5:35 p.m.
On Feb 4, 2017 1:21 AM, "Slava Bendersky" <volga629(a)networklab.ca> wrote:
Hello Everyone,
Having trouble implement FreeIPA authentication with GSSAPI SSO and ovirt
4.1. I ran setup and it finished OK then it wrote the files bellow. Next I
log to web admin with internal user and added FeeIPA user as SuperUser
role. Also I added under System FreeIPA group authorized to login on any
attempt to login with FreeIPA credentials getting message
2017-02-04 00:03:08,464Z ERROR
[org.ovirt.engine.core.sso.servlets.InteractiveAuthServlet]
(default task-6) [] Internal Server Error: Unsupported command
2017-02-04 00:03:08,464Z ERROR [org.ovirt.engine.core.sso.utils.SsoUtils]
(default task-6) [] Unsupported command
2017-02-04 00:03:08,659Z ERROR
[org.ovirt.engine.core.aaa.servlet.SsoPostLoginServlet]
(default task-3) [] server_error: Unsupported command
Ravi, do you know what this can cause?
Also when in extensions.d directory contain the following files. If I
remove mydomain.lan-authn.properties then in web ui FreeIPA domain not
showing up in drop down list. Any http don't have influence on this.
That is correct behavior, we dont show profiles, which uses http for authn.
[root@vhe00 extensions.d]# pwd
/etc/ovirt-engine/extensions.d
[root@vhe00 extensions.d]# ls
mydomain.lan-authn.properties mydomain.lan-http-authn.properties
mydomain.lan.properties internal-authz.properties
mydomain.lan-authz.properties mydomain.lan-http-mapping.properties
internal-authn.properties
[root@vhe00 extensions.d]#
If possible clarify how it should be and what is possible issue.
Can you please take a look to /var/log/httpd/ssl_error_log if any errors
there?
Slava.
_______________________________________________
Users mailing list
Users(a)ovirt.org
http://lists.ovirt.org/mailman/listinfo/users
9:27 p.m.
New subject: FreeIPA with ovirt 4.1
--=_9e770b27-ce9e-4947-ad28-d55af2eb48ee
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
Hello Ondra,
Log is empty
[root@vhe00 ~]# ls -la /var/log/httpd/ssl_error_log
-rw-r--r--. 1 root root 0 Feb 2 04:45 /var/log/httpd/ssl_error_log
Slava.
From: "Ondra Machacek" <omachace(a)redhat.com>
To: "Slava Bendersky" <volga629(a)networklab.ca>
Cc: "users" <users(a)ovirt.org>, "Ravi" <rnori(a)redhat.com>
Sent: Saturday, February 4, 2017 10:35:31 AM
Subject: Re: [ovirt-users] FreeIPA with ovirt 4.1
On Feb 4, 2017 1:21 AM, "Slava Bendersky" < [ mailto:volga629@networklab.ca |
volga629(a)networklab.ca ] > wrote:
Hello Everyone,
Having trouble implement FreeIPA authentication with GSSAPI SSO and ovirt 4.1. I ran setup
and it finished OK then it wrote the files bellow. Next I log to web admin with internal
user and added FeeIPA user as SuperUser role. Also I added under System FreeIPA group
authorized to login on any attempt to login with FreeIPA credentials getting message
2017-02-04 00:03:08,464Z ERROR [org.ovirt.engine.core.sso.servlets.InteractiveAuthServlet]
(default task-6) [] Internal Server Error: Unsupported command
2017-02-04 00:03:08,464Z ERROR [org.ovirt.engine.core.sso.utils.SsoUtils] (default task-6)
[] Unsupported command
2017-02-04 00:03:08,659Z ERROR [org.ovirt.engine.core.aaa.servlet.SsoPostLoginServlet]
(default task-3) [] server_error: Unsupported command
Ravi, do you know what this can cause?
BQ_BEGIN
Also when in extensions.d directory contain the following files. If I remove
mydomain.lan-authn.properties then in web ui FreeIPA domain not showing up in drop down
list. Any http don't have influence on this.
BQ_END
That is correct behavior, we dont show profiles, which uses http for authn.
BQ_BEGIN
[root@vhe00 extensions.d]# pwd
/etc/ovirt-engine/extensions.d
[root@vhe00 extensions.d]# ls
mydomain.lan-authn.properties mydomain.lan -http-authn.properties mydomain.lan .properties
internal-authz.properties
mydomain.lan -authz.properties mydomain.lan -http-mapping.properties
internal-authn.properties
[root@vhe00 extensions.d]#
If possible clarify how it should be and what is possible issue.
BQ_END
Can you please take a look to /var/log/httpd/ssl_error_log if any errors there?
BQ_BEGIN
Slava.
_______________________________________________
Users mailing list
[ mailto:Users@ovirt.org | Users(a)ovirt.org ]
[ http://lists.ovirt.org/mailman/listinfo/users |
http://lists.ovirt.org/mailman/listinfo/users ]
BQ_END
--=_9e770b27-ce9e-4947-ad28-d55af2eb48ee
Content-Type: text/html; charset=utf-8
Content-Transfer-Encoding: quoted-printable
<html><body><div style=3D"font-family: lucida console,sans-serif;
font-size=
: 12pt; color: #000000"><div>Hello Ondra,</div><div>Log is
empty </div=
Users
mailing list<br <a
href=3D"mailto:Users@ovirt.org"
target=3D"_blank">Users(a)ovirt.org</a><br=
<a
href=3D"http://lists.ovirt.org/mailman/listinfo/users" rel=3D"noreferrer=
"
target=3D"_blank">http://lists.ovirt.org/mailman/listinfo/us...
