Re: [ovirt-users] ovirtvm-console : Failed to execute login on behalf - for user

28 Mar 2017

      This is a multi-part message in MIME format.
--------------1B1546E82EB9D6468AEB59B6
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: quoted-printable

Hi,

I was trying 4.1 beta on a dev plateform in january when I first wrote=20
about this bug.

I'm now in 4.1 production, and the bug becomes really annoying with=20
serial console. Fortunately I can successfully continue to log into=20
webadmin with the same login.

ssh -vvv tells me the authentication succeeded, so it is nothing to do=20
with any special character in my password.

Here are my credentials:

[oVirt shell (connected)]# list users --show-all --kwargs=20
"last_name=3D*Blanchet"

id                        : aa47e979-713b-421b-bee2-8c547c1ca57f
name                      : Nathana=C3=ABl
domain-id                 : 616265732E66722D617574687A
domain-name               : abes.fr-authz
domain_entry_id           : 4634733074656957673061686946612B6E58416939773=
D3D
email                     : blanchet@abes.fr
last_name                 : Blanchet
namespace                 : DC=3Dlevant,DC=3Dabes,DC=3Dfr
principal                 : sblanchet@levant.abes.fr
user_name                 : sblanchet@levant.abes.fr@abes.fr-authz

They are exaclty the same as my colleague who succeeds to authenticate=20
with ssh

[oVirt shell (connected)]# list users --show-all --kwargs "last_name=3DCo=
uren"

id                        : 53c70b4a-e8e3-4fd3-b8db-cd518fc1a372
name                      : Micha=C3=ABl
domain-id                 : 616265732E66722D617574687A
domain-name               : abes.fr-authz
domain_entry_id           : 497338714735756636554F684255526544384F7476673=
D3D
email                     : couren@abes.fr
last_name                 : Couren
namespace                 : DC=3Dlevant,DC=3Dabes,DC=3Dfr
principal                 : scouren@levant.abes.fr
user_name                 : scouren@levant.abes.fr@abes.fr-auth

Is there anything new?

