Re: [ovirt-users] oVirt 4.0.4 and Active Directory Kerberos SSO for Administration/User Portal. Troubleshooting

# kinit -V -k -t /etc/httpd/s-oVirt-Krb.keytab HTTP/kom-ad01-ovirt1.ad.holding.com Using existing cache: persistent:0:0 Using principal: HTTP/kom-ad01-ovirt1.ad.holding.com(a)AD.HOLDING.COM Using keytab: /etc/httpd/s-oVirt-Krb.keytab Authenticated to Kerberos v5 # klist Ticket cache: KEYRING:persistent:0:0 Default principal: HTTP/kom-ad01-ovirt1.ad.holding.com(a)AD.HOLDING.COM Valid starting Expires Service principal 09/30/2016 16:28:02 10/01/2016 02:28:02 krbtgt/AD.HOLDING.COM(a)AD.HOLDING.COM renew until 10/07/2016 16:28:02 # curl --negotiate -u : -X GET -H "Accept: application/xml" -k https://kom-ad01-ovirt1.ad.holding.com/ovirt-engine/api <html><head><title>Error</title></head><body>Unauthorized</body></html> However, if I open this URL (https://kom-ad01-ovirt1.ad.holding.com/ovirt-engine/api) in browser it opens without errors and authorization requests # tail -f /var/log/httpd/ssl_error_log # tail -f /var/log/ovirt-engine/engine.log In the logs nothing in that moment when I open the portal in the browser. 30.09.2016, 15:52, "Ondra Machacek" <omachace(a)redhat.com&gt;: > So if you run kinit and then: > > $ curl --negotiate -u : -X GET -H "Accept: application/xml" -k > https://fqdn/ovirt-engine/api > > It's fine? > >> Please tell me how to find the cause of the problem. What are the steps to troubleshooting to do? > > On oVirt engine check: > > /var/log/httpd/ssl_error_log > /var/log/ovirt-engine/engine.log > > On AD check kerberos log. > >> _______________________________________________ >> Users mailing list >> Users(a)ovirt.org >> http://lists.ovirt.org/mailman/listinfo/users