Hi, The IPA (or Active Directory) admin user doesn't get admin permissions anymore. You can change this with option -addPermissions: -addPermissions In combination with -action=add/edit will add engine superuser permissions to the user. Default behaviour is not to add permissions. Or login with admin@internal and give your IPA admin superuser permissions in webadmin. -- Best Regards René Koch Senior Solution Architect ============================================ ovido gmbh - "Das Linux Systemhaus" Brünner Straße 163, A-1210 Wien Phone: +43 720 / 530 670 - 0 Mobile: +43 660 / 512 21 31 E-Mail: r.koch@ovido.at ============================================ -----Original message-----
From:Gianluca Cecchi <gianluca.cecchi@gmail.com> Sent: Saturday 2nd February 2013 0:22 To: users <users@ovirt.org> Subject: [Users] 3.2 beta and IPA domain question
Hello, I seem to remember in RHEV 3.0 that when you configured an IPA domain, its admin was automatically configured as an admin for RHEV itself. Is it true and in case does remain true for oVirt?
I configured IPA as shipped on CentOS 6.3+updates ipa-server-2.2.0-17.el6_3.1.x86_64
I successfully added it to y oVirt 3.2 beta setup
[root@f18engine ~]# engine-manage-domains -action=add -domain=LOCALDOMAIN.LOCAL -user=admin -provider=IPA -interactive Enter password:
The domain localdomain.local has been added to the engine as an authentication source but no users from that domain have been granted permissions within the oVirt Manager. Users from this domain can be granted permissions from the Web administration interface. oVirt Engine restart is required in order for the changes to take place (service ovirt-engine restart). Manage Domains completed successfully
Then [root@f18engine ~]# systemctl try-restart ovirt-engine.service [root@f18engine ~]# systemctl status ovirt-engine.service ovirt-engine.service - oVirt Engine Loaded: loaded (/usr/lib/systemd/system/ovirt-engine.service; enabled) Active: active (running) since Sat 2013-02-02 00:10:29 CET; 10s ago Process: 32512 ExecStop=/usr/bin/engine-service stop (code=exited, status=0/SUCCESS) Process: 32520 ExecStart=/usr/bin/engine-service start (code=exited, status=0/SUCCESS) Main PID: 32521 (java) CGroup: name=systemd:/system/ovirt-engine.service └─32521 engine-service -server -XX:+TieredCompilation -Xms1g -Xmx1g -XX:PermSize=256m -XX:MaxPe...
Feb 02 00:10:28 f18engine.localdomain.local systemd[1]: Starting oVirt Engine... Feb 02 00:10:29 f18engine.localdomain.local engine-service[32520]: Started engine process 32521. Feb 02 00:10:29 f18engine.localdomain.local engine-service[32520]: Starting engine-service: [ OK ] Feb 02 00:10:29 f18engine.localdomain.local systemd[1]: Started oVirt Engine.
Now from web admin portal I can choose the "localdomain.local" domain in drop down menu. But when I try to enter the webadmin portal I get:
User is not authorized to perform this action.
Do I need to grant IPA admin user from internal admin before, or should it just work?
Gianluca _______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users