Debian - based OS and SSO
Hello, still having issues with ovirt SSO and Debian OS. Other OSes (Windows/Fedora 24) works just fine. Some information: OS: Debian 8.5 (jessie) I've followed manual on https://www.ovirt.org/documentation/how-to/gues t-agent/install-the-guest-agent-in-debian/ and installed ovirt-agent. I can get info via spice socket on hypervisor side, this means that agent works fine. I've compiled pam-ovirt-cred and copied it into /lib/x86_64-linux- gnu/security/ I've configured /etc/pamd/gdm-ovirtcred (just copied from working Fedora 24) But still login fails. I can see this in ovirt-agent log file: Dummy-2::INFO::2016-07-28 12:49:51,046::OVirtAgentLogic::270::root::Received an external command: login... Dummy-2::DEBUG::2016-07-28 12:49:51,047::OVirtAgentLogic::304::root::User log-in (credentials = '\x00\x00\x00\x04test********\x00') Dummy-2::INFO::2016-07-28 12:49:51,047::CredServer::207::root::The following users are allowed to connect: [0] Dummy-2::DEBUG::2016-07-28 12:49:51,047::CredServer::272::root::Token: 760258 Dummy-2::INFO::2016-07-28 12:49:51,047::CredServer::273::root::Opening credentials channel... Dummy-2::INFO::2016-07-28 12:49:51,047::CredServer::132::root::Emitting user authenticated signal (760258). Dummy-2::INFO::2016-07-28 12:49:51,178::CredServer::277::root::Credentials channel was closed. This looks okay. The error is on pam side (auth.log): Jul 28 12:49:39 desktop64 gdm-ovirtcred]: pam_succeed_if(gdm- ovirtcred:auth): error retrieving user name: Conversation error Jul 28 12:49:39 desktop64 gdm-ovirtcred]: pam_ovirt_cred(gdm- ovirtcred:auth): Failed to acquire user's credentials Have no idea, where it fails. Would appreciate, if you could help me here a bit. Thank you.
--Apple-Mail=_2BEC4A84-59D3-4B6A-B632-9DB0CBDB92D0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8
On Jul 28, 2016, at 11:53 AM, Tadas <tadas@ring.lt> wrote: =20 Hello, still having issues with ovirt SSO and Debian OS. Other OSes (Windows/Fedora 24) works just fine. Some information: OS: Debian 8.5 (jessie) I've followed manual on = https://www.ovirt.org/documentation/how-to/gues t-agent/install-the-guest-agent-in-debian/ and installed ovirt-agent. I can get info via spice socket on hypervisor side, this means that agent works fine. I've compiled pam-ovirt-cred and copied it into /lib/x86_64-linux- gnu/security/
It should be in /lib/security afaik
I've configured /etc/pamd/gdm-ovirtcred (just copied from working Fedora 24)
replace in that file all occurences of password-auth with passwd
=20 But still login fails. I can see this in ovirt-agent log file:
It some how fails for me in some cases with this now: https://bugs.freedesktop.org/show_bug.cgi?id=3D71525 = <https://bugs.freedesktop.org/show_bug.cgi?id=3D71525> There=E2=80=99s not much I can do about that though
=20 Dummy-2::INFO::2016-07-28 12:49:51,046::OVirtAgentLogic::270::root::Received an external = command: login... Dummy-2::DEBUG::2016-07-28 12:49:51,047::OVirtAgentLogic::304::root::User log-in (credentials =3D '\x00\x00\x00\x04test********\x00') Dummy-2::INFO::2016-07-28 12:49:51,047::CredServer::207::root::The following users are allowed to connect: [0] Dummy-2::DEBUG::2016-07-28 12:49:51,047::CredServer::272::root::Token: 760258 Dummy-2::INFO::2016-07-28 12:49:51,047::CredServer::273::root::Opening credentials channel... Dummy-2::INFO::2016-07-28 = 12:49:51,047::CredServer::132::root::Emitting user authenticated signal (760258). Dummy-2::INFO::2016-07-28 12:49:51,178::CredServer::277::root::Credentials channel was closed. =20
This looks okay. The error is on pam side (auth.log): =20 Jul 28 12:49:39 desktop64 gdm-ovirtcred]: pam_succeed_if(gdm- ovirtcred:auth): error retrieving user name: Conversation error Jul 28 12:49:39 desktop64 gdm-ovirtcred]: pam_ovirt_cred(gdm- ovirtcred:auth): Failed to acquire user's credentials =20 Have no idea, where it fails. Would appreciate, if you could help me here a bit. Thank you. =20 =20 _______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
--Apple-Mail=_2BEC4A84-59D3-4B6A-B632-9DB0CBDB92D0 Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=utf-8 <html><head><meta http-equiv=3D"Content-Type" content=3D"text/html = charset=3Dutf-8"></head><body style=3D"word-wrap: break-word; = -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" = class=3D""><br class=3D""><div><blockquote type=3D"cite" class=3D""><div = class=3D"">On Jul 28, 2016, at 11:53 AM, Tadas <<a = href=3D"mailto:tadas@ring.lt" class=3D"">tadas@ring.lt</a>> = wrote:</div><br class=3D"Apple-interchange-newline"><div class=3D""><div = class=3D"">Hello,<br class=3D"">still having issues with ovirt SSO and = Debian OS.<br class=3D"">Other OSes (Windows/Fedora 24) works just = fine.<br class=3D"">Some information:<br class=3D"">OS: Debian 8.5 = (jessie)<br class=3D"">I've followed manual on <a = href=3D"https://www.ovirt.org/documentation/how-to/gues" = class=3D"">https://www.ovirt.org/documentation/how-to/gues</a><br = class=3D"">t-agent/install-the-guest-agent-in-debian/ and installed = ovirt-agent.