----- Original Message -----
From: "Juan Jose" <jj197005@gmail.com> To: "Yair Zaslavsky" <yzaslavs@redhat.com>, "Ondra Machacek" <omachace@redhat.com>, alonbl@redhat.com, users@ovirt.org Sent: Wednesday, November 26, 2014 1:01:37 PM Subject: Re: [ovirt-users] Adding domain to oVirt to 3.5 issue
Hello everybody,
I will try to configure ovirt-engine-extension-aaa-ldap package as Alon says.
+1 please do.
By other side, I have executed the command kinit and the response is:
kinit: Client not found in Kerberos database while getting initial credentials
I am sure you did tht, but just to be on the safe side - did u perform kinit principal@REALM?
My /etc/krb5.conf files is (adserver.siee.local is my AD server based in Samba 4), I have modified this file to exchange EXAMPLE.COM by siee.local and adserver.siee.local:
/etc/krb5.conf: [logging] default = FILE:/var/log/krb5libs.log kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind.log
[libdefaults] default_realm = SIEE.LOCAL dns_lookup_realm = false dns_lookup_kdc = false ticket_lifetime = 24h renew_lifetime = 7d forwardable = true
[realms] SIEE.LOCAL = { kdc = adserver.siee.local admin_server = adserver.siee.local }
[domain_realm] .siee.local = SIEE.LOCAL siee.local = SIEE.LOCAL
My /etc/ovirt-engine/krb5.conf:
[libdefaults]
default_realm = SIEE.LOCAL dns_lookup_realm = true dns_lookup_kdc = true ticket_lifetime = 24h renew_lifetime = 7d forwardable = no default_tkt_enctypes = arcfour-hmac-md5 udp_preference_limit = 1
#realms
#domain_realm
This last file is the same that I had before my upgrade to oVirt 3.5.
Many thanks again,
Juanjo.
On Wed, Nov 26, 2014 at 5:37 AM, Yair Zaslavsky <yzaslavs@redhat.com> wrote:
----- Original Message -----
From: "Juan Jose" <jj197005@gmail.com> To: "Ondra Machacek" <omachace@redhat.com>, "Yair Zaslavsky" < yzaslavs@redhat.com>, alonbl@redhat.com, users@ovirt.org Sent: Tuesday, November 25, 2014 6:09:18 PM Subject: Re: [ovirt-users] Adding domain to oVirt to 3.5 issue
Hello again,
Yes the password is correct, I can login in a Windows machine to my domain siee.local with the user Juanjo. Moreover I have chanbged this user password to simpler one and the result is the same.
I have logged in administration portal with internal admin user and I try to navigate through the domain to find user to assign some user in a VM but nothing is showed as you can see in the attached screen image and any error is faced in administration portal, but the /var/log/ovirt-engine/engine.log show this:
2014-11-25 17:02:05,355 ERROR
[org.ovirt.engine.extensions.aaa.builtin.kerberosldap.GSSAPIDirContextAuthenticationStrategy]
(ajp--127.0.0.1-8702-5) Kerberos error: Pre-authentication information was invalid (24) 2014-11-25 17:02:05,356 ERROR
[org.ovirt.engine.extensions.aaa.builtin.kerberosldap.GSSAPIDirContextAuthenticationStrategy]
(ajp--127.0.0.1-8702-5) Authentication Failed. Please verify the username and password. 2014-11-25 17:02:05,357 ERROR [org.ovirt.engine.extensions.aaa.builtin.kerberosldap.DirectorySearcher] (ajp--127.0.0.1-8702-5) Failed ldap search server ldap://adserver.siee.local:389 using user juanjo@SIEE.LOCAL due to Authentication Failed. Please verify the username and password.. We should not try the next server 2014-11-25 17:02:05,359 ERROR
[org.ovirt.engine.extensions.aaa.builtin.kerberosldap.LdapBrokerCommandBase]
(ajp--127.0.0.1-8702-5) Failed to run command LdapSearchUserByQueryCommand. Domain is siee.local. User is juanjo@SIEE.LOCAL. 2014-11-25 17:02:05,402 ERROR
[org.ovirt.engine.extensions.aaa.builtin.kerberosldap.GSSAPIDirContextAuthenticationStrategy]
(ajp--127.0.0.1-8702-5) Kerberos error: Pre-authentication information was invalid (24) 2014-11-25 17:02:05,404 ERROR
[org.ovirt.engine.extensions.aaa.builtin.kerberosldap.GSSAPIDirContextAuthenticationStrategy]
(ajp--127.0.0.1-8702-5) Authentication Failed. Please verify the username and password. 2014-11-25 17:02:05,406 ERROR [org.ovirt.engine.extensions.aaa.builtin.kerberosldap.DirectorySearcher] (ajp--127.0.0.1-8702-5) Failed ldap search server ldap://adserver.siee.local:389 using user juanjo@SIEE.LOCAL due to Authentication Failed. Please verify the username and password.. We should not try the next server 2014-11-25 17:02:05,408 ERROR
[org.ovirt.engine.extensions.aaa.builtin.kerberosldap.LdapBrokerCommandBase]
(ajp--127.0.0.1-8702-5) Failed to run command LdapSearchGroupsByQueryCommand. Domain is siee.local. User is juanjo@SIEE.LOCAL.
every time I click "Go" button. Moreover I haven't changed anything from my Samba4 AD and it is working handling my siee.local domain. This error is showed since oVirt 3.5 upgrade.
Many thanks in advance,
Juanjo.
As Alon suggested, you can try the next provider for 3.5 However, until you do so, can you use kinit in order to perform kerberos authentication with the problematic user?
Cheers, Yair
On Tue, Nov 25, 2014 at 2:29 PM, Ondra Machacek <omachace@redhat.com>
wrote:
Also, can you please try to search within this domain, not only login to it? Does it fail or works good?
(in webadmin go to users tab and click add, select your domain and search for users).
----- Original Message -----
From: "Alon Bar-Lev" <alonbl@redhat.com> To: "Juan Jose" <jj197005@gmail.com> Cc: "Ondra Machacek" <omachace@redhat.com>, "Yair Zaslavsky" < yzaslavs@redhat.com>, users@ovirt.org Sent: Tuesday, November 25, 2014 1:49:20 PM Subject: Re: [ovirt-users] Adding domain to oVirt to 3.5 issue
2014-11-25 12:54:10,687 ERROR
(ajp--127.0.0.1-8702-5) Failed ldap search server ldap://adserver.siee.local:389 using user juanjo@SIEE.LOCAL due to Authentication Failed. Please verify the username and password.. We should not try the next server
From: "Juan Jose" <jj197005@gmail.com> To: "Ondra Machacek" <omachace@redhat.com>, alonbl@redhat.com, "Yair Zaslavsky" <yzaslavs@redhat.com>, users@ovirt.org Sent: Tuesday, November 25, 2014 2:29:26 PM Subject: Re: [ovirt-users] Adding domain to oVirt to 3.5 issue
Hello Ondra and everybody,
It works with my other user:
engine-manage-domains add --domain=siee.local --provider=ad --user=juanjo --add-permissions Enter password: Successfully added domain siee.local. oVirt Engine restart is required in order for the changes to take place (service ovirt-engine restart). Manage Domains completed successfully
But after restarted ovirt-engine if I try to loging with "juanjo" in
----- Original Message ----- the
administrator portal and I receive the error "General command validation failure", as you can see in the attached image.