Le 02/03/2017 =C3=A0 12:21, Eduardo Mayoral a =C3=A9crit :
...
Hi,
I am getting exactly the same issue here with 4.1 , when trying to=20
log in to the serial console over SSH.
The user with domain is "emayoral_adm@arsyslan.es" (please note=20
mailman may translate the "at" character to a textual "_at_"). The=20
First name and last name as read from active directory is "Eduardo=20
Mayoral" (with no quotes)
The password is: 08.HJYqoce,nrW (OK, this is not the real password,=20
but it has the same special characters and approximate structure and=20
length)
This is the engine.log output.
2017-03-02 11:13:31,917Z INFO=20
[org.ovirt.engine.core.bll.aaa.LoginOnBehalfCommand] (default task-25)=20
[5d9b7d18] Running command: LoginOnBehalfCommand internal: true.
2017-03-02 11:13:31,938Z ERROR=20
[org.ovirt.engine.core.sso.utils.SsoUtils] (default task-33) []=20
OAuthException server_error: java.text.ParseException: Invalid=20
character ' ' encountered.
2017-03-02 11:13:31,939Z ERROR=20
[org.ovirt.engine.core.bll.aaa.LoginOnBehalfCommand] (default task-25)=20
[5d9b7d18] Unable to create engine session: EngineException:  user=20
emayoral_adm@arsyslan.es in domain 'arsyslan.es-authz (Failed with=20
error PRINCIPAL_NOT_FOUND and code 5200)
2017-03-02 11:13:31,945Z ERROR=20
[org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector]=20
(default task-25) [5d9b7d18] EVENT_ID:=20
USER_LOGIN_ON_BEHALF_FAILED(1,402), Correlation ID: 5d9b7d18, Call=20
Stack: null, Custom Event ID: -1, Message: Failed to execute login on=20
behalf - for user emayoral_adm@arsyslan.es.
2017-03-02 11:13:31,945Z ERROR=20
[org.ovirt.engine.core.services.VMConsoleProxyServlet] (default=20
task-25) [5d9b7d18] Error processing request: :=20
java.lang.RuntimeException: Unable to create session using LoginOnBehal=
f
...
at=20
org.ovirt.engine.core.services.VMConsoleProxyServlet.availableConsoles(=
...
[services.jar:]
    at=20
org.ovirt.engine.core.services.VMConsoleProxyServlet.produceContentFrom=
Parameters(VMConsoleProxyServlet.java:177)=20
[services.jar:]
    at=20
org.ovirt.engine.core.services.VMConsoleProxyServlet.doPost(VMConsolePr=
oxyServlet.java:213)=20
[services.jar:]
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:707)=20
[jboss-servlet-api_3.1_spec-1.0.0.Final.jar:1.0.0.Final]
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)=20
[jboss-servlet-api_3.1_spec-1.0.0.Final.jar:1.0.0.Final]
    at=20
io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandle=
r.java:85)=20
[undertow-servlet-1.4.0.Final.jar:1.4.0.Final]
    at=20
io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(Fil=
terHandler.java:129)=20
[undertow-servlet-1.4.0.Final.jar:1.4.0.Final]
    at=20
org.ovirt.engine.core.utils.servlet.LocaleFilter.doFilter(LocaleFilter.=
java:66)=20
[utils.jar:]
    at=20
io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)=20
[undertow-servlet-1.4.0.Final.jar:1.4.0.Final]
    at=20
io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(Fil=
terHandler.java:131)=20
[undertow-servlet-1.4.0.Final.jar:1.4.0.Final]
    at=20
io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.=
java:84)=20
[undertow-servlet-1.4.0.Final.jar:1.4.0.Final]
    at=20
io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handle=
Request(ServletSecurityRoleHandler.java:62)=20
[undertow-servlet-1.4.0.Final.jar:1.4.0.Final]
    at=20
io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(Se=
rvletDispatchingHandler.java:36)=20
[undertow-servlet-1.4.0.Final.jar:1.4.0.Final]
    at=20
org.wildfly.extension.undertow.security.SecurityContextAssociationHandl=
er.handleRequest(SecurityContextAssociationHandler.java:78)
    at=20
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHan=
...
[undertow-core-1.4.0.Final.jar:1.4.0.Final]
    at=20
io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.=
handleRequest(SSLInformationAssociationHandler.java:131)=20
[undertow-servlet-1.4.0.Final.jar:1.4.0.Final]
