--Apple-Mail-04EDF644-A5F6-467A-B8A7-2B8F9DC4E760
Content-Type: text/plain;
charset=us-ascii
Content-Transfer-Encoding: quoted-printable
Never mind. It is apparently because my admin password contained an "illegal=
" character.=20
Haven
On Aug 19, 2013, at 3:24 PM, "H. Haven Liu" <haven.liu(a)ucla.edu> wrote:
Hello,
=20
I tried to add a IPA directory domain following these instructions: https:=
//www.rvanderlinden.net/wordpress/ovirt/administrator-portal/administrator-p=
ortal-authentication-via-ipa/
=20
It appears the domain was added successfully, but cannot be validated:
=20
[root@vhost1 ~]# engine-manage-domains -action=3Dadd -domain=3Ddomain.loca=
l
-user=3Dadmin -provider=3Dipa -interactive
Enter password:
=20
The domain domain.local has been added to the engine as an authentication s=
ource
but no users from that domain have been granted permissions within the=
oVirt Manager.
Users from this domain can be granted permissions from the Web
administrat=
ion interface.
oVirt Engine restart is required in order for the changes to take
place (s=
ervice ovirt-engine restart).
Manage Domains completed successfully
[root@vhost1 ~]# service ovirt-engine restart
Stopping engine-service: [ OK ]
Starting engine-service: [ OK ]
[root@vhost1 ~]# engine-manage-domains -action=3Dvalidate -report
Error: exception message: Integrity check on decrypted field failed (31) -=
PREAUTH_FAILED
WARNING, domain: domain.local may not be functional: Failure while
testing=
domain domain.local. Details: Kerberos error. Please check log for further
d=
etails.
Manage Domains completed successfully
[root@vhost1 ~]#=20
=20
krb5kdc.log has the following entries:
Aug 19 15:16:06 auth.domain.local krb5kdc[4572](info): AS_REQ (1 etypes {2=
3})
10.0.1.12: NEEDED_PREAUTH: admin(a)DOMAIN.LOCAL for krbtgt/DOMAIN.LOCAL@DO=
MAIN.LOCAL, Additional pre-authentication required
Aug 19 15:16:06 auth.domain.local krb5kdc[4572](info): closing down
fd 10
Aug 19 15:16:06 auth.domain.local krb5kdc[4572](info): AS_REQ (1 etypes {2=
3})
10.0.1.12: ISSUE: authtime 1376950566, etypes {rep=3D23 tkt=3D18 ses=3D2=
3}, admin(a)DOMAIN.LOCAL for krbtgt/DOMAIN.LOCAL(a)DOMAIN.LOCAL
Aug 19 15:16:06 auth.domain.local krb5kdc[4572](info): closing down
fd 10
Aug 19 15:16:06 auth.domain.local krb5kdc[4572](info): TGS_REQ (6 etypes {=
18 17
16 23 1 3}) 10.0.1.12: ISSUE: authtime 1376950566, etypes {rep=3D23 tk=
t=3D18 ses=3D18}, admin(a)DOMAIN.LOCAL for ldap/auth.domain.local(a)DOMAIN.LOCAL=
Aug 19 15:16:06 auth.domain.local krb5kdc[4572](info): closing down
fd 10
=20
Any idea?
=20
Thanks,
=20
Haven
_______________________________________________
Users mailing list
Users(a)ovirt.org
http://lists.ovirt.org/mailman/listinfo/users
--Apple-Mail-04EDF644-A5F6-467A-B8A7-2B8F9DC4E760
Content-Type: text/html;
charset=utf-8
Content-Transfer-Encoding: quoted-printable
<html><head><meta http-equiv=3D"content-type"
content=3D"text/html; charset=3D=
utf-8"></head><body dir=3D"auto"><div>Never mind. It
is apparently because m=
y admin password contained an "illegal"
character. </div><div><br></div=
<div>Haven</div><div><br></div><div>On
Aug 19, 2013, at 3:24 PM, "H. Haven L=
iu" <<a
href=3D"mailto:haven.liu@ucla.edu">haven.liu@ucla.edu</a>> wro=
te:<br><br></div><blockquote
type=3D"cite"><div><meta http-equiv=3D"Content-=
Type" content=3D"text/html
charset=3Dus-ascii">Hello,<div><br></div><div>I t=
ried to add a IPA directory domain following these instructions: <a hre=
f=3D"https://www.rvanderlinden.net/wordpress/ovirt/administrator-por...