I'm showing below the engine.log lines with the error:
2014-11-25 12:54:10,680 ERROR
[org.ovirt.engine.extensions.aaa.builtin.kerberosldap.GSSAPIDirContextAuthenticationStrategy]
(ajp--127.0.0.1-8702-5) Kerberos error: Pre-authentication information was invalid (24) 2014-11-25 12:54:10,681 ERROR
[org.ovirt.engine.extensions.aaa.builtin.kerberosldap.GSSAPIDirContextAuthenticationStrategy]
(ajp--127.0.0.1-8702-5) Authentication Failed. Please verify the username and password. 2014-11-25 12:54:10,687 ERROR
[org.ovirt.engine.extensions.aaa.builtin.kerberosldap.DirectorySearcher]
(ajp--127.0.0.1-8702-5) Failed ldap search server ldap://adserver.siee.local:389 using user juanjo@SIEE.LOCAL due to Authentication Failed. Please verify the username and password.. We should not try the next server 2014-11-25 12:54:10,688 ERROR
[org.ovirt.engine.extensions.aaa.builtin.kerberosldap.LdapBrokerCommandBase]
(ajp--127.0.0.1-8702-5) Failed to run command LdapGetAdUserByUserNameCommand. Domain is siee.local. User is juanjo@SIEE.LOCAL. 2014-11-25 12:54:10,689 ERROR [org.ovirt.engine.core.bll.aaa.LoginAdminUserCommand] (ajp--127.0.0.1-8702-5) Error during CanDoActionFailure.: Class: class
org.ovirt.engine.core.extensions.mgr.ExtensionInvokeCommandFailedException
Input: {Extkey[name=EXTENSION_INVOKE_CONTEXT;type=class
org.ovirt.engine.api.extensions.ExtMap;uuid=EXTENSION_INVOKE_CONTEXT[886d2ebb-312a-49ae-9cc3-e1f849834b7d];]={Extkey[name=EXTENSION_INTERFACE_VERSION_MAX;type=class
java.lang.Integer;uuid=EXTENSION_INTERFACE_VERSION_MAX[f4cff49f-2717-4901-8ee9-df362446e3e7];]=0,
Extkey[name=EXTENSION_LICENSE;type=class
java.lang.String;uuid=EXTENSION_LICENSE[8a61ad65-054c-4e31-9c6d-1ca4d60a4c18];]=ASL
2.0, Extkey[name=EXTENSION_HOME_URL;type=class
java.lang.String;uuid=EXTENSION_HOME_URL[4ad7a2f4-f969-42d4-b399-72d192e18304];]=
http://www.ovirt.org, Extkey[name=EXTENSION_LOCALE;type=class
java.lang.String;uuid=EXTENSION_LOCALE[0780b112-0ce0-404a-b85e-8765d778bb29];]=en_US,
Extkey[name=EXTENSION_NAME;type=class
java.lang.String;uuid=EXTENSION_NAME[651381d3-f54f-4547-bf28-b0b01a103184];]=Kerberos/Ldap
Authz (Built-in), Extkey[name=EXTENSION_INTERFACE_VERSION_MIN;type=class
java.lang.Integer;uuid=EXTENSION_INTERFACE_VERSION_MIN[2b84fc91-305b-497b-a1d7-d961b9d2ce0b];]=0,
Extkey[name=EXTENSION_CONFIGURATION;type=class
java.util.Properties;uuid=EXTENSION_CONFIGURATION[2d48ab72-f0a1-4312-b4ae-5068a226b0fc];]=***,
Extkey[name=EXTENSION_AUTHOR;type=class
java.lang.String;uuid=EXTENSION_AUTHOR[ef242f7a-2dad-4bc5-9aad-e07018b7fbcc];]=The
oVirt Project, Extkey[name=AAA_AUTHZ_QUERY_MAX_FILTER_SIZE;type=class
java.lang.Integer;uuid=AAA_AUTHZ_QUERY_MAX_FILTER_SIZE[2eb1f541-0f65-44a1-a6e3-014e247595f5];]=100,
Extkey[name=EXTENSION_INSTANCE_NAME;type=class
java.lang.String;uuid=EXTENSION_INSTANCE_NAME[65c67ff6-aeca-4bd5-a245-8674327f011b];]=siee.local,
Extkey[name=EXTENSION_BUILD_INTERFACE_VERSION;type=class
java.lang.Integer;uuid=EXTENSION_BUILD_INTERFACE_VERSION[cb479e5a-4b23-46f8-aed3-56a4747a8ab7];]=0,
Extkey[name=AAA_AUTHZ_CAPABILITIES;type=class
java.lang.Long;uuid=AAA_AUTHZ_CAPABILITIES[6106d1fb-9291-4351-a947-b897b9540a23];]=1,
Extkey[name=EXTENSION_CONFIGURATION_SENSITIVE_KEYS;type=interface
java.util.Collection;uuid=EXTENSION_CONFIGURATION_SENSITIVE_KEYS[a456efa1-73ff-4204-9f9b-ebff01e35263];]=[],
Extkey[name=EXTENSION_GLOBAL_CONTEXT;type=class
org.ovirt.engine.api.extensions.ExtMap;uuid=EXTENSION_GLOBAL_CONTEXT[9799e72f-7af6-4cf1-bf08-297bc8903676];]=*skip*,
Extkey[name=EXTENSION_VERSION;type=class
java.lang.String;uuid=EXTENSION_VERSION[fe35f6a8-8239-4bdb-ab1a-af9f779ce68c];]=N/A,
Extkey[name=AAA_AUTHZ_AVAILABLE_NAMESPACES;type=interface
java.util.Collection;uuid=AAA_AUTHZ_AVAILABLE_NAMESPACES[6dffa34c-955f-486a-bd35-0a272b45a711];]=[*],
Extkey[name=EXTENSION_MANAGER_TRACE_LOG;type=interface
org.slf4j.Logger;uuid=EXTENSION_MANAGER_TRACE_LOG[863db666-3ea7-4751-9695-918a3197ad83];]=org.slf4j.impl.Slf4jLogger(org.ovirt.engine.core.extensions.mgr.ExtensionsManager.trace.Kerberos/Ldap
Authz (Built-in).siee.local), Extkey[name=EXTENSION_PROVIDES;type=interface
java.util.Collection;uuid=EXTENSION_PROVIDES[8cf373a6-65b5-4594-b828-0e275087de91];]=[org.ovirt.engine.api.extensions.aaa.Authz]},
Extkey[name=AAA_AUTHZ_QUERY_FLAGS;type=class
java.lang.Integer;uuid=AAA_AUTHZ_QUERY_FLAGS[97d226e9-8d87-49a0-9a7f-af689320907b];]=3,
Extkey[name=EXTENSION_INVOKE_COMMAND;type=class
org.ovirt.engine.api.extensions.ExtUUID;uuid=EXTENSION_INVOKE_COMMAND[485778ab-bede-4f1a-b823-77b262a2f28d];]=AAA_AUTHZ_FETCH_PRINCIPAL_RECORD[5a5bf9bb-9336-4376-a823-26efe1ba26df],
Extkey[name=AAA_AUTHN_AUTH_RECORD;type=class
org.ovirt.engine.api.extensions.ExtMap;uuid=AAA_AUTHN_AUTH_RECORD[e9462168-b53b-44ac-9af5-f25e1697173e];]={Extkey[name=AAA_AUTHN_AUTH_RECORD_PRINCIPAL;type=class
java.lang.String;uuid=AAA_AUTHN_AUTH_RECORD_PRINCIPAL[c3498f07-11fe-464c-958c-8bd7490b119a];]=juanjo}}
Output: {Extkey[name=EXTENSION_INVOKE_RESULT;type=class
java.lang.Integer;uuid=EXTENSION_INVOKE_RESULT[0909d91d-8bde-40fb-b6c0-099c772ddd4e];]=2,
Extkey[name=AAA_AUTHZ_STATUS;type=class
java.lang.Integer;uuid=AAA_AUTHZ_STATUS[566f0ba5-8329-4de1-952a-7a81e4bedd3e];]=1}
at
org.ovirt.engine.core.extensions.mgr.ExtensionProxy.invoke(ExtensionProxy.java:91)
[extensions-manager.jar:] at
org.ovirt.engine.core.extensions.mgr.ExtensionProxy.invoke(ExtensionProxy.java:109)
[extensions-manager.jar:] at
org.ovirt.engine.core.aaa.AuthzUtils.fetchPrincipalRecordImpl(AuthzUtils.java:51)
[aaa.jar:] at
org.ovirt.engine.core.aaa.AuthzUtils.fetchPrincipalRecord(AuthzUtils.java:42)
[aaa.jar:] at
org.ovirt.engine.core.bll.aaa.LoginBaseCommand.isUserCanBeAuthenticated(LoginBaseCommand.java:234)
[bll.jar:] at
org.ovirt.engine.core.bll.aaa.LoginAdminUserCommand.canDoAction(LoginAdminUserCommand.java:15)
[bll.jar:] at
org.ovirt.engine.core.bll.CommandBase.internalCanDoAction(CommandBase.java:744)
[bll.jar:] at
org.ovirt.engine.core.bll.CommandBase.executeAction(CommandBase.java:338)
[bll.jar:] at org.ovirt.engine.core.bll.Backend.login(Backend.java:575) [bll.jar:] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.7.0_51] at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
[rt.jar:1.7.0_51] at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
[rt.jar:1.7.0_51] at java.lang.reflect.Method.invoke(Method.java:606) [rt.jar:1.7.0_51] at
org.jboss.as.ee.component.ManagedReferenceMethodInterceptorFactory$ManagedReferenceMethodInterceptor.processInvocation(ManagedReferenceMethodInterceptorFactory.java:72)
[jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
[jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at