    at=20
io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.=
handleRequest(ServletAuthenticationCallHandler.java:57)=20
[undertow-servlet-1.4.0.Final.jar:1.4.0.Final]
    at=20
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHan=
...
[undertow-core-1.4.0.Final.jar:1.4.0.Final]
    at=20
io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequ=
est(AbstractConfidentialityHandler.java:46)=20
[undertow-core-1.4.0.Final.jar:1.4.0.Final]
    at=20
io.undertow.servlet.handlers.security.ServletConfidentialityConstraintH=
andler.handleRequest(ServletConfidentialityConstraintHandler.java:64)=20
[undertow-servlet-1.4.0.Final.jar:1.4.0.Final]
    at=20
io.undertow.security.handlers.AuthenticationMechanismsHandler.handleReq=
uest(AuthenticationMechanismsHandler.java:60)=20
[undertow-core-1.4.0.Final.jar:1.4.0.Final]
    at=20
io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler=
.handleRequest(CachedAuthenticatedSessionHandler.java:77)=20
[undertow-servlet-1.4.0.Final.jar:1.4.0.Final]
    at=20
io.undertow.security.handlers.NotificationReceiverHandler.handleRequest=
(NotificationReceiverHandler.java:50)=20
[undertow-core-1.4.0.Final.jar:1.4.0.Final]
    at=20
io.undertow.security.handlers.AbstractSecurityContextAssociationHandler=
.handleRequest(AbstractSecurityContextAssociationHandler.java:43)=20
[undertow-core-1.4.0.Final.jar:1.4.0.Final]
    at=20
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHan=
...
[undertow-core-1.4.0.Final.jar:1.4.0.Final]
    at=20
org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handl=
eRequest(JACCContextIdHandler.java:61)
    at=20
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHan=
...
[undertow-core-1.4.0.Final.jar:1.4.0.Final]
    at=20
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHan=
VMConsoleProxyServlet.java:102)=20
dler.java:43)=20
dler.java:43)=20
dler.java:43)=20
dler.java:43)=20
dler.java:43)=20
...
[undertow-core-1.4.0.Final.jar:1.4.0.Final]
    at=20
io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(S=
ervletInitialHandler.java:292)=20
[undertow-servlet-1.4.0.Final.jar:1.4.0.Final]
    at=20
io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletIn=
itialHandler.java:81)=20
[undertow-servlet-1.4.0.Final.jar:1.4.0.Final]
    at=20
io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitia=
lHandler.java:138)=20
[undertow-servlet-1.4.0.Final.jar:1.4.0.Final]
    at=20
io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitia=
lHandler.java:135)=20
[undertow-servlet-1.4.0.Final.jar:1.4.0.Final]
    at=20
io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(=
ServletRequestContextThreadSetupAction.java:48)=20
[undertow-servlet-1.4.0.Final.jar:1.4.0.Final]
    at=20
io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextCl=
assLoaderSetupAction.java:43)=20
[undertow-servlet-1.4.0.Final.jar:1.4.0.Final]
    at=20
io.undertow.servlet.api.LegacyThreadSetupActionWrapper$1.call(LegacyThr=
eadSetupActionWrapper.java:44)=20
[undertow-servlet-1.4.0.Final.jar:1.4.0.Final]
    at=20
io.undertow.servlet.api.LegacyThreadSetupActionWrapper$1.call(LegacyThr=
eadSetupActionWrapper.java:44)=20
[undertow-servlet-1.4.0.Final.jar:1.4.0.Final]
    at=20
io.undertow.servlet.api.LegacyThreadSetupActionWrapper$1.call(LegacyThr=
eadSetupActionWrapper.java:44)=20
[undertow-servlet-1.4.0.Final.jar:1.4.0.Final]
    at=20
io.undertow.servlet.api.LegacyThreadSetupActionWrapper$1.call(LegacyThr=
eadSetupActionWrapper.java:44)=20
[undertow-servlet-1.4.0.Final.jar:1.4.0.Final]
    at=20
io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(Serv=
letInitialHandler.java:272)=20
[undertow-servlet-1.4.0.Final.jar:1.4.0.Final]
    at=20
io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletIn=
itialHandler.java:81)=20
[undertow-servlet-1.4.0.Final.jar:1.4.0.Final]
    at=20
io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(Serv=
letInitialHandler.java:104)=20
[undertow-servlet-1.4.0.Final.jar:1.4.0.Final]
