12:34 a.m.
----- Original Message -----
From: "T-Sinjon" <tscbj1989(a)gmail.com>
To: "Roy Golan" <rgolan(a)redhat.com>
Cc: "Oved Ourfalli" <ovedo(a)redhat.com>, users(a)ovirt.org
Sent: Tuesday, May 22, 2012 5:33:06 AM
Subject: Re: [Users] engine-manage-domains can't add user , domain
HI, Roy
I have update my engine to newest use ' rpm -Uvh ' -
I used rpms from
http://jenkins.ovirt.org/view/ovirt_engine/job/ovirt_engine_create_rpms/
.
[root@ovirt-engine ~]# rpm -qa | grep ovirt-engine
ovirt-engine-dbscripts-3.1.0_0001-1.8.fc16.x86_64
ovirt-engine-config-3.1.0_0001-1.8.fc16.x86_64
ovirt-engine-log-collector-3.1.0_0001-1.8.fc16.x86_64
ovirt-engine-3.1.0_0001-1.8.fc16.x86_64
ovirt-engine-image-uploader-3.1.0_0001-1.8.fc16.x86_64
ovirt-engine-restapi-3.1.0_0001-1.8.fc16.x86_64
ovirt-engine-sdk-1.3-1.fc16.noarch
ovirt-engine-tools-common-3.1.0_0001-1.8.fc16.x86_64
ovirt-engine-backend-3.1.0_0001-1.8.fc16.x86_64
ovirt-engine-jbossas-1.2-2.fc16.x86_64
ovirt-engine-iso-uploader-3.1.0_0001-1.8.fc16.x86_64
ovirt-engine-setup-3.1.0_0001-1.8.fc16.x86_64
ovirt-engine-userportal-3.1.0_0001-1.8.fc16.x86_64
ovirt-engine-jboss-deps-3.1.0_0001-1.8.fc16.x86_64
ovirt-engine-webadmin-portal-3.1.0_0001-1.8.fc16.x86_64
ovirt-engine-genericapi-3.1.0_0001-1.8.fc16.x86_64
ovirt-engine-notification-service-3.1.0_0001-1.8.fc16.x86_64
and now I add domain again , it still have error and there's no log
can find from engine-manage-domains.log, what should i do now ?
[root@ovirt-engine ~]# engine-manage-domains -action=add
-domain=local -user=admin -provider=IPA -interactive
Failed reading current configuration. Details: Error "Error fetching
LDAPProviderTypes value: no such entry with version 'general'."
while reading configuration value LDAPProviderTypes.
Looks like your database isn't updated.
I'm not sure whether a database upgrade is run automatically when you update the RPMs,
but according to the error you get it is probably isn't.
In the RPM ovirt-engine-dbscripts-3.1.0_0001-1.8.fc16.x86_64 you should have an upgrade
script.
(use rpm -qil on ovirt-engine-dbscripts-3.1.0_0001-1.8.fc16.x86_64 to find out where it
is, as I'm not sure exactly where it's installed).
Run it using the command" ./upgrade.sh -u postgres
It will upgrade your database.
Oved
On 15 May, 2012, at 5:10 PM, Roy Golan wrote:
> On 05/15/2012 08:48 AM, Yair Zaslavsky wrote:
>> On 05/15/2012 08:35 AM, Oved Ourfalli wrote:
>>>
>>> ----- Original Message -----
>>>> From: "T-Sinjon"<tscbj1989(a)gmail.com>
>>>> To: "Oved Ourfalli"<ovedo(a)redhat.com>
>>>> Cc: users(a)ovirt.org
>>>> Sent: Tuesday, May 15, 2012 5:53:16 AM
>>>> Subject: Re: [Users] engine-manage-domains can't add user ,
>>>> domain
>>>>
>>>> after use kinit login tsinjon , the error changes to , why this
>>>> happened?
>>>>
>>>> [root@ovirt-engine ~]# engine-manage-domains -action=add
>>>> -domain='local' -user='tsinjon' -interactive
>>>> Enter password:
>>>>
>>>> No user in Directory was found for tsinjon@LOCAL. Trying next
>>>> LDAP
>>>> server in list
>>>> Failure while testing domain local. Details: No user information
>>>> was
>>>> found for user
>>>>
>>> Can't see why kinit matters here, but looking at your command I
>>> noticed you used single quotes for the user and domain name.
>>> I'm not sure it knows to handle this correctly.
>>> Did you try without the quotes?
>>>
>>> Also, what version are you working with?
>>> We had a problem a few weeks ago, of identifying the correct ldap
>>> provider. To fix that we added an option to specify the ldap
>>> provider type. It determines which query will be used in order
>>> to get the user details.
>>>
>>> cc-ing Roy, which added this. iirc it is mandatory to provide
>>> this option, so you probably don't have this option in your
>>> environment.
>>> Roy - is there an upstream release with this fix?
>> Oved - this was merged upstream.
>> T-Sinjon - have you cloned the git repo and compiled or are you
>> using RPMs?
> T-Sinjon - once your updated you'll be able to specify the which
> type is your LDAP server and overcome this problem.
