On Jul 28, 2016, at 4:11 PM, Tadas <tadas@ring.lt> wrote: =20 Thank you for your reply. Strange, but i do not see any errors in gdm debug log, just this: http://paste.ubuntu.com/21275558/ <http://paste.ubuntu.com/21275558/> Well if it works for you, the better. It didn=E2=80=99t work for me =
--Apple-Mail=_1668A509-16B9-47BA-9581-15BE2CE95452 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 though
=20 I will try installing debian unstable and several ubuntu versions = tomorrow. =20 From: Vinzenz Feenstra <mailto:vfeenstr@redhat.com> Sent: Thursday, July 28, 2016 4:18 PM To: tadas@ring.lt <mailto:tadas@ring.lt> Cc: users <mailto:users@ovirt.org> Subject: Re: [ovirt-users] Debian - based OS and SSO =20 =20
On Jul 28, 2016, at 3:11 PM, Vinzenz Feenstra <vfeenstr@redhat.com = <mailto:vfeenstr@redhat.com>> wrote: =20 =20
On Jul 28, 2016, at 11:53 AM, Tadas <tadas@ring.lt = <mailto:tadas@ring.lt>> wrote: =20 Hello, still having issues with ovirt SSO and Debian OS. Other OSes (Windows/Fedora 24) works just fine. Some information: OS: Debian 8.5 (jessie) I've followed manual on = https://www.ovirt.org/documentation/how-to/gues = <https://www.ovirt.org/documentation/how-to/gues> t-agent/install-the-guest-agent-in-debian/ and installed = ovirt-agent. I can get info via spice socket on hypervisor side, this means that agent works fine. I've compiled pam-ovirt-cred and copied it into /lib/x86_64-linux- gnu/security/ =20 It should be in /lib/security afaik =20 I've configured /etc/pamd/gdm-ovirtcred (just copied from working Fedora 24) =20 replace in that file all occurences of password-auth with passwd =20 =20 =20 But still login fails. I can see this in ovirt-agent log file: =20 It some how fails for me in some cases with this now: =20 =20 Correction its here: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=3D794064 = <https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=3D794064> https://bugs.freedesktop.org/show_bug.cgi?id=3D71525 = <https://bugs.freedesktop.org/show_bug.cgi?id=3D71525> =20 There=E2=80=99s not much I can do about that though =20 =20 =20 =20 Dummy-2::INFO::2016-07-28 12:49:51,046::OVirtAgentLogic::270::root::Received an external = command: login... Dummy-2::DEBUG::2016-07-28 12:49:51,047::OVirtAgentLogic::304::root::User log-in (credentials =3D=
'\x00\x00\x00\x04test********\x00') Dummy-2::INFO::2016-07-28 12:49:51,047::CredServer::207::root::The following users are allowed to connect: [0] Dummy-2::DEBUG::2016-07-28 = 12:49:51,047::CredServer::272::root::Token: 760258 Dummy-2::INFO::2016-07-28 = 12:49:51,047::CredServer::273::root::Opening credentials channel... Dummy-2::INFO::2016-07-28 = 12:49:51,047::CredServer::132::root::Emitting user authenticated signal (760258). Dummy-2::INFO::2016-07-28 12:49:51,178::CredServer::277::root::Credentials channel was closed. =20 =20 =20 =20 =20 This looks okay. The error is on pam side (auth.log): =20 Jul 28 12:49:39 desktop64 gdm-ovirtcred]: pam_succeed_if(gdm- ovirtcred:auth): error retrieving user name: Conversation error Jul 28 12:49:39 desktop64 gdm-ovirtcred]: pam_ovirt_cred(gdm- ovirtcred:auth): Failed to acquire user's credentials =20 Have no idea, where it fails. Would appreciate, if you could help me here a bit. Thank you. =20 =20 _______________________________________________ Users mailing list Users@ovirt.org <mailto:Users@ovirt.org> http://lists.ovirt.org/mailman/listinfo/users = <http://lists.ovirt.org/mailman/listinfo/users> =20 =20 =20 =20
Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
