Fwd: FreeIPA authentication broken
---------- Forwarded message ---------- From: Kristian Petersen <nesretep@chem.byu.edu> Date: Tue, Apr 24, 2018 at 12:38 PM Subject: Re: [ovirt-users] FreeIPA authentication broken To: Ondra Machacek <omachace@redhat.com> That directory only contains internal.properties. So I copied the IPA.properties, IPA-authn.properties, and IPA.jks files all into the 'aaa' subdirectory and set ownership and permissions as you directed. I reran the command you gave me initially and it prompted me for a password for the user when entered the process exited with status 0. However, the web interface still isn't letting me log in. Do I need to restart a service for the changes to be effective in the web UI? On Mon, Apr 23, 2018 at 11:59 PM, Ondra Machacek <omachace@redhat.com> wrote:
Right, you are missing file /etc/ovirt-engine/aaa/IPA.properties
It's not subdirectory of /etc/ovirt-engine/extensions.d, but it's in /etc/ovirt-engine/ in 'aaa' subdirectory, can you check what's there? Please check also the correct permissions of that file, it should be '600' and owned by ovirt user.
On 04/23/2018 10:25 PM, Kristian Petersen wrote:
Looks like it can't find the IPA.properties file. I tried following the path it is complaining about but there are only files in /etc/ovirt-engine/extensions.d on the engine VM. No subdirectories. However, that directory appears to contain the files it is looking for. Both IPA-authn.properties and IPA.properties are there as are the internal properties files. Is there a config file we can edit to tell it to look in the right place?
-- Kristian Petersen System Administrator BYU Dept. of Chemistry and Biochemistry -- Kristian Petersen System Administrator BYU Dept. of Chemistry and Biochemistry
Yep, you need to restart ovirt-engine service so the changes take effect. Anyway, we need to figure out what removed your IPA.properties and IPA.jks file. What did you do before it stop work? On 04/25/2018 12:37 AM, Kristian Petersen wrote:
---------- Forwarded message ---------- From: *Kristian Petersen* <nesretep@chem.byu.edu <mailto:nesretep@chem.byu.edu>> Date: Tue, Apr 24, 2018 at 12:38 PM Subject: Re: [ovirt-users] FreeIPA authentication broken To: Ondra Machacek <omachace@redhat.com <mailto:omachace@redhat.com>>
That directory only contains internal.properties. So I copied the IPA.properties, IPA-authn.properties, and IPA.jks files all into the 'aaa' subdirectory and set ownership and permissions as you directed. I reran the command you gave me initially and it prompted me for a password for the user when entered the process exited with status 0. However, the web interface still isn't letting me log in. Do I need to restart a service for the changes to be effective in the web UI?
On Mon, Apr 23, 2018 at 11:59 PM, Ondra Machacek <omachace@redhat.com <mailto:omachace@redhat.com>> wrote:
Right, you are missing file /etc/ovirt-engine/aaa/IPA.properties
It's not subdirectory of /etc/ovirt-engine/extensions.d, but it's in /etc/ovirt-engine/ in 'aaa' subdirectory, can you check what's there? Please check also the correct permissions of that file, it should be '600' and owned by ovirt user.
On 04/23/2018 10:25 PM, Kristian Petersen wrote:
Looks like it can't find the IPA.properties file. I tried following the path it is complaining about but there are only files in /etc/ovirt-engine/extensions.d on the engine VM. No subdirectories. However, that directory appears to contain the files it is looking for. Both IPA-authn.properties and IPA.properties are there as are the internal properties files. Is there a config file we can edit to tell it to look in the right place?
-- Kristian Petersen System Administrator BYU Dept. of Chemistry and Biochemistry
-- Kristian Petersen System Administrator BYU Dept. of Chemistry and Biochemistry
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
I restarted the service and it is working beautifully again. Thank you for you time and effort in helping me. As for what caused this mess... My hosted engine crashed after it's storage was temporarily disconnected by an automatic application of an update which then rebooted the NAS. After I was able to get the engine back up, but running my IPA logins didn't work anymore and I had no idea why that would be. I hadn't changed anything in relation to any of that so it made little sense why it stopped working. On Wed, Apr 25, 2018 at 1:39 AM, Ondra Machacek <omachace@redhat.com> wrote:
Yep, you need to restart ovirt-engine service so the changes take effect.