>
> e.g.
> engine-manage-domains -action=add -domain='local' -provider=ipa
> -user='tsinjon' -interactive
>
>
>>
>>
>>> Regards,
>>> Oved
>>>> On 15 May, 2012, at 10:47 AM, T-Sinjon wrote:
>>>>
>>>>> I have added those SRV info into my zone file , and it did go ,
>>>>> the log looks fine , but engine-manage-domains still return
>>>>> error
>>>>>
>>>>> 2012-05-15 10:45:19,222 INFO
>>>>> [org.ovirt.engine.core.utils.kerberos.ManageDomains] Creating
>>>>> kerberos configuration for domain(s): local
>>>>> 2012-05-15 10:45:19,258 INFO
>>>>> [org.ovirt.engine.core.utils.kerberos.ManageDomains]
>>>>> Successfully
>>>>> created kerberos configuration for domain(s): local
>>>>> 2012-05-15 10:45:19,259 INFO
>>>>> [org.ovirt.engine.core.utils.kerberos.ManageDomains] Testing
>>>>> kerberos configuration for domain: local
>>>>>
>>>>> [root@ovirt-engine ~]# engine-manage-domains -action=add
>>>>> -domain='local' -user='tsinjon' -interactive
>>>>> Enter password:
>>>>>
>>>>> Error: exception message: Integrity check on decrypted field
>>>>> failed (31) - PREAUTH_FAILED
>>>>> Failure while testing domain local. Details: Kerberos error.
>>>>> Please
>>>>> check log for further details.
>>>>>
>>>>>
>>>>> On 14 May, 2012, at 10:12 PM, Oved Ourfalli wrote:
>>>>>
>>>>>>
>>>>>> ----- Original Message -----
>>>>>>> From: "T-Sinjon"<tscbj1989(a)gmail.com>
>>>>>>> To: users(a)ovirt.org
>>>>>>> Sent: Monday, May 14, 2012 5:07:46 PM
>>>>>>> Subject: [Users] engine-manage-domains can't add user ,
>>>>>>> domain
>>>>>>>
>>>>>>>
>>>>>>> I use FreeIPA to authenticate users, ipa user-add has no
>>>>>>> problem,
>>>>>>> but when i do :
>>>>>>>
>>>>>>> [root@ovirt-engine ~]# engine-manage-domains -action=add
>>>>>>> -domain='local' -user='tsinjon'
-interactive
>>>>>>>
>>>>>>> Error: Authentication Failed. Please verify the fully
>>>>>>> qualified
>>>>>>> domain name that is used for authentication is correct..
>>>>>>> Problematic
>>>>>>> domain is: local
>>>>>>> Failure while applying Kerberos configuration. Details:
>>>>>>> Authentication Failed. Please verify the fully qualified
>>>>>>> domain
>>>>>>> name
>>>>>>> that is used for authentication is correct.
>>>>>>>
>>>>>>> and log from engine-manage-domains.log :
>>>>>>>
>>>>>>> 2012-05-14 21:58:47,892 INFO
>>>>>>> [org.ovirt.engine.core.utils.kerberos.ManageDomains]
Creating
>>>>>>> kerberos configuration for domain(s): local
>>>>>>> 2012-05-14 21:58:47,923 ERROR
>>>>>>> [org.ovirt.engine.core.dns.DnsSRVLocator] Error in getting
>>>>>>> SRV
>>>>>>> list
>>>>>>> for protocol _tcp and domain LOCAL Exception message is DNS
>>>>>>> name
>>>>>>> not
>>>>>>> found [response code 3]
>>>>>>>
>>>>>>> my domain is 'local' , like ovirt-engine.local
>>>>>>> 、ovirt-node-1.local
>>>>>>> …etc
>>>>>>>
>>>>>>> What can i do to get through it?
>>>>>>>
>>>>>> The utility (and also the ovirt engine) are relying on DNS SRV
>>>>>> records in order to find LDAP and kerberos servers (supporting
>>>>>> Active directory, IPA or RHDS).
>>>>>> So, in order to work with it you must have the following in
>>>>>> the
>>>>>> DNS
>>>>>> 1. PTR record for your LDAP server
>>>>>> 2. LDAP SRV record for your LDAP server
>>>>>> 3. LDAP kerberos record for your LDAP server
>>>>>>
>>>>>> If you don't really have access to the DNS you can install
a
>>>>>> package called "dnsmasq", and perform this changes by
yourself
>>>>>> in
>>>>>> its config file.
>>>>>>
>>>>>> Oved
>>>>>>> _______________________________________________
>>>>>>> Users mailing list
>>>>>>> Users(a)ovirt.org
>>>>>>> http://lists.ovirt.org/mailman/listinfo/users
>>>>>>>
>>>>
>>> _______________________________________________
>>> Users mailing list
>>> Users(a)ovirt.org
>>> http://lists.ovirt.org/mailman/listinfo/users
>
_______________________________________________
Users mailing list
Users(a)ovirt.org
http://lists.ovirt.org/mailman/listinfo/users