--Apple-Mail=_1668A509-16B9-47BA-9581-15BE2CE95452 Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=utf-8 <html><head><meta http-equiv=3D"Content-Type" content=3D"text/html = charset=3Dutf-8"></head><body style=3D"word-wrap: break-word; = -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" = class=3D""><br class=3D""><div><blockquote type=3D"cite" class=3D""><div = class=3D"">On Jul 28, 2016, at 4:11 PM, Tadas <<a = href=3D"mailto:tadas@ring.lt" class=3D"">tadas@ring.lt</a>> = wrote:</div><br class=3D"Apple-interchange-newline"><div class=3D""> <meta content=3D"text/html charset=3Dutf-8" http-equiv=3D"Content-Type" = class=3D""> <div style=3D"WORD-WRAP: break-word; -webkit-nbsp-mode: space; = -webkit-line-break: after-white-space" dir=3D"ltr" class=3D""> <div dir=3D"ltr" class=3D""> <div style=3D"font-size: 12pt; font-family: Calibri;" class=3D""> <div class=3D"">Thank you for your reply.</div> <div class=3D"">Strange, but i do not see any errors in gdm debug log, = just this:</div> <div class=3D""><a href=3D"http://paste.ubuntu.com/21275558/" = class=3D"">http://paste.ubuntu.com/21275558/</a></div></div></div></div></= div></blockquote><div><br class=3D""></div><div>Well if it works for = you, the better. It didn=E2=80=99t work for me though</div><div><br = class=3D""></div><br class=3D""><blockquote type=3D"cite" class=3D""><div = class=3D""><div style=3D"WORD-WRAP: break-word; -webkit-nbsp-mode: = space; -webkit-line-break: after-white-space" dir=3D"ltr" class=3D""><div = dir=3D"ltr" class=3D""><div style=3D"font-size: 12pt; font-family: = Calibri;" class=3D""> <div class=3D""> </div> <div class=3D"">I will try installing debian unstable and several ubuntu = versions=20 tomorrow.</div> <div style=3D"font-size: small; text-decoration: none; font-family: = Calibri; font-weight: normal; font-style: normal; display: inline;" = class=3D""> <div style=3D"FONT: 10pt tahoma" class=3D""> <div class=3D""><font size=3D"3" face=3D"Calibri" = class=3D""></font> </div> <div style=3D"BACKGROUND: #f5f5f5" class=3D""> <div style=3D"font-color: black" class=3D""><b class=3D"">From:</b> <a = title=3D"vfeenstr@redhat.com" href=3D"mailto:vfeenstr@redhat.com" = class=3D"">Vinzenz Feenstra</a> </div> <div class=3D""><b class=3D"">Sent:</b> Thursday, July 28, 2016 4:18 = PM</div> <div class=3D""><b class=3D"">To:</b> <a title=3D"tadas@ring.lt" = href=3D"mailto:tadas@ring.lt" class=3D"">tadas@ring.lt</a> </div> <div class=3D""><b class=3D"">Cc:</b> <a title=3D"users@ovirt.org" = href=3D"mailto:users@ovirt.org" class=3D"">users</a>=20 </div> <div class=3D""><b class=3D"">Subject:</b> Re: [ovirt-users] Debian - = based OS and=20 SSO</div></div></div> <div class=3D""> </div></div> <div style=3D"font-size: small; text-decoration: none; font-family: = Calibri; font-weight: normal; font-style: normal; display: inline;" = class=3D""> <div class=3D""> </div> <div class=3D""> <blockquote type=3D"cite" class=3D""> <div class=3D"">On Jul 28, 2016, at 3:11 PM, Vinzenz Feenstra <<a = href=3D"mailto:vfeenstr@redhat.com" class=3D"">vfeenstr@redhat.com</a>>= wrote:</div> <div class=3D""> </div> <div class=3D""> <div style=3D"WORD-WRAP: break-word; -webkit-nbsp-mode: space; = -webkit-line-break: after-white-space" class=3D""> <div class=3D""> </div> <div class=3D""> <blockquote type=3D"cite" class=3D""> <div class=3D"">On Jul 28, 2016, at 11:53 AM, Tadas <<a = href=3D"mailto:tadas@ring.lt" class=3D"">tadas@ring.lt</a>> = wrote:</div> <div class=3D""> </div> <div class=3D""> <div class=3D"">Hello,<br class=3D"">still having issues with ovirt = SSO and Debian OS.<br class=3D"">Other=20 OSes (Windows/Fedora 24) works just fine.<br class=3D"">Some = information:<br class=3D"">OS: Debian=20 8.5 (jessie)<br class=3D"">I've followed manual on <a = href=3D"https://www.ovirt.org/documentation/how-to/gues" = class=3D"">https://www.ovirt.org/documentation/how-to/gues</a><br = class=3D"">t-agent/install-the-guest-agent-in-debian/=20 and installed ovirt-agent.<br class=3D"">I can get info via spice = socket on hypervisor=20 side, this means that<br class=3D"">agent works fine.