11:53 a.m.
Hello,
still having issues with ovirt SSO and Debian OS.
Other OSes (Windows/Fedora 24) works just fine.
Some information:
OS: Debian 8.5 (jessie)
I've followed manual on https://www.ovirt.org/documentation/how-to/gues
t-agent/install-the-guest-agent-in-debian/ and installed ovirt-agent.
I can get info via spice socket on hypervisor side, this means that
agent works fine.
I've compiled pam-ovirt-cred and copied it into /lib/x86_64-linux-
gnu/security/
I've configured /etc/pamd/gdm-ovirtcred (just copied from working
Fedora 24)
But still login fails. I can see this in ovirt-agent log file:
Dummy-2::INFO::2016-07-28
12:49:51,046::OVirtAgentLogic::270::root::Received an external command:
login...
Dummy-2::DEBUG::2016-07-28
12:49:51,047::OVirtAgentLogic::304::root::User log-in (credentials =
'\x00\x00\x00\x04test********\x00')
Dummy-2::INFO::2016-07-28 12:49:51,047::CredServer::207::root::The
following users are allowed to connect: [0]
Dummy-2::DEBUG::2016-07-28 12:49:51,047::CredServer::272::root::Token:
760258
Dummy-2::INFO::2016-07-28 12:49:51,047::CredServer::273::root::Opening
credentials channel...
Dummy-2::INFO::2016-07-28 12:49:51,047::CredServer::132::root::Emitting
user authenticated signal (760258).
Dummy-2::INFO::2016-07-28
12:49:51,178::CredServer::277::root::Credentials channel was closed.
This looks okay. The error is on pam side (auth.log):
Jul 28 12:49:39 desktop64 gdm-ovirtcred]: pam_succeed_if(gdm-
ovirtcred:auth): error retrieving user name: Conversation error
Jul 28 12:49:39 desktop64 gdm-ovirtcred]: pam_ovirt_cred(gdm-
ovirtcred:auth): Failed to acquire user's credentials
Have no idea, where it fails.
Would appreciate, if you could help me here a bit.
Thank you.
3:11 p.m.
--Apple-Mail=_2BEC4A84-59D3-4B6A-B632-9DB0CBDB92D0
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
charset=utf-8
On Jul 28, 2016, at 11:53 AM, Tadas <tadas(a)ring.lt> wrote:
=20
Hello,
still having issues with ovirt SSO and Debian OS.
Other OSes (Windows/Fedora 24) works just fine.
Some information:
OS: Debian 8.5 (jessie)
I've followed manual on =
https://www.ovirt.org/documentation/how-to/gues
t-agent/install-the-guest-agent-in-debian/ and installed
ovirt-agent.
I can get info via spice socket on hypervisor side, this means that
agent works fine.
I've compiled pam-ovirt-cred and copied it into /lib/x86_64-linux-
gnu/security/
It should be in /lib/security afaik
I've configured /etc/pamd/gdm-ovirtcred (just copied from
working
Fedora 24)
replace in that file all occurences of password-auth with passwd
=20
But still login fails. I can see this in ovirt-agent log file:
It some how fails for me in some cases with this now:
https://bugs.freedesktop.org/show_bug.cgi?id=3D71525 =
<https://bugs.freedesktop.org/show_bug.cgi?id=3D71525>
There=E2=80=99s not much I can do about that though
=20
Dummy-2::INFO::2016-07-28
12:49:51,046::OVirtAgentLogic::270::root::Received an external =
command:
login...
Dummy-2::DEBUG::2016-07-28
12:49:51,047::OVirtAgentLogic::304::root::User log-in (credentials =3D
'\x00\x00\x00\x04test********\x00')
Dummy-2::INFO::2016-07-28 12:49:51,047::CredServer::207::root::The
following users are allowed to connect: [0]
Dummy-2::DEBUG::2016-07-28 12:49:51,047::CredServer::272::root::Token:
760258
Dummy-2::INFO::2016-07-28 12:49:51,047::CredServer::273::root::Opening
credentials channel...
Dummy-2::INFO::2016-07-28 =
12:49:51,047::CredServer::132::root::Emitting
user authenticated signal (760258).
Dummy-2::INFO::2016-07-28
12:49:51,178::CredServer::277::root::Credentials channel was closed.
=20
This looks okay. The error is on pam side (auth.log):
=20
Jul 28 12:49:39 desktop64 gdm-ovirtcred]: pam_succeed_if(gdm-
ovirtcred:auth): error retrieving user name: Conversation error
Jul 28 12:49:39 desktop64 gdm-ovirtcred]: pam_ovirt_cred(gdm-
ovirtcred:auth): Failed to acquire user's credentials
=20
Have no idea, where it fails.
Would appreciate, if you could help me here a bit.
Thank you.
=20
=20
_______________________________________________
Users mailing list
Users(a)ovirt.org
http://lists.ovirt.org/mailman/listinfo/users
--Apple-Mail=_2BEC4A84-59D3-4B6A-B632-9DB0CBDB92D0
Content-Transfer-Encoding: quoted-printable
Content-Type: text/html;
charset=utf-8
<html><head><meta http-equiv=3D"Content-Type"
content=3D"text/html =
charset=3Dutf-8"></head><body style=3D"word-wrap: break-word; =
-webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" =
class=3D""><br class=3D""><div><blockquote
type=3D"cite" class=3D""><div =
class=3D"">On Jul 28, 2016, at 11:53 AM, Tadas <<a =
href=3D"mailto:tadas@ring.lt"
class=3D"">tadas(a)ring.lt</a>&gt; =
wrote:</div><br class=3D"Apple-interchange-newline"><div
class=3D""><div =
class=3D"">Hello,<br class=3D"">still having issues with
ovirt SSO and =
Debian OS.<br class=3D"">Other OSes (Windows/Fedora 24) works just =
fine.<br class=3D"">Some information:<br class=3D"">OS:
Debian 8.5 =
(jessie)<br class=3D"">I've followed manual on <a =
href=3D"https://www.ovirt.org/documentation/how-to/gues" =
class=3D"">https://www.ovirt.org/documentation/how-to/gues&l... =
class=3D"">t-agent/install-the-guest-agent-in-debian/ and installed
=
ovirt-agent.<br class=3D"">I can get info via spice socket on hypervisor
=
side, this means that<br class=3D"">agent works fine.<br
class=3D"">I've =
compiled pam-ovirt-cred and copied it =
into /lib/x86_64-linux-<br class=3D"">gnu/security/<br =
class=3D""></div></div></blockquote><div><br
class=3D""></div><div>It =
should be in /lib/security afaik</div><br class=3D""><blockquote
=
type=3D"cite" class=3D""><div class=3D""><div
class=3D"">I've configured =
/etc/pamd/gdm-ovirtcred (just copied from working<br class=3D"">Fedora =
24)<br
class=3D""></div></div></blockquote><div><br =
class=3D""></div><div>replace in that file all occurences of =
password-auth with passwd</div><div><br
class=3D""></div><br =
class=3D""><blockquote type=3D"cite"
class=3D""><div class=3D""><div =
class=3D""><br class=3D"">But still login fails. I can see
this in =
ovirt-agent log file:<br
class=3D""></div></div></blockquote><div><br =
class=3D""></div><div>It some how fails for me in some cases with
this =
now:</div><div><br class=3D""></div><div><a =
href=3D"https://bugs.freedesktop.org/show_bug.cgi?id=3D71525" =
class=3D"">https://bugs.freedesktop.org/show_bug.cgi?id=3D71...
