help info like this [root@ovirt-engine ~]# engine-manage-domains engine-manage-domains: add/edit/delete/validate/list domains USAGE: engine-manage-domains -action=ACTION [-domain=DOMAIN -user=USER -passwordFile=PASSWORD_FILE -interactive -configFile=PATH] -report Where: ACTION action to perform (add/edit/delete/validate/list). See details below. DOMAIN (mandatory for add, edit and delete) the domain you wish to perform the action on. USER (optional for edit, mandatory for add) the domain user. PASSWORD_FILE (optional for edit, mandatory for add) a file containing the password in the first line. interactive alternative for using -passwordFile - read the password interactively. PATH (optional) use the given alternate configuration file. Available actions: add Examples: -action=add -domain=example.com -user=admin -passwordFile=/tmp/.pwd Add a domain called example.com, using user admin and read the password from /tmp/.pwd. -action=edit -domain=example.com -passwordFile=/tmp/.new_password Edit the domain example.com, using another password file. -action=delete -domain=example.com Delete the domain example.com. -action=validate Validate the current configuration (go over all the domains, try to authenticate to each domain using the configured user/password.). -report In combination with -action=validate will report all validation error, if occured. Default behaviour is to exit when a validation error occurs. -action=list Lists the current configuration. -h Show this help. On 15 May, 2012, at 2:22 PM, Yair Zaslavsky wrote:
On 05/15/2012 09:17 AM, T-Sinjon wrote:
Oved: 1,Yes , I used RPMs
ovirt-engine-restapi-3.0.0_0001-1.6.fc16.x86_64 ovirt-engine-dbscripts-3.0.0_0001-1.6.fc16.x86_64 ovirt-engine-notification-service-3.0.0_0001-1.6.fc16.x86_64 ovirt-engine-backend-3.0.0_0001-1.6.fc16.x86_64 ovirt-engine-jboss-deps-3.0.0_0001-1.6.fc16.x86_64 ovirt-engine-config-3.0.0_0001-1.6.fc16.x86_64 ovirt-engine-webadmin-portal-3.0.0_0001-1.6.fc16.x86_64 ovirt-engine-sdk-1.3-1.fc16.noarch ovirt-engine-jbossas-1.2-2.fc16.x86_64 ovirt-engine-iso-uploader-3.0.0_0001-1.6.fc16.x86_64 ovirt-engine-setup-3.0.0_0001-1.6.fc16.x86_64 ovirt-engine-userportal-3.0.0_0001-1.6.fc16.x86_64 ovirt-node-2.2.2-2.fc16.noarch ovirt-engine-genericapi-3.0.0_0001-1.6.fc16.x86_64 ovirt-engine-tools-common-3.0.0_0001-1.6.fc16.x86_64 ovirt-node-tools-2.2.2-2.fc16.noarch ovirt-engine-log-collector-3.0.0_0001-1.6.fc16.x86_64 ovirt-engine-3.0.0_0001-1.6.fc16.x86_64
2,they are same whether use single quota or not
[root@ovirt-engine ~]# engine-manage-domains -action=add -domain=local -user=tsinjon -passwordFile=/root/tsinjon No user in Directory was found for tsinjon@LOCAL. Trying next LDAP server in list Failure while testing domain local. Details: No user information was found for user
When you run engine-manage-domains without parameters, what do you get?
On 15 May, 2012, at 1:47 PM, Oved Ourfalli wrote:
----- Original Message -----
From: "Yair Zaslavsky" <yzaslavs@redhat.com> To: "Oved Ourfalli" <ovedo@redhat.com> Cc: "T-Sinjon" <tscbj1989@gmail.com>, users@ovirt.org Sent: Tuesday, May 15, 2012 8:48:26 AM Subject: Re: [Users] engine-manage-domains can't add user , domain
On 05/15/2012 08:35 AM, Oved Ourfalli wrote:
----- Original Message -----
From: "T-Sinjon" <tscbj1989@gmail.com> To: "Oved Ourfalli" <ovedo@redhat.com> Cc: users@ovirt.org Sent: Tuesday, May 15, 2012 5:53:16 AM Subject: Re: [Users] engine-manage-domains can't add user , domain
after use kinit login tsinjon , the error changes to , why this happened?
