Re: [ovirt-users] FreeIPA with ovirt 4.1

9 Feb 2017

      ...
</div><br><div data-marker=3D"__QUOTED_TEXT__"><div style=3D"font-family: =
lucida console,sans-serif; font-size: 12pt; color: #000000"><div>Hello Ondr=
a,</div><div>Log is empty </div><br><div><div>[root@vhe00 ~]# ls -la &=
nbsp;/var/log/httpd/ssl_error_log</div><div>-rw-r--r--. 1 root root 0 Feb &=
nbsp;2 04:45 /var/log/httpd/ssl_error_log</div></div><br><div>Slava.</div><=
br><hr id=3D"zwchr"><div><b>From: </b>"Ondra Machacek" <omachace@redhat.=
com><br><b>To: </b>"Slava Bendersky" <volga629@networklab.ca><br><=
b>Cc: </b>"users" <users@ovirt.org>, "Ravi" <rnori@redhat.com><=
br><b>Sent: </b>Saturday, February 4, 2017 10:35:31 AM<br><b>Subject: </b>R=
e: [ovirt-users] FreeIPA with ovirt 4.1<br></div><br><div><div dir=3D"auto"=
<div><br><div class=3D"gmail_extra"><br><div class=3D"gmail_quote">On Feb =
4, 2017 1:21 AM, "Slava Bendersky" <<a href=3D"mailto:volga629@networkla=
b.ca" target=3D"_blank">volga629@networklab.ca</a>> wrote:<br><blockquot=
e class=3D"quote" style=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;pad=
ding-left:1ex"><div><div style=3D"font-family:lucida console,sans-serif;fon=
t-size:12pt;color:#000000"><div>Hello Everyone,</div><div>Having trouble im=
--=_3b67a522-cc8c-45aa-bd36-264bacfe713b
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit

Hello Everyone, 
Anything else possible to check ? 

Slava. 

From: "Slava Bendersky" <volga629@networklab.ca> 
To: "Ondra Machacek" <omachace@redhat.com> 
Cc: "users" <users@ovirt.org> 
Sent: Saturday, February 4, 2017 2:27:31 PM 
Subject: Re: [ovirt-users] FreeIPA with ovirt 4.1 

Hello Ondra, 
Log is empty 

[root@vhe00 ~]# ls -la /var/log/httpd/ssl_error_log 
-rw-r--r--. 1 root root 0 Feb 2 04:45 /var/log/httpd/ssl_error_log 

Slava. 

From: "Ondra Machacek" <omachace@redhat.com> 
To: "Slava Bendersky" <volga629@networklab.ca> 
Cc: "users" <users@ovirt.org>, "Ravi" <rnori@redhat.com> 
Sent: Saturday, February 4, 2017 10:35:31 AM 
Subject: Re: [ovirt-users] FreeIPA with ovirt 4.1 

On Feb 4, 2017 1:21 AM, "Slava Bendersky" < [ mailto:volga629@networklab.ca | volga629@networklab.ca ] > wrote: 

Hello Everyone, 
Having trouble implement FreeIPA authentication with GSSAPI SSO and ovirt 4.1. I ran setup and it finished OK then it wrote the files bellow. Next I log to web admin with internal user and added FeeIPA user as SuperUser role. Also I added under System FreeIPA group authorized to login on any attempt to login with FreeIPA credentials getting message 

2017-02-04 00:03:08,464Z ERROR [org.ovirt.engine.core.sso.servlets.InteractiveAuthServlet] (default task-6) [] Internal Server Error: Unsupported command 
2017-02-04 00:03:08,464Z ERROR [org.ovirt.engine.core.sso.utils.SsoUtils] (default task-6) [] Unsupported command 
2017-02-04 00:03:08,659Z ERROR [org.ovirt.engine.core.aaa.servlet.SsoPostLoginServlet] (default task-3) [] server_error: Unsupported command 

Ravi, do you know what this can cause? 

BQ_BEGIN

Also when in extensions.d directory contain the following files. If I remove mydomain.lan-authn.properties then in web ui FreeIPA domain not showing up in drop down list. Any http don't have influence on this. 