div><br class=3D""></div><div>There=E2=80=99s not much I
can do about =
that though</div><div><br
class=3D""></div><div><br
class=3D""></div><br =
class=3D""><blockquote type=3D"cite"
class=3D""><div class=3D""><div =
class=3D""><br class=3D"">Dummy-2::INFO::2016-07-28<br =
class=3D"">12:49:51,046::OVirtAgentLogic::270::root::Received an =
external command:<br class=3D"">login...<br =
class=3D"">Dummy-2::DEBUG::2016-07-28<br =
class=3D"">12:49:51,047::OVirtAgentLogic::304::root::User log-in =
(credentials =3D<br
class=3D"">'\x00\x00\x00\x04test********\x00')<br =
class=3D"">Dummy-2::INFO::2016-07-28 =
12:49:51,047::CredServer::207::root::The<br class=3D"">following users =
are allowed to connect: [0]<br class=3D"">Dummy-2::DEBUG::2016-07-28 =
12:49:51,047::CredServer::272::root::Token:<br class=3D"">760258<br =
class=3D"">Dummy-2::INFO::2016-07-28 =
12:49:51,047::CredServer::273::root::Opening<br class=3D"">credentials =
channel...<br class=3D"">Dummy-2::INFO::2016-07-28 =
12:49:51,047::CredServer::132::root::Emitting<br class=3D"">user =
authenticated signal (760258).<br
class=3D"">Dummy-2::INFO::2016-07-28<br =
class=3D"">12:49:51,178::CredServer::277::root::Credentials channel was =
closed.<br class=3D""><br
class=3D""></div></div></blockquote><div><br =
class=3D""></div><div><br
class=3D""></div><div><br
class=3D""></div><br =
class=3D""><blockquote type=3D"cite"
class=3D""><div class=3D""><div =
class=3D"">This looks okay. The error is on pam side (auth.log):<br =
class=3D""><br class=3D"">Jul 28 12:49:39 desktop64
gdm-ovirtcred]: =
pam_succeed_if(gdm-<br class=3D"">ovirtcred:auth): error retrieving user
=
name: Conversation error<br class=3D"">Jul 28 12:49:39 desktop64 =
gdm-ovirtcred]: pam_ovirt_cred(gdm-<br class=3D"">ovirtcred:auth): =
Failed to acquire user's credentials<br class=3D""><br
class=3D"">Have =
no idea, where it fails.<br class=3D"">Would appreciate, if you could =
help me here a bit.<br class=3D"">Thank you.<br
class=3D""><br =
class=3D""><br =
class=3D"">_______________________________________________<br =
class=3D"">Users mailing list<br class=3D""><a =
href=3D"mailto:Users@ovirt.org"
class=3D"">Users(a)ovirt.org</a><br =
class=3D"">http://lists.ovirt.org/mailman/listinfo/users<br =
class=3D""></div></div></blockquote></div><br
class=3D""></body></html>=
--Apple-Mail=_2BEC4A84-59D3-4B6A-B632-9DB0CBDB92D0--
3:18 p.m.
--Apple-Mail=_1C4D7F46-AE32-42F2-B4FF-982870B65010
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
charset=utf-8
On Jul 28, 2016, at 3:11 PM, Vinzenz Feenstra
<vfeenstr(a)redhat.com> =
wrote:
=20
=20
> On Jul 28, 2016, at 11:53 AM, Tadas <tadas(a)ring.lt =
<mailto:tadas@ring.lt>> wrote:
>=20
> Hello,
> still having issues with ovirt SSO and Debian OS.
> Other OSes (Windows/Fedora 24) works just fine.
> Some information:
> OS: Debian 8.5 (jessie)
> I've followed manual on =
https://www.ovirt.org/documentation/how-to/gues
=
<https://www.ovirt.org/documentation/how-to/gues>
> t-agent/install-the-guest-agent-in-debian/ and installed
ovirt-agent.
> I can get info via spice socket on hypervisor side, this means that
> agent works fine.
> I've compiled pam-ovirt-cred and copied it into /lib/x86_64-linux-
> gnu/security/
=20
It should be in /lib/security afaik
=20
> I've configured /etc/pamd/gdm-ovirtcred (just copied from working
> Fedora 24)
=20
replace in that file all occurences of password-auth with passwd
=20
=20
>=20
> But still login fails. I can see this in ovirt-agent log file:
=20
It some how fails for me in some cases with this now:
=20
Correction its here:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=3D794064 =
<https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=3D794064>
<https://bugs.freedesktop.org/show_bug.cgi?id=3D71525>
=20
There=E2=80=99s not much I can do about that though
=20
=20
=20
>=20
> Dummy-2::INFO::2016-07-28
> 12:49:51,046::OVirtAgentLogic::270::root::Received an external =
command:
> login...
> Dummy-2::DEBUG::2016-07-28
> 12:49:51,047::OVirtAgentLogic::304::root::User log-in (credentials =3D
> '\x00\x00\x00\x04test********\x00')
> Dummy-2::INFO::2016-07-28 12:49:51,047::CredServer::207::root::The
> following users are allowed to connect: [0]
> Dummy-2::DEBUG::2016-07-28 =
12:49:51,047::CredServer::272::root::Token:
> 760258
> Dummy-2::INFO::2016-07-28 =
12:49:51,047::CredServer::273::root::Opening
> credentials channel...
> Dummy-2::INFO::2016-07-28 =
12:49:51,047::CredServer::132::root::Emitting
> user authenticated signal (760258).
> Dummy-2::INFO::2016-07-28
> 12:49:51,178::CredServer::277::root::Credentials channel was closed.
>=20
=20
=20
=20
=20
> This looks okay. The error is on pam side (auth.log):
>=20
> Jul 28 12:49:39 desktop64 gdm-ovirtcred]: pam_succeed_if(gdm-
> ovirtcred:auth): error retrieving user name: Conversation error
> Jul 28 12:49:39 desktop64 gdm-ovirtcred]: pam_ovirt_cred(gdm-
> ovirtcred:auth): Failed to acquire user's credentials
>=20
> Have no idea, where it fails.
> Would appreciate, if you could help me here a bit.
> Thank you.
>=20
>=20
> _______________________________________________
> Users mailing list
> Users(a)ovirt.org <mailto:Users@ovirt.org>
> http://lists.ovirt.org/mailman/listinfo/users
=20
--Apple-Mail=_1C4D7F46-AE32-42F2-B4FF-982870B65010
Content-Transfer-Encoding: quoted-printable
Content-Type: text/html;
charset=utf-8
<html><head><meta http-equiv=3D"Content-Type"
content=3D"text/html =
charset=3Dutf-8"></head><body style=3D"word-wrap: break-word; =
-webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" =
class=3D""><br class=3D""><div><blockquote
type=3D"cite" class=3D""><div =
class=3D"">On Jul 28, 2016, at 3:11 PM, Vinzenz Feenstra <<a =
href=3D"mailto:vfeenstr@redhat.com"
class=3D"">vfeenstr(a)redhat.com</a>&gt;=
wrote:</div><br class=3D"Apple-interchange-newline"><div
class=3D""><meta=
http-equiv=3D"Content-Type" content=3D"text/html charset=3Dutf-8" =
class=3D""><div style=3D"word-wrap: break-word; -webkit-nbsp-mode: =
space; -webkit-line-break: after-white-space;" class=3D""><br =
class=3D""><div class=3D""><blockquote
type=3D"cite" class=3D""><div =
class=3D"">On Jul 28, 2016, at 11:53 AM, Tadas <<a =
href=3D"mailto:tadas@ring.lt"
class=3D"">tadas(a)ring.lt</a>&gt; =
wrote:</div><br class=3D"Apple-interchange-newline"><div
class=3D""><div =
class=3D"">Hello,<br class=3D"">still having issues with
ovirt SSO and =
Debian OS.<br class=3D"">Other OSes (Windows/Fedora 24) works just =
fine.<br class=3D"">Some information:<br class=3D"">OS:
Debian 8.5 =
(jessie)<br class=3D"">I've followed manual on <a =
href=3D"https://www.ovirt.org/documentation/how-to/gues" =
class=3D"">https://www.ovirt.org/documentation/how-to/gues&l... =
class=3D"">t-agent/install-the-guest-agent-in-debian/ and installed
=
ovirt-agent.<br class=3D"">I can get info via spice socket on hypervisor
=
side, this means that<br class=3D"">agent works fine.<br
class=3D"">I've =
compiled pam-ovirt-cred and copied it =
into /lib/x86_64-linux-<br class=3D"">gnu/security/<br =
class=3D""></div></div></blockquote><div
class=3D""><br =
class=3D""></div><div class=3D"">It should be in
/lib/security =
afaik</div><br class=3D""><blockquote type=3D"cite"
class=3D""><div =
class=3D""><div class=3D"">I've configured
/etc/pamd/gdm-ovirtcred (just =
copied from working<br class=3D"">Fedora 24)<br =
class=3D""></div></div></blockquote><div
class=3D""><br =
class=3D""></div><div class=3D"">replace in that file
all occurences of =
password-auth with passwd</div><div class=3D""><br
class=3D""></div><br =
class=3D""><blockquote type=3D"cite"
class=3D""><div class=3D""><div =
class=3D""><br class=3D"">But still login fails. I can see
this in =
ovirt-agent log file:<br
class=3D""></div></div></blockquote><div =
class=3D""><br class=3D""></div><div
class=3D"">It some how fails for me =
in some cases with this now:</div><div class=3D""><br =
class=3D""></div></div></div></div></blockquote><div><br
=
class=3D""></div><div>Correction its
here:</div><div><a =
href=3D"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=3D794064&q... =
class=3D"">https://bugs.debian.org/cgi-bin/bugreport.cgi?bug...
