----- Original Message -----
From: "Grzegorz Szypa" <grzegorz.szypa@gmail.com> To: "Martin Perina" <mperina@redhat.com>, users@ovirt.org Sent: Wednesday, September 24, 2014 11:19:27 AM Subject: Re: [ovirt-users] [ovirt 3.4.3] No KDC can be obtained for domain... after using engine-manage-domains edit
Hi.
It's a little strange, because I can easily attach clients (VMs) to the Microsoft AD domain. Only sometimes there are problems with connectivity, but I will solve this in two ways: add the DNS suffix or adds a static primary DNS, which indicates domain.
/etc/resolv.conf nameserver 172.30.30.253 # DNS and AD server nameserver 172.30.30.1 # Router - DHCP search szypa.net
By the way, is also one strange thing:
Every time when I inserted record "nameserver 172.30.30.253" to file "resolv.conf" from time to time the file is overwritten / changed (I have no idea how) and record "nameserver 172.30.30.253" disappears (just as you would in general not been added).
It depends what is your network configuration. If you are using static IP, then network configuration is defined in /etc/sysconfig/network-scripts/ifcfg-XXX (XXX is the name of device) using DNSx params. In you case DNS1=172.30.30.25 DNS2=172.30.30.1 If you are using DHCP, then /etc/resolv.conf is usually altered on IP address renewal.
*And in all this is the cause that generates the problem.*
*So I think that the problem are solved, but i do not know how to resolve a problem with hidding configuration in /etc/resolv.conf*
Regards,
*Grzegorz Szypa*
2014-09-24 8:03 GMT+02:00 Martin Perina <mperina@redhat.com>:
Hi,
I looked at the logs and you have serious DNS problems:
2014-09-24 07:32:24,984 ERROR [org.ovirt.engine.core.bll.adbroker.GetRootDSE] (DefaultQuartzScheduler_Worker-15) Failed to query rootDSE for LDAP server ldap://szypa.net:389 due to szypa.net:389 2014-09-24 07:32:24,984 ERROR [org.ovirt.engine.core.bll.adbroker.DirectorySearcher] (DefaultQuartzScheduler_Worker-15) Failed ldap search server ldap:// szypa.net:389 using user ovirt@SZYPA.NET due to javax.naming.CommunicationException: szypa.net:389 [Root exception is java.net.UnknownHostException: szypa.net]. We should try the next server
You cannot authenticate your users, because LDAP server ldap:// szypa.net:389 cannot be resolved. Are you able to resolve szypa.net on you engine host?
----- Original Message -----
From: "Grzegorz Szypa" <grzegorz.szypa@gmail.com> To: "Martin Perina" <mperina@redhat.com>, users@ovirt.org Sent: Wednesday, September 24, 2014 7:32:56 AM Subject: Re: [ovirt-users] [ovirt 3.4.3] No KDC can be obtained for domain... after using engine-manage-domains edit
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.23.rc1.el6_5.1 <<>> SRV _kerberos._ tcp.szypa.net ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 65248 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION: ;_kerberos._tcp.szypa.net. IN SRV
;; AUTHORITY SECTION: net. 890 IN SOA a.gtld-servers.net. nstld.verisign-grs.com. 1411536712 1800 900 604800 86400
;; Query time: 28 msec ;; SERVER: 172.30.30.1#53(172.30.30.1) ;; WHEN: Wed Sep 24 07:32:23 2014 ;; MSG SIZE rcvd: 115
This looks like that szypa.net domain doesn't exist at all. Do you really have correct DNS configuration on engine host?
2014-09-24 7:06 GMT+02:00 Martin Perina <mperina@redhat.com>:
Hi,
the error message mean, that we cannot find any KDC servers in DNS. Could you please post results of the following command:
dig SRV _kerberos._tcp.szypa.net
Regarding the errors after oVirt restart, could you please post your engine.log?
Thanks
Martin Perina
----- Original Message -----
From: "Grzegorz Szypa" <grzegorz.szypa@gmail.com> To: fkobzik@redhat.com, users@ovirt.org Sent: Tuesday, September 23, 2014 3:41:02 PM Subject: [ovirt-users] [ovirt 3.4.3] No KDC can be obtained for domain... after using engine-manage-domains edit
Hi.
I have a problem with losting connetction to Windows Active
Directory.
Normaly I connect ovirt with AD like this:
"engine-manage-domains add --domain= szypa.net --provider=ad
--user=ovirt
--add-permissions"
After period time, example when i restart ovirt, connection is lost becouse i cannot add new user created in AD, so i thinking that i refresh conf. connection to ad:
"engine-manage-domains edit --domain= szypa.net --provider=ad --user=ovirt --add-permissions"
and i get this error:
No KDC can be obtained for domain szypa.net
have any idea?
I read that this problem is resolved in previous ovirt version
-- G.Sz.
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
-- G.Sz.
-- G.Sz.