Re: [ovirt-users] oVirt 3.5 and FreeIpa

From: "Marcelo Donato" <donato(a)din.uem.br&gt; To: users(a)ovirt.org Sent: Wednesday, October 29, 2014 7:49:31 PM Subject: [ovirt-users] oVirt 3.5 and FreeIpa Below are the details of my installation, both without firewall and selinux disabled. ####################################### IPA SERVER Hostname: ipa1.din.intranet IP Addr: 10.30.0.25 Release: CentOS release 6.6 (Final) x86_64 ###################################### oVirt Engine Version: 3.5.0.1-1.el6 Hostname: sequoia.din.intranet IP Addr: 10.30.0.27 Release: CentOS release 6.6 (Final) x86_64 ###################################### [root@sequoia ~]# host -t SRV _ldap._tcp.din.intranet _ldap._tcp.din.intranet has SRV record 0 100 389 ipa1.din.intranet. [root@sequoia ~]# host -t SRV _kerberos._tcp.din.intranet _kerberos._tcp.din.intranet has SRV record 0 100 88 ipa1.din.intranet. [root@sequoia ~]# host -t SRV _kerberos._udp.din.intranet _kerberos._udp.din.intranet has SRV record 0 100 88 ipa1.din.intranet. [root@sequoia ~]# host -t SRV _kpasswd._udp.din.intranet _kpasswd._udp.din.intranet has SRV record 0 100 464 ipa1.din.intranet. [root@sequoia ~]# host -t A ipa1.din.intranet ipa1.din.intranet has address 10.30.0.25 [root@sequoia ~]# ldapsearch -x -b "dc=din, dc=intranet" uid=admin extended LDIF LDAPv3 base <dc=din, dc=intranet> with scope subtree filter: uid=admin requesting: ALL admin, users, compat, din.intranet dn: uid=admin,cn=users,cn=compat,dc=din,dc=intranet admin, users, accounts, din.intranet dn: uid=admin,cn=users,cn=accounts,dc=din,dc=intranet uid: admin krbPrincipalName: admin(a)DIN.INTRANET cn: Administrator sn: Administrator uidNumber: 1250800000 gidNumber: 1250800000 homeDirectory: /home/admin loginShell: /bin/bash gecos: Administrator search result search: 2 result: 0 Success numResponses: 3 numEntries: 2 [root@sequoia ~]# getent passwd admin admin:*:1250800000:1250800000:Administrator:/home/admin:/bin/bash [root@sequoia ~]# klist Ticket cache: FILE:/tmp/krb5cc_0 Default principal: admin(a)DIN.INTRANET Valid starting Expires Service principal 10/29/14 15:37:46 10/30/14 15:37:45 krbtgt/DIN.INTRANET(a)DIN.INTRANET [root@sequoia ~]# engine-manage-domains add --domain=din.intranet --provider=ipa --user=admin Enter password: Error: exception message: ipa1.din.intranet. Failure while testing domain din.intranet. Details: Kerberos error. Please check log for further details. ###################################### [root@ipa1 ~]# tail -f /var/log/krb5kdc.log Oct 29 15:25:22 ipa1.din.intranet krb5kdc[2007](info): AS_REQ (4 etypes {18 17 16 23}) 10.30.0.27 : NEEDED_PREAUTH: host/sequoia.din.uem.br(a)DIN.INTRANET for krbtgt/DIN.INTRANET(a)DIN.INTRANET, Additional pre-authentication required Oct 29 15:25:22 ipa1.din.intranet krb5kdc[2006](info): AS_REQ (4 etypes {18 17 16 23}) 10.30.0.27 : ISSUE: authtime 1414603522, etypes {rep=18 tkt=18 ses=18}, host/sequoia.din.uem.br(a)DIN.INTRANET for krbtgt/DIN.INTRANET(a)DIN.INTRANET Oct 29 15:25:22 ipa1.din.intranet krb5kdc[2007](info): TGS_REQ (4 etypes {18 17 16 23}) 10.30.0.27 : ISSUE: authtime 1414603522, etypes {rep=18 tkt=18 ses=18}, host/sequoia.din.uem.br(a)DIN.INTRANET for ldap/ipa1.din.intranet(a)DIN.INTRANET ###################################### Why engine-manage-domains does not work? -- Ao encaminhar esta mensagem, por favor: 1. Apague o meu e-mail e o meu nome. 2. Apague também os endereços dos amigos antes de reenviar 3. Use Cco ou Bcc para enviar mensagens! Dificulte a disseminação de vírus e spam. _______________________________________________ Users mailing list Users(a)ovirt.org http://lists.ovirt.org/mailman/listinfo/users