/div><br class=3D""><blockquote type=3D"cite"
class=3D""><div =
class=3D""><div style=3D"word-wrap: break-word; -webkit-nbsp-mode: =
space; -webkit-line-break: after-white-space;" class=3D""><div =
class=3D""><div class=3D""><a =
href=3D"https://bugs.freedesktop.org/show_bug.cgi?id=3D71525" =
class=3D"">https://bugs.freedesktop.org/show_bug.cgi?id=3D71...
div class=3D""><br class=3D""></div><div
class=3D"">There=E2=80=99s not =
much I can do about that though</div><div class=3D""><br =
class=3D""></div><div class=3D""><br
class=3D""></div><br =
class=3D""><blockquote type=3D"cite"
class=3D""><div class=3D""><div =
class=3D""><br class=3D"">Dummy-2::INFO::2016-07-28<br =
class=3D"">12:49:51,046::OVirtAgentLogic::270::root::Received an =
external command:<br class=3D"">login...<br =
class=3D"">Dummy-2::DEBUG::2016-07-28<br =
class=3D"">12:49:51,047::OVirtAgentLogic::304::root::User log-in =
(credentials =3D<br
class=3D"">'\x00\x00\x00\x04test********\x00')<br =
class=3D"">Dummy-2::INFO::2016-07-28 =
12:49:51,047::CredServer::207::root::The<br class=3D"">following users =
are allowed to connect: [0]<br class=3D"">Dummy-2::DEBUG::2016-07-28 =
12:49:51,047::CredServer::272::root::Token:<br class=3D"">760258<br =
class=3D"">Dummy-2::INFO::2016-07-28 =
12:49:51,047::CredServer::273::root::Opening<br class=3D"">credentials =
channel...<br class=3D"">Dummy-2::INFO::2016-07-28 =
12:49:51,047::CredServer::132::root::Emitting<br class=3D"">user =
authenticated signal (760258).<br
class=3D"">Dummy-2::INFO::2016-07-28<br =
class=3D"">12:49:51,178::CredServer::277::root::Credentials channel was =
closed.<br class=3D""><br
class=3D""></div></div></blockquote><div =
class=3D""><br class=3D""></div><div
class=3D""><br class=3D""></div><div =
class=3D""><br class=3D""></div><br
class=3D""><blockquote type=3D"cite" =
class=3D""><div class=3D""><div
class=3D"">This looks okay. The error is =
on pam side (auth.log):<br class=3D""><br class=3D"">Jul
28 12:49:39 =
desktop64 gdm-ovirtcred]: pam_succeed_if(gdm-<br =
class=3D"">ovirtcred:auth): error retrieving user name: Conversation =
error<br class=3D"">Jul 28 12:49:39 desktop64 gdm-ovirtcred]: =
pam_ovirt_cred(gdm-<br class=3D"">ovirtcred:auth): Failed to acquire =
user's credentials<br class=3D""><br class=3D"">Have
no idea, where it =
fails.<br class=3D"">Would appreciate, if you could help me here a =
bit.<br class=3D"">Thank you.<br class=3D""><br
class=3D""><br =
class=3D"">_______________________________________________<br =
class=3D"">Users mailing list<br class=3D""><a =
href=3D"mailto:Users@ovirt.org"
class=3D"">Users(a)ovirt.org</a><br =
class=3D""><a
href=3D"http://lists.ovirt.org/mailman/listinfo/users" =
class=3D"">http://lists.ovirt.org/mailman/listinfo/users<... =
class=3D""></div></div></blockquote></div><br =
class=3D""></div></div></blockquote></div><br
class=3D""></body></html>=
--Apple-Mail=_1C4D7F46-AE32-42F2-B4FF-982870B65010--
4:11 p.m.
This is a multi-part message in MIME format.
------=_NextPart_000_003F_01D1E8F3.142326C0
Content-Type: text/plain;
charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Thank you for your reply.
Strange, but i do not see any errors in gdm debug log, just this:
http://paste.ubuntu.com/21275558/
I will try installing debian unstable and several ubuntu versions =
tomorrow.
From: Vinzenz Feenstra=20
Sent: Thursday, July 28, 2016 4:18 PM
To: tadas(a)ring.lt=20
Cc: users=20
Subject: Re: [ovirt-users] Debian - based OS and SSO
On Jul 28, 2016, at 3:11 PM, Vinzenz Feenstra <vfeenstr(a)redhat.com> =
wrote:
On Jul 28, 2016, at 11:53 AM, Tadas <tadas(a)ring.lt> wrote:
Hello,
still having issues with ovirt SSO and Debian OS.
Other OSes (Windows/Fedora 24) works just fine.
Some information:
OS: Debian 8.5 (jessie)
I've followed manual on =
https://www.ovirt.org/documentation/how-to/gues
t-agent/install-the-guest-agent-in-debian/ and installed =
ovirt-agent.
I can get info via spice socket on hypervisor side, this means that
agent works fine.
I've compiled pam-ovirt-cred and copied it into /lib/x86_64-linux-
gnu/security/
It should be in /lib/security afaik
I've configured /etc/pamd/gdm-ovirtcred (just copied from working
Fedora 24)
replace in that file all occurences of password-auth with passwd
But still login fails. I can see this in ovirt-agent log file:
It some how fails for me in some cases with this now:
Correction its here:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=3D794064
https://bugs.freedesktop.org/show_bug.cgi?id=3D71525
There=E2=80=99s not much I can do about that though
Dummy-2::INFO::2016-07-28
12:49:51,046::OVirtAgentLogic::270::root::Received an external =
command:
login...
Dummy-2::DEBUG::2016-07-28
12:49:51,047::OVirtAgentLogic::304::root::User log-in (credentials =
=3D
'\x00\x00\x00\x04test********\x00')
Dummy-2::INFO::2016-07-28 12:49:51,047::CredServer::207::root::The
following users are allowed to connect: [0]
Dummy-2::DEBUG::2016-07-28 =
12:49:51,047::CredServer::272::root::Token:
760258
Dummy-2::INFO::2016-07-28 =
12:49:51,047::CredServer::273::root::Opening
credentials channel...
Dummy-2::INFO::2016-07-28 =
12:49:51,047::CredServer::132::root::Emitting
user authenticated signal (760258).
Dummy-2::INFO::2016-07-28
12:49:51,178::CredServer::277::root::Credentials channel was closed.
This looks okay. The error is on pam side (auth.log):
Jul 28 12:49:39 desktop64 gdm-ovirtcred]: pam_succeed_if(gdm-
ovirtcred:auth): error retrieving user name: Conversation error
Jul 28 12:49:39 desktop64 gdm-ovirtcred]: pam_ovirt_cred(gdm-
ovirtcred:auth): Failed to acquire user's credentials
Have no idea, where it fails.
Would appreciate, if you could help me here a bit.
Thank you.
_______________________________________________
Users mailing list
Users(a)ovirt.org
http://lists.ovirt.org/mailman/listinfo/users
------=_NextPart_000_003F_01D1E8F3.142326C0
Content-Type: text/html;
charset="utf-8"
Content-Transfer-Encoding: quoted-printable
<HTML><HEAD>
<META content=3D"text/html charset=3Dutf-8" =
http-equiv=3DContent-Type></HEAD>
<BODY=20
style=3D"WORD-WRAP: break-word; -webkit-nbsp-mode: space; =
-webkit-line-break: after-white-space"=20
dir=3Dltr>
<DIV dir=3Dltr>
<DIV style=3D"FONT-SIZE: 12pt; FONT-FAMILY: 'Calibri'; COLOR:
#000000">
<DIV>Thank you for your reply.</DIV>
<DIV>Strange, but i do not see any errors in gdm debug log, just =
this:</DIV>
<DIV><A title=3Dhttp://paste.ubuntu.com/21275558/=20
href=3D"http://paste.ubuntu.com/21275558/">http://paste.ubun...
