug log as following (use admin@internal password):<br><br>/usr/sh= are/ovirt-engine-wildfly/bin/jboss-cli.sh<br>--controller=3D127.0.0.1:8706 = --connect --user=3Dadmin(a)internal&lt;br&gt;&quot;/subsystem=3Dlogging/logger=3Dorg.ovi= rt.engine.core.sso:add" &amp;&amp;<br>/usr/share/ovirt-engine-wildfly/bin/j= boss-cli.sh<br>--controller=3D127.0.0.1:8706 --connect --user=3Dadmin@inter= nal<br>"/subsystem=3Dlogging/logger=3Dorg.ovirt.engine.core.sso:write-attri= bute(name=3Dlevel,value=3DDEBUG)"<br><br>After tests you can disable it lat= er as follows:<br><br>&nbsp;$ /usr/share/ovirt-engine-wildfly/bin/jboss-cli= .sh<br>--controller=3D127.0.0.1:8706 --connect --user=3Dadmin@internal<br>"= /subsystem=3Dlogging/logger=3Dorg.ovirt.engine.core.sso:remove"<br><br>On T= hu, Feb 9, 2017 at 3:08 PM, Slava Bendersky &amp;lt;volga629(a)networklab.ca&amp;gt; = wrote:<br>&gt; Hello Everyone,<br>&gt; Anything else possible to check ?<br= t; From: "Slava Bendersky" &amp;lt;volga629(a)networklab.ca&amp;gt;&lt;br&gt;&amp;gt; To: "Ondr= a Machacek" &amp;lt;omachace(a)redhat.com&amp;gt;&lt;br&gt;&amp;gt; Cc: "users" &lt;users@ovirt= .org&gt;<br>&gt; Sent: Saturday, February 4, 2017 2:27:31 PM<br>&gt;<br>&gt= ; Subject: Re: [ovirt-users] FreeIPA with ovirt 4.1<br>&gt;<br>&gt; Hello O= ndra,<br>&gt; Log is empty<br>&gt;<br>&gt; [root@vhe00 ~]# ls -la &nbsp;/va= r/log/httpd/ssl_error_log<br>&gt; -rw-r--r--. 1 root root 0 Feb &nbsp;2 04:= 45 /var/log/httpd/ssl_error_log<br>&gt;<br>&gt; Slava.<br>&gt;<br>&gt; ____= ____________________________<br>&gt; From: "Ondra Machacek" &lt;omachace@re= dhat.com&gt;<br>&gt; To: "Slava Bendersky" &amp;lt;volga629(a)networklab.ca&amp;gt;&lt;b= r>&gt; Cc: "users" &amp;lt;users(a)ovirt.org&amp;gt;, "Ravi" &amp;lt;rnori(a)redhat.com&amp;gt;= <br>&gt; Sent: Saturday, February 4, 2017 10:35:31 AM<br>&gt; Subject: Re: = [ovirt-users] FreeIPA with ovirt 4.1<br>&gt;<br>&gt;<br>&gt;<br>&gt; On Feb= 4, 2017 1:21 AM, "Slava Bendersky" &amp;lt;volga629(a)networklab.ca&amp;gt; wrote:<b= r>&gt;<br>&gt; Hello Everyone,<br>&gt; Having trouble implement &nbsp;FreeI= PA authentication with GSSAPI SSO &nbsp;and ovirt<br>&gt; 4.1. I ran setup = and it finished OK then it wrote the files bellow. Next I<br>&gt; log to we= b admin with internal user and added FeeIPA user as SuperUser role.<br>&gt;= Also I added under System FreeIPA group authorized to login on any attempt= <br>&gt; to login with FreeIPA credentials getting message<br>&gt;<br>&gt;<= br>&gt; 2017-02-04 00:03:08,464Z ERROR<br>&gt; [org.ovirt.engine.core.sso.s= ervlets.InteractiveAuthServlet] (default task-6)<br>&gt; [] Internal Server= Error: Unsupported command<br>&gt; 2017-02-04 00:03:08,464Z ERROR [org.ovi= rt.engine.core.sso.utils.SsoUtils]<br>&gt; (default task-6) [] Unsupported = command<br>&gt; 2017-02-04 00:03:08,659Z ERROR<br>&gt; [org.ovirt.engine.co= re.aaa.servlet.SsoPostLoginServlet] (default task-3) []<br>&gt; server_erro= r: Unsupported command<br>&gt;<br>&gt;<br>&gt; Ravi, do you know what this = can cause?<br>&gt;<br>&gt;<br>&gt;<br>&gt; Also when in extensions.d direct= ory contain the following files. If I remove<br>&gt; mydomain.lan-authn.pro= perties then in web ui FreeIPA domain not showing up<br>&gt; in drop down l= ist. Any http don't have influence on this.<br>&gt;<br>&gt;<br>&gt; That is= correct behavior, we dont show profiles, which uses http for authn.<br>&gt= ;<br>&gt;<br>&gt; [root@vhe00 extensions.d]# pwd<br>&gt; /etc/ovirt-engine/= extensions.d<br>&gt;<br>&gt; [root@vhe00 extensions.d]# ls<br>&gt; mydomain= .lan-authn.properties mydomain.lan-http-authn.properties<br>&gt; mydomain.l= an.properties &nbsp; &nbsp; &nbsp;internal-authz.properties<br>&gt; mydomai= n.lan-authz.properties mydomain.lan-http-mapping.properties<br>&gt; interna= l-authn.properties<br>&gt; [root@vhe00 extensions.d]#<br>&gt;<br>&gt;<br>&g= t; If possible clarify how it should be and what is possible issue.<br>&gt;= <br>&gt;<br>&gt; Can you please take a look to /var/log/httpd/ssl_error_log= if any errors<br>&gt; there?<br>&gt;<br>&gt;<br>&gt;<br>&gt;<br>&gt; Slava= .<br>&gt;<br>&gt; _______________________________________________<br>&gt; U= sers mailing list<br>&gt; Users(a)ovirt.org&lt;br&gt;&amp;gt; http://lists.ovirt.org/ma= ilman/listinfo/users<br>&gt;<br>&gt;<br>&gt;<br>&gt; ______________________= _________________________<br>&gt; Users mailing list<br>&gt; Users(a)ovirt.or= g<br>&gt; http://lists.ovirt.org/mailman/listinfo/users<br></div></d... dy></html> --=_88f329a8-7b89-4d76-9087-ff4f0ae05113--