--Apple-Mail=_9ED81BE2-C4F2-4498-AF75-E043C140051C Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8
On Jul 15, 2016, at 11:50 AM, Tadas <tadas@ring.lt> wrote: =20 Hello, i'm struggling to get oVirt SSO working on Linux guest VM. I can confirm, that SSO is fully functional on Windows guest (please note it's not a full oVirt installation - I'm just testing oVirt guest agent on virtual machines running on plain KVM hypervisor). =20 Steps I've made: got oVirt guest agent up and running, I can communicate with it from hypervisor: =20 socat /var/lib/libvirt/qemu/channel/target/domain-80-KDE64_1/com.kvm- vdi.0 - {"__name__": "os-version", "version": "4.6.0-1-amd64"} Compiled and copied pam_ovirt_cred.so to = /lib/x86_64-linux-gnu/security =20 Configured /etc/pam.d/kdm-ovirt-cred with: =20 %PAM-1.0 auth required pam_ovirt_cred.so auth include password-auth account include password-auth password include password-auth session required pam_selinux.so close session required pam_selinux.so open session include password-auth =20 Compiled and copied kgreet_ovirtcred.so to /usr/lib/kde4 =20 Configured /etc/kde4/kdm/kdmrc with: =20 PluginsLogin=3Dovirtcred
you should just add ovirtcred and not remove all the other options, = without the other options you=E2=80=99re not able to login
=20 Symptoms: After starting kdm, I get login prompt with barely visible title (I assume it should spell "oVirt Authentication" from kgreet_ovirtcred.cpp). Username and password boxes are inactive - i cannot enter anything to them. After emitting username/password to oVirt agent, I can see the following log entries: =20 Dummy-1::INFO::2016-07-15 12:29:51,628::CredServer::207::root::The following users are allowed to connect: [0] Dummy-1::INFO::2016-07-15 12:29:51,629::CredServer::273::root::Opening credentials channel... Dummy-1::INFO::2016-07-15 = 12:29:51,629::CredServer::132::root::Emitting user authenticated signal (509542). CredChannel::INFO::2016-07-15 12:29:56,634::CredServer::241::root::Credentials channel timed out. =20 The only thing that worries me, - are the entries in kdm.log file: =20 klauncher(6100) kdemain: No DBUS session-bus found. Check if you have started the DBUS server.=20
To me it looks like that you=E2=80=99re missing=20 = https://github.com/oVirt/ovirt-guest-agent/blob/master/ovirt-guest-agent/o= rg.ovirt.vdsm.Credentials.conf = <https://github.com/oVirt/ovirt-guest-agent/blob/master/ovirt-guest-agent/= org.ovirt.vdsm.Credentials.conf>
=20 Since oVirt guest agent sends wakeup message to greeter plugin via Dbus, perhaps this is the problem? Maybe someone had the same problem here? This happens on Debian 8 and 9.
However the KDM support is basically not really developed anymore as the = majority of our users are rather using GDM. So there=E2=80=99s quite the = possibility that there=E2=80=99s a problem.
=20 Thank you. =20 =20 _______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
--Apple-Mail=_9ED81BE2-C4F2-4498-AF75-E043C140051C Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=utf-8 <html><head><meta http-equiv=3D"Content-Type" content=3D"text/html = charset=3Dutf-8"></head><body style=3D"word-wrap: break-word; = -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" = class=3D""><br class=3D""><div><blockquote type=3D"cite" class=3D""><div = class=3D"">On Jul 15, 2016, at 11:50 AM, Tadas <<a = href=3D"mailto:tadas@ring.lt" class=3D"">tadas@ring.lt</a>> = wrote:</div><br class=3D"Apple-interchange-newline"><div class=3D""><div = class=3D"">Hello,<br class=3D"">i'm struggling to get oVirt SSO working = on Linux guest VM.<br class=3D"">I can confirm, that SSO is fully = functional on Windows guest (please<br class=3D"">note it's not a full = oVirt installation - I'm just testing oVirt guest<br class=3D"">agent on = virtual machines running on plain KVM hypervisor).