<br></blockquote></div></div></div></div><br></div></div></body></html --=_9e770b27-ce9e-4947-ad28-d55af2eb48ee--
<div><br
data-mce-bogus=3D"1"></div><div><div>[root@vhe00 ~]# ls -la
 =
;/var/log/httpd/ssl_error_log</div><div>-rw-r--r--. 1 root
root 0 Feb  =
;2 04:45
/var/log/httpd/ssl_error_log</div></div><div><br></div><div>Slava.=
</div><div><br></div><hr id=3D"zwchr"
data-marker=3D"__DIVIDER__"><div data=
-marker=3D"__HEADERS__"><b>From: </b>"Ondra Machacek"
&lt;omachace(a)redhat.c=
om><br><b>To: </b>"Slava Bendersky"
&lt;volga629(a)networklab.ca&gt;<br><b=
Cc: </b>"users" &lt;users(a)ovirt.org&gt;,
"Ravi" &lt;rnori(a)redhat.com&gt;<b=
r><b>Sent:
</b>Saturday, February 4, 2017 10:35:31 AM<br><b>Subject: </b>Re=
: [ovirt-users] FreeIPA with ovirt 4.1<br></div><br><div
data-marker=3D"__Q=
UOTED_TEXT__"><div dir=3D"auto"><div><br><div
class=3D"gmail_extra"><br><di=
v class=3D"gmail_quote">On Feb 4, 2017 1:21 AM, "Slava Bendersky"
<<a hr=
ef=3D"mailto:volga629@networklab.ca"
target=3D"_blank">volga629(a)networklab.=
ca</a>> wrote:<br><blockquote class=3D"quote"
style=3D"margin:0 0 0 .8ex=
;border-left:1px #ccc solid;padding-left:1ex"><div><div
style=3D"font-famil=
y:lucida console,sans-serif;font-size:12pt;color:#000000"><div>Hello
Everyo=
ne,</div><div>Having trouble implement FreeIPA authentication with
GS=
SAPI SSO and ovirt 4.1. I ran setup and it finished OK then it wrote =
the files bellow. Next I log to web admin with internal user and added FeeI=
PA user as SuperUser role. Also I added under System FreeIPA group authoriz=
ed to login on any attempt to login with FreeIPA credentials getting messag=
e</div><br><br><div><div>2017-02-04 00:03:08,464Z ERROR
[org.ovirt.engine.c=
ore.sso.servlets.InteractiveAuthServlet] (default task-6) [] Internal Serve=
r Error: Unsupported command</div><div>2017-02-04 00:03:08,464Z ERROR [org.=
ovirt.engine.core.sso.utils.SsoUtils] (default task-6) [] Unsupported comma=
nd</div><div>2017-02-04 00:03:08,659Z ERROR [org.ovirt.engine.core.aaa.serv=
let.SsoPostLoginServlet] (default task-3) [] server_error: Unsupported comm=
and</div></div></div></div></blockquote></div></div></div><div
dir=3D"auto"=
<br></div><div dir=3D"auto">Ravi, do you
know what this can cause?</div><d=
iv
dir=3D"auto"><br></div><div dir=3D"auto"><div
class=3D"gmail_extra"><div=
class=3D"gmail_quote"><blockquote class=3D"quote"
style=3D"margin:0 0 0 .8=
ex;border-left:1px #ccc solid;padding-left:1ex"><div><div
style=3D"font-fam=
ily:lucida
console,sans-serif;font-size:12pt;color:#000000"><br><br><div>Al=
so when in extensions.d directory contain the following files. If I remove&=
nbsp;<span style=3D"color:#000000;font-family:'lucida
console',sans-serif;f=
ont-size:16px;font-style:normal;font-variant-ligatures:normal;font-variant-=
caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-=
indent:0px;text-transform:none;white-space:normal;word-spacing:0px;backgrou=
nd-color:#ffffff;display:inline!important;float:none">mydomain.lan-authn.pr=
operties then in web ui FreeIPA domain not showing up in drop down list. An=
y http don't have influence on
this.</span></div></div></div></blockquote><=
/div></div></div><div
dir=3D"auto"><br></div><div dir=3D"auto">That is
corr=
ect behavior, we dont show profiles, which uses http for authn.</div><div d=
ir=3D"auto"><br></div><div dir=3D"auto"><div
class=3D"gmail_extra"><div cla=
ss=3D"gmail_quote"><blockquote class=3D"quote"
style=3D"margin:0 0 0 .8ex;b=
order-left:1px #ccc solid;padding-left:1ex"><div><div
style=3D"font-family:=
lucida console,sans-serif;font-size:12pt;color:#000000"><div><span
style=3D=
"color:#000000;font-family:'lucida console',sans-serif;font-size:16px;font-=
style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-we=
ight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-tra=
nsform:none;white-space:normal;word-spacing:0px;background-color:#ffffff;di=
splay:inline!important;float:none"><br></span></div><div><div>[root@vhe00
e=
xtensions.d]#
pwd</div><div>/etc/ovirt-engine/extensions.d</div><br><div>[r=
oot@vhe00 extensions.d]#
ls</div><div>mydomain.lan-authn.properties <s=
pan style=3D"color:#000000;font-family:'lucida console',sans-serif;font-siz=
e:16px;font-style:normal;font-variant-ligatures:normal;font-variant-caps:no=
rmal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:=
0px;text-transform:none;white-space:normal;word-spacing:0px;background-colo=
r:#ffffff;display:inline!important;float:none">mydomain.lan</span>-http-aut=
hn.properties <span style=3D"color:#000000;font-family:'lucida
consol=
e',sans-serif;font-size:16px;font-style:normal;font-variant-ligatures:norma=
l;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-al=
ign:start;text-indent:0px;text-transform:none;white-space:normal;word-spaci=
ng:0px;background-color:#ffffff;display:inline!important;float:none">mydoma=
in.lan</span>.properties
internal-authz.properties</div=
<div><span
style=3D"color:#000000;font-family:'lucida console',sans-serif;=
font-size:16px;font-style:normal;font-variant-ligatures:normal;font-variant=
-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text=
-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;backgro=
und-color:#ffffff;display:inline!important;float:none">mydomain.lan</span>-=
authz.properties <span style=3D"color:#000000;font-family:'lucida
cons=
ole',sans-serif;font-size:16px;font-style:normal;font-variant-ligatures:nor=
mal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-=
align:start;text-indent:0px;text-transform:none;white-space:normal;word-spa=
cing:0px;background-color:#ffffff;display:inline!important;float:none">mydo=
main.lan</span>-http-mapping.properties internal-authn.properties</di=
v><div>[root@vhe00
extensions.d]# </div></div><br><br><div>If
possible=
clarify how it should be and what is possible
issue.</div></div></div></bl=
ockquote></div></div></div><div
dir=3D"auto"><br></div><div dir=3D"auto">Ca=
n you please take a look to /var/log/httpd/ssl_error_log if any errors ther=
e?</div><div dir=3D"auto"><br></div><div
dir=3D"auto"><div class=3D"gmail_e=
xtra"><div class=3D"gmail_quote"><blockquote
class=3D"quote" style=3D"margi=
n:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div
style=
=3D"font-family:lucida
console,sans-serif;font-size:12pt;color:#000000"><sp=
an color=3D"#888888" data-mce-style=3D"color: #888888;"
style=3D"color: #88=
8888;"><br><br><br><div>Slava. </div></span></div></div><br>__________=
_____________________________________<br
5:08 p.m.
