2:54 p.m.
--Apple-Mail=_9ED81BE2-C4F2-4498-AF75-E043C140051C
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
charset=utf-8
On Jul 15, 2016, at 11:50 AM, Tadas <tadas(a)ring.lt> wrote:
=20
Hello,
i'm struggling to get oVirt SSO working on Linux guest VM.
I can confirm, that SSO is fully functional on Windows guest (please
note it's not a full oVirt installation - I'm just testing oVirt guest
agent on virtual machines running on plain KVM hypervisor).
=20
Steps I've made:
got oVirt guest agent up and running, I can communicate with it from
hypervisor:
=20
socat /var/lib/libvirt/qemu/channel/target/domain-80-KDE64_1/com.kvm-
vdi.0 -
{"__name__": "os-version", "version":
"4.6.0-1-amd64"}
Compiled and copied pam_ovirt_cred.so to =
/lib/x86_64-linux-gnu/security
=20
Configured /etc/pam.d/kdm-ovirt-cred with:
=20
%PAM-1.0
auth required pam_ovirt_cred.so
auth include password-auth
account include password-auth
password include password-auth
session required pam_selinux.so close
session required pam_selinux.so open
session include password-auth
=20
Compiled and copied kgreet_ovirtcred.so to /usr/lib/kde4
=20
Configured /etc/kde4/kdm/kdmrc with:
=20
PluginsLogin=3Dovirtcred
you should just add ovirtcred and not remove all the other options, =
without the other options you=E2=80=99re not able to login
=20
Symptoms:
After starting kdm, I get login prompt with barely visible title (I
assume it should spell "oVirt Authentication" from
kgreet_ovirtcred.cpp). Username and password boxes are inactive - i
cannot enter anything to them. After emitting username/password to
oVirt agent, I can see the following log entries:
=20
Dummy-1::INFO::2016-07-15 12:29:51,628::CredServer::207::root::The
following users are allowed to connect: [0]
Dummy-1::INFO::2016-07-15 12:29:51,629::CredServer::273::root::Opening
credentials channel...
Dummy-1::INFO::2016-07-15 =
12:29:51,629::CredServer::132::root::Emitting
user authenticated signal (509542).
CredChannel::INFO::2016-07-15
12:29:56,634::CredServer::241::root::Credentials channel timed out.
=20
The only thing that worries me, - are the entries in kdm.log file:
=20
klauncher(6100) kdemain: No DBUS session-bus found. Check if you have
started the DBUS server.=20
To me it looks like that you=E2=80=99re missing=20
=
https://github.com/oVirt/ovirt-guest-agent/blob/master/ovirt-guest-agent/o=
rg.ovirt.vdsm.Credentials.conf =
<https://github.com/oVirt/ovirt-guest-agent/blob/master/ovirt-guest-agent/=
org.ovirt.vdsm.Credentials.conf>
=20
Since oVirt guest agent sends wakeup message to greeter plugin via
Dbus, perhaps this is the problem? Maybe someone had the same problem
here?
This happens on Debian 8 and 9.
However the KDM support is basically not really developed anymore as the =
majority of our users are rather using GDM. So there=E2=80=99s quite the =
possibility that there=E2=80=99s a problem.
=20
Thank you.
=20
=20
_______________________________________________
Users mailing list
Users(a)ovirt.org
http://lists.ovirt.org/mailman/listinfo/users
--Apple-Mail=_9ED81BE2-C4F2-4498-AF75-E043C140051C
Content-Transfer-Encoding: quoted-printable
Content-Type: text/html;
charset=utf-8
<html><head><meta http-equiv=3D"Content-Type"
content=3D"text/html =
charset=3Dutf-8"></head><body style=3D"word-wrap: break-word; =
-webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" =
class=3D""><br class=3D""><div><blockquote
type=3D"cite" class=3D""><div =
class=3D"">On Jul 15, 2016, at 11:50 AM, Tadas <<a =
href=3D"mailto:tadas@ring.lt"
class=3D"">tadas(a)ring.lt</a>&gt; =
wrote:</div><br class=3D"Apple-interchange-newline"><div
class=3D""><div =
class=3D"">Hello,<br class=3D"">i'm struggling to get
oVirt SSO working =
on Linux guest VM.<br class=3D"">I can confirm, that SSO is fully =
functional on Windows guest (please<br class=3D"">note it's not a full
=
oVirt installation - I'm just testing oVirt guest<br class=3D"">agent
on =
virtual machines running on plain KVM hypervisor).<br class=3D""><br =
class=3D"">Steps I've made:<br class=3D"">got oVirt guest
agent up and =