    at=20
io.undertow.server.Connectors.executeRootHandler(Connectors.java:202)=20
[undertow-core-1.4.0.Final.jar:1.4.0.Final]
    at=20
io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:805=
)=20
[undertow-core-1.4.0.Final.jar:1.4.0.Final]
    at=20
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.ja=
va:1142)=20
[rt.jar:1.8.0_121]
    at=20
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.j=
ava:617)=20
[rt.jar:1.8.0_121]
    at java.lang.Thread.run(Thread.java:745) [rt.jar:1.8.0_121]
Did you find the cause for this and possible fixes or workarounds?
--=20
Eduardo Mayoral Jimeno (emayoral@arsys.es)
Administrador de sistemas. Departamento de Plataformas. Arsys internet.
+34 941 620 145 ext. 5153
...
<br>
      last_name=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 : Couren<br>
      namespace=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 : DC=3Dlevant,DC=3Dabes,DC=3Dfr<br>
      principal=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 : <a class=3D"moz-txt-link-abbreviat=
ed" href=3D"mailto:scouren@levant.abes.fr">scouren@levant.abes.fr</a><br>
      user_name=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 : <a class=3D"moz-txt-link-abbreviat=
ed" href=3D"mailto:scouren@levant.abes.fr@abes.fr-auth">scouren@levant.ab=
es.fr@abes.fr-auth</a></p>
    <p>Is there anything new?<br>
    </p>
    <p><br>
    </p>
    <div class=3D"moz-cite-prefix">Le 02/03/2017 =C3=A0 12:21, Eduardo Ma=
yoral
      a =C3=A9crit=C2=A0:<br>
    </div>
    <blockquote cite=3D"mid:fcc9bdee-bcff-3541-dc9e-eeca8fe40c9d@arsys.es=
"
      type=3D"cite">
      <meta http-equiv=3D"content-type" content=3D"text/html; charset=3Du=
tf-8">
      <p>Hi, <br>
      </p>
      <p>=C2=A0=C2=A0=C2=A0 I am getting exactly the same issue here with=
 4.1 , when
        trying to log in to the serial console over SSH.</p>
      <p><br>
      </p>
      <p>The user with domain is <a moz-do-not-send=3D"true"
          class=3D"moz-txt-link-rfc2396E"
          href=3D"mailto:emayoral_adm@arsyslan.es">"emayoral_adm@arsyslan=
.es"</a>
        (please note mailman may translate the "at" character to a
        textual "_at_"). The First name and last name as read from
        active directory is "Eduardo Mayoral" (with no quotes)<br>
      </p>
      <p>The password is: 08.HJYqoce,nrW (OK, this is not the real
        password, but it has the same special characters and approximate
        structure and length)<br>
      </p>
      <p>This is the engine.log output.<br>
      </p>
      <p><tt><font size=3D"-1">2017-03-02 11:13:31,917Z INFO=C2=A0
            [org.ovirt.engine.core.bll.aaa.LoginOnBehalfCommand]
            (default task-25) [5d9b7d18] Running command:
            LoginOnBehalfCommand internal: true.<br>
            2017-03-02 11:13:31,938Z ERROR
            [org.ovirt.engine.core.sso.utils.SsoUtils] (default task-33)
            [] OAuthException server_error: java.text.ParseException:
            Invalid character ' ' encountered.<br>
            2017-03-02 11:13:31,939Z ERROR
            [org.ovirt.engine.core.bll.aaa.LoginOnBehalfCommand]
            (default task-25) [5d9b7d18] Unable to create engine
            session: EngineException:=C2=A0 user <a moz-do-not-send=3D"tr=
ue"
              class=3D"moz-txt-link-abbreviated"
              href=3D"mailto:emayoral_adm@arsyslan.es">emayoral_adm@arsys=
lan.es</a>
            in domain 'arsyslan.es-authz (Failed with error
            PRINCIPAL_NOT_FOUND and code 5200)<br>
            2017-03-02 11:13:31,945Z ERROR
            [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLog=
Director]
            (default task-25) [5d9b7d18] EVENT_ID:
            USER_LOGIN_ON_BEHALF_FAILED(1,402), Correlation ID:
            5d9b7d18, Call Stack: null, Custom Event ID: -1, Message:
            Failed to execute login on behalf - for user <a
              moz-do-not-send=3D"true" class=3D"moz-txt-link-abbreviated"