New subject: FreeIPA with ovirt 4.1
--=_3b67a522-cc8c-45aa-bd36-264bacfe713b
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
Hello Everyone,
Anything else possible to check ?
Slava.
From: "Slava Bendersky" <volga629(a)networklab.ca>
To: "Ondra Machacek" <omachace(a)redhat.com>
Cc: "users" <users(a)ovirt.org>
Sent: Saturday, February 4, 2017 2:27:31 PM
Subject: Re: [ovirt-users] FreeIPA with ovirt 4.1
Hello Ondra,
Log is empty
[root@vhe00 ~]# ls -la /var/log/httpd/ssl_error_log
-rw-r--r--. 1 root root 0 Feb 2 04:45 /var/log/httpd/ssl_error_log
Slava.
From: "Ondra Machacek" <omachace(a)redhat.com>
To: "Slava Bendersky" <volga629(a)networklab.ca>
Cc: "users" <users(a)ovirt.org>, "Ravi" <rnori(a)redhat.com>
Sent: Saturday, February 4, 2017 10:35:31 AM
Subject: Re: [ovirt-users] FreeIPA with ovirt 4.1
On Feb 4, 2017 1:21 AM, "Slava Bendersky" < [ mailto:volga629@networklab.ca |
volga629(a)networklab.ca ] > wrote:
Hello Everyone,
Having trouble implement FreeIPA authentication with GSSAPI SSO and ovirt 4.1. I ran setup
and it finished OK then it wrote the files bellow. Next I log to web admin with internal
user and added FeeIPA user as SuperUser role. Also I added under System FreeIPA group
authorized to login on any attempt to login with FreeIPA credentials getting message
2017-02-04 00:03:08,464Z ERROR [org.ovirt.engine.core.sso.servlets.InteractiveAuthServlet]
(default task-6) [] Internal Server Error: Unsupported command
2017-02-04 00:03:08,464Z ERROR [org.ovirt.engine.core.sso.utils.SsoUtils] (default task-6)
[] Unsupported command
2017-02-04 00:03:08,659Z ERROR [org.ovirt.engine.core.aaa.servlet.SsoPostLoginServlet]
(default task-3) [] server_error: Unsupported command
Ravi, do you know what this can cause?
BQ_BEGIN
Also when in extensions.d directory contain the following files. If I remove
mydomain.lan-authn.properties then in web ui FreeIPA domain not showing up in drop down
list. Any http don't have influence on this.
BQ_END
That is correct behavior, we dont show profiles, which uses http for authn.
BQ_BEGIN
[root@vhe00 extensions.d]# pwd
/etc/ovirt-engine/extensions.d
[root@vhe00 extensions.d]# ls
mydomain.lan-authn.properties mydomain.lan -http-authn.properties mydomain.lan .properties
internal-authz.properties
mydomain.lan -authz.properties mydomain.lan -http-mapping.properties
internal-authn.properties
[root@vhe00 extensions.d]#
If possible clarify how it should be and what is possible issue.
BQ_END
Can you please take a look to /var/log/httpd/ssl_error_log if any errors there?
BQ_BEGIN
Slava.
_______________________________________________
Users mailing list
[ mailto:Users@ovirt.org | Users(a)ovirt.org ]
[ http://lists.ovirt.org/mailman/listinfo/users |
http://lists.ovirt.org/mailman/listinfo/users ]
BQ_END
_______________________________________________
Users mailing list
Users(a)ovirt.org
http://lists.ovirt.org/mailman/listinfo/users
--=_3b67a522-cc8c-45aa-bd36-264bacfe713b
Content-Type: text/html; charset=utf-8
Content-Transfer-Encoding: quoted-printable
<html><body><div style=3D"font-family: lucida console,sans-serif;
font-size=
: 12pt; color: #000000"><div>Hello Everyone,</div><div>Anything
else possib=
le to check ?</div><div><br
data-mce-bogus=3D"1"></div><div>Slava.</div><di=
v><br></div><hr id=3D"zwchr"
data-marker=3D"__DIVIDER__"><div data-marker=
=3D"__HEADERS__"><b>From: </b>"Slava Bendersky"
&lt;volga629(a)networklab.ca&=
gt;<br><b>To: </b>"Ondra Machacek"
&lt;omachace(a)redhat.com&gt;<br><b>Cc: </=
b>"users" &lt;users(a)ovirt.org&gt;<br><b>Sent:
</b>Saturday, February 4, 201=
7 2:27:31 PM<br><b>Subject: </b>Re: [ovirt-users] FreeIPA with ovirt
4.1<br=
Users
mailing list<br <a
href=3D"mailto:Users@ovirt.org"
target=3D"_blank">Users(a)ovirt.org</a><br=
<a
href=3D"http://lists.ovirt.org/mailman/listinfo/users" rel=3D"noreferrer=
"
target=3D"_blank">http://lists.ovirt.org/mailman/listinfo/us...
