On Wed, Jun 27, 2018 at 9:14 AM, Mariusz Kozakowski <mariusz.kozakowski@sallinggroup.com> wrote:

Hello,

We managed to setup oVirt Engine with your help, now we're facing other issue.

I'm trying to configure AD auth for web portal, but unfortunately I got error during ovirt-engine-extension-aaa-ldap-setup:

          2018-06-27 09:06:21,926+02 INFO    ========================================================================

          2018-06-27 09:06:21,926+02 INFO    ============================== Execution ===============================

          2018-06-27 09:06:21,926+02 INFO    ========================================================================

          2018-06-27 09:06:21,927+02 INFO    Iteration: 0

          2018-06-27 09:06:21,928+02 INFO    Profile='ad' authn='ad-authn' authz='ad-authz' mapping='null'

          2018-06-27 09:06:21,928+02 INFO    API: -->Authn.InvokeCommands.AUTHENTICATE_CREDENTIALS profile='ad' user='username'

          2018-06-27 09:06:21,945+02 INFO    API: <--Authn.InvokeCommands.AUTHENTICATE_CREDENTIALS profile='ad' result=SUCCESS

          2018-06-27 09:06:21,948+02 INFO    --- Begin AuthRecord ---

          2018-06-27 09:06:21,949+02 INFO    AAA_AUTHN_AUTH_RECORD_PRINCIPAL: username

          2018-06-27 09:06:21,949+02 INFO    --- End   AuthRecord ---

          2018-06-27 09:06:21,950+02 INFO    API: -->Authz.InvokeCommands.FETCH_PRINCIPAL_RECORD principal='username'

          2018-06-27 09:06:21,952+02 WARNING Ignoring records from pool: 'gc'

          2018-06-27 09:06:21,953+02 SEVERE  Cannot resolve principal 'username'

Hi,

are you sure that you are trying to configure either "standalone AD domain" or "AD forrest with multi-domain trust" using the tool? I'm asking because if want to configure AD which is part of AD forrest, you cannot do that using the tool, as this is advanced configuration. And we don't support multi-forrest with multi-domain trusts at all.

Could you please describe your AD setup and share with us full output of aaa-ldap-setup tool?

Thanks

Martin

Do you have any idea what's the issue and what we're missing? As it looks like credentials are correct - passing wrong username gives fail earlier, so issue is somewhere after authentication.
--

Best regards/Pozdrawiam/MfG

Mariusz Kozakowski

Site Reliability Engineer

Dansk Supermarked Group
Baltic Business Park
ul. 1 Maja 38-39
71-627 Szczecin
dansksupermarked.com
_______________________________________________
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-leave@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/
List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/6BZXOA6ZXMSN5EPC67LNBUSANJLUBHA7/

Martin Perina
Associate Manager, Software Engineering
Red Hat Czech s.r.o.