<div><br data-mce-bogus=3D"1"></div><div><div>[root@vhe00 ~]# ls -la = ;/var/log/httpd/ssl_error_log</div><div>-rw-r--r--. 1 root root 0 Feb = ;2 04:45 /var/log/httpd/ssl_error_log</div></div><div><br></div><div>Slava.= </div><div><br></div><hr id=3D"zwchr" data-marker=3D"__DIVIDER__"><div data= -marker=3D"__HEADERS__"><b>From: </b>"Ondra Machacek" <omachace@redhat.c= om><br><b>To: </b>"Slava Bendersky" <volga629@networklab.ca><br><b= Cc: </b>"users" <users@ovirt.org>, "Ravi" <rnori@redhat.com><b= r><b>Sent: </b>Saturday, February 4, 2017 10:35:31 AM<br><b>Subject: </b>Re= : [ovirt-users] FreeIPA with ovirt 4.1<br></div><br><div data-marker=3D"__Q= UOTED_TEXT__"><div dir=3D"auto"><div><br><div class=3D"gmail_extra"><br><di= v class=3D"gmail_quote">On Feb 4, 2017 1:21 AM, "Slava Bendersky" <<a hr= ef=3D"mailto:volga629@networklab.ca" target=3D"_blank">volga629@networklab.= ca</a>> wrote:<br><blockquote class=3D"quote" style=3D"margin:0 0 0 .8ex= ;border-left:1px #ccc solid;padding-left:1ex"><div><div style=3D"font-famil= y:lucida console,sans-serif;font-size:12pt;color:#000000"><div>Hello Everyo= ne,</div><div>Having trouble implement FreeIPA authentication with GS= SAPI SSO and ovirt 4.1. I ran setup and it finished OK then it wrote =
<br></div><div dir=3D"auto">Ravi, do you know what this can cause?</div><d= iv dir=3D"auto"><br></div><div dir=3D"auto"><div class=3D"gmail_extra"><div= class=3D"gmail_quote"><blockquote class=3D"quote" style=3D"margin:0 0 0 .8= ex;border-left:1px #ccc solid;padding-left:1ex"><div><div style=3D"font-fam= ily:lucida console,sans-serif;font-size:12pt;color:#000000"><br><br><div>Al= so when in extensions.d directory contain the following files. If I remove&= nbsp;<span style=3D"color:#000000;font-family:'lucida console',sans-serif;f= ont-size:16px;font-style:normal;font-variant-ligatures:normal;font-variant-= caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-= indent:0px;text-transform:none;white-space:normal;word-spacing:0px;backgrou= nd-color:#ffffff;display:inline!important;float:none">mydomain.lan-authn.pr= operties then in web ui FreeIPA domain not showing up in drop down list. An= y http don't have influence on this.</span></div></div></div></blockquote><= /div></div></div><div dir=3D"auto"><br></div><div dir=3D"auto">That is corr= ect behavior, we dont show profiles, which uses http for authn.</div><div d= ir=3D"auto"><br></div><div dir=3D"auto"><div class=3D"gmail_extra"><div cla= ss=3D"gmail_quote"><blockquote class=3D"quote" style=3D"margin:0 0 0 .8ex;b= order-left:1px #ccc solid;padding-left:1ex"><div><div style=3D"font-family:= lucida console,sans-serif;font-size:12pt;color:#000000"><div><span style=3D= "color:#000000;font-family:'lucida console',sans-serif;font-size:16px;font-=
<div><span style=3D"color:#000000;font-family:'lucida console',sans-serif;= font-size:16px;font-style:normal;font-variant-ligatures:normal;font-variant= -caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text= -indent:0px;text-transform:none;white-space:normal;word-spacing:0px;backgro= und-color:#ffffff;display:inline!important;float:none">mydomain.lan</span>-= authz.properties <span style=3D"color:#000000;font-family:'lucida cons=
--=_9e770b27-ce9e-4947-ad28-d55af2eb48ee Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit Hello Ondra, Log is empty [root@vhe00 ~]# ls -la /var/log/httpd/ssl_error_log -rw-r--r--. 1 root root 0 Feb 2 04:45 /var/log/httpd/ssl_error_log Slava. From: "Ondra Machacek" <omachace@redhat.com> To: "Slava Bendersky" <volga629@networklab.ca> Cc: "users" <users@ovirt.org>, "Ravi" <rnori@redhat.com> Sent: Saturday, February 4, 2017 10:35:31 AM Subject: Re: [ovirt-users] FreeIPA with ovirt 4.1 On Feb 4, 2017 1:21 AM, "Slava Bendersky" < [ mailto:volga629@networklab.ca | volga629@networklab.ca ] > wrote: Hello Everyone, Having trouble implement FreeIPA authentication with GSSAPI SSO and ovirt 4.1. I ran setup and it finished OK then it wrote the files bellow. Next I log to web admin with internal user and added FeeIPA user as SuperUser role. Also I added under System FreeIPA group authorized to login on any attempt to login with FreeIPA credentials getting message 2017-02-04 00:03:08,464Z ERROR [org.ovirt.engine.core.sso.servlets.InteractiveAuthServlet] (default task-6) [] Internal Server Error: Unsupported command 2017-02-04 00:03:08,464Z ERROR [org.ovirt.engine.core.sso.utils.SsoUtils] (default task-6) [] Unsupported command 2017-02-04 00:03:08,659Z ERROR [org.ovirt.engine.core.aaa.servlet.SsoPostLoginServlet] (default task-3) [] server_error: Unsupported command Ravi, do you know what this can cause? BQ_BEGIN Also when in extensions.d directory contain the following files. If