BQ_END

That is correct behavior, we dont show profiles, which uses http for authn. 

BQ_BEGIN

[root@vhe00 extensions.d]# pwd 
/etc/ovirt-engine/extensions.d 

[root@vhe00 extensions.d]# ls 
mydomain.lan-authn.properties mydomain.lan -http-authn.properties mydomain.lan .properties internal-authz.properties 
mydomain.lan -authz.properties mydomain.lan -http-mapping.properties internal-authn.properties 
[root@vhe00 extensions.d]# 

If possible clarify how it should be and what is possible issue. 

BQ_END

Can you please take a look to /var/log/httpd/ssl_error_log if any errors there? 

BQ_BEGIN

Slava. 

_______________________________________________ 
Users mailing list 
[ mailto:Users@ovirt.org | Users@ovirt.org ] 
[ http://lists.ovirt.org/mailman/listinfo/users | http://lists.ovirt.org/mailman/listinfo/users ] 

BQ_END

_______________________________________________ 
Users mailing list 
Users@ovirt.org 
http://lists.ovirt.org/mailman/listinfo/users 

--=_3b67a522-cc8c-45aa-bd36-264bacfe713b
Content-Type: text/html; charset=utf-8
Content-Transfer-Encoding: quoted-printable

<html><body><div style=3D"font-family: lucida console,sans-serif; font-size=
: 12pt; color: #000000"><div>Hello Everyone,</div><div>Anything else possib=
le to check ?</div><div><br data-mce-bogus=3D"1"></div><div>Slava.</div><di=
v><br></div><hr id=3D"zwchr" data-marker=3D"__DIVIDER__"><div data-marker=
=3D"__HEADERS__"><b>From: </b>"Slava Bendersky" <volga629@networklab.ca&=
gt;<br><b>To: </b>"Ondra Machacek" <omachace@redhat.com><br><b>Cc: </=
b>"users" <users@ovirt.org><br><b>Sent: </b>Saturday, February 4, 201=
7 2:27:31 PM<br><b>Subject: </b>Re: [ovirt-users] FreeIPA with ovirt 4.1<br=
plement  FreeIPA authentication with GSSAPI SSO  and ovirt 4.1. I=
 ran setup and it finished OK then it wrote the files bellow. Next I log to=
 web admin with internal user and added FeeIPA user as SuperUser role. Also=
 I added under System FreeIPA group authorized to login on any attempt to l=
ogin with FreeIPA credentials getting message</div><br><br><div><div>2017-0=
2-04 00:03:08,464Z ERROR [org.ovirt.engine.core.sso.servlets.InteractiveAut=
hServlet] (default task-6) [] Internal Server Error: Unsupported command</d=
iv><div>2017-02-04 00:03:08,464Z ERROR [org.ovirt.engine.core.sso.utils.Sso=
Utils] (default task-6) [] Unsupported command</div><div>2017-02-04 00:03:0=
8,659Z ERROR [org.ovirt.engine.core.aaa.servlet.SsoPostLoginServlet] (defau=
lt task-3) [] server_error: Unsupported command</div></div></div></div></bl=
ockquote></div></div></div><div dir=3D"auto"><br></div><div dir=3D"auto">Ra=
vi, do you know what this can cause?</div><div dir=3D"auto"><br></div><div =
dir=3D"auto"><div class=3D"gmail_extra"><div class=3D"gmail_quote"><blockqu=
ote class=3D"quote" style=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;p=
adding-left:1ex"><div><div style=3D"font-family:lucida console,sans-serif;f=
ont-size:12pt;color:#000000"><br><br><div>Also when in extensions.d directo=
ry contain the following files. If I remove <span style=3D"color:#0000=
00;font-family:'lucida console',sans-serif;font-size:16px;font-style:normal=
;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:normal;=
letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;=
white-space:normal;word-spacing:0px;background-color:#ffffff;display:inline=
!important;float:none">mydomain.lan-authn.properties then in web ui FreeIPA=
 domain not showing up in drop down list. Any http don't have influence on =
this.</span></div></div></div></blockquote></div></div></div><div dir=3D"au=
to"><br></div><div dir=3D"auto">That is correct behavior, we dont show prof=