              href=3D"mailto:emayoral_adm@arsyslan.es">emayoral_adm@arsys=
lan.es</a>.<br>
            2017-03-02 11:13:31,945Z ERROR
            [org.ovirt.engine.core.services.VMConsoleProxyServlet]
            (default task-25) [5d9b7d18] Error processing request: :
            java.lang.RuntimeException: Unable to create session using
            LoginOnBehalf<br>
            =C2=A0=C2=A0=C2=A0 at
org.ovirt.engine.core.services.VMConsoleProxyServlet.availableConsoles(VM=
ConsoleProxyServlet.java:102)
            [services.jar:]<br>
            =C2=A0=C2=A0=C2=A0 at
org.ovirt.engine.core.services.VMConsoleProxyServlet.produceContentFromPa=
rameters(VMConsoleProxyServlet.java:177)
            [services.jar:]<br>
            =C2=A0=C2=A0=C2=A0 at
org.ovirt.engine.core.services.VMConsoleProxyServlet.doPost(VMConsoleProx=
yServlet.java:213)
            [services.jar:]<br>
            =C2=A0=C2=A0=C2=A0 at
            javax.servlet.http.HttpServlet.service(HttpServlet.java:707)
            [jboss-servlet-api_3.1_spec-1.0.0.Final.jar:1.0.0.Final]<br>
            =C2=A0=C2=A0=C2=A0 at
            javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
            [jboss-servlet-api_3.1_spec-1.0.0.Final.jar:1.0.0.Final]<br>
            =C2=A0=C2=A0=C2=A0 at
io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.=
java:85)
            [undertow-servlet-1.4.0.Final.jar:1.4.0.Final]<br>
            =C2=A0=C2=A0=C2=A0 at
io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(Filte=
rHandler.java:129)
            [undertow-servlet-1.4.0.Final.jar:1.4.0.Final]<br>
            =C2=A0=C2=A0=C2=A0 at
org.ovirt.engine.core.utils.servlet.LocaleFilter.doFilter(LocaleFilter.ja=
va:66)
            [utils.jar:]<br>
            =C2=A0=C2=A0=C2=A0 at
            io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter=
.java:61)
            [undertow-servlet-1.4.0.Final.jar:1.4.0.Final]<br>
            =C2=A0=C2=A0=C2=A0 at
io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(Filte=
rHandler.java:131)
            [undertow-servlet-1.4.0.Final.jar:1.4.0.Final]<br>
            =C2=A0=C2=A0=C2=A0 at
io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.ja=
va:84)
            [undertow-servlet-1.4.0.Final.jar:1.4.0.Final]<br>
            =C2=A0=C2=A0=C2=A0 at
io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRe=
quest(ServletSecurityRoleHandler.java:62)
            [undertow-servlet-1.4.0.Final.jar:1.4.0.Final]<br>
            =C2=A0=C2=A0=C2=A0 at
io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(Serv=
letDispatchingHandler.java:36)
            [undertow-servlet-1.4.0.Final.jar:1.4.0.Final]<br>
            =C2=A0=C2=A0=C2=A0 at
org.wildfly.extension.undertow.security.SecurityContextAssociationHandler=
.handleRequest(SecurityContextAssociationHandler.java:78)<br>
            =C2=A0=C2=A0=C2=A0 at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandl=
er.java:43)
            [undertow-core-1.4.0.Final.jar:1.4.0.Final]<br>
            =C2=A0=C2=A0=C2=A0 at
io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.ha=
ndleRequest(SSLInformationAssociationHandler.java:131)
            [undertow-servlet-1.4.0.Final.jar:1.4.0.Final]<br>
            =C2=A0=C2=A0=C2=A0 at
io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.ha=
ndleRequest(ServletAuthenticationCallHandler.java:57)
            [undertow-servlet-1.4.0.Final.jar:1.4.0.Final]<br>
            =C2=A0=C2=A0=C2=A0 at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandl=
er.java:43)
            [undertow-core-1.4.0.Final.jar:1.4.0.Final]<br>
            =C2=A0=C2=A0=C2=A0 at
io.undertow.security.handlers.AbstractConfidentialityHandler.handleReques=
t(AbstractConfidentialityHandler.java:46)
            [undertow-core-1.4.0.Final.jar:1.4.0.Final]<br>
            =C2=A0=C2=A0=C2=A0 at
io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHan=
--=20
Nathana=C3=ABl Blanchet