nistrator-portal-authentication-via-ipa/">https://www.rvanderlind...
press/ovirt/administrator-portal/administrator-portal-authentication-via-ipa=
/</a></div><div><br></div><div>It appears the domain
was added successfully,=
but cannot be
validated:</div><div><br></div><div><div>[root@vhost1
~]# eng=
ine-manage-domains -action=3Dadd -domain=3Ddomain.local -user=3Dadmin -provi=
der=3Dipa -interactive</div><div>Enter
password:</div><div><br></div><div>Th=
e domain domain.local has been added to the engine as an authentication sour=
ce but no users from that domain have been granted permissions within the oV=
irt Manager.</div><div>Users from this domain can be granted permissions fro=
m the Web administration interface.</div><div>oVirt Engine restart is requir=
ed in order for the changes to take place (service ovirt-engine restart).</d=
iv><div>Manage Domains completed successfully</div><div>[root@vhost1
~]# ser=
vice ovirt-engine restart</div><div>Stopping engine-service: [ OK
&nbs=
p;]</div><div>Starting engine-service: [ OK
]</div><div>[root@vh=
ost1 ~]# engine-manage-domains -action=3Dvalidate -report</div><div>Error:
&=
nbsp;exception message: Integrity check on decrypted field failed (31) - PRE=
AUTH_FAILED</div><div>WARNING, domain: domain.local may not be functional:
Fa=
ilure while testing domain domain.local. Details: Kerberos error. Please che=
ck log for further details.</div><div>Manage Domains completed
successfully<=
/div><div>[root@vhost1
~]# </div></div><div><br></div><div>krb5kdc.log
h=
as the following entries:</div><div><div>Aug 19 15:16:06
auth.domain.local k=
rb5kdc[4572](info): AS_REQ (1 etypes {23}) 10.0.1.12: NEEDED_PREAUTH: <a hre=
f=3D"mailto:admin@DOMAIN.LOCAL">admin@DOMAIN.LOCAL</a> for <a
href=3D"mailto=
:krbtgt/DOMAIN.LOCAL@DOMAIN.LOCAL">krbtgt/DOMAIN.LOCAL@DOMAIN.LOCAL</a>,
Add=
itional pre-authentication required</div><div>Aug 19 15:16:06 auth.domain.lo=
cal krb5kdc[4572](info): closing down fd 10</div><div>Aug 19 15:16:06 auth.d=
omain.local krb5kdc[4572](info): AS_REQ (1 etypes {23}) 10.0.1.12: ISSUE: au=
thtime 1376950566, etypes {rep=3D23 tkt=3D18 ses=3D23}, <a href=3D"mailto:ad=
min@DOMAIN.LOCAL">admin(a)DOMAIN.LOCAL</a> for <a
href=3D"mailto:krbtgt/DOMAIN=
.LOCAL@DOMAIN.LOCAL">krbtgt/DOMAIN.LOCAL(a)DOMAIN.LOCAL</a></div><div>Aug
19 1=
5:16:06 auth.domain.local krb5kdc[4572](info): closing down fd 10</div><div>=
Aug 19 15:16:06 auth.domain.local krb5kdc[4572](info): TGS_REQ (6 etypes {18=
17 16 23 1 3}) 10.0.1.12: ISSUE: authtime 1376950566, etypes {rep=3D23 tkt=3D=
18 ses=3D18}, <a
href=3D"mailto:admin@DOMAIN.LOCAL">admin@DOMAIN.LOCAL</a> f=
or <a
href=3D"mailto:ldap/auth.domain.local@DOMAIN.LOCAL">ldap/auth.domain.l=
ocal(a)DOMAIN.LOCAL</a></div><div>Aug 19 15:16:06 auth.domain.local
krb5kdc[45=
72](info): closing down fd
10</div></div><div><br></div><div>Any
idea?</div>=
<div><br></div><div>Thanks,</div><div><br></div><div>Haven</div></div></bloc=
kquote><blockquote
type=3D"cite"><div><span>________________________________=
_______________</span><br><span>Users mailing
list</span><br><span><a href=3D=
"mailto:Users@ovirt.org">Users@ovirt.org</a></span><br><span><a
href=3D"http=
://lists.ovirt.org/mailman/listinfo/users">http://lists.ovirt.org/mailman/li=
stinfo/users</a></span><br></div></blockquote></body></html>=
--Apple-Mail-04EDF644-A5F6-467A-B8A7-2B8F9DC4E760--