On 3/2/13 11:57 PM, Itamar Heim wrote:
On 03/03/2013 06:41, Keith Mitchell wrote:
On 3/2/13 2:51 PM, Itamar Heim wrote:
On 01/03/2013 18:54, Keith Mitchell wrote:
I'm trying to get rhevm 3.1 (which seems to be pretty much ovirt 3.1 from what I can tell) authenticating against our active directory infrastructure bu am having some difficulty that I don't quite understand and was hoping someone may know what is happening.
The server where rhevm/ovirt is running is a RHEL6 based server that has NIS configured (with user home directories mounted via nfs/automounter). The userids in nis match the userids in our ActiveDirectory server (in fact the passwords should match too since there is a sync between the two).
I added the Activedirectory server into ovirt (through rhevm-manage-domains) and it is added/validated successfully. As the local admin user I can go in and search agains the active directory, add permissions, etc.
But... If I try to log into the webadmin/user portals with one of the active directory accounts it seems to hang... and I noticed that it seems to be trying to mount the home directory of a bunch of users via the automounter (perhaps its trying to mount everyones home directory... can't tell). This takes a super long time since the home directories are all across the world and nfs access to some of these filesystems is really slow... i'm not sure it will ever complete... certainly not before the user gives up.
Anyone know what would cause this? I wouldn't think this should happen. I was thinking it should just authenticate the password and then look at the permissions granted inside overt/rhevm.
there is no need for the engine (rhev) machine to be part of the AD domain for AD authentication to work, and i don't see why this should happen. yair/juan - thoughts?
Turns out the home directory mounting thing had nothing to do with my login issues or ovirt... The home directory issue was due to an issue with mod_dnssd (part of apache) in RHEL6.
But even after fixing that, I still have login issues. Whenever I try to authenticate against active directory the webadmin/user gui seems to hang. I've looked at the network trace and it looks like the active directory authentication succeeded without issue, but the login screen just hangs.
I can log in with the local admin user fine and I don't see anything in the engine.log files. Perhaps there may be some debug I can turn on to help identify what it is doing?
does the rest api works for an AD user? (user@domain is the user name format. url is http://xxx/api) That seems to hang too.