Re: [ovirt-users] Debian - based OS and SSO

28 Jul 2016

      This is a multi-part message in MIME format.

------=_NextPart_000_003F_01D1E8F3.142326C0
Content-Type: text/plain;
	charset="utf-8"
Content-Transfer-Encoding: quoted-printable

Thank you for your reply.
Strange, but i do not see any errors in gdm debug log, just this:
http://paste.ubuntu.com/21275558/

I will try installing debian unstable and several ubuntu versions =
tomorrow.

From: Vinzenz Feenstra=20
Sent: Thursday, July 28, 2016 4:18 PM
To: tadas@ring.lt=20
Cc: users=20
Subject: Re: [ovirt-users] Debian - based OS and SSO

  On Jul 28, 2016, at 3:11 PM, Vinzenz Feenstra <vfeenstr@redhat.com> =
wrote:

    On Jul 28, 2016, at 11:53 AM, Tadas <tadas@ring.lt> wrote:

    Hello,
    still having issues with ovirt SSO and Debian OS.
    Other OSes (Windows/Fedora 24) works just fine.
    Some information:
    OS: Debian 8.5 (jessie)
    I've followed manual on =
https://www.ovirt.org/documentation/how-to/gues
    t-agent/install-the-guest-agent-in-debian/ and installed =
ovirt-agent.
    I can get info via spice socket on hypervisor side, this means that
    agent works fine.
    I've compiled pam-ovirt-cred and copied it into /lib/x86_64-linux-
    gnu/security/

  It should be in /lib/security afaik

    I've configured /etc/pamd/gdm-ovirtcred (just copied from working
    Fedora 24)

  replace in that file all occurences of password-auth with passwd

    But still login fails. I can see this in ovirt-agent log file:

  It some how fails for me in some cases with this now:

Correction its here:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=3D794064

  https://bugs.freedesktop.org/show_bug.cgi?id=3D71525

  There=E2=80=99s not much I can do about that though

    Dummy-2::INFO::2016-07-28
    12:49:51,046::OVirtAgentLogic::270::root::Received an external =
command:
    login...
    Dummy-2::DEBUG::2016-07-28
    12:49:51,047::OVirtAgentLogic::304::root::User log-in (credentials =
=3D
    '\x00\x00\x00\x04test********\x00')
    Dummy-2::INFO::2016-07-28 12:49:51,047::CredServer::207::root::The
    following users are allowed to connect: [0]
    Dummy-2::DEBUG::2016-07-28 =
12:49:51,047::CredServer::272::root::Token:
    760258
    Dummy-2::INFO::2016-07-28 =
12:49:51,047::CredServer::273::root::Opening
    credentials channel...
    Dummy-2::INFO::2016-07-28 =
12:49:51,047::CredServer::132::root::Emitting
    user authenticated signal (760258).
    Dummy-2::INFO::2016-07-28
    12:49:51,178::CredServer::277::root::Credentials channel was closed.

    This looks okay. The error is on pam side (auth.log):

    Jul 28 12:49:39 desktop64 gdm-ovirtcred]: pam_succeed_if(gdm-
    ovirtcred:auth): error retrieving user name: Conversation error
    Jul 28 12:49:39 desktop64 gdm-ovirtcred]: pam_ovirt_cred(gdm-
    ovirtcred:auth): Failed to acquire user's credentials

    Have no idea, where it fails.
    Would appreciate, if you could help me here a bit.
    Thank you.

    _______________________________________________
    Users mailing list
    Users@ovirt.org
    http://lists.ovirt.org/mailman/listinfo/users

------=_NextPart_000_003F_01D1E8F3.142326C0
Content-Type: text/html;
	charset="utf-8"
Content-Transfer-Encoding: quoted-printable

