Thanks!  That fixed it (I just added the Admin user back to SuperUser group via the web interface with an LDAP account that had SuperUser).

 

From: Ravi Shankar Nori <rnori@redhat.com>
Sent: November 26, 2018 12:14 PM
To: Greg Sheremeta <gshereme@redhat.com>
Cc: Shawn Southern <shawn.southern@entegrus.com>; users@oVirt.org
Subject: Re: [ovirt-users] The user admin@internal is not authorized to perform login

 

Looks like the permissions for admin@internal were removed by another admin user

 

You can try the following

 

1. Get the admin user external id

 

select external_id from users where name = 'admin' and domain = 'internal-authz'

 

2.  Add permissions for admin user

 

select attach_user_to_role(
                    'admin',
                    'internal-authz',
                    '*',
                    'b71c937c-441b-42cc-bf21-33fa2d9704ce', <=== the external id from above
                    'SuperUser'
                )

 

Let us know if it helps

 

On Sat, Nov 24, 2018 at 9:22 AM Greg Sheremeta <gshereme@redhat.com> wrote:

Perhaps Ravi can assist with this.

---------- Forwarded message ---------
From: Shawn Southern <shawn.southern@entegrus.com>
Date: Fri, Nov 23, 2018 at 9:52 PM
Subject: [ovirt-users] The user admin@internal is not authorized to perform login
To: users@ovirt.org <users@ovirt.org>

 

No one can log in to our oVirt instance today.  LDAP users cannot authenticate, and the internal ‘admin’ user gets “The user admin@internal is not authorized to perform login” after being authenticated.

 

From engine.log:

2018-11-23 10:17:12,454-05 INFO  [org.ovirt.engine.core.sso.utils.AuthenticationUtils] (default task-24) [] User admin@internal successfully logged in with scopes: ovirt-app-admin ovirt-app-api ovirt-app-portal ovirt-ext=auth:sequence-priority=~ ovirt-ext=revoke:revoke-all ovirt-ext=token-info:authz-search ovirt-ext=token-info:public-authz-search ovirt-ext=token-info:validate ovirt-ext=token:password-access

2018-11-23 10:17:12,576-05 INFO  [org.ovirt.engine.core.bll.aaa.CreateUserSessionCommand] (default task-24) [43bd2e4f] Running command: CreateUserSessionCommand internal: false.

2018-11-23 10:17:12,584-05 ERROR [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] (default task-24) [43bd2e4f] EVENT_ID: USER_VDC_LOGIN_FAILED(114), User admin@internal-authz connecting from '10.11.12.13' failed to log in<UNKNOWN>.

2018-11-23 10:17:12,585-05 ERROR [org.ovirt.engine.core.aaa.servlet.SsoPostLoginServlet] (default task-24) [] The user admin@internal is not authorized to perform login

 

Where do I go from here?

_______________________________________________
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-leave@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/
List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/OQNDRRXT3EZGGKGMBDIRZRLJYC2546N4/


 

--

GREG SHEREMETA

SENIOR SOFTWARE ENGINEER - TEAM LEAD - RHV UX

Red Hat NA

gshereme@redhat.com    IRC: gshereme

Image removed by sender.