iles, which uses http for authn.</div><div dir=3D"auto"><br></div><div dir=
=3D"auto"><div class=3D"gmail_extra"><div class=3D"gmail_quote"><blockquote=
 class=3D"quote" style=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;padd=
ing-left:1ex"><div><div style=3D"font-family:lucida console,sans-serif;font=
-size:12pt;color:#000000"><div><span style=3D"color:#000000;font-family:'lu=
cida console',sans-serif;font-size:16px;font-style:normal;font-variant-liga=
tures:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:nor=
mal;text-align:start;text-indent:0px;text-transform:none;white-space:normal=
;word-spacing:0px;background-color:#ffffff;display:inline!important;float:n=
one"><br></span></div><div><div>[root@vhe00 extensions.d]# pwd</div><div>/e=
tc/ovirt-engine/extensions.d</div><br><div>[root@vhe00 extensions.d]# ls</d=
iv><div>mydomain.lan-authn.properties <span style=3D"color:#000000;fon=
t-family:'lucida console',sans-serif;font-size:16px;font-style:normal;font-=
variant-ligatures:normal;font-variant-caps:normal;font-weight:normal;letter=
-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-=
space:normal;word-spacing:0px;background-color:#ffffff;display:inline!impor=
tant;float:none">mydomain.lan</span>-http-authn.properties  <span styl=
e=3D"color:#000000;font-family:'lucida console',sans-serif;font-size:16px;f=
ont-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;fon=
t-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text=
-transform:none;white-space:normal;word-spacing:0px;background-color:#fffff=
f;display:inline!important;float:none">mydomain.lan</span>.properties  =
;    internal-authz.properties</div><div><span style=3D"color:#00=
0000;font-family:'lucida console',sans-serif;font-size:16px;font-style:norm=
al;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:norma=
l;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:non=
e;white-space:normal;word-spacing:0px;background-color:#ffffff;display:inli=
ne!important;float:none">mydomain.lan</span>-authz.properties <span st=
yle=3D"color:#000000;font-family:'lucida console',sans-serif;font-size:16px=
;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;f=
ont-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;te=
xt-transform:none;white-space:normal;word-spacing:0px;background-color:#fff=
fff;display:inline!important;float:none">mydomain.lan</span>-http-mapping.p=
roperties  internal-authn.properties</div><div>[root@vhe00 extensions.=
d]# </div></div><br><br><div>If possible clarify how it should be and =
what is possible issue.</div></div></div></blockquote></div></div></div><di=
v dir=3D"auto"><br></div><div dir=3D"auto">Can you please take a look to /v=
ar/log/httpd/ssl_error_log if any errors there?</div><div dir=3D"auto"><br>=
</div><div dir=3D"auto"><div class=3D"gmail_extra"><div class=3D"gmail_quot=
e"><blockquote class=3D"quote" style=3D"margin:0 0 0 .8ex;border-left:1px #=
ccc solid;padding-left:1ex"><div><div style=3D"font-family:lucida console,s=
ans-serif;font-size:12pt;color:#000000"><span style=3D"color: #888888;"><br=
...
<br><br><div>Slava. </div></span></div></div><br>____________________=
___________________________<br>
Users mailing list<br>
<a href=3D"mailto:Users@ovirt.org" target=3D"_blank">Users@ovirt.org</a><br=
<a href=3D"http://lists.ovirt.org/mailman/listinfo/users" rel=3D"noreferrer=
" target=3D"_blank">http://lists.ovirt.org/mailman/listinfo/users</a><br>
<br></blockquote></div></div></div></div><br></div></div><br>______________=
_________________________________<br>Users mailing list<br>Users@ovirt.org<=
br>http://lists.ovirt.org/mailman/listinfo/users<br></div></div></body></ht=
ml>
--=_3b67a522-cc8c-45aa-bd36-264bacfe713b--