What do you mean? Maybe the password delegation into the virtual machine? If engine does not know the password, it cannot delegate it to virtual machine. Solution is described here[1], so far no resources were allocated. [1] http://www.ovirt.org/Features/SSO ----- Original Message -----
From: "Cristian Mammoli" <c.mammoli@apra.it> To: "Shahar Havivi" <shaharh@redhat.com>, "Alon Bar-Lev" <alonbl@redhat.com> Cc: "users" <users@ovirt.org> Sent: Friday, October 30, 2015 9:33:02 PM Subject: Re: [ovirt-users] ovirt-engine-extension-aaa-ldap and sysprep domain join
It works fine, but it kills SSO as user...
Poking in the windows logs I see a failed login as:
myuser@mydomain.tld-authz !!
Il 27/10/2015 11:51, Shahar Havivi ha scritto:
On 27.10.15 05:25, Alon Bar-Lev wrote:
yes, you should probably only customize: $JoinDomain$, $DomainAdminPassword$, $DomainAdmin$ maybe, not sure: $JoinDomain$, $MachineObjectOU$ the rest should be the same as any other. Please make sure that the file is the full sysprep file such as you can find in /packaging/conf/sysprep/sysprep.w7 which is a windows 7 sysprep file. You can leave the variables such as $OrgName$ which will be replaces (exept from the variables that Alon mentioned which where the original problem).
----- Original Message -----
From: "Cristian Mammoli" <c.mammoli@apra.it> To: "Shahar Havivi" <shaharh@redhat.com>, "Alon Bar-Lev" <alonbl@redhat.com> Cc: "users" <users@ovirt.org> Sent: Tuesday, October 27, 2015 11:19:02 AM Subject: Re: [ovirt-users] ovirt-engine-extension-aaa-ldap and sysprep domain join
So just pasting there the contents of a modified /usr/share/ovirt-engine/conf/sysprep/sysprep.w7x64 (for example) should work right?
The variables like '![CDATA[$OrgName$' will be replaced?
Il 26/10/2015 12:43, Shahar Havivi ha scritto:
On 26.10.15 06:23, Alon Bar-Lev wrote:
Hi, The usage of the engine-manage-domain user to anything else but ldap searches is something that is unexpected and insecure. As a solution, you may either paste a modified sysprep file into the pool at UI or set up a different osinfo profile with modified sysprep file, this modified sysprep file can contain the credentials of the user that is being used for joining the domain. CCing Shahar which may assist farther. Hi, You can paste a modified sysprep file to "new Pool"->"Initial run"->"Custom Script" As Alon mentioned. -- Mammoli Cristian System administrator T. +39 0731 22911 Via Brodolini 6 | 60035 Jesi (an)
-- Mammoli Cristian System administrator T. +39 0731 22911 Via Brodolini 6 | 60035 Jesi (an)