[root@ovirt-engine ~]# engine-manage-domains -action=add -domain='local' -user='tsinjon' -interactive Enter password:
No user in Directory was found for tsinjon@LOCAL. Trying next LDAP server in list Failure while testing domain local. Details: No user information was found for user
Can't see why kinit matters here, but looking at your command I noticed you used single quotes for the user and domain name. I'm not sure it knows to handle this correctly. Did you try without the quotes?
Also, what version are you working with? We had a problem a few weeks ago, of identifying the correct ldap provider. To fix that we added an option to specify the ldap provider type. It determines which query will be used in order to get the user details.
cc-ing Roy, which added this. iirc it is mandatory to provide this option, so you probably don't have this option in your environment. Roy - is there an upstream release with this fix?
Oved - this was merged upstream. T-Sinjon - have you cloned the git repo and compiled or are you using RPMs?
Yair - he is probably using the RPMs, as it is harder to run the utility from the git repo.
Regards, Oved
On 15 May, 2012, at 10:47 AM, T-Sinjon wrote:
> > I have added those SRV info into my zone file , and it did go , > the log looks fine , but engine-manage-domains still return > error > > 2012-05-15 10:45:19,222 INFO > [org.ovirt.engine.core.utils.kerberos.ManageDomains] Creating > kerberos configuration for domain(s): local > 2012-05-15 10:45:19,258 INFO > [org.ovirt.engine.core.utils.kerberos.ManageDomains] > Successfully > created kerberos configuration for domain(s): local > 2012-05-15 10:45:19,259 INFO > [org.ovirt.engine.core.utils.kerberos.ManageDomains] Testing > kerberos configuration for domain: local > > [root@ovirt-engine ~]# engine-manage-domains -action=add > -domain='local' -user='tsinjon' -interactive > Enter password: > > Error: exception message: Integrity check on decrypted field > failed (31) - PREAUTH_FAILED > Failure while testing domain local. Details: Kerberos error. > Please > check log for further details. > > > On 14 May, 2012, at 10:12 PM, Oved Ourfalli wrote: > >> >> >> ----- Original Message ----- >>> From: "T-Sinjon" <tscbj1989@gmail.com> >>> To: users@ovirt.org >>> Sent: Monday, May 14, 2012 5:07:46 PM >>> Subject: [Users] engine-manage-domains can't add user , domain >>> >>> >>> I use FreeIPA to authenticate users, ipa user-add has no >>> problem, >>> but when i do : >>> >>> [root@ovirt-engine ~]# engine-manage-domains -action=add >>> -domain='local' -user='tsinjon' -interactive >>> >>> Error: Authentication Failed. Please verify the fully qualified >>> domain name that is used for authentication is correct.. >>> Problematic >>> domain is: local >>> Failure while applying Kerberos configuration. Details: >>> Authentication Failed. Please verify the fully qualified domain >>> name >>> that is used for authentication is correct. >>> >>> and log from engine-manage-domains.log : >>> >>> 2012-05-14 21:58:47,892 INFO >>> [org.ovirt.engine.core.utils.kerberos.ManageDomains] Creating >>> kerberos configuration for domain(s): local >>> 2012-05-14 21:58:47,923 ERROR >>> [org.ovirt.engine.core.dns.DnsSRVLocator] Error in getting SRV >>> list >>> for protocol _tcp and domain LOCAL Exception message is DNS >>> name >>> not >>> found [response code 3] >>> >>> my domain is 'local' , like ovirt-engine.local >>> 、ovirt-node-1.local >>> …etc >>> >>> What can i do to get through it? >>> >> The utility (and also the ovirt engine) are relying on DNS SRV >> records in order to find LDAP and kerberos servers (supporting >> Active directory, IPA or RHDS). >> So, in order to work with it you must have the following in the >> DNS >> 1. PTR record for your LDAP server >> 2. LDAP SRV record for your LDAP server >> 3. LDAP kerberos record for your LDAP server >> >> If you don't really have access to the DNS you can install a >> package called "dnsmasq", and perform this changes by yourself >> in >> its config file. >> >> Oved >>> >>> _______________________________________________ >>> Users mailing list >>> Users@ovirt.org >>> http://lists.ovirt.org/mailman/listinfo/users >>> >
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users