<br></blockquote></div></div></div></div><br></div></div><br>______________=
_________________________________<br>Users mailing
list<br>Users(a)ovirt.org<=
br>http://lists.ovirt.org/mailman/listinfo/users<br></div>...
ml --=_3b67a522-cc8c-45aa-bd36-264bacfe713b--
</div><br><div
data-marker=3D"__QUOTED_TEXT__"><div style=3D"font-family: =
lucida console,sans-serif; font-size: 12pt; color: #000000"><div>Hello
Ondr=
a,</div><div>Log is
empty </div><br><div><div>[root@vhe00 ~]# ls -la &=
nbsp;/var/log/httpd/ssl_error_log</div><div>-rw-r--r--. 1 root root 0 Feb
&=
nbsp;2 04:45
/var/log/httpd/ssl_error_log</div></div><br><div>Slava.</div><=
br><hr id=3D"zwchr"><div><b>From: </b>"Ondra
Machacek" &lt;omachace(a)redhat.=
com><br><b>To: </b>"Slava Bendersky"
&lt;volga629(a)networklab.ca&gt;<br><=
b>Cc: </b>"users" &lt;users(a)ovirt.org&gt;, "Ravi"
&lt;rnori(a)redhat.com&gt;<=
br><b>Sent: </b>Saturday, February 4, 2017 10:35:31
AM<br><b>Subject: </b>R=
e: [ovirt-users] FreeIPA with ovirt 4.1<br></div><br><div><div
dir=3D"auto"=
<div><br><div
class=3D"gmail_extra"><br><div class=3D"gmail_quote">On
Feb =
4, 2017 1:21 AM, "Slava Bendersky" <<a
href=3D"mailto:volga629@networkla=
b.ca" target=3D"_blank">volga629(a)networklab.ca</a>&gt;
wrote:<br><blockquot=
e class=3D"quote" style=3D"margin:0 0 0 .8ex;border-left:1px #ccc
solid;pad=
ding-left:1ex"><div><div style=3D"font-family:lucida
console,sans-serif;fon=
t-size:12pt;color:#000000"><div>Hello Everyone,</div><div>Having
trouble im=
plement FreeIPA authentication with GSSAPI SSO and ovirt 4.1. I=
ran setup and it finished OK then it wrote the files bellow. Next I log to=
web admin with internal user and added FeeIPA user as SuperUser role. Also=
I added under System FreeIPA group authorized to login on any attempt to l=
ogin with FreeIPA credentials getting
message</div><br><br><div><div>2017-0=
2-04 00:03:08,464Z ERROR [org.ovirt.engine.core.sso.servlets.InteractiveAut=
hServlet] (default task-6) [] Internal Server Error: Unsupported command</d=
iv><div>2017-02-04 00:03:08,464Z ERROR [org.ovirt.engine.core.sso.utils.Sso=
Utils] (default task-6) [] Unsupported command</div><div>2017-02-04 00:03:0=
8,659Z ERROR [org.ovirt.engine.core.aaa.servlet.SsoPostLoginServlet] (defau=
lt task-3) [] server_error: Unsupported
command</div></div></div></div></bl=
ockquote></div></div></div><div
dir=3D"auto"><br></div><div dir=3D"auto">Ra=
vi, do you know what this can cause?</div><div
dir=3D"auto"><br></div><div =
dir=3D"auto"><div class=3D"gmail_extra"><div
class=3D"gmail_quote"><blockqu=
ote class=3D"quote" style=3D"margin:0 0 0 .8ex;border-left:1px #ccc
solid;p=
adding-left:1ex"><div><div style=3D"font-family:lucida
console,sans-serif;f=
ont-size:12pt;color:#000000"><br><br><div>Also when in
extensions.d directo=
ry contain the following files. If I remove <span style=3D"color:#0000=
00;font-family:'lucida console',sans-serif;font-size:16px;font-style:normal=
;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:normal;=
letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;=
white-space:normal;word-spacing:0px;background-color:#ffffff;display:inline=
!important;float:none">mydomain.lan-authn.properties then in web ui FreeIPA=
domain not showing up in drop down list. Any http don't have influence on =
this.</span></div></div></div></blockquote></div></div></div><div
dir=3D"au=
to"><br></div><div dir=3D"auto">That is correct
behavior, we dont show prof=
iles, which uses http for authn.</div><div
dir=3D"auto"><br></div><div dir=
=3D"auto"><div class=3D"gmail_extra"><div
class=3D"gmail_quote"><blockquote=
class=3D"quote" style=3D"margin:0 0 0 .8ex;border-left:1px #ccc
solid;padd=
ing-left:1ex"><div><div style=3D"font-family:lucida
console,sans-serif;font=
-size:12pt;color:#000000"><div><span
style=3D"color:#000000;font-family:'lu=
cida console',sans-serif;font-size:16px;font-style:normal;font-variant-liga=
tures:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:nor=
mal;text-align:start;text-indent:0px;text-transform:none;white-space:normal=
;word-spacing:0px;background-color:#ffffff;display:inline!important;float:n=
one"><br></span></div><div><div>[root@vhe00
extensions.d]# pwd</div><div>/e=
tc/ovirt-engine/extensions.d</div><br><div>[root@vhe00 extensions.d]#
ls</d=
iv><div>mydomain.lan-authn.properties <span
style=3D"color:#000000;fon=
t-family:'lucida console',sans-serif;font-size:16px;font-style:normal;font-=
variant-ligatures:normal;font-variant-caps:normal;font-weight:normal;letter=
-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-=
space:normal;word-spacing:0px;background-color:#ffffff;display:inline!impor=
tant;float:none">mydomain.lan</span>-http-authn.properties
<span styl=
e=3D"color:#000000;font-family:'lucida console',sans-serif;font-size:16px;f=
ont-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;fon=
t-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text=
-transform:none;white-space:normal;word-spacing:0px;background-color:#fffff=
f;display:inline!important;float:none">mydomain.lan</span>.properties
 =
; internal-authz.properties</div><div><span
style=3D"color:#00=
0000;font-family:'lucida console',sans-serif;font-size:16px;font-style:norm=
al;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:norma=
l;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:non=
e;white-space:normal;word-spacing:0px;background-color:#ffffff;display:inli=
ne!important;float:none">mydomain.lan</span>-authz.properties <span
st=
yle=3D"color:#000000;font-family:'lucida console',sans-serif;font-size:16px=
;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;f=
ont-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;te=
xt-transform:none;white-space:normal;word-spacing:0px;background-color:#fff=
fff;display:inline!important;float:none">mydomain.lan</span>-http-mapping.p=
roperties internal-authn.properties</div><div>[root@vhe00
extensions.=
d]# </div></div><br><br><div>If possible clarify
how it should be and =
what is possible
issue.</div></div></div></blockquote></div></div></div><di=
v dir=3D"auto"><br></div><div dir=3D"auto">Can
you please take a look to /v=
ar/log/httpd/ssl_error_log if any errors there?</div><div
dir=3D"auto"><br>=
</div><div dir=3D"auto"><div
class=3D"gmail_extra"><div class=3D"gmail_quot=
e"><blockquote class=3D"quote" style=3D"margin:0 0 0
.8ex;border-left:1px #=
ccc solid;padding-left:1ex"><div><div style=3D"font-family:lucida
console,s=
ans-serif;font-size:12pt;color:#000000"><span style=3D"color:
#888888;"><br=
<br><br><div>Slava. </div></span></div></div><br>____________________=
___________________________<br
9:31 p.m.