org.jboss.invocation.InterceptorContext$Invocation.proceed(InterceptorContext.java:374)
[jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at
org.jboss.as.weld.ejb.Jsr299BindingsInterceptor.delegateInterception(Jsr299BindingsInterceptor.java:114)
[jboss-as-weld-7.1.1.Final.jar:7.1.1.Final] at
org.jboss.as.weld.ejb.Jsr299BindingsInterceptor.doMethodInterception(Jsr299BindingsInterceptor.java:125)
[jboss-as-weld-7.1.1.Final.jar:7.1.1.Final] at
org.jboss.as.weld.ejb.Jsr299BindingsInterceptor.processInvocation(Jsr299BindingsInterceptor.java:135)
[jboss-as-weld-7.1.1.Final.jar:7.1.1.Final] at
org.jboss.as.ee.component.interceptors.UserInterceptorFactory$1.processInvocation(UserInterceptorFactory.java:36)
[jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
[jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at
org.jboss.invocation.InterceptorContext$Invocation.proceed(InterceptorContext.java:374)
[jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at
org.ovirt.engine.core.bll.interceptors.ThreadLocalSessionCleanerInterceptor.injectWebContextToThreadLocal(ThreadLocalSessionCleanerInterceptor.java:13)
[bll.jar:] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.7.0_51] at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
[rt.jar:1.7.0_51] at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
[rt.jar:1.7.0_51] at java.lang.reflect.Method.invoke(Method.java:606) [rt.jar:1.7.0_51] at
org.jboss.as.ee.component.ManagedReferenceLifecycleMethodInterceptorFactory$ManagedReferenceLifecycleMethodInterceptor.processInvocation(ManagedReferenceLifecycleMethodInterceptorFactory.java:123)
[jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
[jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at
org.jboss.invocation.WeavedInterceptor.processInvocation(WeavedInterceptor.java:53)
[jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at
org.jboss.as.ee.component.interceptors.UserInterceptorFactory$1.processInvocation(UserInterceptorFactory.java:36)
[jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
[jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at
org.jboss.as.weld.ejb.EjbRequestScopeActivationInterceptor.processInvocation(EjbRequestScopeActivationInterceptor.java:82)
[jboss-as-weld-7.1.1.Final.jar:7.1.1.Final] at
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
[jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at
org.jboss.invocation.InitialInterceptor.processInvocation(InitialInterceptor.java:21)
[jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
[jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at
org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61)
[jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at
org.jboss.as.ee.component.interceptors.ComponentDispatcherInterceptor.processInvocation(ComponentDispatcherInterceptor.java:53)
[jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
[jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at
org.jboss.as.ejb3.component.singleton.SingletonComponentInstanceAssociationInterceptor.processInvocation(SingletonComponentInstanceAssociationInterceptor.java:53)
[jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] at
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
[jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at
org.jboss.as.ejb3.tx.CMTTxInterceptor.invokeInNoTx(CMTTxInterceptor.java:211)
[jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] at
org.jboss.as.ejb3.tx.CMTTxInterceptor.supports(CMTTxInterceptor.java:363)
[jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] at
org.jboss.as.ejb3.tx.CMTTxInterceptor.processInvocation(CMTTxInterceptor.java:194)
[jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] at
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
[jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at
org.jboss.as.ejb3.component.interceptors.CurrentInvocationContextInterceptor.processInvocation(CurrentInvocationContextInterceptor.java:41)
[jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] at
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
[jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at
org.jboss.as.ejb3.component.interceptors.LoggingInterceptor.processInvocation(LoggingInterceptor.java:59)
[jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] at
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
[jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at
org.jboss.as.ee.component.NamespaceContextInterceptor.processInvocation(NamespaceContextInterceptor.java:50)
[jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
[jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at
org.jboss.as.ee.component.TCCLInterceptor.processInvocation(TCCLInterceptor.java:45)
[jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
[jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at
org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61)
[jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at
org.jboss.as.ee.component.ViewService$View.invoke(ViewService.java:165)
[jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at
org.jboss.as.ee.component.ViewDescription$1.processInvocation(ViewDescription.java:173)
[jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
[jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at
org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61)
[jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at
org.jboss.as.ee.component.ProxyInvocationHandler.invoke(ProxyInvocationHandler.java:72)
[jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at
org.ovirt.engine.core.common.interfaces.BackendLocal$$$view7.login(Unknown
Source) [common.jar:] at
org.ovirt.engine.ui.frontend.server.gwt.GenericApiGWTServiceImpl.login(GenericApiGWTServiceImpl.java:183)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.7.0_51] at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
[rt.jar:1.7.0_51] at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
[rt.jar:1.7.0_51] at java.lang.reflect.Method.invoke(Method.java:606) [rt.jar:1.7.0_51] at com.google.gwt.rpc.server.RPC.invokeAndStreamResponse(RPC.java:196) at
com.google.gwt.rpc.server.RpcServlet.processCall(RpcServlet.java:172)
at
com.google.gwt.rpc.server.RpcServlet.processPost(RpcServlet.java:233)
at
com.google.gwt.user.server.rpc.AbstractRemoteServiceServlet.doPost(AbstractRemoteServiceServlet.java:62)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:754) [jboss-servlet-api_3.0_spec-1.0.0.Final.jar:1.0.0.Final] at javax.servlet.http.HttpServlet.service(HttpServlet.java:847) [jboss-servlet-api_3.0_spec-1.0.0.Final.jar:1.0.0.Final] at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:329)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)
