3:06 p.m.
Hi,
The IPA (or Active Directory) admin user doesn't get admin permissions anymore.
You can change this with option -addPermissions:
-addPermissions In combination with -action=add/edit will add engine superuser
permissions to the user.
Default behaviour is not to add permissions.
Or login with admin@internal and give your IPA admin superuser permissions in webadmin.
--
Best Regards
René Koch
Senior Solution Architect
============================================
ovido gmbh - "Das Linux Systemhaus"
Brünner Straße 163, A-1210 Wien
Phone: +43 720 / 530 670 - 0
Mobile: +43 660 / 512 21 31
E-Mail: r.koch(a)ovido.at
============================================
-----Original message-----
From:Gianluca Cecchi <gianluca.cecchi(a)gmail.com>
Sent: Saturday 2nd February 2013 0:22
To: users <users(a)ovirt.org>
Subject: [Users] 3.2 beta and IPA domain question
Hello,
I seem to remember in RHEV 3.0 that when you configured an IPA domain,
its admin was automatically configured as an admin for RHEV itself.
Is it true and in case does remain true for oVirt?
I configured IPA as shipped on CentOS 6.3+updates
ipa-server-2.2.0-17.el6_3.1.x86_64
I successfully added it to y oVirt 3.2 beta setup
[root@f18engine ~]# engine-manage-domains -action=add
-domain=LOCALDOMAIN.LOCAL -user=admin -provider=IPA -interactive
Enter password:
The domain localdomain.local has been added to the engine as an
authentication source but no users from that domain have been granted
permissions within the oVirt Manager.
Users from this domain can be granted permissions from the Web
administration interface.
oVirt Engine restart is required in order for the changes to take
place (service ovirt-engine restart).
Manage Domains completed successfully
Then
[root@f18engine ~]# systemctl try-restart ovirt-engine.service
[root@f18engine ~]# systemctl status ovirt-engine.service
ovirt-engine.service - oVirt Engine
Loaded: loaded (/usr/lib/systemd/system/ovirt-engine.service; enabled)
Active: active (running) since Sat 2013-02-02 00:10:29 CET; 10s ago
Process: 32512 ExecStop=/usr/bin/engine-service stop (code=exited,
status=0/SUCCESS)
Process: 32520 ExecStart=/usr/bin/engine-service start (code=exited,
status=0/SUCCESS)
Main PID: 32521 (java)
CGroup: name=systemd:/system/ovirt-engine.service
└─32521 engine-service -server -XX:+TieredCompilation -Xms1g -Xmx1g
-XX:PermSize=256m -XX:MaxPe...
Feb 02 00:10:28 f18engine.localdomain.local systemd[1]: Starting oVirt Engine...
Feb 02 00:10:29 f18engine.localdomain.local engine-service[32520]:
Started engine process 32521.
Feb 02 00:10:29 f18engine.localdomain.local engine-service[32520]:
Starting engine-service: [ OK ]
Feb 02 00:10:29 f18engine.localdomain.local systemd[1]: Started oVirt Engine.
Now from web admin portal I can choose the "localdomain.local" domain
in drop down menu.
But when I try to enter the webadmin portal I get:
User is not authorized to perform this action.
Do I need to grant IPA admin user from internal admin before, or
should it just work?
Gianluca
_______________________________________________
Users mailing list
Users(a)ovirt.org
http://lists.ovirt.org/mailman/listinfo/users