Supervision r=C3=A9seau
P=C3=B4le Infrastrutures Informatiques
227 avenue Professeur-Jean-Louis-Viala
34193 MONTPELLIER CEDEX 5 =09
T=C3=A9l. 33 (0)4 67 54 84 55
Fax  33 (0)4 67 54 84 14
blanchet@abes.fr

--------------1B1546E82EB9D6468AEB59B6
Content-Type: text/html; charset=utf-8
Content-Transfer-Encoding: quoted-printable

<html>
  <head>
    <meta content=3D"text/html; charset=3Dutf-8" http-equiv=3D"Content-Ty=
pe">
  </head>
  <body bgcolor=3D"#FFFFFF" text=3D"#000000">
    <p>Hi, <br>
    </p>
    <p>I was trying 4.1 beta on a dev plateform in january when I first
      wrote about this bug.</p>
    <p>I'm now in 4.1 production, and the bug becomes really annoying
      with serial console. Fortunately I can successfully continue to
      log into webadmin with the same login.<br>
    </p>
    <p>ssh -vvv tells me the authentication succeeded, so it is nothing
      to do with any special character in my password.</p>
    <p>Here are my credentials:</p>
    <p>[oVirt shell (connected)]# list users --show-all --kwargs=C2=A0
      "last_name=3D*Blanchet"<br>
      <br>
      id=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 =
: aa47e979-713b-421b-bee2-8c547c1ca57f<br>
      name=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 : Nathana=
=C3=ABl<br>
      domain-id=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 : 616265732E66722D617574687A<br>
      domain-name=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0 : abes.fr-authz<br>
      domain_entry_id=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0 :
      4634733074656957673061686946612B6E58416939773D3D<br>
      email=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 : <a class=3D"m=
oz-txt-link-abbreviated" href=3D"mailto:blanchet@abes.fr">blanchet@abes.f=
r</a><br>
      last_name=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 : Blanchet<br>
      namespace=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 : DC=3Dlevant,DC=3Dabes,DC=3Dfr<br>
      principal=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 : <a class=3D"moz-txt-link-abbreviat=
ed" href=3D"mailto:sblanchet@levant.abes.fr">sblanchet@levant.abes.fr</a>=
<br>
      user_name=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 : <a class=3D"moz-txt-link-abbreviat=
ed" href=3D"mailto:sblanchet@levant.abes.fr@abes.fr-authz">sblanchet@leva=
nt.abes.fr@abes.fr-authz</a></p>
    <p>They are exaclty the same as my colleague who succeeds to
      authenticate with ssh</p>
    <p>[oVirt shell (connected)]# list users --show-all --kwargs=C2=A0
      "last_name=3DCouren"<br>
      <br>
      id=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 =
: 53c70b4a-e8e3-4fd3-b8db-cd518fc1a372<br>
      name=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 : Micha=C3=
=ABl<br>
      domain-id=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 : 616265732E66722D617574687A<br>
      domain-name=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0 : abes.fr-authz<br>
      domain_entry_id=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0 :
      497338714735756636554F684255526544384F7476673D3D<br>
      email=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 : <a class=3D"m=
oz-txt-link-abbreviated" href=3D"mailto:couren@abes.fr">couren@abes.fr</a=
dler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
            [undertow-servlet-1.4.0.Final.jar:1.4.0.Final]<br>
            =C2=A0=C2=A0=C2=A0 at
io.undertow.security.handlers.AuthenticationMechanismsHandler.handleReque=
st(AuthenticationMechanismsHandler.java:60)
            [undertow-core-1.4.0.Final.jar:1.4.0.Final]<br>
            =C2=A0=C2=A0=C2=A0 at
io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.h=
andleRequest(CachedAuthenticatedSessionHandler.java:77)
            [undertow-servlet-1.4.0.Final.jar:1.4.0.Final]<br>
            =C2=A0=C2=A0=C2=A0 at
io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(N=
otificationReceiverHandler.java:50)
            [undertow-core-1.4.0.Final.jar:1.4.0.Final]<br>
            =C2=A0=C2=A0=C2=A0 at
io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.h=
andleRequest(AbstractSecurityContextAssociationHandler.java:43)
            [undertow-core-1.4.0.Final.jar:1.4.0.Final]<br>
            =C2=A0=C2=A0=C2=A0 at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandl=
er.java:43)
            [undertow-core-1.4.0.Final.jar:1.4.0.Final]<br>
            =C2=A0=C2=A0=C2=A0 at
org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleR=
equest(JACCContextIdHandler.java:61)<br>