at
org.ovirt.engine.core.utils.servlet.HeaderFilter.doFilter(HeaderFilter.java:94)
[utils.jar:] at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)
at
org.ovirt.engine.ui.frontend.server.gwt.GwtCachingFilter.doFilter(GwtCachingFilter.java:132)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)
at
org.ovirt.engine.core.branding.BrandingFilter.doFilter(BrandingFilter.java:72)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)
at
org.ovirt.engine.core.utils.servlet.LocaleFilter.doFilter(LocaleFilter.java:64)
[utils.jar:] at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)
at
org.ovirt.engine.core.aaa.filters.SessionMgmtFilter.doFilter(SessionMgmtFilter.java:31)
[aaa.jar:] at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)
at
org.ovirt.engine.core.aaa.filters.LoginFilter.doFilter(LoginFilter.java:73)
[aaa.jar:] at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)
at
org.ovirt.engine.core.aaa.filters.NegotiationFilter.doFilter(NegotiationFilter.java:131)
[aaa.jar:] at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)
at
org.ovirt.engine.core.aaa.filters.BasicAuthenticationFilter.doFilter(BasicAuthenticationFilter.java:75)
[aaa.jar:] at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)
at
org.ovirt.engine.core.aaa.filters.SessionValidationFilter.doFilter(SessionValidationFilter.java:63)
[aaa.jar:] at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:275)
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:161)
at
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:489)
at
org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityContextAssociationValve.java:153)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:155)
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
at
org.jboss.web.rewrite.RewriteValve.invoke(RewriteValve.java:466)
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:368)
at
org.apache.coyote.ajp.AjpProcessor.process(AjpProcessor.java:505)
at
org.apache.coyote.ajp.AjpProtocol$AjpConnectionHandler.process(AjpProtocol.java:445)
at
org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:930)
at java.lang.Thread.run(Thread.java:744) [rt.jar:1.7.0_51]
Could you help me with this problem, please?
Many thanks in advanced,
Juanjo.
On Tue, Nov 25, 2014 at 12:24 PM, Ondra Machacek <
omachace@redhat.com>
wrote:
> Hi, > > can you please try different account than Administrator? > > ----- Original Message ----- > > From: "Juan Jose" <jj197005@gmail.com> > > To: omachace@redhat.com, alonbl@redhat.com, "Yair Zaslavsky" < > yzaslavs@redhat.com>, users@ovirt.org > > Sent: Tuesday, November 25, 2014 11:01:13 AM > > Subject: Re: [ovirt-users] Adding domain to oVirt to 3.5 issue > > > > Hello everybody, > > > > Ondra you are right, I removed the domain. I have already
> execute > > the command with lower case the domain name and the result is
[org.ovirt.engine.extensions.aaa.builtin.kerberosldap.DirectorySearcher] tried to the
same
> > > > engine-manage-domains add --domain=siee.local --provider=ad > > --user=Administrator --add-permissions > > Enter password: > > No user in Directory was found for Administrator@SIEE.LOCAL. Trying > > next > > LDAP server in list > > Failure while testing domain siee.local. Details: No user information > > was > > found for user > > > > the result to the command psql -U engine -d engine -c "select * from > > vdc_options where option_name='LDAPSecurityAuthentication'" is: > > > > psql: FATAL: Ident authentication failed for user "engine" > > > > And for second command psql -U engine -d engine -c "update vdc_options > set > > option_value='siee.local:GSSAPI' where > > option_name='LDAPSecurityAuthentication'", I receive the same response: > > > > psql: FATAL: Ident authentication failed for user "engine" > > > > Is there any problem? > > > > Many thanks in advanced, > > > > Juanjo. > > > > > > On Mon, Nov 24, 2014 at 1:57 PM, Ondra Machacek < omachace@redhat.com> > wrote: > > > > > I understood that domain can be deleted, but can't be added, > > > so there won't be needed values to update in vdc_options. > > > > > > Juanjo - Can you please provide us what's the result of command: > > > > > > $ psql -U engine -d engine -c "select * from vdc_options where > > > option_name='LDAPSecurityAuthentication'" > > > > > > If it's empty or if the domain name is upper case or lower case? > > > If it's upper, than please lower case it. > > > $ psql -U engine -d engine -c "update vdc_options set > > > option_value='siee.local:GSSAPI' where > > > option_name='LDAPSecurityAuthentication'" > > > > > > > > > ----- Original Message ----- > > > > From: "Alon Bar-Lev" <alonbl@redhat.com> > > > > To: "Ondra Machacek" <omachace@redhat.com> > > > > Cc: jj197005@gmail.com, users@ovirt.org, "Yair Zaslavsky" < > > > yzaslavs@redhat.com> > > > > Sent: Monday, November 24, 2014 1:49:11 PM > > > > Subject: Re: [ovirt-users] Adding domain to oVirt to 3.5 issue > > > > > > > > > > > > > > > > ----- Original Message ----- > > > > > From: "Ondra Machacek" <omachace@redhat.com> > > > > > To: jj197005@gmail.com > > > > > Cc: users@ovirt.org, "Yair Zaslavsky" < yzaslavs@redhat.com>, > > > > > "Alon > > > Bar-Lev" > > > > > <alonbl@redhat.com> > > > > > Sent: Monday, November 24, 2014 2:46:20 PM > > > > > Subject: Re: [ovirt-users] Adding domain to oVirt to 3.5 issue > > > > > > > > > > Please try to run your command with domain in lower case: > > > > > > > > > > engine-manage-domains add --domain=siee.local --provider=ad > > > > > --user=Administrator > > > > > > > > it is already added, won't it simpler to modify the vdc_options? > > > > > > > > > > > > > > > > > > > ----- Original Message ----- > > > > > > From: "Alon Bar-Lev" <alonbl@redhat.com> > > > > > > To: "Juan Jose" <jj197005@gmail.com> > > > > > > Cc: users@ovirt.org, "Yair Zaslavsky" < yzaslavs@redhat.com , > "Ondra > > > > > > Machacek" <omachace@redhat.com> > > > > > > Sent: Monday, November 24, 2014 1:27:39 PM > > > > > > Subject: Re: [ovirt-users] Adding domain to oVirt to 3.5 issue > > > > > > > > > > > > > > > > > > Yes, > > > > > > I think we just fixed this[1]. > > > > > > We can fix this manually, yair, ondra what is the easiest fix? > > > > > > > > > > > > BTW: you can also checkout the new ldap provider > > > > > > (ovirt-engine-extension-aaa-ldap) in 3.5 which should be much > more > > > > > > robust[1], I can help you set it up. > > > > > > > > > > > > [1] https://bugzilla.redhat.com/show_bug.cgi?id=1167211 > > > > > > [2] > > > > > > > > > >
http://gerrit.ovirt.org/gitweb?p=ovirt-engine-extension-aaa-ldap.git;a=blob;...
