Re: [ovirt-users] Debian - based OS and SSO

This is a multi-part message in MIME format. ------=_NextPart_000_003F_01D1E8F3.142326C0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Thank you for your reply. Strange, but i do not see any errors in gdm debug log, just this: http://paste.ubuntu.com/21275558/ I will try installing debian unstable and several ubuntu versions = tomorrow. From: Vinzenz Feenstra=20 Sent: Thursday, July 28, 2016 4:18 PM To: tadas(a)ring.lt=20 Cc: users=20 Subject: Re: [ovirt-users] Debian - based OS and SSO On Jul 28, 2016, at 3:11 PM, Vinzenz Feenstra <vfeenstr(a)redhat.com&gt; = wrote: On Jul 28, 2016, at 11:53 AM, Tadas <tadas(a)ring.lt&gt; wrote: Hello, still having issues with ovirt SSO and Debian OS. Other OSes (Windows/Fedora 24) works just fine. Some information: OS: Debian 8.5 (jessie) I've followed manual on = https://www.ovirt.org/documentation/how-to/gues t-agent/install-the-guest-agent-in-debian/ and installed = ovirt-agent. I can get info via spice socket on hypervisor side, this means that agent works fine. I've compiled pam-ovirt-cred and copied it into /lib/x86_64-linux- gnu/security/ It should be in /lib/security afaik I've configured /etc/pamd/gdm-ovirtcred (just copied from working Fedora 24) replace in that file all occurences of password-auth with passwd But still login fails. I can see this in ovirt-agent log file: It some how fails for me in some cases with this now: Correction its here: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=3D794064 https://bugs.freedesktop.org/show_bug.cgi?id=3D71525 There=E2=80=99s not much I can do about that though Dummy-2::INFO::2016-07-28 12:49:51,046::OVirtAgentLogic::270::root::Received an external = command: login... Dummy-2::DEBUG::2016-07-28 12:49:51,047::OVirtAgentLogic::304::root::User log-in (credentials = =3D '\x00\x00\x00\x04test********\x00') Dummy-2::INFO::2016-07-28 12:49:51,047::CredServer::207::root::The following users are allowed to connect: [0] Dummy-2::DEBUG::2016-07-28 = 12:49:51,047::CredServer::272::root::Token: 760258 Dummy-2::INFO::2016-07-28 = 12:49:51,047::CredServer::273::root::Opening credentials channel... Dummy-2::INFO::2016-07-28 = 12:49:51,047::CredServer::132::root::Emitting user authenticated signal (760258). Dummy-2::INFO::2016-07-28 12:49:51,178::CredServer::277::root::Credentials channel was closed. This looks okay. The error is on pam side (auth.log): Jul 28 12:49:39 desktop64 gdm-ovirtcred]: pam_succeed_if(gdm- ovirtcred:auth): error retrieving user name: Conversation error Jul 28 12:49:39 desktop64 gdm-ovirtcred]: pam_ovirt_cred(gdm- ovirtcred:auth): Failed to acquire user's credentials Have no idea, where it fails. Would appreciate, if you could help me here a bit. Thank you. _______________________________________________ Users mailing list Users(a)ovirt.org http://lists.ovirt.org/mailman/listinfo/users ------=_NextPart_000_003F_01D1E8F3.142326C0 Content-Type: text/html; charset="utf-8" Content-Transfer-Encoding: quoted-printable <HTML><HEAD> <META content=3D"text/html charset=3Dutf-8" = http-equiv=3DContent-Type></HEAD> <BODY=20 style=3D"WORD-WRAP: break-word; -webkit-nbsp-mode: space; = -webkit-line-break: after-white-space"=20 dir=3Dltr> <DIV dir=3Dltr> <DIV style=3D"FONT-SIZE: 12pt; FONT-FAMILY: 'Calibri'; COLOR: #000000"> <DIV>Thank you for your reply.