58/</A></DIV>
<DIV> </DIV>
<DIV>I will try installing debian unstable and several ubuntu versions=20
tomorrow.</DIV>
<DIV=20
style=3D'FONT-SIZE: small; TEXT-DECORATION: none; FONT-FAMILY: =
"Calibri"; FONT-WEIGHT: normal; COLOR: #000000; FONT-STYLE: normal; =
DISPLAY: inline'>
<DIV style=3D"FONT: 10pt tahoma">
<DIV><FONT size=3D3 face=3DCalibri></FONT> </DIV>
<DIV style=3D"BACKGROUND: #f5f5f5">
<DIV style=3D"font-color: black"><B>From:</B> <A =
title=3Dvfeenstr(a)redhat.com=20
href=3D"mailto:vfeenstr@redhat.com">Vinzenz Feenstra</A> </DIV>
<DIV><B>Sent:</B> Thursday, July 28, 2016 4:18 PM</DIV>
<DIV><B>To:</B> <A title=3Dtadas(a)ring.lt=20
href=3D"mailto:tadas@ring.lt">tadas@ring.lt</A> </DIV>
<DIV><B>Cc:</B> <A title=3Dusers(a)ovirt.org =
href=3D"mailto:users@ovirt.org">users</A>=20
</DIV>
<DIV><B>Subject:</B> Re: [ovirt-users] Debian - based OS and=20
SSO</DIV></DIV></DIV>
<DIV> </DIV></DIV>
<DIV=20
style=3D'FONT-SIZE: small; TEXT-DECORATION: none; FONT-FAMILY: =
"Calibri"; FONT-WEIGHT: normal; COLOR: #000000; FONT-STYLE: normal; =
DISPLAY: inline'>
<DIV> </DIV>
<DIV>
<BLOCKQUOTE type=3D"cite">
<DIV>On Jul 28, 2016, at 3:11 PM, Vinzenz Feenstra <<A=20
href=3D"mailto:vfeenstr@redhat.com">vfeenstr@redhat.com</A>>
=
wrote:</DIV>
<DIV> </DIV>
<DIV>
<DIV=20
style=3D"WORD-WRAP: break-word; -webkit-nbsp-mode: space; =
-webkit-line-break: after-white-space">
<DIV> </DIV>
<DIV>
<BLOCKQUOTE type=3D"cite">
<DIV>On Jul 28, 2016, at 11:53 AM, Tadas <<A=20
href=3D"mailto:tadas@ring.lt">tadas@ring.lt</A>>
wrote:</DIV>
<DIV> </DIV>
<DIV>
<DIV>Hello,<BR>still having issues with ovirt SSO and Debian =
OS.<BR>Other=20
OSes (Windows/Fedora 24) works just fine.<BR>Some =
information:<BR>OS: Debian=20
8.5 (jessie)<BR>I've followed manual on <A=20
=
href=3D"https://www.ovirt.org/documentation/how-to/gues">htt...
t.org/documentation/how-to/gues</A><BR>t-agent/install-the-guest-agent-in=
-debian/=20
and installed ovirt-agent.<BR>I can get info via spice socket on =
hypervisor=20
side, this means that<BR>agent works fine.<BR>I've compiled =
pam-ovirt-cred=20
and copied it into=20
/lib/x86_64-linux-<BR>gnu/security/<BR></DIV></DIV></BLOCKQUOTE>
<DIV> </DIV>
<DIV>It should be in /lib/security afaik</DIV><BR>
<BLOCKQUOTE type=3D"cite">
<DIV>
<DIV>I've configured /etc/pamd/gdm-ovirtcred (just copied from=20
working<BR>Fedora 24)<BR></DIV></DIV></BLOCKQUOTE>
<DIV> </DIV>
<DIV>replace in that file all occurences of password-auth with =
passwd</DIV>
<DIV> </DIV><BR>
<BLOCKQUOTE type=3D"cite">
<DIV>
<DIV><BR>But still login fails. I can see this in ovirt-agent log=20
file:<BR></DIV></DIV></BLOCKQUOTE>
<DIV> </DIV>
<DIV>It some how fails for me in some cases with this now:</DIV>
<DIV> </DIV></DIV></DIV></DIV></BLOCKQUOTE>
<DIV> </DIV>
<DIV>Correction its here:</DIV>
<DIV><A=20
href=3D"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=3D794064&q...
://bugs.debian.org/cgi-bin/bugreport.cgi?bug=3D794064</A></DIV><BR>
<BLOCKQUOTE type=3D"cite">
<DIV>
<DIV=20
style=3D"WORD-WRAP: break-word; -webkit-nbsp-mode: space; =
-webkit-line-break: after-white-space">
<DIV>
<DIV><A=20
=
href=3D"https://bugs.freedesktop.org/show_bug.cgi?id=3D71525"&g...
s.freedesktop.org/show_bug.cgi?id=3D71525</A></DIV>
<DIV> </DIV>
<DIV>There=E2=80=99s not much I can do about that though</DIV>
<DIV> </DIV>
<DIV> </DIV><BR>
<BLOCKQUOTE type=3D"cite">
<DIV>
=
<DIV><BR>Dummy-2::INFO::2016-07-28<BR>12:49:51,046::OVirtAgentLogic::270:=
:root::Received=20
an external=20
=
command:<BR>login...<BR>Dummy-2::DEBUG::2016-07-28<BR>12:49:51,047::OVirt=
AgentLogic::304::root::User=20
log-in (credentials=20
=
=3D<BR>'\x00\x00\x00\x04test********\x00')<BR>Dummy-2::INFO::2016-07-28=20
12:49:51,047::CredServer::207::root::The<BR>following users are =
allowed to=20
connect: [0]<BR>Dummy-2::DEBUG::2016-07-28=20
=
12:49:51,047::CredServer::272::root::Token:<BR>760258<BR>Dummy-2::INFO::2=
016-07-28=20
12:49:51,047::CredServer::273::root::Opening<BR>credentials=20
channel...<BR>Dummy-2::INFO::2016-07-28=20
12:49:51,047::CredServer::132::root::Emitting<BR>user authenticated =
signal=20
=
(760258).<BR>Dummy-2::INFO::2016-07-28<BR>12:49:51,178::CredServer::277::=
root::Credentials=20
channel was closed.<BR><BR></DIV></DIV></BLOCKQUOTE>
<DIV> </DIV>
<DIV> </DIV>
<DIV> </DIV><BR>
<BLOCKQUOTE type=3D"cite">
<DIV>
<DIV>This looks okay. The error is on pam side =
(auth.log):<BR><BR>Jul 28=20
12:49:39 desktop64 gdm-ovirtcred]: =
pam_succeed_if(gdm-<BR>ovirtcred:auth):=20
error retrieving user name: Conversation error<BR>Jul 28 12:49:39 =
desktop64=20
gdm-ovirtcred]: pam_ovirt_cred(gdm-<BR>ovirtcred:auth): Failed to =
acquire=20
user's credentials<BR><BR>Have no idea, where it fails.<BR>Would
=
appreciate,=20
if you could help me here a bit.<BR>Thank=20
=
you.<BR><BR><BR>_______________________________________________<BR>Users
=
mailing list<BR><A =
href=3D"mailto:Users@ovirt.org">Users@ovirt.org</A><BR><A=20
=
href=3D"http://lists.ovirt.org/mailman/listinfo/users">http:...
.org/mailman/listinfo/users</A><BR></DIV></DIV></BLOCKQUOTE></DIV>
<DIV> </DIV></DIV></DIV></BLOCKQUOTE></DIV>
<DIV> </DIV></DIV></DIV></DIV></BODY></HTML>
------=_NextPart_000_003F_01D1E8F3.142326C0--
9:37 a.m.