> > > > > > > > > > > > ----- Original Message ----- > > > > > > > From: "Juan Jose" <jj197005@gmail.com> > > > > > > > To: users@ovirt.org > > > > > > > Sent: Monday, November 24, 2014 2:22:44 PM > > > > > > > Subject: [ovirt-users] Adding domain to oVirt to 3.5 issue > > > > > > > > > > > > > > Hello everybody, > > > > > > > > > > > > > > I have upgraded my oVirt 3.4 to 3.5 version without any > > > > > > > problem > > > > > > > apparently. > > > > > > > > > > > > > > After finish the upgrade I have tried to login with any of my > AD > > > users > > > > > > > from > > > > > > > my Samba 4, like I used to do in oVirt 3.4 but I received > > > > > > > authentication > > > > > > > errors as below error: > > > > > > > > > > > > > > 2014-11-21 14:06:02,681 ERROR > > > > > > > > > > >
[org.ovirt.engine.extensions.aaa.builtin.kerberosldap.GSSAPIDirContextAuthenticationStrategy]
> > > > > > > (ajp--127.0.0.1-8702-3) Kerberos error: Pre-authentication > > > information > > > > > > > was > > > > > > > invalid (24) > > > > > > > 2014-11-21 14:06:02,683 ERROR > > > > > > > > > > >
[org.ovirt.engine.extensions.aaa.builtin.kerberosldap.GSSAPIDirContextAuthenticationStrategy]
> > > > > > > (ajp--127.0.0.1-8702-3) Authentication Failed. Please verify > the > > > > > > > username > > > > > > > and password. > > > > > > > 2014-11-21 14:06:02,685 ERROR > > > > > > > > > > >
[org.ovirt.engine.extensions.aaa.builtin.kerberosldap.DirectorySearcher]
> > > > > > > (ajp--127.0.0.1-8702-3) Failed ldap search server > > > > > > > ldap://adserver.siee.local:389 using user juanjo@SIEE.LOCAL > due to > > > > > > > Authentication Failed. Please verify the username and > password.. We > > > > > > > should > > > > > > > not try the next server > > > > > > > 2014-11-21 14:06:02,688 ERROR > > > > > > > > > > >
[org.ovirt.engine.extensions.aaa.builtin.kerberosldap.LdapBrokerCommandBase]
> > > > > > > (ajp--127.0.0.1-8702-3) Failed to run command > > > > > > > LdapGetAdUserByUserNameCommand. Domain is siee.local. User is > > > > > > > juanjo@SIEE.LOCAL. > > > > > > > 2014-11-21 14:06:02,690 ERROR > > > > > > > [org.ovirt.engine.core.bll.aaa.LoginAdminUserCommand] > > > > > > > (ajp--127.0.0.1-8702-3) Error during CanDoActionFailure.: > Class: > > > class > > > > > > > > > > >
org.ovirt.engine.core.extensions.mgr.ExtensionInvokeCommandFailedException
> > > > > > > Input: > > > > > > > {Extkey[name=EXTENSION_INVOKE_CONTEXT;type=class > > > > > > > > > > >
org.ovirt.engine.api.extensions.ExtMap;uuid=EXTENSION_INVOKE_CONTEXT[886d2ebb-312a-49ae-9cc3-e1f849834b7d];]={Extkey[name=EXTENSION_INTERFACE_VERSION_MAX;type=class
> > > > > > > > > > >
java.lang.Integer;uuid=EXTENSION_INTERFACE_VERSION_MAX[f4cff49f-2717-4901-8ee9-df362446e3e7];]=0,
> > > > > > > Extkey[name=EXTENSION_LICENSE;type=class > > > > > > > > > > >
java.lang.String;uuid=EXTENSION_LICENSE[8a61ad65-054c-4e31-9c6d-1ca4d60a4c18];]=ASL
> > > > > > > 2.0, Extkey[name=EXTENSION_HOME_URL;type=class > > > > > > > > > > >
java.lang.String;uuid=EXTENSION_HOME_URL[4ad7a2f4-f969-42d4-b399-72d192e18304];]=
> > > > > > > http://www.ovirt.org , > > > > > > > Extkey[name=EXTENSION_LOCALE;type=class > > > > > > > > > > >
java.lang.String;uuid=EXTENSION_LOCALE[0780b112-0ce0-404a-b85e-8765d778bb29];]=en_US,
> > > > > > > Extkey[name=EXTENSION_NAME;type=class > > > > > > > > > > >
java.lang.String;uuid=EXTENSION_NAME[651381d3-f54f-4547-bf28-b0b01a103184];]=Kerberos/Ldap
> > > > > > > Authz (Built-in), > > > > > > > Extkey[name=EXTENSION_INTERFACE_VERSION_MIN;type=class > > > > > > > > > > >
java.lang.Integer;uuid=EXTENSION_INTERFACE_VERSION_MIN[2b84fc91-305b-497b-a1d7-d961b9d2ce0b];]=0,
> > > > > > > Extkey[name=EXTENSION_CONFIGURATION;type=class > > > > > > > > > > >
java.util.Properties;uuid=EXTENSION_CONFIGURATION[2d48ab72-f0a1-4312-b4ae-5068a226b0fc];]=***,
> > > > > > > Extkey[name=EXTENSION_AUTHOR;type=class > > > > > > > > > > >
java.lang.String;uuid=EXTENSION_AUTHOR[ef242f7a-2dad-4bc5-9aad-e07018b7fbcc];]=The
> > > > > > > oVirt Project, > > > Extkey[name=AAA_AUTHZ_QUERY_MAX_FILTER_SIZE;type=class > > > > > > > > > > >
java.lang.Integer;uuid=AAA_AUTHZ_QUERY_MAX_FILTER_SIZE[2eb1f541-0f65-44a1-a6e3-014e247595f5];]=100,
> > > > > > > Extkey[name=EXTENSION_INSTANCE_NAME;type=class > > > > > > > > > > >
java.lang.String;uuid=EXTENSION_INSTANCE_NAME[65c67ff6-aeca-4bd5-a245-8674327f011b];]=siee.local,
> > > > > > > Extkey[name=EXTENSION_BUILD_INTERFACE_VERSION;type=class > > > > > > > > > > >
java.lang.Integer;uuid=EXTENSION_BUILD_INTERFACE_VERSION[cb479e5a-4b23-46f8-aed3-56a4747a8ab7];]=0,
> > > > > > > Extkey[name=AAA_AUTHZ_CAPABILITIES;type=class > > > > > > > > > > >
java.lang.Long;uuid=AAA_AUTHZ_CAPABILITIES[6106d1fb-9291-4351-a947-b897b9540a23];]=1,
> > > > > > > > Extkey[name=EXTENSION_CONFIGURATION_SENSITIVE_KEYS;type=interface > > > > > > > > > > >
java.util.Collection;uuid=EXTENSION_CONFIGURATION_SENSITIVE_KEYS[a456efa1-73ff-4204-9f9b-ebff01e35263];]=[],
> > > > > > > Extkey[name=EXTENSION_GLOBAL_CONTEXT;type=class > > > > > > > > > > >
org.ovirt.engine.api.extensions.ExtMap;uuid=EXTENSION_GLOBAL_CONTEXT[9799e72f-7af6-4cf1-bf08-297bc8903676];]=*skip*,
> > > > > > > Extkey[name=EXTENSION_VERSION;type=class > > > > > > > > > > >
java.lang.String;uuid=EXTENSION_VERSION[fe35f6a8-8239-4bdb-ab1a-af9f779ce68c];]=N/A,
> > > > > > > Extkey[name=AAA_AUTHZ_AVAILABLE_NAMESPACES;type=interface > > > > > > > > > > >
java.util.Collection;uuid=AAA_AUTHZ_AVAILABLE_NAMESPACES[6dffa34c-955f-486a-bd35-0a272b45a711];]=[*],
> > > > > > > Extkey[name=EXTENSION_MANAGER_TRACE_LOG;type=interface > > > > > > > > > > >
org.slf4j.Logger;uuid=EXTENSION_MANAGER_TRACE_LOG[863db666-3ea7-4751-9695-918a3197ad83];]=org.slf4j.impl.Slf4jLogger(org.ovirt.engine.core.extensions.mgr.ExtensionsManager.trace.Kerberos/Ldap
> > > > > > > Authz (Built-in).siee.local), > > > > > > > Extkey[name=EXTENSION_PROVIDES;type=interface > > > > > > > > > > >
java.util.Collection;uuid=EXTENSION_PROVIDES[8cf373a6-65b5-4594-b828-0e275087de91];]=[org.ovirt.engine.api.extensions.aaa.Authz]},
> > > > > > > Extkey[name=AAA_AUTHZ_QUERY_FLAGS;type=class > > > > > > > > > > >
java.lang.Integer;uuid=AAA_AUTHZ_QUERY_FLAGS[97d226e9-8d87-49a0-9a7f-af689320907b];]=3,
> > > > > > > Extkey[name=EXTENSION_INVOKE_COMMAND;type=class > > > > > > > > > > >