running, I can communicate with it from<br class=3D"">hypervisor:<br =
class=3D""><br class=3D"">socat =
/var/lib/libvirt/qemu/channel/target/domain-80-KDE64_1/com.kvm-<br =
class=3D"">vdi.0 -<br class=3D"">{"__name__":
"os-version", "version": =
"4.6.0-1-amd64"}<br class=3D"">Compiled and copied
pam_ovirt_cred.so =
to /lib/x86_64-linux-gnu/security<br class=3D""><br =
class=3D"">Configured /etc/pam.d/kdm-ovirt-cred with:<br
class=3D""><br =
class=3D"">%PAM-1.0<br =
class=3D"">auth required&nb=
sp; pam_ovirt_cred.so<br =
class=3D"">auth include&nbs=
p; password-auth<br =
class=3D"">account include &=
nbsp; password-auth<br =
class=3D"">password include =
password-auth<br =
class=3D"">session required =
pam_selinux.so close<br =
class=3D"">session required =
pam_selinux.so open<br =
class=3D"">session include &=
nbsp; password-auth<br class=3D""><br
class=3D"">Compiled and =
copied kgreet_ovirtcred.so to /usr/lib/kde4<br class=3D""><br
=
class=3D"">Configured /etc/kde4/kdm/kdmrc with:<br
class=3D""><br =
class=3D"">PluginsLogin=3Dovirtcred<br =
class=3D""></div></div></blockquote><div><br
class=3D""></div><div>you =
should just add ovirtcred and not remove all the other options, without =
the other options you=E2=80=99re not able to login</div><br =
class=3D""><blockquote type=3D"cite"
class=3D""><div class=3D""><div =
class=3D""><br class=3D"">Symptoms:<br
class=3D"">After starting kdm, I =
get login prompt with barely visible title (I<br class=3D"">assume it =
should spell "oVirt Authentication" from<br =
class=3D"">kgreet_ovirtcred.cpp). Username and password boxes are =
inactive - i<br class=3D"">cannot enter anything to them. After emitting
=
username/password to<br class=3D"">oVirt agent, I can see the following =
log entries:<br class=3D""><br
class=3D"">Dummy-1::INFO::2016-07-15 =
12:29:51,628::CredServer::207::root::The<br class=3D"">following users =
are allowed to connect: [0]<br class=3D"">Dummy-1::INFO::2016-07-15 =
12:29:51,629::CredServer::273::root::Opening<br class=3D"">credentials =
channel...<br class=3D"">Dummy-1::INFO::2016-07-15 =
12:29:51,629::CredServer::132::root::Emitting<br class=3D"">user =
authenticated signal (509542).<br =
class=3D"">CredChannel::INFO::2016-07-15<br =
class=3D"">12:29:56,634::CredServer::241::root::Credentials channel =
timed out.<br class=3D""><br class=3D"">The only thing
that worries me, =
- are the entries in kdm.log file:<br class=3D""><br =
class=3D"">klauncher(6100) kdemain: No DBUS session-bus found. Check if =
you have<br class=3D"">started the DBUS server. <br =
class=3D""></div></div></blockquote><div><br
class=3D""></div><div>To me =
it looks like that you=E2=80=99re missing </div><div><a =
href=3D"https://github.com/oVirt/ovirt-guest-agent/blob/master/ovirt...
-agent/org.ovirt.vdsm.Credentials.conf" =
class=3D"">https://github.com/oVirt/ovirt-guest-agent/blob/m...
est-agent/org.ovirt.vdsm.Credentials.conf</a></div><div><br =
class=3D""></div><div><br
class=3D""></div><br class=3D""><blockquote =
type=3D"cite" class=3D""><div class=3D""><div
class=3D""><br =
class=3D"">Since oVirt guest agent sends wakeup message to greeter =
plugin via<br class=3D"">Dbus, perhaps this is the problem? Maybe =
someone had the same problem<br class=3D"">here?<br
class=3D"">This =
happens on Debian 8 and 9.<br
class=3D""></div></div></blockquote><div><br=
class=3D""></div><div><br
class=3D""></div><div>However the KDM support =
is basically not really developed anymore as the majority of our users =
are rather using GDM. So there=E2=80=99s quite the possibility that =
there=E2=80=99s a problem.</div><br class=3D""><blockquote
type=3D"cite" =
class=3D""><div class=3D""><div
class=3D""><br class=3D"">Thank you.<br =
class=3D""><br class=3D""><br =
class=3D"">_______________________________________________<br =
class=3D"">Users mailing list<br class=3D""><a =
href=3D"mailto:Users@ovirt.org"
class=3D"">Users(a)ovirt.org</a><br =
class=3D"">http://lists.ovirt.org/mailman/listinfo/users<br =
class=3D""></div></div></blockquote></div><br
class=3D""></body></html>=
--Apple-Mail=_9ED81BE2-C4F2-4498-AF75-E043C140051C--