New subject: FreeIPA with ovirt 4.1
Can you please enable DEBUG log of the SSO package and try login and
then share the logs, please?
You can enable the debug log as following (use admin@internal password):
/usr/share/ovirt-engine-wildfly/bin/jboss-cli.sh
--controller=127.0.0.1:8706 --connect --user=admin@internal
"/subsystem=logging/logger=org.ovirt.engine.core.sso:add" &&
/usr/share/ovirt-engine-wildfly/bin/jboss-cli.sh
--controller=127.0.0.1:8706 --connect --user=admin@internal
"/subsystem=logging/logger=org.ovirt.engine.core.sso:write-attribute(name=level,value=DEBUG)"
After tests you can disable it later as follows:
$ /usr/share/ovirt-engine-wildfly/bin/jboss-cli.sh
--controller=127.0.0.1:8706 --connect --user=admin@internal
"/subsystem=logging/logger=org.ovirt.engine.core.sso:remove"
On Thu, Feb 9, 2017 at 3:08 PM, Slava Bendersky <volga629(a)networklab.ca> wrote:
Hello Everyone,
Anything else possible to check ?
Slava.
________________________________
From: "Slava Bendersky" <volga629(a)networklab.ca>
To: "Ondra Machacek" <omachace(a)redhat.com>
Cc: "users" <users(a)ovirt.org>
Sent: Saturday, February 4, 2017 2:27:31 PM
Subject: Re: [ovirt-users] FreeIPA with ovirt 4.1
Hello Ondra,
Log is empty
[root@vhe00 ~]# ls -la /var/log/httpd/ssl_error_log
-rw-r--r--. 1 root root 0 Feb 2 04:45 /var/log/httpd/ssl_error_log
Slava.
________________________________
From: "Ondra Machacek" <omachace(a)redhat.com>
To: "Slava Bendersky" <volga629(a)networklab.ca>
Cc: "users" <users(a)ovirt.org>, "Ravi" <rnori(a)redhat.com>
Sent: Saturday, February 4, 2017 10:35:31 AM
Subject: Re: [ovirt-users] FreeIPA with ovirt 4.1
On Feb 4, 2017 1:21 AM, "Slava Bendersky" <volga629(a)networklab.ca>
wrote:
Hello Everyone,
Having trouble implement FreeIPA authentication with GSSAPI SSO and ovirt
4.1. I ran setup and it finished OK then it wrote the files bellow. Next I
log to web admin with internal user and added FeeIPA user as SuperUser role.
Also I added under System FreeIPA group authorized to login on any attempt
to login with FreeIPA credentials getting message
2017-02-04 00:03:08,464Z ERROR
[org.ovirt.engine.core.sso.servlets.InteractiveAuthServlet] (default task-6)
[] Internal Server Error: Unsupported command
2017-02-04 00:03:08,464Z ERROR [org.ovirt.engine.core.sso.utils.SsoUtils]
(default task-6) [] Unsupported command
2017-02-04 00:03:08,659Z ERROR
[org.ovirt.engine.core.aaa.servlet.SsoPostLoginServlet] (default task-3) []
server_error: Unsupported command
Ravi, do you know what this can cause?
Also when in extensions.d directory contain the following files. If I remove
mydomain.lan-authn.properties then in web ui FreeIPA domain not showing up
in drop down list. Any http don't have influence on this.
That is correct behavior, we dont show profiles, which uses http for authn.
[root@vhe00 extensions.d]# pwd
/etc/ovirt-engine/extensions.d
[root@vhe00 extensions.d]# ls
mydomain.lan-authn.properties mydomain.lan-http-authn.properties
mydomain.lan.properties internal-authz.properties
mydomain.lan-authz.properties mydomain.lan-http-mapping.properties
internal-authn.properties
[root@vhe00 extensions.d]#
If possible clarify how it should be and what is possible issue.
Can you please take a look to /var/log/httpd/ssl_error_log if any errors
there?
Slava.
_______________________________________________
Users mailing list
Users(a)ovirt.org
http://lists.ovirt.org/mailman/listinfo/users
_______________________________________________
Users mailing list
Users(a)ovirt.org
http://lists.ovirt.org/mailman/listinfo/users
8:28 p.m.