<HTML><HEAD>
<META content=3D"text/html charset=3Dutf-8" =
http-equiv=3DContent-Type></HEAD>
<BODY=20
style=3D"WORD-WRAP: break-word; -webkit-nbsp-mode: space; =
-webkit-line-break: after-white-space"=20
dir=3Dltr>
<DIV dir=3Dltr>
<DIV style=3D"FONT-SIZE: 12pt; FONT-FAMILY: 'Calibri'; COLOR: #000000">
<DIV>Thank you for your reply.</DIV>
<DIV>Strange, but i do not see any errors in gdm debug log, just =
this:</DIV>
<DIV><A title=3Dhttp://paste.ubuntu.com/21275558/=20
href=3D"http://paste.ubuntu.com/21275558/">http://paste.ubuntu.com/212755=
58/</A></DIV>
<DIV> </DIV>
<DIV>I will try installing debian unstable and several ubuntu versions=20
tomorrow.</DIV>
<DIV=20
style=3D'FONT-SIZE: small; TEXT-DECORATION: none; FONT-FAMILY: =
"Calibri"; FONT-WEIGHT: normal; COLOR: #000000; FONT-STYLE: normal; =
DISPLAY: inline'>
<DIV style=3D"FONT: 10pt tahoma">
<DIV><FONT size=3D3 face=3DCalibri></FONT> </DIV>
<DIV style=3D"BACKGROUND: #f5f5f5">
<DIV style=3D"font-color: black"><B>From:</B> <A =
title=3Dvfeenstr@redhat.com=20
href=3D"mailto:vfeenstr@redhat.com">Vinzenz Feenstra</A> </DIV>
<DIV><B>Sent:</B> Thursday, July 28, 2016 4:18 PM</DIV>
<DIV><B>To:</B> <A title=3Dtadas@ring.lt=20
href=3D"mailto:tadas@ring.lt">tadas@ring.lt</A> </DIV>
<DIV><B>Cc:</B> <A title=3Dusers@ovirt.org =
href=3D"mailto:users@ovirt.org">users</A>=20
</DIV>
<DIV><B>Subject:</B> Re: [ovirt-users] Debian - based OS and=20
SSO</DIV></DIV></DIV>
<DIV> </DIV></DIV>
<DIV=20
style=3D'FONT-SIZE: small; TEXT-DECORATION: none; FONT-FAMILY: =
"Calibri"; FONT-WEIGHT: normal; COLOR: #000000; FONT-STYLE: normal; =
DISPLAY: inline'>
<DIV> </DIV>
<DIV>
<BLOCKQUOTE type=3D"cite">
  <DIV>On Jul 28, 2016, at 3:11 PM, Vinzenz Feenstra <<A=20
  href=3D"mailto:vfeenstr@redhat.com">vfeenstr@redhat.com</A>> =
wrote:</DIV>
  <DIV> </DIV>
  <DIV>
  <DIV=20
  style=3D"WORD-WRAP: break-word; -webkit-nbsp-mode: space; =
-webkit-line-break: after-white-space">
  <DIV> </DIV>
  <DIV>
  <BLOCKQUOTE type=3D"cite">
    <DIV>On Jul 28, 2016, at 11:53 AM, Tadas <<A=20
    href=3D"mailto:tadas@ring.lt">tadas@ring.lt</A>> wrote:</DIV>
    <DIV> </DIV>
    <DIV>
    <DIV>Hello,<BR>still having issues with ovirt SSO and Debian =
OS.<BR>Other=20
    OSes (Windows/Fedora 24) works just fine.<BR>Some =
information:<BR>OS: Debian=20
    8.5 (jessie)<BR>I've followed manual on <A=20
    =
href=3D"https://www.ovirt.org/documentation/how-to/gues">https://www.ovir=
t.org/documentation/how-to/gues</A><BR>t-agent/install-the-guest-agent-in=
-debian/=20
    and installed ovirt-agent.<BR>I can get info via spice socket on =
hypervisor=20
    side, this means that<BR>agent works fine.<BR>I've compiled =
pam-ovirt-cred=20
    and copied it into=20
  /lib/x86_64-linux-<BR>gnu/security/<BR></DIV></DIV></BLOCKQUOTE>
  <DIV> </DIV>
  <DIV>It should be in /lib/security afaik</DIV><BR>
  <BLOCKQUOTE type=3D"cite">
    <DIV>
    <DIV>I've configured /etc/pamd/gdm-ovirtcred (just copied from=20
    working<BR>Fedora 24)<BR></DIV></DIV></BLOCKQUOTE>