--Apple-Mail=_1668A509-16B9-47BA-9581-15BE2CE95452
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
charset=utf-8
On Jul 28, 2016, at 4:11 PM, Tadas <tadas(a)ring.lt> wrote:
=20
Thank you for your reply.
Strange, but i do not see any errors in gdm debug log, just this:
http://paste.ubuntu.com/21275558/ <http://paste.ubuntu.com/21275558/>
Well if
it works for you, the better. It didn=E2=80=99t work for me =
though
=20
I will try installing debian unstable and several ubuntu versions =
tomorrow.
=20
From: Vinzenz Feenstra <mailto:vfeenstr@redhat.com>
Sent: Thursday, July 28, 2016 4:18 PM
To: tadas(a)ring.lt <mailto:tadas@ring.lt>
Cc: users <mailto:users@ovirt.org>
Subject: Re: [ovirt-users] Debian - based OS and SSO
=20
=20
> On Jul 28, 2016, at 3:11 PM, Vinzenz Feenstra <vfeenstr(a)redhat.com =
<mailto:vfeenstr@redhat.com>> wrote:
> =20
> =20
>> On Jul 28, 2016, at 11:53 AM, Tadas <tadas(a)ring.lt =
<mailto:tadas@ring.lt>> wrote:
>> =20
>> Hello,
>> still having issues with ovirt SSO and Debian OS.
>> Other OSes (Windows/Fedora 24) works just fine.
>> Some information:
>> OS: Debian 8.5 (jessie)
>> I've followed manual on =
https://www.ovirt.org/documentation/how-to/gues =
<https://www.ovirt.org/documentation/how-to/gues>
>> t-agent/install-the-guest-agent-in-debian/ and installed =
ovirt-agent.
>> I can get info via spice socket on hypervisor side, this
means that
>> agent works fine.
>> I've compiled pam-ovirt-cred and copied it into /lib/x86_64-linux-
>> gnu/security/
> =20
> It should be in /lib/security afaik
>=20
>> I've configured /etc/pamd/gdm-ovirtcred (just copied from working
>> Fedora 24)
> =20
> replace in that file all occurences of password-auth with passwd
> =20
>=20
>>=20
>> But still login fails. I can see this in ovirt-agent log file:
> =20
> It some how fails for me in some cases with this now:
> =20
=20
Correction its here:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=3D794064 =
<https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=3D794064>
<https://bugs.freedesktop.org/show_bug.cgi?id=3D71525>
> =20
> There=E2=80=99s not much I can do about that though
> =20
> =20
>=20
>>=20
>> Dummy-2::INFO::2016-07-28
>> 12:49:51,046::OVirtAgentLogic::270::root::Received an external =
command:
>> login...
>> Dummy-2::DEBUG::2016-07-28
>> 12:49:51,047::OVirtAgentLogic::304::root::User log-in (credentials =3D=
>> '\x00\x00\x00\x04test********\x00')
>> Dummy-2::INFO::2016-07-28 12:49:51,047::CredServer::207::root::The
>> following users are allowed to connect: [0]
>> Dummy-2::DEBUG::2016-07-28 =
12:49:51,047::CredServer::272::root::Token:
>> 760258
>> Dummy-2::INFO::2016-07-28 =
12:49:51,047::CredServer::273::root::Opening
>> credentials channel...
>> Dummy-2::INFO::2016-07-28 =
12:49:51,047::CredServer::132::root::Emitting
>> user authenticated signal (760258).
>> Dummy-2::INFO::2016-07-28
>> 12:49:51,178::CredServer::277::root::Credentials channel was closed.
>>=20
> =20
> =20
> =20
>=20
>> This looks okay. The error is on pam side (auth.log):
>>=20
>> Jul 28 12:49:39 desktop64 gdm-ovirtcred]: pam_succeed_if(gdm-
>> ovirtcred:auth): error retrieving user name: Conversation error
>> Jul 28 12:49:39 desktop64 gdm-ovirtcred]: pam_ovirt_cred(gdm-
>> ovirtcred:auth): Failed to acquire user's credentials
>>=20
>> Have no idea, where it fails.
>> Would appreciate, if you could help me here a bit.
>> Thank you.
>>=20
>>=20
>> _______________________________________________
>> Users mailing list
>> Users(a)ovirt.org <mailto:Users@ovirt.org>
>> http://lists.ovirt.org/mailman/listinfo/users =
<http://lists.ovirt.org/mailman/listinfo/users>
>=20
> =20
=20
=20
_______________________________________________
Users mailing list
Users(a)ovirt.org
http://lists.ovirt.org/mailman/listinfo/users
--Apple-Mail=_1668A509-16B9-47BA-9581-15BE2CE95452
Content-Transfer-Encoding: quoted-printable
Content-Type: text/html;
charset=utf-8
<html><head><meta http-equiv=3D"Content-Type"
content=3D"text/html =
charset=3Dutf-8"></head><body style=3D"word-wrap: break-word; =
-webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" =
class=3D""><br class=3D""><div><blockquote
type=3D"cite" class=3D""><div =
class=3D"">On Jul 28, 2016, at 4:11 PM, Tadas <<a =
href=3D"mailto:tadas@ring.lt"
class=3D"">tadas(a)ring.lt</a>&gt; =
wrote:</div><br class=3D"Apple-interchange-newline"><div
class=3D"">
<meta content=3D"text/html charset=3Dutf-8"
http-equiv=3D"Content-Type" =
class=3D"">
<div style=3D"WORD-WRAP: break-word; -webkit-nbsp-mode: space; =
-webkit-line-break: after-white-space" dir=3D"ltr"
class=3D"">
<div dir=3D"ltr" class=3D"">
<div style=3D"font-size: 12pt; font-family: Calibri;"
class=3D"">
<div class=3D"">Thank you for your reply.</div>
<div class=3D"">Strange, but i do not see any errors in gdm debug log, =
just this:</div>
<div class=3D""><a href=3D"http://paste.ubuntu.com/21275558/"
=
class=3D"">http://paste.ubuntu.com/21275558/</a></d...