org.ovirt.engine.api.extensions.ExtUUID;uuid=EXTENSION_INVOKE_COMMAND[485778ab-bede-4f1a-b823-77b262a2f28d];]=AAA_AUTHZ_FETCH_PRINCIPAL_RECORD[5a5bf9bb-9336-4376-a823-26efe1ba26df],
> > > > > > > Extkey[name=AAA_AUTHN_AUTH_RECORD;type=class > > > > > > > > > > >
org.ovirt.engine.api.extensions.ExtMap;uuid=AAA_AUTHN_AUTH_RECORD[e9462168-b53b-44ac-9af5-f25e1697173e];]={Extkey[name=AAA_AUTHN_AUTH_RECORD_PRINCIPAL;type=class
> > > > > > > > > > >
java.lang.String;uuid=AAA_AUTHN_AUTH_RECORD_PRINCIPAL[c3498f07-11fe-464c-958c-8bd7490b119a];]=juanjo}}
> > > > > > > Output: > > > > > > > {Extkey[name=EXTENSION_INVOKE_RESULT;type=class > > > > > > > > > > >
java.lang.Integer;uuid=EXTENSION_INVOKE_RESULT[0909d91d-8bde-40fb-b6c0-099c772ddd4e];]=2,
> > > > > > > Extkey[name=AAA_AUTHZ_STATUS;type=class > > > > > > > > > > >
java.lang.Integer;uuid=AAA_AUTHZ_STATUS[566f0ba5-8329-4de1-952a-7a81e4bedd3e];]=1}
> > > > > > > > > > > > > > at > > > > > > > > > > >
org.ovirt.engine.core.extensions.mgr.ExtensionProxy.invoke(ExtensionProxy.java:91)
> > > > > > > [extensions-manager.jar:] > > > > > > > at > > > > > > > > > > >
org.ovirt.engine.core.extensions.mgr.ExtensionProxy.invoke(ExtensionProxy.java:109)
> > > > > > > [extensions-manager.jar:] > > > > > > > at > > > > > > > > > > >
org.ovirt.engine.core.aaa.AuthzUtils.fetchPrincipalRecordImpl(AuthzUtils.java:51)
> > > > > > > [aaa.jar:] > > > > > > > at > > > > > > > > > > >
org.ovirt.engine.core.aaa.AuthzUtils.fetchPrincipalRecord(AuthzUtils.java:42)
> > > > > > > [aaa.jar:] > > > > > > > at > > > > > > > > > > >
org.ovirt.engine.core.bll.aaa.LoginBaseCommand.isUserCanBeAuthenticated(LoginBaseCommand.java:234)
> > > > > > > [bll.jar:] > > > > > > > at > > > > > > > > > > >
org.ovirt.engine.core.bll.aaa.LoginAdminUserCommand.canDoAction(LoginAdminUserCommand.java:15)
> > > > > > > [bll.jar:] > > > > > > > at > > > > > > > > > > >
org.ovirt.engine.core.bll.CommandBase.internalCanDoAction(CommandBase.java:744)
> > > > > > > [bll.jar:] > > > > > > > at > > > > > > > > > > >
org.ovirt.engine.core.bll.CommandBase.executeAction(CommandBase.java:338)
> > > > > > > [bll.jar:] > > > > > > > at org.ovirt.engine.core.bll.Backend.login(Backend.java:575) > > > [bll.jar:] > > > > > > > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native > > > > > > > Method) > > > > > > > [rt.jar:1.7.0_51] > > > > > > > at > > > > > > > > > > >
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
> > > > > > > [rt.jar:1.7.0_51] > > > > > > > at > > > > > > > > > > >
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> > > > > > > [rt.jar:1.7.0_51] > > > > > > > at java.lang.reflect.Method.invoke(Method.java:606) > > > [rt.jar:1.7.0_51] > > > > > > > at > > > > > > > > > > >
org.jboss.as.ee.component.ManagedReferenceMethodInterceptorFactory$ManagedReferenceMethodInterceptor.processInvocation(ManagedReferenceMethodInterceptorFactory.java:72)
> > > > > > > [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] > > > > > > > at > > > > > > > > > > >
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
> > > > > > > [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > > > > > > > at > > > > > > > > > > >
org.jboss.invocation.InterceptorContext$Invocation.proceed(InterceptorContext.java:374)
> > > > > > > [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > > > > > > > at > > > > > > > > > > >
org.jboss.as.weld.ejb.Jsr299BindingsInterceptor.delegateInterception(Jsr299BindingsInterceptor.java:114)
> > > > > > > [jboss-as-weld-7.1.1.Final.jar:7.1.1.Final] > > > > > > > at > > > > > > > > > > >
org.jboss.as.weld.ejb.Jsr299BindingsInterceptor.doMethodInterception(Jsr299BindingsInterceptor.java:125)
> > > > > > > [jboss-as-weld-7.1.1.Final.jar:7.1.1.Final] > > > > > > > at > > > > > > > > > > >
org.jboss.as.weld.ejb.Jsr299BindingsInterceptor.processInvocation(Jsr299BindingsInterceptor.java:135)
> > > > > > > [jboss-as-weld-7.1.1.Final.jar:7.1.1.Final] > > > > > > > at > > > > > > > > > > >
org.jboss.as.ee.component.interceptors.UserInterceptorFactory$1.processInvocation(UserInterceptorFactory.java:36)
> > > > > > > [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] > > > > > > > at > > > > > > > > > > >
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
> > > > > > > [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > > > > > > > at > > > > > > > > > > >
org.jboss.invocation.InterceptorContext$Invocation.proceed(InterceptorContext.java:374)
> > > > > > > [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > > > > > > > at > > > > > > > > > > >
org.ovirt.engine.core.bll.interceptors.ThreadLocalSessionCleanerInterceptor.injectWebContextToThreadLocal(ThreadLocalSessionCleanerInterceptor.java:13)
> > > > > > > [bll.jar:] > > > > > > > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native > > > > > > > Method) > > > > > > > [rt.jar:1.7.0_51] > > > > > > > at > > > > > > > > > > >
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
> > > > > > > [rt.jar:1.7.0_51] > > > > > > > at > > > > > > > > > > >
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> > > > > > > [rt.jar:1.7.0_51] > > > > > > > at java.lang.reflect.Method.invoke(Method.java:606) > > > [rt.jar:1.7.0_51] > > > > > > > at > > > > > > > > > > >
org.jboss.as.ee.component.ManagedReferenceLifecycleMethodInterceptorFactory$ManagedReferenceLifecycleMethodInterceptor.processInvocation(ManagedReferenceLifecycleMethodInterceptorFactory.java:123)
> > > > > > > [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] > > > > > > > at > > > > > > > > > > >
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
> > > > > > > [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > > > > > > > at > > > > > > > > > > >
org.jboss.invocation.WeavedInterceptor.processInvocation(WeavedInterceptor.java:53)
> > > > > > > [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > > > > > > > at > > > > > > > > > > >
org.jboss.as.ee.component.interceptors.UserInterceptorFactory$1.processInvocation(UserInterceptorFactory.java:36)
> > > > > > > [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] > > > > > > > at > > > > > > > > > > >
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
> > > > > > > [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > > > > > > > at > > > > > > > > > > >
org.jboss.as.weld.ejb.EjbRequestScopeActivationInterceptor.processInvocation(EjbRequestScopeActivationInterceptor.java:82)