New subject: FreeIPA with ovirt 4.1
--=_88f329a8-7b89-4d76-9087-ff4f0ae05113
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
Hello Ondra,
I tried increase logging and command fail
"outcome" => "failed",
"failure-description" => "WFLYCTL0216: Management resource '[
(\"subsystem\" => \"logging\"),
(\"logger\" => \"org.ovirt.engine.core.sso\")
]' not found",
"rolled-back" => true
}
Slava,
From: "Ondra Machacek" <omachace(a)redhat.com>
To: "Slava Bendersky" <volga629(a)networklab.ca>
Cc: "users" <users(a)ovirt.org>
Sent: Thursday, February 9, 2017 2:31:16 PM
Subject: Re: [ovirt-users] FreeIPA with ovirt 4.1
Can you please enable DEBUG log of the SSO package and try login and
then share the logs, please?
You can enable the debug log as following (use admin@internal password):
/usr/share/ovirt-engine-wildfly/bin/jboss-cli.sh
--controller=127.0.0.1:8706 --connect --user=admin@internal
"/subsystem=logging/logger=org.ovirt.engine.core.sso:add" &&
/usr/share/ovirt-engine-wildfly/bin/jboss-cli.sh
--controller=127.0.0.1:8706 --connect --user=admin@internal
"/subsystem=logging/logger=org.ovirt.engine.core.sso:write-attribute(name=level,value=DEBUG)"
After tests you can disable it later as follows:
$ /usr/share/ovirt-engine-wildfly/bin/jboss-cli.sh
--controller=127.0.0.1:8706 --connect --user=admin@internal
"/subsystem=logging/logger=org.ovirt.engine.core.sso:remove"
On Thu, Feb 9, 2017 at 3:08 PM, Slava Bendersky <volga629(a)networklab.ca> wrote:
Hello Everyone,
Anything else possible to check ?
Slava.
________________________________
From: "Slava Bendersky" <volga629(a)networklab.ca>
To: "Ondra Machacek" <omachace(a)redhat.com>
Cc: "users" <users(a)ovirt.org>
Sent: Saturday, February 4, 2017 2:27:31 PM
Subject: Re: [ovirt-users] FreeIPA with ovirt 4.1
Hello Ondra,
Log is empty
[root@vhe00 ~]# ls -la /var/log/httpd/ssl_error_log
-rw-r--r--. 1 root root 0 Feb 2 04:45 /var/log/httpd/ssl_error_log
Slava.
________________________________
From: "Ondra Machacek" <omachace(a)redhat.com>
To: "Slava Bendersky" <volga629(a)networklab.ca>
Cc: "users" <users(a)ovirt.org>, "Ravi" <rnori(a)redhat.com>
Sent: Saturday, February 4, 2017 10:35:31 AM
Subject: Re: [ovirt-users] FreeIPA with ovirt 4.1
On Feb 4, 2017 1:21 AM, "Slava Bendersky" <volga629(a)networklab.ca> wrote:
Hello Everyone,
Having trouble implement FreeIPA authentication with GSSAPI SSO and ovirt
4.1. I ran setup and it finished OK then it wrote the files bellow. Next I
log to web admin with internal user and added FeeIPA user as SuperUser role.
Also I added under System FreeIPA group authorized to login on any attempt
to login with FreeIPA credentials getting message
2017-02-04 00:03:08,464Z ERROR
[org.ovirt.engine.core.sso.servlets.InteractiveAuthServlet] (default task-6)
[] Internal Server Error: Unsupported command
2017-02-04 00:03:08,464Z ERROR [org.ovirt.engine.core.sso.utils.SsoUtils]
(default task-6) [] Unsupported command
2017-02-04 00:03:08,659Z ERROR
[org.ovirt.engine.core.aaa.servlet.SsoPostLoginServlet] (default task-3) []
server_error: Unsupported command
Ravi, do you know what this can cause?
Also when in extensions.d directory contain the following files. If I remove
mydomain.lan-authn.properties then in web ui FreeIPA domain not showing up
in drop down list. Any http don't have influence on this.
That is correct behavior, we dont show profiles, which uses http for authn.
[root@vhe00 extensions.d]# pwd
/etc/ovirt-engine/extensions.d
[root@vhe00 extensions.d]# ls
mydomain.lan-authn.properties mydomain.lan-http-authn.properties
mydomain.lan.properties internal-authz.properties
mydomain.lan-authz.properties mydomain.lan-http-mapping.properties
internal-authn.properties
[root@vhe00 extensions.d]#
If possible clarify how it should be and what is possible issue.
Can you please take a look to /var/log/httpd/ssl_error_log if any errors
there?
Slava.