div></blockquote><div><br
class=3D""></div><div>Well if it works for =
you, the better. It didn=E2=80=99t work for me though</div><div><br =
class=3D""></div><br class=3D""><blockquote
type=3D"cite" class=3D""><div =
class=3D""><div style=3D"WORD-WRAP: break-word; -webkit-nbsp-mode: =
space; -webkit-line-break: after-white-space" dir=3D"ltr"
class=3D""><div =
dir=3D"ltr" class=3D""><div style=3D"font-size: 12pt;
font-family: =
Calibri;" class=3D"">
<div class=3D""> </div>
<div class=3D"">I will try installing debian unstable and several ubuntu
=
versions=20
tomorrow.</div>
<div style=3D"font-size: small; text-decoration: none; font-family: =
Calibri; font-weight: normal; font-style: normal; display: inline;" =
class=3D"">
<div style=3D"FONT: 10pt tahoma" class=3D"">
<div class=3D""><font size=3D"3" face=3D"Calibri"
=
class=3D""></font> </div>
<div style=3D"BACKGROUND: #f5f5f5" class=3D"">
<div style=3D"font-color: black" class=3D""><b
class=3D"">From:</b> <a =
title=3D"vfeenstr(a)redhat.com" href=3D"mailto:vfeenstr@redhat.com" =
class=3D"">Vinzenz Feenstra</a> </div>
<div class=3D""><b class=3D"">Sent:</b> Thursday,
July 28, 2016 4:18 =
PM</div>
<div class=3D""><b class=3D"">To:</b> <a
title=3D"tadas(a)ring.lt" =
href=3D"mailto:tadas@ring.lt" class=3D"">tadas(a)ring.lt</a>
</div>
<div class=3D""><b class=3D"">Cc:</b> <a
title=3D"users(a)ovirt.org" =
href=3D"mailto:users@ovirt.org" class=3D"">users</a>=20
</div>
<div class=3D""><b class=3D"">Subject:</b> Re:
[ovirt-users] Debian - =
based OS and=20
SSO</div></div></div>
<div class=3D""> </div></div>
<div style=3D"font-size: small; text-decoration: none; font-family: =
Calibri; font-weight: normal; font-style: normal; display: inline;" =
class=3D"">
<div class=3D""> </div>
<div class=3D"">
<blockquote type=3D"cite" class=3D"">
<div class=3D"">On Jul 28, 2016, at 3:11 PM, Vinzenz Feenstra
<<a =
href=3D"mailto:vfeenstr@redhat.com"
class=3D"">vfeenstr(a)redhat.com</a>&gt;=
wrote:</div>
<div class=3D""> </div>
<div class=3D"">
<div style=3D"WORD-WRAP: break-word; -webkit-nbsp-mode: space; =
-webkit-line-break: after-white-space" class=3D"">
<div class=3D""> </div>
<div class=3D"">
<blockquote type=3D"cite" class=3D"">
<div class=3D"">On Jul 28, 2016, at 11:53 AM, Tadas <<a =
href=3D"mailto:tadas@ring.lt"
class=3D"">tadas(a)ring.lt</a>&gt; =
wrote:</div>
<div class=3D""> </div>
<div class=3D"">
<div class=3D"">Hello,<br class=3D"">still having
issues with ovirt =
SSO and Debian OS.<br class=3D"">Other=20
OSes (Windows/Fedora 24) works just fine.<br class=3D"">Some =
information:<br class=3D"">OS: Debian=20
8.5 (jessie)<br class=3D"">I've followed manual on <a =
href=3D"https://www.ovirt.org/documentation/how-to/gues" =
class=3D"">https://www.ovirt.org/documentation/how-to/gues&l... =
class=3D"">t-agent/install-the-guest-agent-in-debian/=20
and installed ovirt-agent.<br class=3D"">I can get info via spice =
socket on hypervisor=20
side, this means that<br class=3D"">agent works fine.<br =
class=3D"">I've compiled pam-ovirt-cred=20
and copied it into=20
/lib/x86_64-linux-<br class=3D"">gnu/security/<br =
class=3D""></div></div></blockquote>
<div class=3D""> </div>
<div class=3D"">It should be in /lib/security afaik</div><br
class=3D"">=
<blockquote type=3D"cite" class=3D"">
<div class=3D"">
<div class=3D"">I've configured /etc/pamd/gdm-ovirtcred (just
copied =
from=20
working<br class=3D"">Fedora 24)<br =
class=3D""></div></div></blockquote>
<div class=3D""> </div>
<div class=3D"">replace in that file all occurences of password-auth =
with passwd</div>
<div class=3D""> </div><br class=3D"">
<blockquote type=3D"cite" class=3D"">
<div class=3D"">
<div class=3D""><br class=3D"">But still login fails.
I can see this =
in ovirt-agent log=20
file:<br class=3D""></div></div></blockquote>
<div class=3D""> </div>
<div class=3D"">It some how fails for me in some cases with this =
now:</div>
<div
class=3D""> </div></div></div></div></blockquote>
<div class=3D""> </div>
<div class=3D"">Correction its here:</div>
<div class=3D""><a =
href=3D"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=3D794064&q... =
class=3D"">https://bugs.debian.org/cgi-bin/bugreport.cgi?bug...
/div><br class=3D"">
<blockquote type=3D"cite" class=3D"">
<div class=3D"">
<div style=3D"WORD-WRAP: break-word; -webkit-nbsp-mode: space; =
-webkit-line-break: after-white-space" class=3D"">
<div class=3D"">
<div class=3D""><a =
href=3D"https://bugs.freedesktop.org/show_bug.cgi?id=3D71525" =
class=3D"">https://bugs.freedesktop.org/show_bug.cgi?id=3D71...
<div class=3D""> </div>
<div class=3D"">There=E2=80=99s not much I can do about that =
though</div>
<div class=3D""> </div>
<div class=3D""> </div><br class=3D"">
<blockquote type=3D"cite" class=3D"">
<div class=3D"">
<div class=3D""><br
class=3D"">Dummy-2::INFO::2016-07-28<br =
class=3D"">12:49:51,046::OVirtAgentLogic::270::root::Received=20
an external=20
command:<br class=3D"">login...<br =
class=3D"">Dummy-2::DEBUG::2016-07-28<br =
class=3D"">12:49:51,047::OVirtAgentLogic::304::root::User=20
log-in (credentials=20
=3D<br class=3D"">'\x00\x00\x00\x04test********\x00')<br =
class=3D"">Dummy-2::INFO::2016-07-28=20
12:49:51,047::CredServer::207::root::The<br class=3D"">following =
users are allowed to=20
connect: [0]<br class=3D"">Dummy-2::DEBUG::2016-07-28=20
12:49:51,047::CredServer::272::root::Token:<br class=3D"">760258<br
=
class=3D"">Dummy-2::INFO::2016-07-28=20
12:49:51,047::CredServer::273::root::Opening<br
class=3D"">credentials=
=20
channel...<br class=3D"">Dummy-2::INFO::2016-07-28=20
12:49:51,047::CredServer::132::root::Emitting<br class=3D"">user =
authenticated signal=20
(760258).<br class=3D"">Dummy-2::INFO::2016-07-28<br =
class=3D"">12:49:51,178::CredServer::277::root::Credentials=20
channel was closed.<br class=3D""><br =
class=3D""></div></div></blockquote>
<div class=3D""> </div>
<div class=3D""> </div>
<div class=3D""> </div><br class=3D"">
<blockquote type=3D"cite" class=3D"">
<div class=3D"">
<div class=3D"">This looks okay. The error is on pam side =
(auth.log):<br class=3D""><br class=3D"">Jul 28=20
12:49:39 desktop64 gdm-ovirtcred]: pam_succeed_if(gdm-<br =
class=3D"">ovirtcred:auth):=20
error retrieving user name: Conversation error<br class=3D"">Jul 28 =
12:49:39 desktop64=20
gdm-ovirtcred]: pam_ovirt_cred(gdm-<br class=3D"">ovirtcred:auth): =
Failed to acquire=20
user's credentials<br class=3D""><br
class=3D"">Have no idea, where =
it fails.<br class=3D"">Would appreciate,=20
if you could help me here a bit.<br class=3D"">Thank=20
you.<br class=3D""><br class=3D""><br =
class=3D"">_______________________________________________<br =
class=3D"">Users=20
mailing list<br class=3D""><a
href=3D"mailto:Users@ovirt.org" =
class=3D"">Users(a)ovirt.org</a><br class=3D""><a =
href=3D"http://lists.ovirt.org/mailman/listinfo/users" =
class=3D"">http://lists.ovirt.org/mailman/listinfo/users<... =
class=3D""></div></div></blockquote></div>
<div
class=3D""> </div></div></div></blockquote></div>
<div
class=3D""> </div></div></div></div></div>
_______________________________________________<br class=3D"">Users =
mailing list<br class=3D""><a href=3D"mailto:Users@ovirt.org"
=
class=3D"">Users(a)ovirt.org</a><br =
class=3D"">http://lists.ovirt.org/mailman/listinfo/users<br =
class=3D""></div></blockquote></div><br
class=3D""></body></html>=
--Apple-Mail=_1668A509-16B9-47BA-9581-15BE2CE95452--
12:13 p.m.
Yes, it seems that authentication does not work in any of debian
releases. Oh well.
On Fri, 2016-07-29 at 09:37 +0200, Vinzenz Feenstra wrote:
> On Jul 28, 2016, at 4:11 PM, Tadas <tadas(a)ring.lt> wrote:
>
> Thank you for your reply.
> Strange, but i do not see any errors in gdm debug log, just this:
> http://paste.ubuntu.com/21275558/
Well if it works for you, the better. It didn’t work for me though
>
> I will try installing debian unstable and several ubuntu versions
> tomorrow.
>
> From: Vinzenz Feenstra
> Sent: Thursday, July 28, 2016 4:18 PM
> To: tadas(a)ring.lt
> Cc: users
> Subject: Re: [ovirt-users] Debian - based OS and SSO
>
>
> > On Jul 28, 2016, at 3:11 PM, Vinzenz Feenstra <vfeenstr(a)redhat.co
> > m> wrote:
> >
> >
> > > On Jul 28, 2016, at 11:53 AM, Tadas <tadas(a)ring.lt> wrote:
> > >
> > > Hello,
> > > still having issues with ovirt SSO and Debian OS.
> > > Other OSes (Windows/Fedora 24) works just fine.