<br class=3D""><br = class=3D"">Steps I've made:<br class=3D"">got oVirt guest agent up and = running, I can communicate with it from<br class=3D"">hypervisor:<br = class=3D""><br class=3D"">socat = /var/lib/libvirt/qemu/channel/target/domain-80-KDE64_1/com.kvm-<br = class=3D"">vdi.0 -<br class=3D"">{"__name__": "os-version", "version": = "4.6.0-1-amd64"}<br class=3D"">Compiled and copied pam_ovirt_cred.so = to /lib/x86_64-linux-gnu/security<br class=3D""><br = class=3D"">Configured /etc/pam.d/kdm-ovirt-cred with:<br class=3D""><br = class=3D"">%PAM-1.0<br = class=3D"">auth required&nb= sp; pam_ovirt_cred.so<br = class=3D"">auth include&nbs= p; password-auth<br = class=3D"">account include &= nbsp; password-auth<br = class=3D"">password include = password-auth<br = class=3D"">session required = pam_selinux.so close<br = class=3D"">session required = pam_selinux.so open<br = class=3D"">session include &= nbsp; password-auth<br class=3D""><br class=3D"">Compiled and = copied kgreet_ovirtcred.so to /usr/lib/kde4<br class=3D""><br = class=3D"">Configured /etc/kde4/kdm/kdmrc with:<br class=3D""><br = class=3D"">PluginsLogin=3Dovirtcred<br = class=3D""></div></div></blockquote><div><br class=3D""></div><div>you = should just add ovirtcred and not remove all the other options, without = the other options you=E2=80=99re not able to login</div><br = class=3D""><blockquote type=3D"cite" class=3D""><div class=3D""><div = class=3D""><br class=3D"">Symptoms:<br class=3D"">After starting kdm, I = get login prompt with barely visible title (I<br class=3D"">assume it = should spell "oVirt Authentication" from<br = class=3D"">kgreet_ovirtcred.cpp). Username and password boxes are = inactive - i<br class=3D"">cannot enter anything to them. After emitting = username/password to<br class=3D"">oVirt agent, I can see the following = log entries:<br class=3D""><br class=3D"">Dummy-1::INFO::2016-07-15 = 12:29:51,628::CredServer::207::root::The<br class=3D"">following users = are allowed to connect: [0]<br class=3D"">Dummy-1::INFO::2016-07-15 = 12:29:51,629::CredServer::273::root::Opening<br class=3D"">credentials = channel...<br class=3D"">Dummy-1::INFO::2016-07-15 = 12:29:51,629::CredServer::132::root::Emitting<br class=3D"">user = authenticated signal (509542).<br = class=3D"">CredChannel::INFO::2016-07-15<br = class=3D"">12:29:56,634::CredServer::241::root::Credentials channel = timed out.<br class=3D""><br class=3D"">The only thing that worries me, = - are the entries in kdm.log file:<br class=3D""><br = class=3D"">klauncher(6100) kdemain: No DBUS session-bus found. Check if = you have<br class=3D"">started the DBUS server. <br = class=3D""></div></div></blockquote><div><br class=3D""></div><div>To me = it looks like that you=E2=80=99re missing </div><div><a = href=3D"https://github.com/oVirt/ovirt-guest-agent/blob/master/ovirt-guest= -agent/org.ovirt.vdsm.Credentials.conf" = class=3D"">https://github.com/oVirt/ovirt-guest-agent/blob/master/ovirt-gu= est-agent/org.ovirt.vdsm.Credentials.conf</a></div><div><br = class=3D""></div><div><br class=3D""></div><br class=3D""><blockquote = type=3D"cite" class=3D""><div class=3D""><div class=3D""><br = class=3D"">Since oVirt guest agent sends wakeup message to greeter = plugin via<br class=3D"">Dbus, perhaps this is the problem? Maybe = someone had the same problem<br class=3D"">here?<br class=3D"">This = happens on Debian 8 and 9.<br class=3D""></div></div></blockquote><div><br= class=3D""></div><div><br class=3D""></div><div>However the KDM support = is basically not really developed anymore as the majority of our users = are rather using GDM. So there=E2=80=99s quite the possibility that = there=E2=80=99s a problem.</div><br class=3D""><blockquote type=3D"cite" = class=3D""><div class=3D""><div class=3D""><br class=3D"">Thank you.<br = class=3D""><br class=3D""><br = class=3D"">_______________________________________________<br = class=3D"">Users mailing list<br class=3D""><a = href=3D"mailto:Users@ovirt.org" class=3D"">Users@ovirt.org</a><br = class=3D"">http://lists.ovirt.org/mailman/listinfo/users<br = class=3D""></div></div></blockquote></div><br class=3D""></body></html>= --Apple-Mail=_9ED81BE2-C4F2-4498-AF75-E043C140051C--