</DIV> <DIV>Strange, but i do not see any errors in gdm debug log, just = this:</DIV> <DIV><A title=3Dhttp://paste.ubuntu.com/21275558/=20 href=3D"http://paste.ubuntu.com/21275558/">http://paste.ubun... 58/</A></DIV> <DIV>&nbsp;</DIV> <DIV>I will try installing debian unstable and several ubuntu versions=20 tomorrow.</DIV> <DIV=20 style=3D'FONT-SIZE: small; TEXT-DECORATION: none; FONT-FAMILY: = "Calibri"; FONT-WEIGHT: normal; COLOR: #000000; FONT-STYLE: normal; = DISPLAY: inline'> <DIV style=3D"FONT: 10pt tahoma"> <DIV><FONT size=3D3 face=3DCalibri></FONT>&nbsp;</DIV> <DIV style=3D"BACKGROUND: #f5f5f5"> <DIV style=3D"font-color: black"><B>From:</B> <A = title=3Dvfeenstr(a)redhat.com=20 href=3D"mailto:vfeenstr@redhat.com">Vinzenz Feenstra</A> </DIV> <DIV><B>Sent:</B> Thursday, July 28, 2016 4:18 PM</DIV> <DIV><B>To:</B> <A title=3Dtadas(a)ring.lt=20 href=3D"mailto:tadas@ring.lt">tadas@ring.lt</A> </DIV> <DIV><B>Cc:</B> <A title=3Dusers(a)ovirt.org = href=3D"mailto:users@ovirt.org">users</A>=20 </DIV> <DIV><B>Subject:</B> Re: [ovirt-users] Debian - based OS and=20 SSO</DIV></DIV></DIV> <DIV>&nbsp;</DIV></DIV> <DIV=20 style=3D'FONT-SIZE: small; TEXT-DECORATION: none; FONT-FAMILY: = "Calibri"; FONT-WEIGHT: normal; COLOR: #000000; FONT-STYLE: normal; = DISPLAY: inline'> <DIV>&nbsp;</DIV> <DIV> <BLOCKQUOTE type=3D"cite"> <DIV>On Jul 28, 2016, at 3:11 PM, Vinzenz Feenstra &lt;<A=20 href=3D"mailto:vfeenstr@redhat.com">vfeenstr@redhat.com</A>&gt; = wrote:</DIV> <DIV>&nbsp;</DIV> <DIV> <DIV=20 style=3D"WORD-WRAP: break-word; -webkit-nbsp-mode: space; = -webkit-line-break: after-white-space"> <DIV>&nbsp;</DIV> <DIV> <BLOCKQUOTE type=3D"cite"> <DIV>On Jul 28, 2016, at 11:53 AM, Tadas &lt;<A=20 href=3D"mailto:tadas@ring.lt">tadas@ring.lt</A>&gt; wrote:</DIV> <DIV>&nbsp;</DIV> <DIV> <DIV>Hello,<BR>still having issues with ovirt SSO and Debian = OS.<BR>Other=20 OSes (Windows/Fedora 24) works just fine.<BR>Some = information:<BR>OS: Debian=20 8.5 (jessie)<BR>I've followed manual on <A=20 = href=3D"https://www.ovirt.org/documentation/how-to/gues">htt... t.org/documentation/how-to/gues</A><BR>t-agent/install-the-guest-agent-in= -debian/=20 and installed ovirt-agent.<BR>I can get info via spice socket on = hypervisor=20 side, this means that<BR>agent works fine.