  <DIV> </DIV>
  <DIV>replace in that file all occurences of password-auth with =
passwd</DIV>
  <DIV> </DIV><BR>
  <BLOCKQUOTE type=3D"cite">
    <DIV>
    <DIV><BR>But still login fails. I can see this in ovirt-agent log=20
    file:<BR></DIV></DIV></BLOCKQUOTE>
  <DIV> </DIV>
  <DIV>It some how fails for me in some cases with this now:</DIV>
  <DIV> </DIV></DIV></DIV></DIV></BLOCKQUOTE>
<DIV> </DIV>
<DIV>Correction its here:</DIV>
<DIV><A=20
href=3D"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=3D794064">https=
://bugs.debian.org/cgi-bin/bugreport.cgi?bug=3D794064</A></DIV><BR>
<BLOCKQUOTE type=3D"cite">
  <DIV>
  <DIV=20
  style=3D"WORD-WRAP: break-word; -webkit-nbsp-mode: space; =
-webkit-line-break: after-white-space">
  <DIV>
  <DIV><A=20
  =
href=3D"https://bugs.freedesktop.org/show_bug.cgi?id=3D71525">https://bug=
s.freedesktop.org/show_bug.cgi?id=3D71525</A></DIV>
  <DIV> </DIV>
  <DIV>There=E2=80=99s not much I can do about that though</DIV>
  <DIV> </DIV>
  <DIV> </DIV><BR>
  <BLOCKQUOTE type=3D"cite">
    <DIV>
    =
<DIV><BR>Dummy-2::INFO::2016-07-28<BR>12:49:51,046::OVirtAgentLogic::270:=
:root::Received=20
    an external=20
    =
command:<BR>login...<BR>Dummy-2::DEBUG::2016-07-28<BR>12:49:51,047::OVirt=
AgentLogic::304::root::User=20
    log-in (credentials=20
    =
=3D<BR>'\x00\x00\x00\x04test********\x00')<BR>Dummy-2::INFO::2016-07-28=20
    12:49:51,047::CredServer::207::root::The<BR>following users are =
allowed to=20
    connect: [0]<BR>Dummy-2::DEBUG::2016-07-28=20
    =
12:49:51,047::CredServer::272::root::Token:<BR>760258<BR>Dummy-2::INFO::2=
016-07-28=20
    12:49:51,047::CredServer::273::root::Opening<BR>credentials=20
    channel...<BR>Dummy-2::INFO::2016-07-28=20
    12:49:51,047::CredServer::132::root::Emitting<BR>user authenticated =
signal=20
    =
(760258).<BR>Dummy-2::INFO::2016-07-28<BR>12:49:51,178::CredServer::277::=
root::Credentials=20
    channel was closed.<BR><BR></DIV></DIV></BLOCKQUOTE>
  <DIV> </DIV>
  <DIV> </DIV>
  <DIV> </DIV><BR>
  <BLOCKQUOTE type=3D"cite">
    <DIV>
    <DIV>This looks okay. The error is on pam side =
(auth.log):<BR><BR>Jul 28=20
    12:49:39 desktop64 gdm-ovirtcred]: =
pam_succeed_if(gdm-<BR>ovirtcred:auth):=20
    error retrieving user name: Conversation error<BR>Jul 28 12:49:39 =
desktop64=20
    gdm-ovirtcred]: pam_ovirt_cred(gdm-<BR>ovirtcred:auth): Failed to =
acquire=20
    user's credentials<BR><BR>Have no idea, where it fails.<BR>Would =
appreciate,=20
    if you could help me here a bit.<BR>Thank=20
    =
you.<BR><BR><BR>_______________________________________________<BR>Users =

    mailing list<BR><A =
href=3D"mailto:Users@ovirt.org">Users@ovirt.org</A><BR><A=20
    =
href=3D"http://lists.ovirt.org/mailman/listinfo/users">http://lists.ovirt=
.org/mailman/listinfo/users</A><BR></DIV></DIV></BLOCKQUOTE></DIV>
  <DIV> </DIV></DIV></DIV></BLOCKQUOTE></DIV>
<DIV> </DIV></DIV></DIV></DIV></BODY></HTML>

------=_NextPart_000_003F_01D1E8F3.142326C0--