<br class=3D"">I can get info via spice socket on hypervisor = side, this means that<br class=3D"">agent works fine.<br class=3D"">I've = compiled pam-ovirt-cred and copied it = into /lib/x86_64-linux-<br class=3D"">gnu/security/<br = class=3D""></div></div></blockquote><div><br class=3D""></div><div>It = should be in /lib/security afaik</div><br class=3D""><blockquote = type=3D"cite" class=3D""><div class=3D""><div class=3D"">I've configured = /etc/pamd/gdm-ovirtcred (just copied from working<br class=3D"">Fedora = 24)<br class=3D""></div></div></blockquote><div><br = class=3D""></div><div>replace in that file all occurences of = password-auth with passwd</div><div><br class=3D""></div><br = class=3D""><blockquote type=3D"cite" class=3D""><div class=3D""><div = class=3D""><br class=3D"">But still login fails. I can see this in = ovirt-agent log file:<br class=3D""></div></div></blockquote><div><br = class=3D""></div><div>It some how fails for me in some cases with this = now:</div><div><br class=3D""></div><div><a = href=3D"https://bugs.freedesktop.org/show_bug.cgi?id=3D71525" = class=3D"">https://bugs.freedesktop.org/show_bug.cgi?id=3D71525</a></div><= div><br class=3D""></div><div>There=E2=80=99s not much I can do about = that though</div><div><br class=3D""></div><div><br class=3D""></div><br = class=3D""><blockquote type=3D"cite" class=3D""><div class=3D""><div = class=3D""><br class=3D"">Dummy-2::INFO::2016-07-28<br = class=3D"">12:49:51,046::OVirtAgentLogic::270::root::Received an = external command:<br class=3D"">login...<br = class=3D"">Dummy-2::DEBUG::2016-07-28<br = class=3D"">12:49:51,047::OVirtAgentLogic::304::root::User log-in = (credentials =3D<br class=3D"">'\x00\x00\x00\x04test********\x00')<br = class=3D"">Dummy-2::INFO::2016-07-28 = 12:49:51,047::CredServer::207::root::The<br class=3D"">following users = are allowed to connect: [0]<br class=3D"">Dummy-2::DEBUG::2016-07-28 = 12:49:51,047::CredServer::272::root::Token:<br class=3D"">760258<br = class=3D"">Dummy-2::INFO::2016-07-28 = 12:49:51,047::CredServer::273::root::Opening<br class=3D"">credentials = channel...<br class=3D"">Dummy-2::INFO::2016-07-28 = 12:49:51,047::CredServer::132::root::Emitting<br class=3D"">user = authenticated signal (760258).<br class=3D"">Dummy-2::INFO::2016-07-28<br = class=3D"">12:49:51,178::CredServer::277::root::Credentials channel was = closed.<br class=3D""><br class=3D""></div></div></blockquote><div><br = class=3D""></div><div><br class=3D""></div><div><br class=3D""></div><br = class=3D""><blockquote type=3D"cite" class=3D""><div class=3D""><div = class=3D"">This looks okay. The error is on pam side (auth.log):<br = class=3D""><br class=3D"">Jul 28 12:49:39 desktop64 gdm-ovirtcred]: = pam_succeed_if(gdm-<br class=3D"">ovirtcred:auth): error retrieving user = name: Conversation error<br class=3D"">Jul 28 12:49:39 desktop64 = gdm-ovirtcred]: pam_ovirt_cred(gdm-<br class=3D"">ovirtcred:auth): = Failed to acquire user's credentials<br class=3D""><br class=3D"">Have = no idea, where it fails.<br class=3D"">Would appreciate, if you could = help me here a bit.<br class=3D"">Thank you.<br class=3D""><br = class=3D""><br = class=3D"">_______________________________________________<br = class=3D"">Users mailing list<br class=3D""><a = href=3D"mailto:Users@ovirt.org" class=3D"">Users@ovirt.org</a><br = class=3D"">http://lists.ovirt.org/mailman/listinfo/users<br = class=3D""></div></div></blockquote></div><br class=3D""></body></html>= --Apple-Mail=_2BEC4A84-59D3-4B6A-B632-9DB0CBDB92D0--
--Apple-Mail=_1C4D7F46-AE32-42F2-B4FF-982870B65010 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8
On Jul 28, 2016, at 3:11 PM, Vinzenz Feenstra <vfeenstr@redhat.com> = wrote: =20 =20
On Jul 28, 2016, at 11:53 AM, Tadas <tadas@ring.lt = <mailto:tadas@ring.lt>> wrote: =20 Hello, still having issues with ovirt SSO and Debian OS. Other OSes (Windows/Fedora 24) works just fine. Some information: OS: Debian 8.5 (jessie) I've followed manual on = https://www.ovirt.org/documentation/how-to/gues = <https://www.ovirt.org/documentation/how-to/gues> t-agent/install-the-guest-agent-in-debian/ and installed ovirt-agent. I can get info via spice socket on hypervisor side, this means that agent works fine. I've compiled pam-ovirt-cred and copied it into /lib/x86_64-linux- gnu/security/ =20 It should be in /lib/security afaik =20 I've configured /etc/pamd/gdm-ovirtcred (just copied from working Fedora 24) =20 replace in that file all occurences of password-auth with passwd =20 =20 =20 But still login fails. I can see this in ovirt-agent log file: =20 It some how fails for me in some cases with this now: =20
Correction its here: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=3D794064 = <https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=3D794064>
https://bugs.freedesktop.org/show_bug.cgi?id=3D71525 = <https://bugs.freedesktop.org/show_bug.cgi?id=3D71525> =20 There=E2=80=99s not much I can do about that though =20 =20 =20