<BR>I've compiled = pam-ovirt-cred=20 and copied it into=20 /lib/x86_64-linux-<BR>gnu/security/<BR></DIV></DIV></BLOCKQUOTE> <DIV>&nbsp;</DIV> <DIV>It should be in /lib/security afaik</DIV><BR> <BLOCKQUOTE type=3D"cite"> <DIV> <DIV>I've configured /etc/pamd/gdm-ovirtcred (just copied from=20 working<BR>Fedora 24)<BR></DIV></DIV></BLOCKQUOTE> <DIV>&nbsp;</DIV> <DIV>replace in that file all occurences of password-auth with = passwd</DIV> <DIV>&nbsp;</DIV><BR> <BLOCKQUOTE type=3D"cite"> <DIV> <DIV><BR>But still login fails. I can see this in ovirt-agent log=20 file:<BR></DIV></DIV></BLOCKQUOTE> <DIV>&nbsp;</DIV> <DIV>It some how fails for me in some cases with this now:</DIV> <DIV>&nbsp;</DIV></DIV></DIV></DIV></BLOCKQUOTE> <DIV>&nbsp;</DIV> <DIV>Correction its here:</DIV> <DIV><A=20 href=3D"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=3D794064&q... ://bugs.debian.org/cgi-bin/bugreport.cgi?bug=3D794064</A></DIV><BR> <BLOCKQUOTE type=3D"cite"> <DIV> <DIV=20 style=3D"WORD-WRAP: break-word; -webkit-nbsp-mode: space; = -webkit-line-break: after-white-space"> <DIV> <DIV><A=20 = href=3D"https://bugs.freedesktop.org/show_bug.cgi?id=3D71525"&g... s.freedesktop.org/show_bug.cgi?id=3D71525</A></DIV> <DIV>&nbsp;</DIV> <DIV>There=E2=80=99s not much I can do about that though</DIV> <DIV>&nbsp;</DIV> <DIV>&nbsp;</DIV><BR> <BLOCKQUOTE type=3D"cite"> <DIV> = <DIV><BR>Dummy-2::INFO::2016-07-28<BR>12:49:51,046::OVirtAgentLogic::270:= :root::Received=20 an external=20 = command:<BR>login...<BR>Dummy-2::DEBUG::2016-07-28<BR>12:49:51,047::OVirt= AgentLogic::304::root::User=20 log-in (credentials=20 = =3D<BR>'\x00\x00\x00\x04test********\x00')<BR>Dummy-2::INFO::2016-07-28=20 12:49:51,047::CredServer::207::root::The<BR>following users are = allowed to=20 connect: [0]<BR>Dummy-2::DEBUG::2016-07-28=20 = 12:49:51,047::CredServer::272::root::Token:<BR>760258<BR>Dummy-2::INFO::2= 016-07-28=20 12:49:51,047::CredServer::273::root::Opening<BR>credentials=20 channel...<BR>Dummy-2::INFO::2016-07-28=20 12:49:51,047::CredServer::132::root::Emitting<BR>user authenticated = signal=20 = (760258).<BR>Dummy-2::INFO::2016-07-28<BR>12:49:51,178::CredServer::277::= root::Credentials=20 channel was closed.<BR><BR></DIV></DIV></BLOCKQUOTE> <DIV>&nbsp;</DIV> <DIV>&nbsp;</DIV> <DIV>&nbsp;</DIV><BR> <BLOCKQUOTE type=3D"cite"> <DIV> <DIV>This looks okay. The error is on pam side = (auth.log):<BR><BR>Jul 28=20 12:49:39 desktop64 gdm-ovirtcred]: = pam_succeed_if(gdm-<BR>ovirtcred:auth):=20 error retrieving user name: Conversation error<BR>Jul 28 12:49:39 = desktop64=20 gdm-ovirtcred]: pam_ovirt_cred(gdm-<BR>ovirtcred:auth): Failed to = acquire=20 user's credentials<BR><BR>Have no idea, where it fails.<BR>Would = appreciate,=20 if you could help me here a bit.<BR>Thank=20 = you.<BR><BR><BR>_______________________________________________<BR>Users = mailing list<BR><A = href=3D"mailto:Users@ovirt.org">Users@ovirt.org</A><BR><A=20 = href=3D"http://lists.ovirt.org/mailman/listinfo/users">http:... .org/mailman/listinfo/users</A><BR></DIV></DIV></BLOCKQUOTE></DIV> <DIV>&nbsp;</DIV></DIV></DIV></BLOCKQUOTE></DIV> <DIV>&nbsp;</DIV></DIV></DIV></DIV></BODY></HTML> ------=_NextPart_000_003F_01D1E8F3.142326C0--