Anyway, we need to figure out what removed your IPA.properties and IPA.jks file. What did you do before it stop work?
On 04/25/2018 12:37 AM, Kristian Petersen wrote:
---------- Forwarded message ---------- From: *Kristian Petersen* <nesretep@chem.byu.edu <mailto: nesretep@chem.byu.edu>> Date: Tue, Apr 24, 2018 at 12:38 PM Subject: Re: [ovirt-users] FreeIPA authentication broken To: Ondra Machacek <omachace@redhat.com <mailto:omachace@redhat.com>>
That directory only contains internal.properties. So I copied the IPA.properties, IPA-authn.properties, and IPA.jks files all into the 'aaa' subdirectory and set ownership and permissions as you directed. I reran the command you gave me initially and it prompted me for a password for the user when entered the process exited with status 0. However, the web interface still isn't letting me log in. Do I need to restart a service for the changes to be effective in the web UI?
On Mon, Apr 23, 2018 at 11:59 PM, Ondra Machacek <omachace@redhat.com <mailto:omachace@redhat.com>> wrote:
Right, you are missing file /etc/ovirt-engine/aaa/IPA.properties
It's not subdirectory of /etc/ovirt-engine/extensions.d, but it's in /etc/ovirt-engine/ in 'aaa' subdirectory, can you check what's there? Please check also the correct permissions of that file, it should be '600' and owned by ovirt user.
On 04/23/2018 10:25 PM, Kristian Petersen wrote:
Looks like it can't find the IPA.properties file. I tried following the path it is complaining about but there are only files in /etc/ovirt-engine/extensions.d on the engine VM. No subdirectories. However, that directory appears to contain the files it is looking for. Both IPA-authn.properties and IPA.properties are there as are the internal properties files. Is there a config file we can edit to tell it to look in the right place?
-- Kristian Petersen System Administrator BYU Dept. of Chemistry and Biochemistry
-- Kristian Petersen System Administrator BYU Dept. of Chemistry and Biochemistry
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
-- Kristian Petersen System Administrator BYU Dept. of Chemistry and Biochemistry
This is a multi-part message in MIME format. --------------3D7D37BE87FF70B8AE2D3A3A Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit Dear All, I'm following this thread because thinking to SAML ovirt integration. Can you help me ? Does ovirt support this kind of authentication ? Could you send me more information or a link to guide ? Thanks a lot. Best Regards Enrico Il 25/04/2018 18:20, Kristian Petersen ha scritto:
I restarted the service and it is working beautifully again. Thank you for you time and effort in helping me.
As for what caused this mess... My hosted engine crashed after it's storage was temporarily disconnected by an automatic application of an update which then rebooted the NAS. After I was able to get the engine back up, but running my IPA logins didn't work anymore and I had no idea why that would be. I hadn't changed anything in relation to any of that so it made little sense why it stopped working.
On Wed, Apr 25, 2018 at 1:39 AM, Ondra Machacek <omachace@redhat.com <mailto:omachace@redhat.com>> wrote:
Yep, you need to restart ovirt-engine service so the changes take effect.
Anyway, we need to figure out what removed your IPA.properties and IPA.jks file. What did you do before it stop work?
On 04/25/2018 12:37 AM, Kristian Petersen wrote:
---------- Forwarded message ---------- From: *Kristian Petersen* <nesretep@chem.byu.edu <mailto:nesretep@chem.byu.edu> <mailto:nesretep@chem.byu.edu <mailto:nesretep@chem.byu.edu>>> Date: Tue, Apr 24, 2018 at 12:38 PM Subject: Re: [ovirt-users] FreeIPA authentication broken To: Ondra Machacek <omachace@redhat.com <mailto:omachace@redhat.com> <mailto:omachace@redhat.com <mailto:omachace@redhat.com>>>
That directory only contains internal.properties. So I copied the IPA.properties, IPA-authn.properties, and IPA.jks files all into the 'aaa' subdirectory and set ownership and permissions as you directed. I reran the command you gave me initially and it prompted me for a password for the user when entered the process exited with status 0. However, the web interface still isn't letting me log in. Do I need to restart a service for the changes to be effective in the web UI?