=20 Dummy-2::INFO::2016-07-28 12:49:51,046::OVirtAgentLogic::270::root::Received an external = command: login... Dummy-2::DEBUG::2016-07-28 12:49:51,047::OVirtAgentLogic::304::root::User log-in (credentials =3D '\x00\x00\x00\x04test********\x00') Dummy-2::INFO::2016-07-28 12:49:51,047::CredServer::207::root::The following users are allowed to connect: [0] Dummy-2::DEBUG::2016-07-28 = 12:49:51,047::CredServer::272::root::Token: 760258 Dummy-2::INFO::2016-07-28 = 12:49:51,047::CredServer::273::root::Opening credentials channel... Dummy-2::INFO::2016-07-28 = 12:49:51,047::CredServer::132::root::Emitting user authenticated signal (760258). Dummy-2::INFO::2016-07-28 12:49:51,178::CredServer::277::root::Credentials channel was closed. =20 =20 =20 =20 =20 This looks okay. The error is on pam side (auth.log): =20 Jul 28 12:49:39 desktop64 gdm-ovirtcred]: pam_succeed_if(gdm- ovirtcred:auth): error retrieving user name: Conversation error Jul 28 12:49:39 desktop64 gdm-ovirtcred]: pam_ovirt_cred(gdm- ovirtcred:auth): Failed to acquire user's credentials =20 Have no idea, where it fails. Would appreciate, if you could help me here a bit. Thank you. =20 =20 _______________________________________________ Users mailing list Users@ovirt.org <mailto:Users@ovirt.org> http://lists.ovirt.org/mailman/listinfo/users =20
--Apple-Mail=_1C4D7F46-AE32-42F2-B4FF-982870B65010 Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=utf-8 <html><head><meta http-equiv=3D"Content-Type" content=3D"text/html = charset=3Dutf-8"></head><body style=3D"word-wrap: break-word; = -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" = class=3D""><br class=3D""><div><blockquote type=3D"cite" class=3D""><div = class=3D"">On Jul 28, 2016, at 3:11 PM, Vinzenz Feenstra <<a = href=3D"mailto:vfeenstr@redhat.com" class=3D"">vfeenstr@redhat.com</a>>= wrote:</div><br class=3D"Apple-interchange-newline"><div class=3D""><meta= http-equiv=3D"Content-Type" content=3D"text/html charset=3Dutf-8" = class=3D""><div style=3D"word-wrap: break-word; -webkit-nbsp-mode: = space; -webkit-line-break: after-white-space;" class=3D""><br = class=3D""><div class=3D""><blockquote type=3D"cite" class=3D""><div = class=3D"">On Jul 28, 2016, at 11:53 AM, Tadas <<a = href=3D"mailto:tadas@ring.lt" class=3D"">tadas@ring.lt</a>> = wrote:</div><br class=3D"Apple-interchange-newline"><div class=3D""><div = class=3D"">Hello,<br class=3D"">still having issues with ovirt SSO and = Debian OS.<br class=3D"">Other OSes (Windows/Fedora 24) works just = fine.<br class=3D"">Some information:<br class=3D"">OS: Debian 8.5 = (jessie)<br class=3D"">I've followed manual on <a = href=3D"https://www.ovirt.org/documentation/how-to/gues" = class=3D"">https://www.ovirt.org/documentation/how-to/gues</a><br = class=3D"">t-agent/install-the-guest-agent-in-debian/ and installed = ovirt-agent.<br class=3D"">I can get info via spice socket on hypervisor = side, this means that<br class=3D"">agent works fine.<br class=3D"">I've = compiled pam-ovirt-cred and copied it = into /lib/x86_64-linux-<br class=3D"">gnu/security/<br = class=3D""></div></div></blockquote><div class=3D""><br = class=3D""></div><div class=3D"">It should be in /lib/security = afaik</div><br class=3D""><blockquote type=3D"cite" class=3D""><div = class=3D""><div class=3D"">I've configured /etc/pamd/gdm-ovirtcred (just = copied from working<br class=3D"">Fedora 24)<br = class=3D""></div></div></blockquote><div class=3D""><br = class=3D""></div><div class=3D"">replace in that file all occurences of = password-auth with passwd</div><div class=3D""><br class=3D""></div><br = class=3D""><blockquote type=3D"cite" class=3D""><div class=3D""><div = class=3D""><br class=3D"">But still login fails. I can see this in = ovirt-agent log file:<br class=3D""></div></div></blockquote><div = class=3D""><br class=3D""></div><div class=3D"">It some how fails for me = in some cases with this now:</div><div class=3D""><br = class=3D""></div></div></div></div></blockquote><div><br = class=3D""></div><div>Correction its here:</div><div><a = href=3D"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=3D794064" = class=3D"">https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=3D794064</a><= /div><br class=3D""><blockquote type=3D"cite" class=3D""><div = class=3D""><div style=3D"word-wrap: break-word; -webkit-nbsp-mode: = space; -webkit-line-break: after-white-space;" class=3D""><div = class=3D""><div class=3D""><a = href=3D"https://bugs.freedesktop.org/show_bug.cgi?id=3D71525" = class=3D"">https://bugs.freedesktop.org/show_bug.cgi?id=3D71525</a></div><= div class=3D""><br class=3D""></div><div class=3D"">There=E2=80=99s not = much I can do about that though</div><div class=3D""><br = class=3D""></div><div class=3D""><br class=3D""></div><br = class=3D""><blockquote type=3D"cite" class=3D""><div class=3D""><div = class=3D""><br class=3D"">Dummy-2::INFO::2016-07-28<br = class=3D"">12:49:51,046::OVirtAgentLogic::270::root::Received an = external command:<br class=3D"">login...