Re: [Users] engine-manage-domains can't add user , domain

----- Original Message ----- > From: "T-Sinjon" <tscbj1989(a)gmail.com&gt; > To: users(a)ovirt.org > Sent: Monday, May 14, 2012 5:07:46 PM > Subject: [Users] engine-manage-domains can't add user , domain > > > I use FreeIPA to authenticate users, ipa user-add has no problem, > but when i do : > > [root@ovirt-engine ~]# engine-manage-domains -action=add > -domain='local' -user='tsinjon' -interactive > > Error: Authentication Failed. Please verify the fully qualified > domain name that is used for authentication is correct.. Problematic > domain is: local > Failure while applying Kerberos configuration. Details: > Authentication Failed. Please verify the fully qualified domain name > that is used for authentication is correct. > > and log from engine-manage-domains.log : > > 2012-05-14 21:58:47,892 INFO > [org.ovirt.engine.core.utils.kerberos.ManageDomains] Creating > kerberos configuration for domain(s): local > 2012-05-14 21:58:47,923 ERROR > [org.ovirt.engine.core.dns.DnsSRVLocator] Error in getting SRV list > for protocol _tcp and domain LOCAL Exception message is DNS name not > found [response code 3] > > my domain is 'local' , like ovirt-engine.local 、ovirt-node-1.local > …etc > > What can i do to get through it? > The utility (and also the ovirt engine) are relying on DNS SRV records in order to find LDAP and kerberos servers (supporting Active directory, IPA or RHDS). So, in order to work with it you must have the following in the DNS 1. PTR record for your LDAP server 2. LDAP SRV record for your LDAP server 3. LDAP kerberos record for your LDAP server If you don't really have access to the DNS you can install a package called "dnsmasq", and perform this changes by yourself in its config file. Oved > > _______________________________________________ > Users mailing list > Users(a)ovirt.org > http://lists.ovirt.org/mailman/listinfo/users >