Hi ALejandro, Officially we're not supporting Sambra4rc5, but I talked with Alon Bar-Lev (CC'ed) and he explained me Sambra4rc5 is 2003 AD compliant. On 11/13/2012 03:53 PM, Alejandro wrote:
I'm triing to use Samba4rc5 like autenticator for Ovirt 3.1.0-3.26
First problem is Ovirt is user usernameprincipal (login@domain in place of login) to autenticate with Samba4, But samba4 don't use it.
I use engine-manage-domains -action=add -domain=DOMAINFQDN -user=LOGIN -provider=ActiveDirectory -interactive -addPermissions And the result is:
No user in Directory was found for LOGIN@DOMAINFQDN. Trying next LDAP server in list Failure while testing domain DOMAINFQDN. Details: No user information was found for user
And the Samba4 give me: filter=(&(sAMAccountType=805306368)(userPrincipalName=LOGIN@DOMAINFQDN))
But no userPrincipalName is configured in any user.
Actual Solution: I add a userPrincipalName LOGIN@DOMAINFQDN in the LOGIN account (using a ldap tool) and add the ovirt machine to the domain.
Not sure I fully understood your solution - does this mean you added this, was this added to the user objects on your ldap server? There is a reason why we query for userPrincipalName so it has to include this information.
After restart the ovirt engine I go to the UserPortal.
I find now other problem, the user isn't search by the Common Name (cn), a example of search filter=(&(sAMAccountType=805306368)(|(givenname=TESTLOGIN)(sn=TESTLOGIN)(samaccountname=TESTLOGIN)(userPrincipalName=TESTLOGIN)))
must be filter=(&(sAMAccountType=805306368)(|(givenname=TESTLOGIN)(cn=TESTLOGIN)(sn=TESTLOGIN)(samaccountname=TESTLOGIN)(userPrincipalName=TESTLOGIN)))
I am not sure why you had to add the cn part, can you elaborate?
Thanks for all
-- Alejandro Escanero Blanco Consultor de sistemas basados en fuentes abiertas Desarrollador de FusionDirectory (http://www.fusiondirectory.org) Blog: http://www.disasterproject.com Jabber: blainett@jabberes.com <mailto:blainett@jabberes.com>
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users