<br = class=3D"">I've compiled pam-ovirt-cred=20 and copied it into=20 /lib/x86_64-linux-<br class=3D"">gnu/security/<br = class=3D""></div></div></blockquote> <div class=3D""> </div> <div class=3D"">It should be in /lib/security afaik</div><br class=3D"">= <blockquote type=3D"cite" class=3D""> <div class=3D""> <div class=3D"">I've configured /etc/pamd/gdm-ovirtcred (just copied = from=20 working<br class=3D"">Fedora 24)<br = class=3D""></div></div></blockquote> <div class=3D""> </div> <div class=3D"">replace in that file all occurences of password-auth = with passwd</div> <div class=3D""> </div><br class=3D""> <blockquote type=3D"cite" class=3D""> <div class=3D""> <div class=3D""><br class=3D"">But still login fails. I can see this = in ovirt-agent log=20 file:<br class=3D""></div></div></blockquote> <div class=3D""> </div> <div class=3D"">It some how fails for me in some cases with this = now:</div> <div class=3D""> </div></div></div></div></blockquote> <div class=3D""> </div> <div class=3D"">Correction its here:</div> <div class=3D""><a = href=3D"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=3D794064" = class=3D"">https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=3D794064</a><= /div><br class=3D""> <blockquote type=3D"cite" class=3D""> <div class=3D""> <div style=3D"WORD-WRAP: break-word; -webkit-nbsp-mode: space; = -webkit-line-break: after-white-space" class=3D""> <div class=3D""> <div class=3D""><a = href=3D"https://bugs.freedesktop.org/show_bug.cgi?id=3D71525" = class=3D"">https://bugs.freedesktop.org/show_bug.cgi?id=3D71525</a></div> <div class=3D""> </div> <div class=3D"">There=E2=80=99s not much I can do about that = though</div> <div class=3D""> </div> <div class=3D""> </div><br class=3D""> <blockquote type=3D"cite" class=3D""> <div class=3D""> <div class=3D""><br class=3D"">Dummy-2::INFO::2016-07-28<br = class=3D"">12:49:51,046::OVirtAgentLogic::270::root::Received=20 an external=20 command:<br class=3D"">login...<br = class=3D"">Dummy-2::DEBUG::2016-07-28<br = class=3D"">12:49:51,047::OVirtAgentLogic::304::root::User=20 log-in (credentials=20 =3D<br class=3D"">'\x00\x00\x00\x04test********\x00')<br = class=3D"">Dummy-2::INFO::2016-07-28=20 12:49:51,047::CredServer::207::root::The<br class=3D"">following = users are allowed to=20 connect: [0]<br class=3D"">Dummy-2::DEBUG::2016-07-28=20 12:49:51,047::CredServer::272::root::Token:<br class=3D"">760258<br = class=3D"">Dummy-2::INFO::2016-07-28=20 12:49:51,047::CredServer::273::root::Opening<br class=3D"">credentials= =20 channel...<br class=3D"">Dummy-2::INFO::2016-07-28=20 12:49:51,047::CredServer::132::root::Emitting<br class=3D"">user = authenticated signal=20 (760258).<br class=3D"">Dummy-2::INFO::2016-07-28<br = class=3D"">12:49:51,178::CredServer::277::root::Credentials=20 channel was closed.<br class=3D""><br = class=3D""></div></div></blockquote> <div class=3D""> </div> <div class=3D""> </div> <div class=3D""> </div><br class=3D""> <blockquote type=3D"cite" class=3D""> <div class=3D""> <div class=3D"">This looks okay. The error is on pam side = (auth.log):<br class=3D""><br class=3D"">Jul 28=20 12:49:39 desktop64 gdm-ovirtcred]: pam_succeed_if(gdm-<br = class=3D"">ovirtcred:auth):=20 error retrieving user name: Conversation error<br class=3D"">Jul 28 = 12:49:39 desktop64=20 gdm-ovirtcred]: pam_ovirt_cred(gdm-<br class=3D"">ovirtcred:auth): = Failed to acquire=20 user's credentials<br class=3D""><br class=3D"">Have no idea, where = it fails.<br class=3D"">Would appreciate,=20 if you could help me here a bit.<br class=3D"">Thank=20 you.<br class=3D""><br class=3D""><br = class=3D"">_______________________________________________<br = class=3D"">Users=20 mailing list<br class=3D""><a href=3D"mailto:Users@ovirt.org" = class=3D"">Users@ovirt.org</a><br class=3D""><a = href=3D"http://lists.ovirt.org/mailman/listinfo/users" = class=3D"">http://lists.ovirt.org/mailman/listinfo/users</a><br = class=3D""></div></div></blockquote></div> <div class=3D""> </div></div></div></blockquote></div> <div class=3D""> </div></div></div></div></div> _______________________________________________<br class=3D"">Users = mailing list<br class=3D""><a href=3D"mailto:Users@ovirt.org" = class=3D"">Users@ovirt.org</a><br = class=3D"">http://lists.ovirt.org/mailman/listinfo/users<br = class=3D""></div></blockquote></div><br class=3D""></body></html>= --Apple-Mail=_1668A509-16B9-47BA-9581-15BE2CE95452--