[ovirt-users] FW: oVirt 4.4 and Active directory

Hello , I think I resolved this issue. It is dig response when resolving the domain name! CentOS-7 - bind-utils-9.11.4-16.P2.el7_8.6.x86_64; Windows AD level 2008R2; in my case dig returns answer with ;; ANSWER SECTION: mb118.local. 600 IN A 192.168.1.7 IP address returned is address of DC CentOS-8 - bind-utils-9.11.20-5.el8.x86_64; Same Domain Controller; dig returns answer without ;;ANSWER SECTION e.g. IP address of DC cannot be identified. The solution is to add directive '+nocookie', after '+tcp' in the file /usr/share/ovirt-engine-extension-aaa-ldap/setup/plugins/ovirt-engine-extension-aaa-ldap/ldap/common.py The section starts at line 144: @staticmethod def _resolver(plugin, record, what): rc, stdout, stderr = plugin.execute( args=( ( plugin.command.get('dig'), '+noall', '+answer', '+tcp', '+nocookie', what, record ) ), ) return stdout With this change execution of ovirt-engine-extension-aaa-ldap-setup completes successfully and joins fresh install of oVirt 4.4 to Active Directory. If level of AD is 2016 '+nocookie' change is not needed. Happy holydays to all of you! Stay safe! Thank you! Best, Latcho From: Latchezar Filtchev Sent: Tuesday, November 24, 2020 10:31 AM To: users(a)ovirt.org Subject: oVirt 4.4 and Active directory Hello All, Fresh standalone installation of oVirt 4.3 (CentOS 7) . Execution of ovirt-engine-extension-aaa-ldap-setup completes normally and DC is connected to AD (Domain functional level: Windows Server 2008 ). On the same hardware fresh standalone installation of oVirt 4.4. Installation of engine completed with warning: 2020-11-23 14:50:46,159+0200 WARNING otopi.plugins.ovirt_engine_common.base.network.hostname hostname._validateFQDNresolvability:308 Failed to resolve 44-8.mb118.local using DNS, it can be resolved only locally Despite warning engine portal is resolvable after installation. Execution of ovirt-engine-extension-aaa-ldap-setup ends with: [ INFO ] Stage: Environment customization Welcome to LDAP extension configuration program Available LDAP implementations: 1 - 389ds 2 - 389ds RFC-2307 Schema 3 - Active Directory 4 - IBM Security Directory Server 5 - IBM Security Directory Server RFC-2307 Schema 6 - IPA 7 - Novell eDirectory RFC-2307 Schema 8 - OpenLDAP RFC-2307 Schema 9 - OpenLDAP Standard Schema 10 - Oracle Unified Directory RFC-2307 Schema 11 - RFC-2307 Schema (Generic) 12 - RHDS 13 - RHDS RFC-2307 Schema 14 - iPlanet Please select: 3 Please enter Active Directory Forest name: mb118.local [ INFO ] Resolving Global Catalog SRV record for mb118.local [WARNING] Cannot resolve Global Catalog SRV record for mb118.local. Please check you have entered correct Active Directory forest name and check that forest is resolvable by your system DNS servers [ ERROR ] Failed to execute stage 'Environment customization': Active Directory forest is not resolvable, please make sure you've entered correct forest name. If for some reason you can't use forest and you need some special configuration instead, please refer to examples directory provided by ovirt-engine-extension-aaa-ldap package. [ INFO ] Stage: Clean up Log file is available at /tmp/ovirt-engine-extension-aaa-ldap-setup-20201123113909-bj749k.log: [ INFO ] Stage: Pre-termination [ INFO ] Stage: Termination Can someone advise on this? Thank you! Best, Latcho