_______________________________________________
Users mailing list
Users(a)ovirt.org
http://lists.ovirt.org/mailman/listinfo/users
_______________________________________________
Users mailing list
Users(a)ovirt.org
http://lists.ovirt.org/mailman/listinfo/users
--=_88f329a8-7b89-4d76-9087-ff4f0ae05113
Content-Type: text/html; charset=utf-8
Content-Transfer-Encoding: quoted-printable
<html><body><div style=3D"font-family: lucida console,sans-serif;
font-size=
: 12pt; color: #000000"><div>Hello Ondra,</div><div>I tried
increase loggin=
g and command fail</div><div><br
data-mce-bogus=3D"1"></div><div><div> =
; "outcome" =3D>
"failed",</div><div> "failure-descr=
iption" =3D> "WFLYCTL0216: Management resource
'[</div><div>  =
; (\"subsystem\" =3D>
\"logging\"),</div><div> (\"logger\"
=
=3D> \"org.ovirt.engine.core.sso\")</div><div>]' not
found",</div><div>&=
nbsp; "rolled-back" =3D>
true</div><div>}</div></div><div><br></d=
iv><div><br
data-mce-bogus=3D"1"></div><div>Slava,</div><div><br></div><hr
=
id=3D"zwchr" data-marker=3D"__DIVIDER__"><div
data-marker=3D"__HEADERS__"><=
b>From: </b>"Ondra Machacek"
&lt;omachace(a)redhat.com&gt;<br><b>To: </b>"Sla=
va Bendersky" &lt;volga629(a)networklab.ca&gt;<br><b>Cc:
</b>"users" <user=
s(a)ovirt.org&gt;<br><b>Sent: </b>Thursday, February 9, 2017 2:31:16
PM<br><b=
Subject: </b>Re: [ovirt-users] FreeIPA with ovirt
4.1<br></div><br><div da=
ta-marker=3D"__QUOTED_TEXT__">Can you please enable DEBUG log of the
SSO pa=
ckage and try login and<br>then share the logs, please?<br><br>You can
enab=
le the debug log as following (use admin@internal password):<br><br>/usr/sh=
are/ovirt-engine-wildfly/bin/jboss-cli.sh<br>--controller=3D127.0.0.1:8706 =
--connect --user=3Dadmin(a)internal<br>"/subsystem=3Dlogging/logger=3Dorg.ovi=
rt.engine.core.sso:add"
&&<br>/usr/share/ovirt-engine-wildfly/bin/j=
boss-cli.sh<br>--controller=3D127.0.0.1:8706 --connect --user=3Dadmin@inter=
nal<br>"/subsystem=3Dlogging/logger=3Dorg.ovirt.engine.core.sso:write-attri=
bute(name=3Dlevel,value=3DDEBUG)"<br><br>After tests you can disable it
lat=
er as follows:<br><br> $
/usr/share/ovirt-engine-wildfly/bin/jboss-cli=
.sh<br>--controller=3D127.0.0.1:8706 --connect
--user=3Dadmin@internal<br>"=
/subsystem=3Dlogging/logger=3Dorg.ovirt.engine.core.sso:remove"<br><br>On
T=
hu, Feb 9, 2017 at 3:08 PM, Slava Bendersky &lt;volga629(a)networklab.ca&gt; =
wrote:<br>> Hello Everyone,<br>> Anything else possible to check
?<br=
><br>> Slava.<br>><br>>
________________________________<br>&g=
t; From: "Slava
Bendersky" &lt;volga629(a)networklab.ca&gt;<br>&gt; To: "Ondr=
a Machacek" &lt;omachace(a)redhat.com&gt;<br>&gt; Cc:
"users" <users@ovirt=
.org><br>> Sent: Saturday, February 4, 2017 2:27:31
PM<br>><br>>=
; Subject: Re: [ovirt-users] FreeIPA with ovirt 4.1<br>><br>>
Hello O=
ndra,<br>> Log is empty<br>><br>> [root@vhe00 ~]#
ls -la /va=
r/log/httpd/ssl_error_log<br>> -rw-r--r--. 1 root root 0 Feb 2
04:=
45 /var/log/httpd/ssl_error_log<br>><br>>
Slava.<br>><br>> ____=
____________________________<br>> From: "Ondra Machacek"
<omachace@re=
dhat.com><br>> To: "Slava Bendersky"
&lt;volga629(a)networklab.ca&gt;<b=
r>> Cc: "users" &lt;users(a)ovirt.org&gt;, "Ravi"
&lt;rnori(a)redhat.com&gt;=
<br>> Sent: Saturday, February 4, 2017 10:35:31 AM<br>> Subject:
Re: =
[ovirt-users] FreeIPA with ovirt
4.1<br>><br>><br>><br>> On Feb=
4, 2017 1:21 AM, "Slava Bendersky" &lt;volga629(a)networklab.ca&gt;
wrote:<b=
r>><br>> Hello Everyone,<br>> Having trouble implement
FreeI=
PA authentication with GSSAPI SSO and ovirt<br>> 4.1. I ran setup
=
and it finished OK then it wrote the files bellow. Next I<br>> log to we=
b admin with internal user and added FeeIPA user as SuperUser role.<br>>=
Also I added under System FreeIPA group authorized to login on any attempt=
<br>> to login with FreeIPA credentials getting
message<br>><br>><=
br>> 2017-02-04 00:03:08,464Z ERROR<br>>
[org.ovirt.engine.core.sso.s=
ervlets.InteractiveAuthServlet] (default task-6)<br>> [] Internal Server=
Error: Unsupported command<br>> 2017-02-04 00:03:08,464Z ERROR [org.ovi=
rt.engine.core.sso.utils.SsoUtils]<br>> (default task-6) [] Unsupported =
command<br>> 2017-02-04 00:03:08,659Z ERROR<br>>
[org.ovirt.engine.co=
re.aaa.servlet.SsoPostLoginServlet] (default task-3) []<br>> server_erro=
r: Unsupported command<br>><br>><br>> Ravi, do you
know what this =
can cause?<br>><br>><br>><br>> Also
when in extensions.d direct=
ory contain the following files. If I remove<br>> mydomain.lan-authn.pro=
perties then in web ui FreeIPA domain not showing up<br>> in drop down l=
ist. Any http don't have influence on
this.<br>><br>><br>> That is=
correct behavior, we dont show profiles, which uses http for authn.<br>>=
;<br>><br>> [root@vhe00 extensions.d]# pwd<br>>
/etc/ovirt-engine/=
extensions.d<br>><br>> [root@vhe00 extensions.d]#
ls<br>> mydomain=
.lan-authn.properties mydomain.lan-http-authn.properties<br>> mydomain.l=
an.properties internal-authz.properties<br>>
mydomai=
n.lan-authz.properties mydomain.lan-http-mapping.properties<br>> interna=
l-authn.properties<br>> [root@vhe00
extensions.d]#<br>><br>><br>&g=
t; If possible clarify how it should be and what is possible issue.<br>>=
<br>><br>> Can you please take a look to
/var/log/httpd/ssl_error_log=
if any errors<br>>
there?<br>><br>><br>><br>><br>>
Slava=
.<br>><br>>
_______________________________________________<br>> U=
sers mailing list<br>> Users(a)ovirt.org<br>&gt;
http://lists.ovirt.org/ma=
ilman/listinfo/users<br>><br>><br>><br>>
______________________=
_________________________<br>> Users mailing list<br>>
Users(a)ovirt.or=
g<br>>
http://lists.ovirt.org/mailman/listinfo/users<br></div></d...
dy></html>
--=_88f329a8-7b89-4d76-9087-ff4f0ae05113--
3:40 p.m.