<br = class=3D"">Dummy-2::DEBUG::2016-07-28<br = class=3D"">12:49:51,047::OVirtAgentLogic::304::root::User log-in = (credentials =3D<br class=3D"">'\x00\x00\x00\x04test********\x00')<br = class=3D"">Dummy-2::INFO::2016-07-28 = 12:49:51,047::CredServer::207::root::The<br class=3D"">following users = are allowed to connect: [0]<br class=3D"">Dummy-2::DEBUG::2016-07-28 = 12:49:51,047::CredServer::272::root::Token:<br class=3D"">760258<br = class=3D"">Dummy-2::INFO::2016-07-28 = 12:49:51,047::CredServer::273::root::Opening<br class=3D"">credentials = channel...<br class=3D"">Dummy-2::INFO::2016-07-28 = 12:49:51,047::CredServer::132::root::Emitting<br class=3D"">user = authenticated signal (760258).<br class=3D"">Dummy-2::INFO::2016-07-28<br = class=3D"">12:49:51,178::CredServer::277::root::Credentials channel was = closed.<br class=3D""><br class=3D""></div></div></blockquote><div = class=3D""><br class=3D""></div><div class=3D""><br class=3D""></div><div = class=3D""><br class=3D""></div><br class=3D""><blockquote type=3D"cite" = class=3D""><div class=3D""><div class=3D"">This looks okay. The error is = on pam side (auth.log):<br class=3D""><br class=3D"">Jul 28 12:49:39 = desktop64 gdm-ovirtcred]: pam_succeed_if(gdm-<br = class=3D"">ovirtcred:auth): error retrieving user name: Conversation = error<br class=3D"">Jul 28 12:49:39 desktop64 gdm-ovirtcred]: = pam_ovirt_cred(gdm-<br class=3D"">ovirtcred:auth): Failed to acquire = user's credentials<br class=3D""><br class=3D"">Have no idea, where it = fails.<br class=3D"">Would appreciate, if you could help me here a = bit.<br class=3D"">Thank you.<br class=3D""><br class=3D""><br = class=3D"">_______________________________________________<br = class=3D"">Users mailing list<br class=3D""><a = href=3D"mailto:Users@ovirt.org" class=3D"">Users@ovirt.org</a><br = class=3D""><a href=3D"http://lists.ovirt.org/mailman/listinfo/users" = class=3D"">http://lists.ovirt.org/mailman/listinfo/users</a><br = class=3D""></div></div></blockquote></div><br = class=3D""></div></div></blockquote></div><br class=3D""></body></html>= --Apple-Mail=_1C4D7F46-AE32-42F2-B4FF-982870B65010--
This is a multi-part message in MIME format. ------=_NextPart_000_003F_01D1E8F3.142326C0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Thank you for your reply. Strange, but i do not see any errors in gdm debug log, just this: http://paste.ubuntu.com/21275558/ I will try installing debian unstable and several ubuntu versions = tomorrow. From: Vinzenz Feenstra=20 Sent: Thursday, July 28, 2016 4:18 PM To: tadas@ring.lt=20 Cc: users=20 Subject: Re: [ovirt-users] Debian - based OS and SSO On Jul 28, 2016, at 3:11 PM, Vinzenz Feenstra <vfeenstr@redhat.com> = wrote: On Jul 28, 2016, at 11:53 AM, Tadas <tadas@ring.lt> wrote: Hello, still having issues with ovirt SSO and Debian OS. Other OSes (Windows/Fedora 24) works just fine. Some information: OS: Debian 8.5 (jessie) I've followed manual on = https://www.ovirt.org/documentation/how-to/gues t-agent/install-the-guest-agent-in-debian/ and installed = ovirt-agent. I can get info via spice socket on hypervisor side, this means that agent works fine. I've compiled pam-ovirt-cred and copied it into /lib/x86_64-linux- gnu/security/ It should be in /lib/security afaik I've configured /etc/pamd/gdm-ovirtcred (just copied from working Fedora 24) replace in that file all occurences of password-auth with passwd But still login fails. I can see this in ovirt-agent log file: It some how fails for me in some cases with this now: Correction its here: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=3D794064 https://bugs.freedesktop.org/show_bug.cgi?id=3D71525 There=E2=80=99s not much I can do about that though Dummy-2::INFO::2016-07-28 12:49:51,046::OVirtAgentLogic::270::root::Received an external = command: login... Dummy-2::DEBUG::2016-07-28 12:49:51,047::OVirtAgentLogic::304::root::User log-in (credentials = =3D '\x00\x00\x00\x04test********\x00') Dummy-2::INFO::2016-07-28 12:49:51,047::CredServer::207::root::The following users are allowed to connect: [0] Dummy-2::DEBUG::2016-07-28 = 12:49:51,047::CredServer::272::root::Token: 760258 Dummy-2::INFO::2016-07-28 = 12:49:51,047::CredServer::273::root::Opening credentials channel... Dummy-2::INFO::2016-07-28 = 12:49:51,047::CredServer::132::root::Emitting user authenticated signal (760258). Dummy-2::INFO::2016-07-28 12:49:51,178::CredServer::277::root::Credentials channel was closed. This looks okay. The error is on pam side (auth.log): Jul 28 12:49:39 desktop64 gdm-ovirtcred]: pam_succeed_if(gdm- ovirtcred:auth): error retrieving user name: Conversation error Jul 28 12:49:39 desktop64 gdm-ovirtcred]: pam_ovirt_cred(gdm- ovirtcred:auth): Failed to acquire user's credentials Have no idea, where it fails. Would appreciate, if you could help me here a bit. Thank you. _______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ------=_NextPart_000_003F_01D1E8F3.142326C0 Content-Type: text/html; charset="utf-8" Content-Transfer-Encoding: quoted-printable <HTML><HEAD> <META content=3D"text/html charset=3Dutf-8" = http-equiv=3DContent-Type></HEAD> <BODY=20 style=3D"WORD-WRAP: break-word; -webkit-nbsp-mode: space; = -webkit-line-break: after-white-space"=20 dir=3Dltr> <DIV dir=3Dltr> <DIV style=3D"FONT-SIZE: 12pt; FONT-FAMILY: 'Calibri'; COLOR: #000000"> <DIV>Thank you for your reply.