> > > Some information:
> > > OS: Debian 8.5 (jessie)
> > > I've followed manual on https://www.ovirt.org/documentation/how
> > > -to/gues
> > > t-agent/install-the-guest-agent-in-debian/ and installed ovirt-
> > > agent.
> > > I can get info via spice socket on hypervisor side, this means
> > > that
> > > agent works fine.
> > > I've compiled pam-ovirt-cred and copied it into /lib/x86_64-
> > > linux-
> > > gnu/security/
> >
> > It should be in /lib/security afaik
> >
> > > I've configured /etc/pamd/gdm-ovirtcred (just copied from
> > > working
> > > Fedora 24)
> >
> > replace in that file all occurences of password-auth with passwd
> >
> >
> > >
> > > But still login fails. I can see this in ovirt-agent log file:
> >
> > It some how fails for me in some cases with this now:
> >
>
> Correction its here:
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=794064
>
> > https://bugs.freedesktop.org/show_bug.cgi?id=71525
> >
> > There’s not much I can do about that though
> >
> >
> >
> > >
> > > Dummy-2::INFO::2016-07-28
> > > 12:49:51,046::OVirtAgentLogic::270::root::Received an external
> > > command:
> > > login...
> > > Dummy-2::DEBUG::2016-07-28
> > > 12:49:51,047::OVirtAgentLogic::304::root::User log-in
> > > (credentials =
> > > '\x00\x00\x00\x04test********\x00')
> > > Dummy-2::INFO::2016-07-28
> > > 12:49:51,047::CredServer::207::root::The
> > > following users are allowed to connect: [0]
> > > Dummy-2::DEBUG::2016-07-28
> > > 12:49:51,047::CredServer::272::root::Token:
> > > 760258
> > > Dummy-2::INFO::2016-07-28
> > > 12:49:51,047::CredServer::273::root::Opening
> > > credentials channel...
> > > Dummy-2::INFO::2016-07-28
> > > 12:49:51,047::CredServer::132::root::Emitting
> > > user authenticated signal (760258).
> > > Dummy-2::INFO::2016-07-28
> > > 12:49:51,178::CredServer::277::root::Credentials channel was
> > > closed.
> > >
> >
> >
> >
> >
> > > This looks okay. The error is on pam side (auth.log):
> > >
> > > Jul 28 12:49:39 desktop64 gdm-ovirtcred]: pam_succeed_if(gdm-
> > > ovirtcred:auth): error retrieving user name: Conversation error
> > > Jul 28 12:49:39 desktop64 gdm-ovirtcred]: pam_ovirt_cred(gdm-
> > > ovirtcred:auth): Failed to acquire user's credentials
> > >
> > > Have no idea, where it fails.
> > > Would appreciate, if you could help me here a bit.
> > > Thank you.
> > >
> > >
> > > _______________________________________________
> > > Users mailing list
> > > Users(a)ovirt.org
> > > http://lists.ovirt.org/mailman/listinfo/users
> >
>
> _______________________________________________
> Users mailing list
> Users(a)ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
12:35 p.m.
There's another interesting error thrown out from ovirt-guest agent,
when you try to login:
Jul 29 13:30:24 jessie python[1969]: Exception in thread CredChannel:
Ju
l 29 13:30:24 jessie python[1969]: Traceback (most recent call last):
Ju
l 29 13:30:24 jessie python[1969]: File
"/usr/lib/python2.7/threading.py", line 801, in __bootstrap_inner
Jul 29
13:30:24 jessie python[1969]: self.run()
Jul 29 13:30:24 jessie
python[1969]: File "/usr/share/ovirt-guest-agent/CredServer.py", line
217, in run
Jul 29 13:30:24 jessie python[1969]: cred =
self._read_cred(conn)
Jul 29 13:30:24 jessie python[1969]: File
"/usr/share/ovirt-guest-agent/CredServer.py", line 146, in _read_cred
Ju
l 29 13:30:24 jessie
python[1969]: conn.setsockopt(socket.SOL_SOCKET,
socket.SO_PASSCRED, 1)
Jul 29 13:30:24 jessie python[1969]:
AttributeError: 'module' object has no attribute 'SO_PASSCRED'
On Fri, 2016-07-29 at 13:13 +0300, Tadas wrote:
Yes, it seems that authentication does not work in any of debian
releases. Oh well.
On Fri, 2016-07-29 at 09:37 +0200, Vinzenz Feenstra wrote:
>
>
> >
> > On Jul 28, 2016, at 4:11 PM, Tadas <tadas(a)ring.lt> wrote:
> >
> > Thank you for your reply.
> > Strange, but i do not see any errors in gdm debug log, just this:
> > http://paste.ubuntu.com/21275558/
>
> Well if it works for you, the better. It didn’t work for me though
>
>
> >
> >
> > I will try installing debian unstable and several ubuntu versions
> > tomorrow.
> >
> > From: Vinzenz Feenstra
> > Sent: Thursday, July 28, 2016 4:18 PM
> > To: tadas(a)ring.lt
> > Cc: users
> > Subject: Re: [ovirt-users] Debian - based OS and SSO
> >
> >
> > >
> > > On Jul 28, 2016, at 3:11 PM, Vinzenz Feenstra <vfeenstr@redhat.
> > > co
> > > m> wrote:
> > >
> > >
> > > >
> > > > On Jul 28, 2016, at 11:53 AM, Tadas <tadas(a)ring.lt> wrote:
> > > >
> > > > Hello,
> > > > still having issues with ovirt SSO and Debian OS.
> > > > Other OSes (Windows/Fedora 24) works just fine.
> > > > Some information:
> > > > OS: Debian 8.5 (jessie)
> > > > I've followed manual on https://www.ovirt.org/documentation/h
> > > > ow
> > > > -to/gues
> > > > t-agent/install-the-guest-agent-in-debian/ and installed
> > > > ovirt-
> > > > agent.
> > > > I can get info via spice socket on hypervisor side, this
> > > > means
> > > > that
> > > > agent works fine.
> > > > I've compiled pam-ovirt-cred and copied it into /lib/x86_64-
> > > > linux-
> > > > gnu/security/
> > >
> > > It should be in /lib/security afaik
> > >
> > > >
> > > > I've configured /etc/pamd/gdm-ovirtcred (just copied from
> > > > working
> > > > Fedora 24)
> > >
> > > replace in that file all occurences of password-auth with
> > > passwd
> > >
> > >
> > > >
> > > >
> > > > But still login fails. I can see this in ovirt-agent log
> > > > file:
> > >
> > > It some how fails for me in some cases with this now:
> > >
> >
> > Correction its here:
> > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=794064
> >
> > >
> > > https://bugs.freedesktop.org/show_bug.cgi?id=71525
> > >
> > > There’s not much I can do about that though
> > >
> > >
> > >
> > > >
> > > >
> > > > Dummy-2::INFO::2016-07-28
> > > > 12:49:51,046::OVirtAgentLogic::270::root::Received an
> > > > external
> > > > command:
> > > > login...
> > > > Dummy-2::DEBUG::2016-07-28
> > > > 12:49:51,047::OVirtAgentLogic::304::root::User log-in
> > > > (credentials =
> > > > '\x00\x00\x00\x04test********\x00')
> > > > Dummy-2::INFO::2016-07-28
> > > > 12:49:51,047::CredServer::207::root::The
> > > > following users are allowed to connect: [0]
> > > > Dummy-2::DEBUG::2016-07-28
> > > > 12:49:51,047::CredServer::272::root::Token:
> > > > 760258
> > > > Dummy-2::INFO::2016-07-28
> > > > 12:49:51,047::CredServer::273::root::Opening
> > > > credentials channel...
> > > > Dummy-2::INFO::2016-07-28
> > > > 12:49:51,047::CredServer::132::root::Emitting
> > > > user authenticated signal (760258).
> > > > Dummy-2::INFO::2016-07-28
> > > > 12:49:51,178::CredServer::277::root::Credentials channel was
> > > > closed.
> > > >
> > >
> > >
> > >
> > >
> > > >
> > > > This looks okay. The error is on pam side (auth.log):
> > > >
> > > > Jul 28 12:49:39 desktop64 gdm-ovirtcred]: pam_succeed_if(gdm-
> > > > ovirtcred:auth): error retrieving user name: Conversation
> > > > error
> > > > Jul 28 12:49:39 desktop64 gdm-ovirtcred]: pam_ovirt_cred(gdm-
> > > > ovirtcred:auth): Failed to acquire user's credentials
> > > >
> > > > Have no idea, where it fails.