            =C2=A0=C2=A0=C2=A0 at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandl=
er.java:43)
            [undertow-core-1.4.0.Final.jar:1.4.0.Final]<br>
            =C2=A0=C2=A0=C2=A0 at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandl=
er.java:43)
            [undertow-core-1.4.0.Final.jar:1.4.0.Final]<br>
            =C2=A0=C2=A0=C2=A0 at
io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(Ser=
vletInitialHandler.java:292)
            [undertow-servlet-1.4.0.Final.jar:1.4.0.Final]<br>
            =C2=A0=C2=A0=C2=A0 at
io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInit=
ialHandler.java:81)
            [undertow-servlet-1.4.0.Final.jar:1.4.0.Final]<br>
            =C2=A0=C2=A0=C2=A0 at
io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialH=
andler.java:138)
            [undertow-servlet-1.4.0.Final.jar:1.4.0.Final]<br>
            =C2=A0=C2=A0=C2=A0 at
io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialH=
andler.java:135)
            [undertow-servlet-1.4.0.Final.jar:1.4.0.Final]<br>
            =C2=A0=C2=A0=C2=A0 at
io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(Se=
rvletRequestContextThreadSetupAction.java:48)
            [undertow-servlet-1.4.0.Final.jar:1.4.0.Final]<br>
            =C2=A0=C2=A0=C2=A0 at
io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClas=
sLoaderSetupAction.java:43)
            [undertow-servlet-1.4.0.Final.jar:1.4.0.Final]<br>
            =C2=A0=C2=A0=C2=A0 at
io.undertow.servlet.api.LegacyThreadSetupActionWrapper$1.call(LegacyThrea=
dSetupActionWrapper.java:44)
            [undertow-servlet-1.4.0.Final.jar:1.4.0.Final]<br>
            =C2=A0=C2=A0=C2=A0 at
io.undertow.servlet.api.LegacyThreadSetupActionWrapper$1.call(LegacyThrea=
dSetupActionWrapper.java:44)
            [undertow-servlet-1.4.0.Final.jar:1.4.0.Final]<br>
            =C2=A0=C2=A0=C2=A0 at
io.undertow.servlet.api.LegacyThreadSetupActionWrapper$1.call(LegacyThrea=
dSetupActionWrapper.java:44)
            [undertow-servlet-1.4.0.Final.jar:1.4.0.Final]<br>
            =C2=A0=C2=A0=C2=A0 at
io.undertow.servlet.api.LegacyThreadSetupActionWrapper$1.call(LegacyThrea=
dSetupActionWrapper.java:44)
            [undertow-servlet-1.4.0.Final.jar:1.4.0.Final]<br>
            =C2=A0=C2=A0=C2=A0 at
io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(Servle=
tInitialHandler.java:272)
            [undertow-servlet-1.4.0.Final.jar:1.4.0.Final]<br>
            =C2=A0=C2=A0=C2=A0 at
io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInit=
ialHandler.java:81)
            [undertow-servlet-1.4.0.Final.jar:1.4.0.Final]<br>
            =C2=A0=C2=A0=C2=A0 at
io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(Servle=
tInitialHandler.java:104)
            [undertow-servlet-1.4.0.Final.jar:1.4.0.Final]<br>
            =C2=A0=C2=A0=C2=A0 at
            io.undertow.server.Connectors.executeRootHandler(Connectors.j=
ava:202)
            [undertow-core-1.4.0.Final.jar:1.4.0.Final]<br>
            =C2=A0=C2=A0=C2=A0 at
            io.undertow.server.HttpServerExchange$1.run(HttpServerExchang=
e.java:805)
            [undertow-core-1.4.0.Final.jar:1.4.0.Final]<br>
            =C2=A0=C2=A0=C2=A0 at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java=
:1142)
            [rt.jar:1.8.0_121]<br>
            =C2=A0=C2=A0=C2=A0 at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.jav=
a:617)
            [rt.jar:1.8.0_121]<br>
            =C2=A0=C2=A0=C2=A0 at java.lang.Thread.run(Thread.java:745)
            [rt.jar:1.8.0_121]<br>
          </font></tt><br>
      </p>
      <p>Did you find the cause for this and possible fixes or
        workarounds?<br>
      </p>
      <br>
      <pre class=3D"moz-signature" cols=3D"72">--=20
Eduardo Mayoral Jimeno (<a moz-do-not-send=3D"true" class=3D"moz-txt-link=
-abbreviated" href=3D"mailto:emayoral@arsys.es">emayoral@arsys.es</a>)
Administrador de sistemas. Departamento de Plataformas. Arsys internet.
+34 941 620 145 ext. 5153</pre>
    </blockquote>
    <br>
    <pre class=3D"moz-signature" cols=3D"72">--=20
Nathana=C3=ABl Blanchet

Supervision r=C3=A9seau
P=C3=B4le Infrastrutures Informatiques
227 avenue Professeur-Jean-Louis-Viala
34193 MONTPELLIER CEDEX 5 =09
T=C3=A9l. 33 (0)4 67 54 84 55
Fax  33 (0)4 67 54 84 14
<a class=3D"moz-txt-link-abbreviated" href=3D"mailto:blanchet@abes.fr">bl=
anchet@abes.fr</a> </pre>
  </body>
</html>

--------------1B1546E82EB9D6468AEB59B6--

Re: [ovirt-users] ovirtvm-console : Failed to execute login on behalf - for user

Nathanaël Blanchet