</DIV> <DIV>Strange, but i do not see any errors in gdm debug log, just = this:</DIV> <DIV><A title=3Dhttp://paste.ubuntu.com/21275558/=20 href=3D"http://paste.ubuntu.com/21275558/">http://paste.ubuntu.com/212755= 58/</A></DIV> <DIV> </DIV> <DIV>I will try installing debian unstable and several ubuntu versions=20 tomorrow.</DIV> <DIV=20 style=3D'FONT-SIZE: small; TEXT-DECORATION: none; FONT-FAMILY: = "Calibri"; FONT-WEIGHT: normal; COLOR: #000000; FONT-STYLE: normal; = DISPLAY: inline'> <DIV style=3D"FONT: 10pt tahoma"> <DIV><FONT size=3D3 face=3DCalibri></FONT> </DIV> <DIV style=3D"BACKGROUND: #f5f5f5"> <DIV style=3D"font-color: black"><B>From:</B> <A = title=3Dvfeenstr@redhat.com=20 href=3D"mailto:vfeenstr@redhat.com">Vinzenz Feenstra</A> </DIV> <DIV><B>Sent:</B> Thursday, July 28, 2016 4:18 PM</DIV> <DIV><B>To:</B> <A title=3Dtadas@ring.lt=20 href=3D"mailto:tadas@ring.lt">tadas@ring.lt</A> </DIV> <DIV><B>Cc:</B> <A title=3Dusers@ovirt.org = href=3D"mailto:users@ovirt.org">users</A>=20 </DIV> <DIV><B>Subject:</B> Re: [ovirt-users] Debian - based OS and=20 SSO</DIV></DIV></DIV> <DIV> </DIV></DIV> <DIV=20 style=3D'FONT-SIZE: small; TEXT-DECORATION: none; FONT-FAMILY: = "Calibri"; FONT-WEIGHT: normal; COLOR: #000000; FONT-STYLE: normal; = DISPLAY: inline'> <DIV> </DIV> <DIV> <BLOCKQUOTE type=3D"cite"> <DIV>On Jul 28, 2016, at 3:11 PM, Vinzenz Feenstra <<A=20 href=3D"mailto:vfeenstr@redhat.com">vfeenstr@redhat.com</A>> = wrote:</DIV> <DIV> </DIV> <DIV> <DIV=20 style=3D"WORD-WRAP: break-word; -webkit-nbsp-mode: space; = -webkit-line-break: after-white-space"> <DIV> </DIV> <DIV> <BLOCKQUOTE type=3D"cite"> <DIV>On Jul 28, 2016, at 11:53 AM, Tadas <<A=20 href=3D"mailto:tadas@ring.lt">tadas@ring.lt</A>> wrote:</DIV> <DIV> </DIV> <DIV> <DIV>Hello,<BR>still having issues with ovirt SSO and Debian = OS.<BR>Other=20 OSes (Windows/Fedora 24) works just fine.<BR>Some = information:<BR>OS: Debian=20 8.5 (jessie)<BR>I've followed manual on <A=20 = href=3D"https://www.ovirt.org/documentation/how-to/gues">https://www.ovir= t.org/documentation/how-to/gues</A><BR>t-agent/install-the-guest-agent-in= -debian/=20 and installed ovirt-agent.<BR>I can get info via spice socket on = hypervisor=20 side, this means that<BR>agent works fine.<BR>I've compiled = pam-ovirt-cred=20 and copied it into=20 /lib/x86_64-linux-<BR>gnu/security/<BR></DIV></DIV></BLOCKQUOTE> <DIV> </DIV> <DIV>It should be in /lib/security afaik</DIV><BR> <BLOCKQUOTE type=3D"cite"> <DIV> <DIV>I've configured /etc/pamd/gdm-ovirtcred (just copied from=20 working<BR>Fedora 24)<BR></DIV></DIV></BLOCKQUOTE> <DIV> </DIV> <DIV>replace in that file all occurences of password-auth with = passwd</DIV> <DIV> </DIV><BR> <BLOCKQUOTE type=3D"cite"> <DIV> <DIV><BR>But still login fails. I can see this in ovirt-agent log=20 file:<BR></DIV></DIV></BLOCKQUOTE> <DIV> </DIV> <DIV>It some how fails for me in some cases with this now:</DIV> <DIV> </DIV></DIV></DIV></DIV></BLOCKQUOTE> <DIV> </DIV> <DIV>Correction its here:</DIV> <DIV><A=20 href=3D"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=3D794064">https= ://bugs.debian.org/cgi-bin/bugreport.cgi?bug=3D794064</A></DIV><BR> <BLOCKQUOTE type=3D"cite"> <DIV> <DIV=20 style=3D"WORD-WRAP: break-word; -webkit-nbsp-mode: space; = -webkit-line-break: after-white-space"> <DIV> <DIV><A=20 = href=3D"https://bugs.freedesktop.org/show_bug.cgi?id=3D71525">https://bug= s.freedesktop.org/show_bug.cgi?id=3D71525</A></DIV> <DIV> </DIV> <DIV>There=E2=80=99s not much I can do about that though</DIV> <DIV> </DIV> <DIV> </DIV><BR> <BLOCKQUOTE type=3D"cite"> <DIV> = <DIV><BR>Dummy-2::INFO::2016-07-28<BR>12:49:51,046::OVirtAgentLogic::270:= :root::Received=20 an external=20 = command:<BR>login...<BR>Dummy-2::DEBUG::2016-07-28<BR>12:49:51,047::OVirt= AgentLogic::304::root::User=20 log-in (credentials=20 = =3D<BR>'\x00\x00\x00\x04test********\x00')<BR>Dummy-2::INFO::2016-07-28=20 12:49:51,047::CredServer::207::root::The<BR>following users are = allowed to=20 connect: [0]<BR>Dummy-2::DEBUG::2016-07-28=20 = 12:49:51,047::CredServer::272::root::Token:<BR>760258<BR>Dummy-2::INFO::2= 016-07-28=20 12:49:51,047::CredServer::273::root::Opening<BR>credentials=20 channel...<BR>Dummy-2::INFO::2016-07-28=20 12:49:51,047::CredServer::132::root::Emitting<BR>user authenticated = signal=20 = (760258).<BR>Dummy-2::INFO::2016-07-28<BR>12:49:51,178::CredServer::277::= root::Credentials=20 channel was closed.<BR><BR></DIV></DIV></BLOCKQUOTE> <DIV> </DIV> <DIV> </DIV> <DIV> </DIV><BR> <BLOCKQUOTE type=3D"cite"> <DIV> <DIV>This looks okay. The error is on pam side = (auth.log):<BR><BR>Jul 28=20 12:49:39 desktop64 gdm-ovirtcred]: = pam_succeed_if(gdm-<BR>ovirtcred:auth):=20 error retrieving user name: Conversation error<BR>Jul 28 12:49:39 = desktop64=20 gdm-ovirtcred]: pam_ovirt_cred(gdm-<BR>ovirtcred:auth): Failed to = acquire=20 user's credentials<BR><BR>Have no idea, where it fails.<BR>Would = appreciate,=20 if you could help me here a bit.<BR>Thank=20 = you.<BR><BR><BR>_______________________________________________<BR>Users = mailing list<BR><A = href=3D"mailto:Users@ovirt.org">Users@ovirt.org</A><BR><A=20 = href=3D"http://lists.ovirt.org/mailman/listinfo/users">http://lists.ovirt= .org/mailman/listinfo/users</A><BR></DIV></DIV></BLOCKQUOTE></DIV> <DIV> </DIV></DIV></DIV></BLOCKQUOTE></DIV> <DIV> </DIV></DIV></DIV></DIV></BODY></HTML> ------=_NextPart_000_003F_01D1E8F3.142326C0--