New subject: FreeIPA with ovirt 4.1
Looking at the error message again it says 'Unsupported command',
Can you please share your properties files? I think that you have
misconfugred it, I guess you use for example AuthzExtension instead
of AuthnExtension or vice versa, maybe misconfigured mapping.
On Fri, Feb 10, 2017 at 6:28 PM, Slava Bendersky <volga629(a)networklab.ca> wrote:
Hello Ondra,
I tried increase logging and command fail
"outcome" => "failed",
"failure-description" => "WFLYCTL0216: Management resource '[
(\"subsystem\" => \"logging\"),
(\"logger\" => \"org.ovirt.engine.core.sso\")
]' not found",
"rolled-back" => true
}
Slava,
________________________________
From: "Ondra Machacek" <omachace(a)redhat.com>
To: "Slava Bendersky" <volga629(a)networklab.ca>
Cc: "users" <users(a)ovirt.org>
Sent: Thursday, February 9, 2017 2:31:16 PM
Subject: Re: [ovirt-users] FreeIPA with ovirt 4.1
Can you please enable DEBUG log of the SSO package and try login and
then share the logs, please?
You can enable the debug log as following (use admin@internal password):
/usr/share/ovirt-engine-wildfly/bin/jboss-cli.sh
--controller=127.0.0.1:8706 --connect --user=admin@internal
"/subsystem=logging/logger=org.ovirt.engine.core.sso:add" &&
/usr/share/ovirt-engine-wildfly/bin/jboss-cli.sh
--controller=127.0.0.1:8706 --connect --user=admin@internal
"/subsystem=logging/logger=org.ovirt.engine.core.sso:write-attribute(name=level,value=DEBUG)"
After tests you can disable it later as follows:
$ /usr/share/ovirt-engine-wildfly/bin/jboss-cli.sh
--controller=127.0.0.1:8706 --connect --user=admin@internal
"/subsystem=logging/logger=org.ovirt.engine.core.sso:remove"
On Thu, Feb 9, 2017 at 3:08 PM, Slava Bendersky <volga629(a)networklab.ca>
wrote:
> Hello Everyone,
> Anything else possible to check ?
>
> Slava.
>
> ________________________________
> From: "Slava Bendersky" <volga629(a)networklab.ca>
> To: "Ondra Machacek" <omachace(a)redhat.com>
> Cc: "users" <users(a)ovirt.org>
> Sent: Saturday, February 4, 2017 2:27:31 PM
>
> Subject: Re: [ovirt-users] FreeIPA with ovirt 4.1
>
> Hello Ondra,
> Log is empty
>
> [root@vhe00 ~]# ls -la /var/log/httpd/ssl_error_log
> -rw-r--r--. 1 root root 0 Feb 2 04:45 /var/log/httpd/ssl_error_log
>
> Slava.
>
> ________________________________
> From: "Ondra Machacek" <omachace(a)redhat.com>
> To: "Slava Bendersky" <volga629(a)networklab.ca>
> Cc: "users" <users(a)ovirt.org>, "Ravi"
<rnori(a)redhat.com>
> Sent: Saturday, February 4, 2017 10:35:31 AM
> Subject: Re: [ovirt-users] FreeIPA with ovirt 4.1
>
>
>
> On Feb 4, 2017 1:21 AM, "Slava Bendersky" <volga629(a)networklab.ca>
wrote:
>
> Hello Everyone,
> Having trouble implement FreeIPA authentication with GSSAPI SSO and
> ovirt
> 4.1. I ran setup and it finished OK then it wrote the files bellow. Next I
> log to web admin with internal user and added FeeIPA user as SuperUser
> role.
> Also I added under System FreeIPA group authorized to login on any attempt
> to login with FreeIPA credentials getting message
>
>
> 2017-02-04 00:03:08,464Z ERROR
> [org.ovirt.engine.core.sso.servlets.InteractiveAuthServlet] (default
> task-6)
> [] Internal Server Error: Unsupported command
> 2017-02-04 00:03:08,464Z ERROR [org.ovirt.engine.core.sso.utils.SsoUtils]
> (default task-6) [] Unsupported command
> 2017-02-04 00:03:08,659Z ERROR
> [org.ovirt.engine.core.aaa.servlet.SsoPostLoginServlet] (default task-3)
> []
> server_error: Unsupported command
>
>
> Ravi, do you know what this can cause?
>
>
>
> Also when in extensions.d directory contain the following files. If I
> remove
> mydomain.lan-authn.properties then in web ui FreeIPA domain not showing up
> in drop down list. Any http don't have influence on this.
>
>
> That is correct behavior, we dont show profiles, which uses http for
> authn.
>
>
> [root@vhe00 extensions.d]# pwd
> /etc/ovirt-engine/extensions.d
>
> [root@vhe00 extensions.d]# ls
> mydomain.lan-authn.properties mydomain.lan-http-authn.properties
> mydomain.lan.properties internal-authz.properties
> mydomain.lan-authz.properties mydomain.lan-http-mapping.properties
> internal-authn.properties
> [root@vhe00 extensions.d]#
>
>
> If possible clarify how it should be and what is possible issue.
>
>
> Can you please take a look to /var/log/httpd/ssl_error_log if any errors
> there?
>
>
>
>
> Slava.
>
> _______________________________________________
> Users mailing list
> Users(a)ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
>
>
>
> _______________________________________________
> Users mailing list
> Users(a)ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
2839
days inactive
2850
days old
5 comments
2 participants
participants (2)
-
Ondra Machacek -
Slava Bendersky