Hello Karli,

You are wellcome, yes, at the moment we are testing but our idea is to connect engine to a user validation system. I will try to do it using Samba4 system and all needed pieces.

Thanks,

Juanjo.


On Fri, Apr 12, 2013 at 1:41 PM, Itamar Heim <iheim@redhat.com> wrote:
On 04/12/2013 11:27 AM, Karli Sjöberg wrote:
Hey Everyone!

I solved it! I friggin solved it, and it didnīt have anything to do with
the spice-client, spice-plugin(ActiveX or XPI), or userportal
specifically, itīs in the engine itself! So Juanjo here said that it
works for him, and I took a guess thatīs because he is only using
admin@internal <mailto:admin@internal> for testing (correct me if Iīm

wrong Juanjo), so I added a "UserRole" to admin on a test VM, logged
into Userportal, clicked for console, and it worked! So, since our setup
is a little more complex, as itīs connected to our ActiveDirectory, I
concluded that it must be a permissions related issue. I created a new
UserRole, called "ConsoleOwner" that only have "Login Permissions" and
"RemoteLogin" and added that role to our engineīs "System Permissions"
on a directory group as "broad" as possible. After that if I also added
an explicit UserRole permission for a directory user on any VM now it
works 100%. Me so happy!:)

A question goes out the developers: Should you have to do that? I
thought that permissions where supposed to be calculated like Windows
ACLs "Effective Permissions", so that if I just add sufficient
permissions for a directory user on a VM, itīs effective permissions
should have granted the necessary abilities in the system, without me
having to first add that as a "big" system permission to have them
granted? Bug, or intended?

Thank you so much Juanjo, for posting the versions you are currently
using that proved that it "should" work, and that it had to be something
else that prevented us from using it (which it was). Thank you!

can you please clarify again which permission you granted to a user on the VM which didn't work before you added to the user the console permission?