This is a multi-part message in MIME format. --------------FF431EB5B60D11CD4462F1DF Content-Type: text/plain; charset=iso-8859-15; format=flowed Content-Transfer-Encoding: 7bit Hi, I would like to submit a problem with active directory authentication. Let me make an introduction. Actually my infrastructure consists in 1 manager and 2 nodes (version 4.0.4). The active directory forest consists in many subdomains. In the active directory forest there are 2 type of accounts: -1- normal users, this account is similar to name.surname@domain.it -2- particular users, this account is similar to s123456@subdomain.domain.it Important note: the subdomain of the account type 2 is an alias domain for example: s123456@subdomain.domain.it is an alias of s123456@domain.it When I do login from user portal: - with normal users I login correctly and I can start the vm without problem - with particular users I login correctly but I can not start the vm although I have permissions. To solve this problem I must insert the account in the db of ovirt from administration portal in the users tab I noticed that, with a particular users (s123456@subdomain.domain.it), the ovirt infrastructure does not automatically insert this account in the own db. Also the subdomain.domain.it is not in the list of the subdomains of the forest, perhaps it is for this reason that does not work properly. I deduced that is an active directory problem (that in not resolvable for the complexity of the AD infrastructure), I ask you if exist a script for insert of many accounts at one time. Something like: script.sh < list-users.txt where the file lists-users.txt consists of a sequential list of accounts like this: s000001@subdomain.polito.it s000002@subdomain.polito.it s000003@subdomain.polito.it s000004@subdomain.polito.it Thank you very much for your help Nicola --------------FF431EB5B60D11CD4462F1DF Content-Type: text/html; charset=iso-8859-15 Content-Transfer-Encoding: 8bit <html> <head> <meta http-equiv="content-type" content="text/html; charset=iso-8859-15"> </head> <body bgcolor="#FFFFFF" text="#000000"> <p><font size="-1">Hi,<br> I would like to submit a problem with active directory authentication.<br> Let me make an introduction.<br> Actually my infrastructure consists in 1 manager and 2 nodes (version 4.0.4).<br> The active directory forest consists in many subdomains.<br> In the active directory forest there are 2 type of accounts:<br> -1- normal users, this account is similar to <a class="moz-txt-link-abbreviated" href="mailto:name.surname@domain.it">name.surname@domain.it</a><br> -2- particular users, this account is similar to <a class="moz-txt-link-abbreviated" href="mailto:s123456@subdomain.domain.it">s123456@subdomain.domain.it</a><br> <br> Important note: the subdomain of the account type 2 is an alias domain for example:<br> <br> <a class="moz-txt-link-abbreviated" href="mailto:s123456@subdomain.domain.it">s123456@subdomain.domain.it</a> is an alias of <a class="moz-txt-link-abbreviated" href="mailto:s123456@domain.it">s123456@domain.it</a><br> <br> When I do login from user portal:<br> <br> - with normal users I login correctly and I can start the vm without problem<br> - with particular users I login correctly but I can not start the vm although I have permissions. To solve this problem I must insert the account in the db of ovirt from administration portal in the users tab<br> <br> I noticed that, with a particular users (<a class="moz-txt-link-abbreviated" href="mailto:s123456@subdomain.domain.it">s123456@subdomain.domain.it</a>), the ovirt infrastructure does not automatically insert this account in the own db.<br> <br> Also the subdomain.domain.it is not in the list of the subdomains of the forest, perhaps it is for this reason that does not work properly.<br> <br> I deduced that is an active directory problem (that in not resolvable for the complexity of the AD infrastructure), I ask you if exist a script for insert of many accounts at one time. Something like:<br> <br> script.sh < list-users.txt<br> <br> where the file lists-users.txt consists of a sequential list of accounts like this:<br> <br> </font><font size="-1"> <a class="moz-txt-link-abbreviated" href="mailto:s000001@subdomain.polito.it">s000001@subdomain.polito.it</a></font><br> <font size="-1"> <a class="moz-txt-link-abbreviated" href="mailto:s000002@subdomain.polito.it">s000002@subdomain.polito.it</a></font><br> <font size="-1"> <a class="moz-txt-link-abbreviated" href="mailto:s000003@subdomain.polito.it">s000003@subdomain.polito.it</a></font><br> <font size="-1"> <a class="moz-txt-link-abbreviated" href="mailto:s000004@subdomain.polito.it">s000004@subdomain.polito.it</a></font><br> <font size="-1"><br> Thank you very much for your help <br> <br> Nicola</font><br> </p> </body> </html> --------------FF431EB5B60D11CD4462F1DF--