I remove mydomain.lan-authn.properties then in web ui FreeIPA domain not showing up in drop down list. Any http don't have influence on this. BQ_END That is correct behavior, we dont show profiles, which uses http for authn. BQ_BEGIN [root@vhe00 extensions.d]# pwd /etc/ovirt-engine/extensions.d [root@vhe00 extensions.d]# ls mydomain.lan-authn.properties mydomain.lan -http-authn.properties mydomain.lan .properties internal-authz.properties mydomain.lan -authz.properties mydomain.lan -http-mapping.properties internal-authn.properties [root@vhe00 extensions.d]# If possible clarify how it should be and what is possible issue. BQ_END Can you please take a look to /var/log/httpd/ssl_error_log if any errors there? BQ_BEGIN Slava. _______________________________________________ Users mailing list [ mailto:Users@ovirt.org | Users@ovirt.org ] [ http://lists.ovirt.org/mailman/listinfo/users | http://lists.ovirt.org/mailman/listinfo/users ] BQ_END --=_9e770b27-ce9e-4947-ad28-d55af2eb48ee Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: quoted-printable <html><body><div style=3D"font-family: lucida console,sans-serif; font-size= : 12pt; color: #000000"><div>Hello Ondra,</div><div>Log is empty </div= the files bellow. Next I log to web admin with internal user and added FeeI= PA user as SuperUser role. Also I added under System FreeIPA group authoriz= ed to login on any attempt to login with FreeIPA credentials getting messag= e</div><br><br><div><div>2017-02-04 00:03:08,464Z ERROR [org.ovirt.engine.c= ore.sso.servlets.InteractiveAuthServlet] (default task-6) [] Internal Serve= r Error: Unsupported command</div><div>2017-02-04 00:03:08,464Z ERROR [org.= ovirt.engine.core.sso.utils.SsoUtils] (default task-6) [] Unsupported comma= nd</div><div>2017-02-04 00:03:08,659Z ERROR [org.ovirt.engine.core.aaa.serv= let.SsoPostLoginServlet] (default task-3) [] server_error: Unsupported comm= and</div></div></div></div></blockquote></div></div></div><div dir=3D"auto"= style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-we= ight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-tra= nsform:none;white-space:normal;word-spacing:0px;background-color:#ffffff;di= splay:inline!important;float:none"><br></span></div><div><div>[root@vhe00 e= xtensions.d]# pwd</div><div>/etc/ovirt-engine/extensions.d</div><br><div>[r= oot@vhe00 extensions.d]# ls</div><div>mydomain.lan-authn.properties <s= pan style=3D"color:#000000;font-family:'lucida console',sans-serif;font-siz= e:16px;font-style:normal;font-variant-ligatures:normal;font-variant-caps:no= rmal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:= 0px;text-transform:none;white-space:normal;word-spacing:0px;background-colo= r:#ffffff;display:inline!important;float:none">mydomain.lan</span>-http-aut= hn.properties <span style=3D"color:#000000;font-family:'lucida consol= e',sans-serif;font-size:16px;font-style:normal;font-variant-ligatures:norma= l;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-al= ign:start;text-indent:0px;text-transform:none;white-space:normal;word-spaci= ng:0px;background-color:#ffffff;display:inline!important;float:none">mydoma= in.lan</span>.properties internal-authz.properties</div= ole',sans-serif;font-size:16px;font-style:normal;font-variant-ligatures:nor= mal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-= align:start;text-indent:0px;text-transform:none;white-space:normal;word-spa= cing:0px;background-color:#ffffff;display:inline!important;float:none">mydo= main.lan</span>-http-mapping.properties internal-authn.properties</di= v><div>[root@vhe00 extensions.d]# </div></div><br><br><div>If possible= clarify how it should be and what is possible issue.</div></div></div></bl= ockquote></div></div></div><div dir=3D"auto"><br></div><div dir=3D"auto">Ca= n you please take a look to /var/log/httpd/ssl_error_log if any errors ther= e?</div><div dir=3D"auto"><br></div><div dir=3D"auto"><div class=3D"gmail_e= xtra"><div class=3D"gmail_quote"><blockquote class=3D"quote" style=3D"margi= n:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div style= =3D"font-family:lucida console,sans-serif;font-size:12pt;color:#000000"><sp= an color=3D"#888888" data-mce-style=3D"color: #888888;" style=3D"color: #88= 8888;"><br><br><br><div>Slava. </div></span></div></div><br>__________= _____________________________________<br> Users mailing list<br> <a href=3D"mailto:Users@ovirt.org" target=3D"_blank">Users@ovirt.org</a><br=
<a href=3D"http://lists.ovirt.org/mailman/listinfo/users" rel=3D"noreferrer= " target=3D"_blank">http://lists.ovirt.org/mailman/listinfo/users</a><br> <br></blockquote></div></div></div></div><br></div></div></body></html> --=_9e770b27-ce9e-4947-ad28-d55af2eb48ee--