> > > > > > > [jboss-as-weld-7.1.1.Final.jar:7.1.1.Final] > > > > > > > at > > > > > > > > > > >
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
> > > > > > > [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > > > > > > > at > > > > > > > > > > >
org.jboss.invocation.InitialInterceptor.processInvocation(InitialInterceptor.java:21)
> > > > > > > [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > > > > > > > at > > > > > > > > > > >
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
> > > > > > > [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > > > > > > > at > > > > > > > > > > >
org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61)
> > > > > > > [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > > > > > > > at > > > > > > > > > > >
org.jboss.as.ee.component.interceptors.ComponentDispatcherInterceptor.processInvocation(ComponentDispatcherInterceptor.java:53)
> > > > > > > [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] > > > > > > > at > > > > > > > > > > >
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
> > > > > > > [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > > > > > > > at > > > > > > > > > > >
org.jboss.as.ejb3.component.singleton.SingletonComponentInstanceAssociationInterceptor.processInvocation(SingletonComponentInstanceAssociationInterceptor.java:53)
> > > > > > > [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] > > > > > > > at > > > > > > > > > > >
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
> > > > > > > [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > > > > > > > at > > > > > > > > > > >
org.jboss.as.ejb3.tx.CMTTxInterceptor.invokeInNoTx(CMTTxInterceptor.java:211)
> > > > > > > [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] > > > > > > > at > > > > > > > > > > >
org.jboss.as.ejb3.tx.CMTTxInterceptor.supports(CMTTxInterceptor.java:363)
> > > > > > > [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] > > > > > > > at > > > > > > > > > > >
org.jboss.as.ejb3.tx.CMTTxInterceptor.processInvocation(CMTTxInterceptor.java:194)
> > > > > > > [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] > > > > > > > at > > > > > > > > > > >
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
> > > > > > > [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > > > > > > > at > > > > > > > > > > >
org.jboss.as.ejb3.component.interceptors.CurrentInvocationContextInterceptor.processInvocation(CurrentInvocationContextInterceptor.java:41)
> > > > > > > [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] > > > > > > > at > > > > > > > > > > >
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
> > > > > > > [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > > > > > > > at > > > > > > > > > > >
org.jboss.as.ejb3.component.interceptors.LoggingInterceptor.processInvocation(LoggingInterceptor.java:59)
> > > > > > > [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] > > > > > > > at > > > > > > > > > > >
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
> > > > > > > [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > > > > > > > at > > > > > > > > > > >
org.jboss.as.ee.component.NamespaceContextInterceptor.processInvocation(NamespaceContextInterceptor.java:50)
> > > > > > > [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] > > > > > > > at > > > > > > > > > > >
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
> > > > > > > [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > > > > > > > at > > > > > > > > > > >
org.jboss.as.ee.component.TCCLInterceptor.processInvocation(TCCLInterceptor.java:45)
> > > > > > > [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] > > > > > > > at > > > > > > > > > > >
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
> > > > > > > [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > > > > > > > at > > > > > > > > > > >
org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61)
> > > > > > > [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > > > > > > > at > > > > > > > > > > org.jboss.as.ee.component.ViewService$View.invoke(ViewService.java:165) > > > > > > > [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] > > > > > > > at > > > > > > > > > > >
org.jboss.as.ee.component.ViewDescription$1.processInvocation(ViewDescription.java:173)
> > > > > > > [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] > > > > > > > at > > > > > > > > > > >
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
> > > > > > > [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > > > > > > > at > > > > > > > > > > >
org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61)
> > > > > > > [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > > > > > > > at > > > > > > > > > > >
org.jboss.as.ee.component.ProxyInvocationHandler.invoke(ProxyInvocationHandler.java:72)
> > > > > > > [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] > > > > > > > at > > > > > > > > > > >
org.ovirt.engine.core.common.interfaces.BackendLocal$$$view7.login(Unknown
> > > > > > > Source) [common.jar:] > > > > > > > at > > > > > > > > > > >
org.ovirt.engine.ui.frontend.server.gwt.GenericApiGWTServiceImpl.login(GenericApiGWTServiceImpl.java:183)
> > > > > > > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native > > > > > > > Method) > > > > > > > [rt.jar:1.7.0_51] > > > > > > > at > > > > > > > > > > >
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
> > > > > > > [rt.jar:1.7.0_51] > > > > > > > at > > > > > > > > > > >
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> > > > > > > [rt.jar:1.7.0_51] > > > > > > > at java.lang.reflect.Method.invoke(Method.java:606) > > > [rt.jar:1.7.0_51] > > > > > > > at > > > com.google.gwt.rpc.server.RPC.invokeAndStreamResponse(RPC.java:196) > > > > > > > at > > > > > > > > > > com.google.gwt.rpc.server.RpcServlet.processCall(RpcServlet.java:172) > > > > > > > at > > > > > > > > > > com.google.gwt.rpc.server.RpcServlet.processPost(RpcServlet.java:233) > > > > > > > at > > > > > > > > > > >
com.google.gwt.user.server.rpc.AbstractRemoteServiceServlet.doPost(AbstractRemoteServiceServlet.java:62)
> > > > > > > at > > > > > > > javax.servlet.http.HttpServlet.service(HttpServlet.java:754) > > > > > > > [jboss-servlet-api_3.0_spec-1.0.0.Final.jar:1.0.0.Final] > > > > > > > at > > > > > > > javax.servlet.http.HttpServlet.service(HttpServlet.java:847) > > > > > > > [jboss-servlet-api_3.0_spec-1.0.0.Final.jar:1.0.0.Final] > > > > > > > at > > > > > > > > > > >