On Jul 28, 2016, at 4:11 PM, Tadas <tadas@ring.lt> wrote: =20 Thank you for your reply. Strange, but i do not see any errors in gdm debug log, just this: http://paste.ubuntu.com/21275558/ <http://paste.ubuntu.com/21275558/> Well if it works for you, the better. It didn=E2=80=99t work for me =
--Apple-Mail=_1668A509-16B9-47BA-9581-15BE2CE95452 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 though
=20 I will try installing debian unstable and several ubuntu versions = tomorrow. =20 From: Vinzenz Feenstra <mailto:vfeenstr@redhat.com> Sent: Thursday, July 28, 2016 4:18 PM To: tadas@ring.lt <mailto:tadas@ring.lt> Cc: users <mailto:users@ovirt.org> Subject: Re: [ovirt-users] Debian - based OS and SSO =20 =20
On Jul 28, 2016, at 3:11 PM, Vinzenz Feenstra <vfeenstr@redhat.com = <mailto:vfeenstr@redhat.com>> wrote: =20 =20
On Jul 28, 2016, at 11:53 AM, Tadas <tadas@ring.lt = <mailto:tadas@ring.lt>> wrote: =20 Hello, still having issues with ovirt SSO and Debian OS. Other OSes (Windows/Fedora 24) works just fine. Some information: OS: Debian 8.5 (jessie) I've followed manual on = https://www.ovirt.org/documentation/how-to/gues = <https://www.ovirt.org/documentation/how-to/gues> t-agent/install-the-guest-agent-in-debian/ and installed = ovirt-agent. I can get info via spice socket on hypervisor side, this means that agent works fine. I've compiled pam-ovirt-cred and copied it into /lib/x86_64-linux- gnu/security/ =20 It should be in /lib/security afaik =20 I've configured /etc/pamd/gdm-ovirtcred (just copied from working Fedora 24) =20 replace in that file all occurences of password-auth with passwd =20 =20 =20 But still login fails. I can see this in ovirt-agent log file: =20 It some how fails for me in some cases with this now: =20 =20 Correction its here: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=3D794064 = <https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=3D794064> https://bugs.freedesktop.org/show_bug.cgi?id=3D71525 = <https://bugs.freedesktop.org/show_bug.cgi?id=3D71525> =20 There=E2=80=99s not much I can do about that though =20 =20 =20 =20 Dummy-2::INFO::2016-07-28 12:49:51,046::OVirtAgentLogic::270::root::Received an external = command: login... Dummy-2::DEBUG::2016-07-28 12:49:51,047::OVirtAgentLogic::304::root::User log-in (credentials =3D=
'\x00\x00\x00\x04test********\x00') Dummy-2::INFO::2016-07-28 12:49:51,047::CredServer::207::root::The following users are allowed to connect: [0] Dummy-2::DEBUG::2016-07-28 = 12:49:51,047::CredServer::272::root::Token: 760258 Dummy-2::INFO::2016-07-28 = 12:49:51,047::CredServer::273::root::Opening credentials channel... Dummy-2::INFO::2016-07-28 = 12:49:51,047::CredServer::132::root::Emitting user authenticated signal (760258). Dummy-2::INFO::2016-07-28 12:49:51,178::CredServer::277::root::Credentials channel was closed. =20 =20 =20 =20 =20 This looks okay. The error is on pam side (auth.log): =20 Jul 28 12:49:39 desktop64 gdm-ovirtcred]: pam_succeed_if(gdm- ovirtcred:auth): error retrieving user name: Conversation error Jul 28 12:49:39 desktop64 gdm-ovirtcred]: pam_ovirt_cred(gdm- ovirtcred:auth): Failed to acquire user's credentials =20 Have no idea, where it fails. Would appreciate, if you could help me here a bit. Thank you. =20 =20 _______________________________________________ Users mailing list Users@ovirt.org <mailto:Users@ovirt.org> http://lists.ovirt.org/mailman/listinfo/users = <http://lists.ovirt.org/mailman/listinfo/users> =20 =20 =20 =20
Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
--Apple-Mail=_1668A509-16B9-47BA-9581-15BE2CE95452 Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=utf-8 <html><head><meta http-equiv=3D"Content-Type" content=3D"text/html = charset=3Dutf-8"></head><body style=3D"word-wrap: break-word; = -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" = class=3D""><br class=3D""><div><blockquote type=3D"cite" class=3D""><div = class=3D"">On Jul 28, 2016, at 4:11 PM, Tadas <<a = href=3D"mailto:tadas@ring.lt" class=3D"">tadas@ring.lt</a>> = wrote:</div><br class=3D"Apple-interchange-newline"><div class=3D""> <meta content=3D"text/html charset=3Dutf-8" http-equiv=3D"Content-Type" = class=3D""> <div style=3D"WORD-WRAP: break-word; -webkit-nbsp-mode: space; = -webkit-line-break: after-white-space" dir=3D"ltr" class=3D""> <div dir=3D"ltr" class=3D""> <div style=3D"font-size: 12pt; font-family: Calibri;" class=3D""> <div class=3D"">Thank you for your reply.