Are you referring to this: http://www.ovirt.org/Features/AAA ? I only configured the engine with "engine-manage-domains" isn't it enough? Anyway this is engine.log: 2015-07-24 11:59:42,337 INFO [org.ovirt.engine.core.bll.aaa.LoginUserCommand] (ajp--127.0.0.1-8702-2) Running command: LoginUserCommand internal: false. 2015-07-24 11:59:42,348 INFO [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] (ajp--127.0.0.1-8702-2) Correlation ID: null, Call Stack: null, Custom Event ID: -1, Message: User c.mammoli@apra.it logged in. 2015-07-24 11:59:44,364 INFO [org.ovirt.engine.core.bll.SetVmTicketCommand] (ajp--127.0.0.1-8702-9) [44b9b110] Running command: SetVmTicketCommand internal: false. Entities affected : ID: 01453005-cbcf-47b1-a066-015777d158b5 Type: VMAction group CONNECT_TO_VM with role type USER 2015-07-24 11:59:44,370 INFO [org.ovirt.engine.core.vdsbroker.vdsbroker.SetVmTicketVDSCommand] (ajp--127.0.0.1-8702-9) [44b9b110] START, SetVmTicketVDSCommand(HostName = kvm02, HostId = 4aeb8095-1198-4afe-aab2-d9c6408c88c2, vmId=01453005-cbcf-47b1-a066-015777d158b5, ticket=rdFW/mdMiBxO, validTime=120,m userName=c.mammoli, userId=d69d8d20-68b7-4fed-9c08-5c2ecb257583), log id: 25c99c46 2015-07-24 11:59:44,412 INFO [org.ovirt.engine.core.vdsbroker.vdsbroker.SetVmTicketVDSCommand] (ajp--127.0.0.1-8702-9) [44b9b110] FINISH, SetVmTicketVDSCommand, log id: 25c99c46 2015-07-24 11:59:44,436 INFO [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] (ajp--127.0.0.1-8702-9) [44b9b110] Correlation ID: 44b9b110, Call Stack: null, Custom Event ID: -1, Message: user c.mammoli@apra.it initiated console session for VM TestPoolMan-1 2015-07-24 11:59:44,610 WARN [org.ovirt.engine.core.dal.job.ExecutionMessageDirector] (ajp--127.0.0.1-8702-3) [27c3ee74] The message key VmLogon is missing from bundles/ExecutionMessages 2015-07-24 11:59:44,637 INFO [org.ovirt.engine.core.bll.VmLogonCommand] (ajp--127.0.0.1-8702-3) [27c3ee74] Running command: VmLogonCommand internal: false. Entities affected : ID: 01453005-cbcf-47b1-a066-015777d158b5 Type: VMAction group CONNECT_TO_VM with role type USER 2015-07-24 11:59:44,642 INFO [org.ovirt.engine.core.vdsbroker.vdsbroker.VmLogonVDSCommand] (ajp--127.0.0.1-8702-3) [27c3ee74] START, VmLogonVDSCommand(HostName = kvm02, HostId = 4aeb8095-1198-4afe-aab2-d9c6408c88c2, vmId=01453005-cbcf-47b1-a066-015777d158b5, domain=apra.it, password=******, userName=c.mammoli@apra.it), log id: 6bf25e51 2015-07-24 11:59:44,652 INFO [org.ovirt.engine.core.vdsbroker.vdsbroker.VmLogonVDSCommand] (ajp--127.0.0.1-8702-3) [27c3ee74] FINISH, VmLogonVDSCommand, log id: 6bf25e51 2015-07-24 11:59:58,888 INFO [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] (DefaultQuartzScheduler_Worker-63) Correlation ID: null, Call Stack: null, Custom Event ID: -1, Message: User c.mammoli@apra.it is connected to VM TestPoolMan-1. Il 24/07/2015 11:02, Alon Bar-Lev ha scritto:
Any log will be helpful, engine side and guest agent side.
Also, please note this bug[1], due to incorrect assumptions in implementation, your authz provider name must match the active directory name in order password delegation to properly work.
[1] https://bugzilla.redhat.com/show_bug.cgi?id=1133137
----- Original Message -----