> > > > Would appreciate, if you could help me here a bit.
> > > > Thank you.
> > > >
> > > >
> > > > _______________________________________________
> > > > Users mailing list
> > > > Users(a)ovirt.org
> > > > http://lists.ovirt.org/mailman/listinfo/users
> > >
> >
> > _______________________________________________
> > Users mailing list
> > Users(a)ovirt.org
> > http://lists.ovirt.org/mailman/listinfo/users
>
_______________________________________________
Users mailing list
Users(a)ovirt.org
http://lists.ovirt.org/mailman/listinfo/users
1:20 p.m.
As far as I understand, there's something really wrong with credential
check on Debian distribution. ovirt-agent fails to set PASSCRED flag on
socket and thus throws exception. If i try to catch it, it fails
silently and agent is unable to get credentials from pam module via
socket. So it fails credential check.
If I comment out credential validation segment in CredServer.py,
authentication seems to pass, gdm3 tries to load user profile and then
crashes:
http://paste.ubuntu.com/21391057/
On Fri, 2016-07-29 at 13:35 +0300, Tadas wrote:
There's another interesting error thrown out from ovirt-guest
agent,
when you try to login:
Jul 29 13:30:24 jessie python[1969]: Exception in thread CredChannel:
Ju
l 29 13:30:24 jessie python[1969]: Traceback (most recent call last):
Ju
l 29 13:30:24 jessie python[1969]: File
"/usr/lib/python2.7/threading.py", line 801, in __bootstrap_inner
Jul 29
13:30:24 jessie python[1969]: self.run()
Jul 29 13:30:24 jessie
python[1969]: File "/usr/share/ovirt-guest-agent/CredServer.py",
line
217, in run
Jul 29 13:30:24 jessie python[1969]: cred =
self._read_cred(conn)
Jul 29 13:30:24 jessie python[1969]: File
"/usr/share/ovirt-guest-agent/CredServer.py", line 146, in _read_cred
Ju
l 29 13:30:24 jessie
python[1969]: conn.setsockopt(socket.SOL_SOCKET,
socket.SO_PASSCRED, 1)
Jul 29 13:30:24 jessie python[1969]:
AttributeError: 'module' object has no attribute 'SO_PASSCRED'
On Fri, 2016-07-29 at 13:13 +0300, Tadas wrote:
>
> Yes, it seems that authentication does not work in any of debian
> releases. Oh well.
> On Fri, 2016-07-29 at 09:37 +0200, Vinzenz Feenstra wrote:
> >
> >
> >
> > >
> > >
> > > On Jul 28, 2016, at 4:11 PM, Tadas <tadas(a)ring.lt> wrote:
> > >
> > > Thank you for your reply.
> > > Strange, but i do not see any errors in gdm debug log, just
> > > this:
> > > http://paste.ubuntu.com/21275558/
> >
> > Well if it works for you, the better. It didn’t work for me
> > though
> >
> >
> > >
> > >
> > >
> > > I will try installing debian unstable and several ubuntu
> > > versions
> > > tomorrow.
> > >
> > > From: Vinzenz Feenstra
> > > Sent: Thursday, July 28, 2016 4:18 PM
> > > To: tadas(a)ring.lt
> > > Cc: users
> > > Subject: Re: [ovirt-users] Debian - based OS and SSO
> > >
> > >
> > > >
> > > >
> > > > On Jul 28, 2016, at 3:11 PM, Vinzenz Feenstra <vfeenstr@redha
> > > > t.
> > > > co
> > > > m> wrote:
> > > >
> > > >
> > > > >
> > > > >
> > > > > On Jul 28, 2016, at 11:53 AM, Tadas <tadas(a)ring.lt>
wrote:
> > > > >
> > > > > Hello,
> > > > > still having issues with ovirt SSO and Debian OS.
> > > > > Other OSes (Windows/Fedora 24) works just fine.
> > > > > Some information:
> > > > > OS: Debian 8.5 (jessie)
> > > > > I've followed manual on https://www.ovirt.org/documentation
> > > > > /h
> > > > > ow
> > > > > -to/gues
> > > > > t-agent/install-the-guest-agent-in-debian/ and installed
> > > > > ovirt-
> > > > > agent.
> > > > > I can get info via spice socket on hypervisor side, this
> > > > > means
> > > > > that
> > > > > agent works fine.
> > > > > I've compiled pam-ovirt-cred and copied it into
> > > > > /lib/x86_64-
> > > > > linux-
> > > > > gnu/security/
> > > >
> > > > It should be in /lib/security afaik
> > > >
> > > > >
> > > > >
> > > > > I've configured /etc/pamd/gdm-ovirtcred (just copied from
> > > > > working
> > > > > Fedora 24)
> > > >
> > > > replace in that file all occurences of password-auth with
> > > > passwd
> > > >
> > > >
> > > > >
> > > > >
> > > > >
> > > > > But still login fails. I can see this in ovirt-agent log
> > > > > file:
> > > >
> > > > It some how fails for me in some cases with this now:
> > > >
> > >
> > > Correction its here:
> > > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=794064
> > >
> > > >
> > > >
> > > > https://bugs.freedesktop.org/show_bug.cgi?id=71525
> > > >
> > > > There’s not much I can do about that though
> > > >
> > > >
> > > >
> > > > >
> > > > >
> > > > >
> > > > > Dummy-2::INFO::2016-07-28
> > > > > 12:49:51,046::OVirtAgentLogic::270::root::Received an
> > > > > external
> > > > > command:
> > > > > login...
> > > > > Dummy-2::DEBUG::2016-07-28
> > > > > 12:49:51,047::OVirtAgentLogic::304::root::User log-in
> > > > > (credentials =
> > > > > '\x00\x00\x00\x04test********\x00')
> > > > > Dummy-2::INFO::2016-07-28
> > > > > 12:49:51,047::CredServer::207::root::The
> > > > > following users are allowed to connect: [0]
> > > > > Dummy-2::DEBUG::2016-07-28
> > > > > 12:49:51,047::CredServer::272::root::Token:
> > > > > 760258
> > > > > Dummy-2::INFO::2016-07-28
> > > > > 12:49:51,047::CredServer::273::root::Opening
> > > > > credentials channel...
> > > > > Dummy-2::INFO::2016-07-28
> > > > > 12:49:51,047::CredServer::132::root::Emitting
> > > > > user authenticated signal (760258).
> > > > > Dummy-2::INFO::2016-07-28
> > > > > 12:49:51,178::CredServer::277::root::Credentials channel
> > > > > was
> > > > > closed.
> > > > >
> > > >
> > > >
> > > >
> > > >
> > > > >
> > > > >
> > > > > This looks okay. The error is on pam side (auth.log):
> > > > >
> > > > > Jul 28 12:49:39 desktop64 gdm-ovirtcred]:
> > > > > pam_succeed_if(gdm-
> > > > > ovirtcred:auth): error retrieving user name: Conversation
> > > > > error
> > > > > Jul 28 12:49:39 desktop64 gdm-ovirtcred]:
> > > > > pam_ovirt_cred(gdm-
> > > > > ovirtcred:auth): Failed to acquire user's credentials
> > > > >
> > > > > Have no idea, where it fails.
> > > > > Would appreciate, if you could help me here a bit.
> > > > > Thank you.
> > > > >
> > > > >
> > > > > _______________________________________________
> > > > > Users mailing list
> > > > > Users(a)ovirt.org
> > > > > http://lists.ovirt.org/mailman/listinfo/users
> > > >
> > >
> > > _______________________________________________
> > > Users mailing list
> > > Users(a)ovirt.org
> > > http://lists.ovirt.org/mailman/listinfo/users
> >
> _______________________________________________
> Users mailing list
> Users(a)ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
_______________________________________________
Users mailing list
Users(a)ovirt.org
http://lists.ovirt.org/mailman/listinfo/users
3044
days inactive
3045
days old
7 comments
2 participants
participants (2)
-
Tadas -
Vinzenz Feenstra