</div> <div class=3D"">Strange, but i do not see any errors in gdm debug log, = just this:</div> <div class=3D""><a href=3D"http://paste.ubuntu.com/21275558/" = class=3D"">http://paste.ubuntu.com/21275558/</a></div></div></div></div></= div></blockquote><div><br class=3D""></div><div>Well if it works for = you, the better. It didn=E2=80=99t work for me though</div><div><br = class=3D""></div><br class=3D""><blockquote type=3D"cite" class=3D""><div = class=3D""><div style=3D"WORD-WRAP: break-word; -webkit-nbsp-mode: = space; -webkit-line-break: after-white-space" dir=3D"ltr" class=3D""><div = dir=3D"ltr" class=3D""><div style=3D"font-size: 12pt; font-family: = Calibri;" class=3D""> <div class=3D""> </div> <div class=3D"">I will try installing debian unstable and several ubuntu = versions=20 tomorrow.</div> <div style=3D"font-size: small; text-decoration: none; font-family: = Calibri; font-weight: normal; font-style: normal; display: inline;" = class=3D""> <div style=3D"FONT: 10pt tahoma" class=3D""> <div class=3D""><font size=3D"3" face=3D"Calibri" = class=3D""></font> </div> <div style=3D"BACKGROUND: #f5f5f5" class=3D""> <div style=3D"font-color: black" class=3D""><b class=3D"">From:</b> <a = title=3D"vfeenstr@redhat.com" href=3D"mailto:vfeenstr@redhat.com" = class=3D"">Vinzenz Feenstra</a> </div> <div class=3D""><b class=3D"">Sent:</b> Thursday, July 28, 2016 4:18 = PM</div> <div class=3D""><b class=3D"">To:</b> <a title=3D"tadas@ring.lt" = href=3D"mailto:tadas@ring.lt" class=3D"">tadas@ring.lt</a> </div> <div class=3D""><b class=3D"">Cc:</b> <a title=3D"users@ovirt.org" = href=3D"mailto:users@ovirt.org" class=3D"">users</a>=20 </div> <div class=3D""><b class=3D"">Subject:</b> Re: [ovirt-users] Debian - = based OS and=20 SSO</div></div></div> <div class=3D""> </div></div> <div style=3D"font-size: small; text-decoration: none; font-family: = Calibri; font-weight: normal; font-style: normal; display: inline;" = class=3D""> <div class=3D""> </div> <div class=3D""> <blockquote type=3D"cite" class=3D""> <div class=3D"">On Jul 28, 2016, at 3:11 PM, Vinzenz Feenstra <<a = href=3D"mailto:vfeenstr@redhat.com" class=3D"">vfeenstr@redhat.com</a>>= wrote:</div> <div class=3D""> </div> <div class=3D""> <div style=3D"WORD-WRAP: break-word; -webkit-nbsp-mode: space; = -webkit-line-break: after-white-space" class=3D""> <div class=3D""> </div> <div class=3D""> <blockquote type=3D"cite" class=3D""> <div class=3D"">On Jul 28, 2016, at 11:53 AM, Tadas <<a = href=3D"mailto:tadas@ring.lt" class=3D"">tadas@ring.lt</a>> = wrote:</div> <div class=3D""> </div> <div class=3D""> <div class=3D"">Hello,<br class=3D"">still having issues with ovirt = SSO and Debian OS.<br class=3D"">Other=20 OSes (Windows/Fedora 24) works just fine.<br class=3D"">Some = information:<br class=3D"">OS: Debian=20 8.5 (jessie)<br class=3D"">I've followed manual on <a = href=3D"https://www.ovirt.org/documentation/how-to/gues" = class=3D"">https://www.ovirt.org/documentation/how-to/gues</a><br = class=3D"">t-agent/install-the-guest-agent-in-debian/=20 and installed ovirt-agent.<br class=3D"">I can get info via spice = socket on hypervisor=20 side, this means that<br class=3D"">agent works fine.<br = class=3D"">I've compiled pam-ovirt-cred=20 and copied it into=20 /lib/x86_64-linux-<br class=3D"">gnu/security/<br = class=3D""></div></div></blockquote> <div class=3D""> </div> <div class=3D"">It should be in /lib/security afaik</div><br class=3D"">= <blockquote type=3D"cite" class=3D""> <div class=3D""> <div class=3D"">I've configured /etc/pamd/gdm-ovirtcred (just copied = from=20 working<br class=3D"">Fedora 24)<br = class=3D""></div></div></blockquote> <div class=3D""> </div> <div class=3D"">replace in that file all occurences of password-auth = with passwd</div> <div class=3D""> </div><br class=3D""> <blockquote type=3D"cite" class=3D""> <div class=3D""> <div class=3D""><br class=3D"">But still login fails. I can see this = in ovirt-agent log=20 file:<br class=3D""></div></div></blockquote> <div class=3D""> </div> <div class=3D"">It some how fails for me in some cases with this = now:</div> <div class=3D""> </div></div></div></div></blockquote> <div class=3D""> </div> <div class=3D"">Correction its here:</div> <div class=3D""><a = href=3D"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=3D794064" = class=3D"">https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=3D794064</a><= /div><br class=3D""> <blockquote type=3D"cite" class=3D""> <div class=3D""> <div style=3D"WORD-WRAP: break-word; -webkit-nbsp-mode: space; = -webkit-line-break: after-white-space" class=3D""> <div class=3D""> <div class=3D""><a = href=3D"https://bugs.freedesktop.org/show_bug.cgi?id=3D71525" = class=3D"">https://bugs.freedesktop.org/show_bug.cgi?id=3D71525</a></div> <div class=3D""> </div> <div class=3D"">There=E2=80=99s not much I can do about that = though</div> <div class=3D""> </div> <div class=3D""> </div><br class=3D""> <blockquote type=3D"cite" class=3D""> <div class=3D""> <div class=3D""><br class=3D"">Dummy-2::INFO::2016-07-28<br = class=3D"">12:49:51,046::OVirtAgentLogic::270::root::Received=20 an external=20 command:<br class=3D"">login...