On Mon, Nov 19, 2012 at 10:53 PM, Itamar Heim <iheim@redhat.com> wrote:
On 11/19/2012 11:29 AM, Vinzenz Feenstra wrote:
On 11/19/2012 10:01 AM, Cristian Falcas wrote:
Hi,

I'm trying to add some users to ovirt using an AD.

This is the configuration I used for a mediawiki site, which is
working correctly:
$wgAuth = new LdapAuthenticationPlugin();
$wgLDAPUseLocal = true;
$wgLDAPDomainNames = array( "a_domain");
$wgLDAPServerNames = array( "a_domain"=>"site.example.com
<http://site.example.com>");

$wgLDAPEncryptionType = array( "a_domain"=>"clear");
$wgLDAPSearchStrings = array( "a_domain"=>"rom_domain\\USER-NAME");
$wgLDAPBaseDNs = array( "a_domain"=>"dc=company,dc=com");

Those are the commands I tried using:
engine-manage-domains -action=add -domain=site.example.com
<http://site.example.com> -provider=ActiveDirectory -user=user.name
<http://user.name> -interactive


engine-manage-domains -action=add -domain=a_domain
-provider=ActiveDirectory -user=user.name@company.com
<mailto:user.name@company.com> -interactive


engine-manage-domains -action=add -domain=a_domain
-provider=ActiveDirectory -user=user.name@site.example.com
<mailto:user.name@site.example.com> -interactive


You don't add an user this way. You add the domain. You have to pass the
domain admin user and the domain admin password.

any domain user will do, doesn't have to be an admin.
what does the log say?


Then you can use the domain within the engine. e.g. search users, add
access rights for vms etc.
Even login to the engine and assigning rights within the engine you can
handle from the engine itself.

Regards,
And the output on all tries:
Enter password:

Error: Authentication Failed. Please verify the fully qualified domain
name that is used for authentication is correct.. Problematic domain
is: domain_used_in_command
Failure while applying Kerberos configuration. Details: Authentication
Failed. Please verify the fully qualified domain name that is used for
authentication is correct.

Can someone help me with the correct parameters?


Best regards,
Cristian Falcas


_______________________________________________
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


--
Regards,

Vinzenz Feenstra | Senior Software Engineer
RedHat Engineering Virtualization R & D
Phone: +420 532 294 625
IRC: vfeenstr or evilissimo

Better technology. Faster innovation. Powered by community collaboration.
See how it works at redhat.com



_______________________________________________
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users



_______________________________________________
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users



Hi,

This is the command I used (the same error is with -interactive parameter):

engine-manage-domains -action=add -domain=example.com -provider=ActiveDirectory -user=user.name@a_domain -passwordFile=/tmp/pass

[root@localhost ~]# cat /tmp/pass
qwerty[root@localhost ~]#

This is the log:

2012-11-20 00:30:40,443 INFO  [org.ovirt.engine.core.utils.kerberos.ManageDomains] Creating kerberos configuration for domain(s): example.com
2012-11-20 00:30:40,525 INFO  [org.ovirt.engine.core.utils.kerberos.ManageDomains] Successfully created kerberos configuration for domain(s): example.com
2012-11-20 00:30:40,526 INFO  [org.ovirt.engine.core.utils.kerberos.ManageDomains] Testing kerberos configuration for domain: example.com
2012-11-20 00:30:40,830 ERROR [org.ovirt.engine.core.utils.kerberos.KerberosConfigCheck] Error:  exception message: Cannot locate KDC
2012-11-20 00:30:40,851 ERROR [org.ovirt.engine.core.utils.kerberos.ManageDomains] Failure while testing domain example.com. Details: Kerberos error. Please check log for further details.

This is the ldapsearch command that works (it retrieves users) from the same machine:

ldapsearch -H ldap://example.com -b dc=example,dc=com -D user.name@a_domain -w qwerty


Best regards,
Cristian Falcas