On Mon, Apr 23, 2018 at 11:59 PM, Ondra Machacek <omachace@redhat.com <mailto:omachace@redhat.com> <mailto:omachace@redhat.com <mailto:omachace@redhat.com>>> wrote:
Right, you are missing file /etc/ovirt-engine/aaa/IPA.properties
It's not subdirectory of /etc/ovirt-engine/extensions.d, but it's in /etc/ovirt-engine/ in 'aaa' subdirectory, can you check what's there? Please check also the correct permissions of that file, it should be '600' and owned by ovirt user.
On 04/23/2018 10:25 PM, Kristian Petersen wrote:
Looks like it can't find the IPA.properties file. I tried following the path it is complaining about but there are only files in /etc/ovirt-engine/extensions.d on the engine VM. No subdirectories. However, that directory appears to contain the files it is looking for. Both IPA-authn.properties and IPA.properties are there as are the internal properties files. Is there a config file we can edit to tell it to look in the right place?
-- Kristian Petersen System Administrator BYU Dept. of Chemistry and Biochemistry
-- Kristian Petersen System Administrator BYU Dept. of Chemistry and Biochemistry
_______________________________________________ Users mailing list Users@ovirt.org <mailto:Users@ovirt.org> http://lists.ovirt.org/mailman/listinfo/users <http://lists.ovirt.org/mailman/listinfo/users>
-- Kristian Petersen System Administrator BYU Dept. of Chemistry and Biochemistry
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
-- _______________________________________________________________________ Enrico Becchetti Servizio di Calcolo e Reti Istituto Nazionale di Fisica Nucleare - Sezione di Perugia Via Pascoli,c/o Dipartimento di Fisica 06123 Perugia (ITALY) Phone:+39 075 5852777 Mail: Enrico.Becchetti<at>pg.infn.it ______________________________________________________________________ --------------3D7D37BE87FF70B8AE2D3A3A Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: 8bit <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"> </head> <body text="#000000" bgcolor="#FFFFFF"> <div class="moz-cite-prefix"> Dear All,<br> I'm following this thread because thinking to SAML ovirt integration. Can you help me ?<br> Does ovirt support this kind of authentication ? Could you send me more information or<br> a link to guide ?<br> Thanks a lot.<br> Best Regards<br> Enrico<br> <br> <br> Il 25/04/2018 18:20, Kristian Petersen ha scritto:<br> </div> <blockquote type="cite" cite="mid:CAEzpwAV_v70+Bx7uP=hKpLakgH9kdA3+HzC01N+EpqQZ8nLNdw@mail.gmail.com"> <div dir="ltr"> <div>I restarted the service and it is working beautifully again. Thank you for you time and effort in helping me.</div> <div><br> </div> As for what caused this mess... <div>My hosted engine crashed after it's storage was temporarily disconnected by an automatic application of an update which then rebooted the NAS. After I was able to get the engine back up, but running my IPA logins didn't work anymore and I had no idea why that would be. I hadn't changed anything in relation to any of that so it made little sense why it stopped working.</div> </div> <div class="gmail_extra"><br> <div class="gmail_quote">On Wed, Apr 25, 2018 at 1:39 AM, Ondra Machacek <span dir="ltr"><<a href="mailto:omachace@redhat.com" target="_blank" moz-do-not-send="true">omachace@redhat.com</a>></span> wrote:<br> <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Yep, you need to restart ovirt-engine service so the changes take<br> effect.<br> <br> Anyway, we need to figure out what removed your IPA.properties and<br> IPA.jks file. What did you do before it stop work?