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:329)
> > > > > > > at > > > > > > > > > > >
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)
> > > > > > > at > > > > > > > > > > >
org.ovirt.engine.core.utils.servlet.HeaderFilter.doFilter(HeaderFilter.java:94)
> > > > > > > [utils.jar:] > > > > > > > at > > > > > > > > > > >
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280)
> > > > > > > at > > > > > > > > > > >
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)
> > > > > > > at > > > > > > > > > > >
org.ovirt.engine.ui.frontend.server.gwt.GwtCachingFilter.doFilter(GwtCachingFilter.java:132)
> > > > > > > at > > > > > > > > > > >
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280)
> > > > > > > at > > > > > > > > > > >
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)
> > > > > > > at > > > > > > > > > > >
org.ovirt.engine.core.branding.BrandingFilter.doFilter(BrandingFilter.java:72)
> > > > > > > at > > > > > > > > > > >
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280)
> > > > > > > at > > > > > > > > > > >
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)
> > > > > > > at > > > > > > > > > > >
org.ovirt.engine.core.utils.servlet.LocaleFilter.doFilter(LocaleFilter.java:64)
> > > > > > > [utils.jar:] > > > > > > > at > > > > > > > > > > >
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280)
> > > > > > > at > > > > > > > > > > >
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)
> > > > > > > at > > > > > > > > > > >
org.ovirt.engine.core.aaa.filters.SessionMgmtFilter.doFilter(SessionMgmtFilter.java:31)
> > > > > > > [aaa.jar:] > > > > > > > at > > > > > > > > > > >
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280)
> > > > > > > at > > > > > > > > > > >
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)
> > > > > > > at > > > > > > > > > > >
org.ovirt.engine.core.aaa.filters.LoginFilter.doFilter(LoginFilter.java:73)
> > > > > > > [aaa.jar:] > > > > > > > at > > > > > > > > > > >
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280)
> > > > > > > at > > > > > > > > > > >
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)
> > > > > > > at > > > > > > > > > > >
org.ovirt.engine.core.aaa.filters.NegotiationFilter.doFilter(NegotiationFilter.java:131)
> > > > > > > [aaa.jar:] > > > > > > > at > > > > > > > > > > >
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280)
> > > > > > > at > > > > > > > > > > >
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)
> > > > > > > at > > > > > > > > > > >
org.ovirt.engine.core.aaa.filters.BasicAuthenticationFilter.doFilter(BasicAuthenticationFilter.java:75)
> > > > > > > [aaa.jar:] > > > > > > > at > > > > > > > > > > >
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280)
> > > > > > > at > > > > > > > > > > >
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)
> > > > > > > at > > > > > > > > > > >
org.ovirt.engine.core.aaa.filters.SessionValidationFilter.doFilter(SessionValidationFilter.java:63)
> > > > > > > [aaa.jar:] > > > > > > > at > > > > > > > > > > >
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280)
> > > > > > > at > > > > > > > > > > >
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)
> > > > > > > at > > > > > > > > > > >
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:275)
> > > > > > > at > > > > > > > > > > >
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:161)
> > > > > > > at > > > > > > > > > > >
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:489)
> > > > > > > at > > > > > > > > > > >
org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityContextAssociationValve.java:153)
> > > > > > > at > > > > > > > > > > >
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:155)
> > > > > > > at > > > > > > > > > > >
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
> > > > > > > at > org.jboss.web.rewrite.RewriteValve.invoke(RewriteValve.java:466) > > > > > > > at > > > > > > > > > > >
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
> > > > > > > at > > > > > > > > > > >
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:368)
> > > > > > > at > > > org.apache.coyote.ajp.AjpProcessor.process(AjpProcessor.java:505) > > > > > > > at > > > > > > > > > > >
org.apache.coyote.ajp.AjpProtocol$AjpConnectionHandler.process(AjpProtocol.java:445)
> > > > > > > at > > > > > > > > > > org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:930) > > > > > > > at java.lang.Thread.run(Thread.java:744) [rt.jar:1.7.0_51] > > > > > > > > > > > > > > I have not changed any password from any of my AD users. > > > > > > > > > > > > > > I have removed from my oVirt 3.5 the domain with: > > > > > > > > > > > > > > engine-manage-domains delete --domain=siee.local > > > --user=Administrator > > > > > > > > > > > > > > And I have removed the domain without problems. But I want to > add > > > it > > > > > > > again > > > > > > > but I can't. I execute the bellow command, put the password > > > > > > > of > my > > > > > > > Administrator domain and I receive the error showed bellow: > > > > > > > > > > > > > > engine-manage-domains add --domain=SIEE.LOCAL --provider=ad > > > > > > > --user=Administrator > > > > > > > Enter password: > > > > > > > No user in Directory was found for Administrator@SIEE.LOCAL. > > > Trying > > > > > > > next > > > > > > > LDAP > > > > > > > server in list > > > > > > > Failure while testing domain siee.local. Details: No user > > > information > > > > > > > was > > > > > > > found for user > > > > > > > > > > > > > > The password that I use is correct because I can login with > user > > > > > > > Administrator in the domain siee.local through a Windows 7 > > > Enterprise > > > > > > > client. All this issue comes after my upgrade to oVirt 3.5. > Does > > > > > > > someone > > > > > > > help me with this problem?. If more info is needed or logs, > please > > > ask > > > > > > > me. > > > > > > > > > > > > > > Many thanks in advanced, > > > > > > > > > > > > > > Juanjo > > > > > > > > > > > > > > _______________________________________________ > > > > > > > Users mailing list > > > > > > > Users@ovirt.org > > > > > > > http://lists.ovirt.org/mailman/listinfo/users > > > > > > > > > > > > > > > > > > > > > > > > > > > >