I have added those SRV info into my zone file , and it did go , the log looks fine , but engine-manage-domains still return error 2012-05-15 10:45:19,222 INFO [org.ovirt.engine.core.utils.kerberos.ManageDomains] Creating kerberos configuration for domain(s): local 2012-05-15 10:45:19,258 INFO [org.ovirt.engine.core.utils.kerberos.ManageDomains] Successfully created kerberos configuration for domain(s): local 2012-05-15 10:45:19,259 INFO [org.ovirt.engine.core.utils.kerberos.ManageDomains] Testing kerberos configuration for domain: local [root@ovirt-engine ~]# engine-manage-domains -action=add -domain='local' -user='tsinjon' -interactive Enter password: Error: exception message: Integrity check on decrypted field failed (31) - PREAUTH_FAILED Failure while testing domain local. Details: Kerberos error. Please check log for further details. On 14 May, 2012, at 10:12 PM, Oved Ourfalli wrote:
----- Original Message -----
From: "T-Sinjon" <tscbj1989@gmail.com> To: users@ovirt.org Sent: Monday, May 14, 2012 5:07:46 PM Subject: [Users] engine-manage-domains can't add user , domain
I use FreeIPA to authenticate users, ipa user-add has no problem, but when i do :
[root@ovirt-engine ~]# engine-manage-domains -action=add -domain='local' -user='tsinjon' -interactive
Error: Authentication Failed. Please verify the fully qualified domain name that is used for authentication is correct.. Problematic domain is: local Failure while applying Kerberos configuration. Details: Authentication Failed. Please verify the fully qualified domain name that is used for authentication is correct.
and log from engine-manage-domains.log :
2012-05-14 21:58:47,892 INFO [org.ovirt.engine.core.utils.kerberos.ManageDomains] Creating kerberos configuration for domain(s): local 2012-05-14 21:58:47,923 ERROR [org.ovirt.engine.core.dns.DnsSRVLocator] Error in getting SRV list for protocol _tcp and domain LOCAL Exception message is DNS name not found [response code 3]
my domain is 'local' , like ovirt-engine.local 、ovirt-node-1.local …etc
What can i do to get through it?
The utility (and also the ovirt engine) are relying on DNS SRV records in order to find LDAP and kerberos servers (supporting Active directory, IPA or RHDS). So, in order to work with it you must have the following in the DNS 1. PTR record for your LDAP server 2. LDAP SRV record for your LDAP server 3. LDAP kerberos record for your LDAP server
If you don't really have access to the DNS you can install a package called "dnsmasq", and perform this changes by yourself in its config file.
Oved
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users