<span class=""><br> <br> On 04/25/2018 12:37 AM, Kristian Petersen wrote:<br> </span> <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class=""> <br> ---------- Forwarded message ----------<br> From: *Kristian Petersen* <<a href="mailto:nesretep@chem.byu.edu" target="_blank" moz-do-not-send="true">nesretep@chem.byu.edu</a> <mailto:<a href="mailto:nesretep@chem.byu.edu" target="_blank" moz-do-not-send="true">nesretep@chem.byu.edu</a>><wbr>><br> Date: Tue, Apr 24, 2018 at 12:38 PM<br> Subject: Re: [ovirt-users] FreeIPA authentication broken<br> </span><span class=""> To: Ondra Machacek <<a href="mailto:omachace@redhat.com" target="_blank" moz-do-not-send="true">omachace@redhat.com</a> <mailto:<a href="mailto:omachace@redhat.com" target="_blank" moz-do-not-send="true">omachace@redhat.com</a>>><br> <br> <br> That directory only contains internal.properties. So I copied the IPA.properties, IPA-authn.properties, and IPA.jks files all into the 'aaa' subdirectory and set ownership and permissions as you directed. I reran the command you gave me initially and it prompted me for a password for the user when entered the process exited with status 0. However, the web interface still isn't letting me log in. Do I need to restart a service for the changes to be effective in the web UI?<br> <br> </span><span class=""> On Mon, Apr 23, 2018 at 11:59 PM, Ondra Machacek <<a href="mailto:omachace@redhat.com" target="_blank" moz-do-not-send="true">omachace@redhat.com</a> <mailto:<a href="mailto:omachace@redhat.com" target="_blank" moz-do-not-send="true">omachace@redhat.com</a>>> wrote:<br> <br> Right, you are missing file /etc/ovirt-engine/aaa/IPA.prop<wbr>erties<br> <br> It's not subdirectory of /etc/ovirt-engine/extensions.d<wbr>, but it's in<br> /etc/ovirt-engine/ in 'aaa' subdirectory, can you check what's there?<br> Please check also the correct permissions of that file, it should be<br> '600' and owned by ovirt user.<br> <br> <br> On 04/23/2018 10:25 PM, Kristian Petersen wrote:<br> <br> Looks like it can't find the IPA.properties file. I tried<br> following the path it is complaining about but there are only<br> files in /etc/ovirt-engine/extensions.d on the engine VM. No<br> subdirectories. However, that directory appears to contain the<br> files it is looking for. Both IPA-authn.properties and<br> IPA.properties are there as are the internal properties files. Is there a config file we can edit to tell it to look in the<br> right place?<br> <br> <br> <br> <br> -- <br> Kristian Petersen<br> System Administrator<br> BYU Dept. of Chemistry and Biochemistry<br> <br> <br> <br> -- <br> Kristian Petersen<br> System Administrator<br> BYU Dept. of Chemistry and Biochemistry<br> <br> <br> </span><span class=""> ______________________________<wbr>_________________<br> Users mailing list<br> <a href="mailto:Users@ovirt.org" target="_blank" moz-do-not-send="true">Users@ovirt.org</a><br> <a href="http://lists.ovirt.org/mailman/listinfo/users" rel="noreferrer" target="_blank" moz-do-not-send="true">http://lists.ovirt.org/mailman<wbr>/listinfo/users</a><br> <br> </span></blockquote> </blockquote> </div> <br> <br clear="all"> <div><br> </div> -- <br> <div class="gmail_signature" data-smartmail="gmail_signature"> <div dir="ltr"> <div> <div dir="ltr"> <div> <div dir="ltr">Kristian Petersen <div>System Administrator</div> <div>BYU Dept. of Chemistry and Biochemistry</div> </div> </div> </div> </div> </div> </div> </div> <br> <fieldset class="mimeAttachmentHeader"></fieldset> <br> <pre wrap="">_______________________________________________ Users mailing list <a class="moz-txt-link-abbreviated" href="mailto:Users@ovirt.org">Users@ovirt.org</a> <a class="moz-txt-link-freetext" href="http://lists.ovirt.org/mailman/listinfo/users">http://lists.ovirt.org/mailman/listinfo/users</a> </pre> </blockquote> <p><br> </p> <pre class="moz-signature" cols="72">-- _______________________________________________________________________ Enrico Becchetti Servizio di Calcolo e Reti Istituto Nazionale di Fisica Nucleare - Sezione di Perugia Via Pascoli,c/o Dipartimento di Fisica 06123 Perugia (ITALY) Phone:+39 075 5852777 Mail: Enrico.Becchetti<at>pg.infn.it ______________________________________________________________________ </pre> </body> </html> --------------3D7D37BE87FF70B8AE2D3A3A--
participants (3)
-
Enrico Becchetti -
Kristian Petersen -
Ondra Machacek