Re: [Users] engine-manage-domains can't add user , domain

From: "Yair Zaslavsky" <yzaslavs(a)redhat.com&gt; To: "Oved Ourfalli" <ovedo(a)redhat.com&gt; Cc: "T-Sinjon" <tscbj1989(a)gmail.com&gt;, users(a)ovirt.org Sent: Tuesday, May 15, 2012 8:48:26 AM Subject: Re: [Users] engine-manage-domains can't add user , domain On 05/15/2012 08:35 AM, Oved Ourfalli wrote: > > > ----- Original Message ----- >> From: "T-Sinjon" <tscbj1989(a)gmail.com&gt; >> To: "Oved Ourfalli" <ovedo(a)redhat.com&gt; >> Cc: users(a)ovirt.org >> Sent: Tuesday, May 15, 2012 5:53:16 AM >> Subject: Re: [Users] engine-manage-domains can't add user , domain >> >> after use kinit login tsinjon , the error changes to , why this >> happened? >> >> [root@ovirt-engine ~]# engine-manage-domains -action=add >> -domain='local' -user='tsinjon' -interactive >> Enter password: >> >> No user in Directory was found for tsinjon@LOCAL. Trying next LDAP >> server in list >> Failure while testing domain local. Details: No user information >> was >> found for user >> > Can't see why kinit matters here, but looking at your command I > noticed you used single quotes for the user and domain name. > I'm not sure it knows to handle this correctly. > Did you try without the quotes? > > Also, what version are you working with? > We had a problem a few weeks ago, of identifying the correct ldap > provider. To fix that we added an option to specify the ldap > provider type. It determines which query will be used in order to > get the user details. > > cc-ing Roy, which added this. iirc it is mandatory to provide this > option, so you probably don't have this option in your > environment. > Roy - is there an upstream release with this fix? Oved - this was merged upstream. T-Sinjon - have you cloned the git repo and compiled or are you using RPMs?

> > Regards, > Oved >> On 15 May, 2012, at 10:47 AM, T-Sinjon wrote: >> >>> >>> I have added those SRV info into my zone file , and it did go , >>> the log looks fine , but engine-manage-domains still return >>> error >>> >>> 2012-05-15 10:45:19,222 INFO >>> [org.ovirt.engine.core.utils.kerberos.ManageDomains] Creating >>> kerberos configuration for domain(s): local >>> 2012-05-15 10:45:19,258 INFO >>> [org.ovirt.engine.core.utils.kerberos.ManageDomains] >>> Successfully >>> created kerberos configuration for domain(s): local >>> 2012-05-15 10:45:19,259 INFO >>> [org.ovirt.engine.core.utils.kerberos.ManageDomains] Testing >>> kerberos configuration for domain: local >>> >>> [root@ovirt-engine ~]# engine-manage-domains -action=add >>> -domain='local' -user='tsinjon' -interactive >>> Enter password: >>> >>> Error: exception message: Integrity check on decrypted field >>> failed (31) - PREAUTH_FAILED >>> Failure while testing domain local. Details: Kerberos error. >>> Please >>> check log for further details. >>> >>> >>> On 14 May, 2012, at 10:12 PM, Oved Ourfalli wrote: >>> >>>> >>>> >>>> ----- Original Message ----- >>>>> From: "T-Sinjon" <tscbj1989(a)gmail.com&gt; >>>>> To: users(a)ovirt.org >>>>> Sent: Monday, May 14, 2012 5:07:46 PM >>>>> Subject: [Users] engine-manage-domains can't add user , domain >>>>> >>>>> >>>>> I use FreeIPA to authenticate users, ipa user-add has no >>>>> problem, >>>>> but when i do : >>>>> >>>>> [root@ovirt-engine ~]# engine-manage-domains -action=add >>>>> -domain='local' -user='tsinjon' -interactive >>>>> >>>>> Error: Authentication Failed. Please verify the fully qualified >>>>> domain name that is used for authentication is correct.. >>>>> Problematic >>>>> domain is: local >>>>> Failure while applying Kerberos configuration. Details: >>>>> Authentication Failed. Please verify the fully qualified domain >>>>> name >>>>> that is used for authentication is correct. >>>>> >>>>> and log from engine-manage-domains.log : >>>>> >>>>> 2012-05-14 21:58:47,892 INFO >>>>> [org.ovirt.engine.core.utils.kerberos.ManageDomains] Creating >>>>> kerberos configuration for domain(s): local >>>>> 2012-05-14 21:58:47,923 ERROR >>>>> [org.ovirt.engine.core.dns.DnsSRVLocator] Error in getting SRV >>>>> list >>>>> for protocol _tcp and domain LOCAL Exception message is DNS >>>>> name >>>>> not >>>>> found [response code 3] >>>>> >>>>> my domain is 'local' , like ovirt-engine.local >>>>> 、ovirt-node-1.local >>>>> …etc >>>>> >>>>> What can i do to get through it? >>>>> >>>> The utility (and also the ovirt engine) are relying on DNS SRV >>>> records in order to find LDAP and kerberos servers (supporting >>>> Active directory, IPA or RHDS). >>>> So, in order to work with it you must have the following in the >>>> DNS >>>> 1. PTR record for your LDAP server >>>> 2. LDAP SRV record for your LDAP server >>>> 3. LDAP kerberos record for your LDAP server >>>> >>>> If you don't really have access to the DNS you can install a >>>> package called "dnsmasq", and perform this changes by yourself >>>> in >>>> its config file. >>>> >>>> Oved >>>>> >>>>> _______________________________________________ >>>>> Users mailing list >>>>> Users(a)ovirt.org >>>>> http://lists.ovirt.org/mailman/listinfo/users >>>>> >>> >> >> > _______________________________________________ > Users mailing list > Users(a)ovirt.org > http://lists.ovirt.org/mailman/listinfo/users _______________________________________________ Users mailing list Users(a)ovirt.org http://lists.ovirt.org/mailman/listinfo/users