<br = class=3D"">Dummy-2::DEBUG::2016-07-28<br = class=3D"">12:49:51,047::OVirtAgentLogic::304::root::User=20 log-in (credentials=20 =3D<br class=3D"">'\x00\x00\x00\x04test********\x00')<br = class=3D"">Dummy-2::INFO::2016-07-28=20 12:49:51,047::CredServer::207::root::The<br class=3D"">following = users are allowed to=20 connect: [0]<br class=3D"">Dummy-2::DEBUG::2016-07-28=20 12:49:51,047::CredServer::272::root::Token:<br class=3D"">760258<br = class=3D"">Dummy-2::INFO::2016-07-28=20 12:49:51,047::CredServer::273::root::Opening<br class=3D"">credentials= =20 channel...<br class=3D"">Dummy-2::INFO::2016-07-28=20 12:49:51,047::CredServer::132::root::Emitting<br class=3D"">user = authenticated signal=20 (760258).<br class=3D"">Dummy-2::INFO::2016-07-28<br = class=3D"">12:49:51,178::CredServer::277::root::Credentials=20 channel was closed.<br class=3D""><br = class=3D""></div></div></blockquote> <div class=3D""> </div> <div class=3D""> </div> <div class=3D""> </div><br class=3D""> <blockquote type=3D"cite" class=3D""> <div class=3D""> <div class=3D"">This looks okay. The error is on pam side = (auth.log):<br class=3D""><br class=3D"">Jul 28=20 12:49:39 desktop64 gdm-ovirtcred]: pam_succeed_if(gdm-<br = class=3D"">ovirtcred:auth):=20 error retrieving user name: Conversation error<br class=3D"">Jul 28 = 12:49:39 desktop64=20 gdm-ovirtcred]: pam_ovirt_cred(gdm-<br class=3D"">ovirtcred:auth): = Failed to acquire=20 user's credentials<br class=3D""><br class=3D"">Have no idea, where = it fails.<br class=3D"">Would appreciate,=20 if you could help me here a bit.<br class=3D"">Thank=20 you.<br class=3D""><br class=3D""><br = class=3D"">_______________________________________________<br = class=3D"">Users=20 mailing list<br class=3D""><a href=3D"mailto:Users@ovirt.org" = class=3D"">Users@ovirt.org</a><br class=3D""><a = href=3D"http://lists.ovirt.org/mailman/listinfo/users" = class=3D"">http://lists.ovirt.org/mailman/listinfo/users</a><br = class=3D""></div></div></blockquote></div> <div class=3D""> </div></div></div></blockquote></div> <div class=3D""> </div></div></div></div></div> _______________________________________________<br class=3D"">Users = mailing list<br class=3D""><a href=3D"mailto:Users@ovirt.org" = class=3D"">Users@ovirt.org</a><br = class=3D"">http://lists.ovirt.org/mailman/listinfo/users<br = class=3D""></div></blockquote></div><br class=3D""></body></html>= --Apple-Mail=_1668A509-16B9-47BA-9581-15BE2CE95452--
Yes, it seems that authentication does not work in any of debian releases. Oh well. On Fri, 2016-07-29 at 09:37 +0200, Vinzenz Feenstra wrote:
On Jul 28, 2016, at 4:11 PM, Tadas <tadas@ring.lt> wrote:
Thank you for your reply. Strange, but i do not see any errors in gdm debug log, just this: http://paste.ubuntu.com/21275558/
Well if it works for you, the better. It didn’t work for me though
I will try installing debian unstable and several ubuntu versions tomorrow. From: Vinzenz Feenstra Sent: Thursday, July 28, 2016 4:18 PM To: tadas@ring.lt Cc: users Subject: Re: [ovirt-users] Debian - based OS and SSO
On Jul 28, 2016, at 3:11 PM, Vinzenz Feenstra <vfeenstr@redhat.co m> wrote:
On Jul 28, 2016, at 11:53 AM, Tadas <tadas@ring.lt> wrote: Hello, still having issues with ovirt SSO and Debian OS. Other OSes (Windows/Fedora 24) works just fine. Some information: OS: Debian 8.5 (jessie) I've followed manual on https://www.ovirt.org/documentation/how -to/gues t-agent/install-the-guest-agent-in-debian/ and installed ovirt- agent. I can get info via spice socket on hypervisor side, this means that agent works fine. I've compiled pam-ovirt-cred and copied it into /lib/x86_64- linux- gnu/security/ It should be in /lib/security afaik
I've configured /etc/pamd/gdm-ovirtcred (just copied from working Fedora 24) replace in that file all occurences of password-auth with passwd
But still login fails. I can see this in ovirt-agent log file:
It some how fails for me in some cases with this now: Correction its here: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=794064
https://bugs.freedesktop.org/show_bug.cgi?id=71525 There’s not much I can do about that though
Dummy-2::INFO::2016-07-28 12:49:51,046::OVirtAgentLogic::270::root::Received an external command: login... Dummy-2::DEBUG::2016-07-28 12:49:51,047::OVirtAgentLogic::304::root::User log-in (credentials = '\x00\x00\x00\x04test********\x00') Dummy-2::INFO::2016-07-28 12:49:51,047::CredServer::207::root::The following users are allowed to connect: [0] Dummy-2::DEBUG::2016-07-28 12:49:51,047::CredServer::272::root::Token: 760258 Dummy-2::INFO::2016-07-28 12:49:51,047::CredServer::273::root::Opening credentials channel... Dummy-2::INFO::2016-07-28 12:49:51,047::CredServer::132::root::Emitting user authenticated signal (760258). Dummy-2::INFO::2016-07-28 12:49:51,178::CredServer::277::root::Credentials channel was closed.
This looks okay. The error is on pam side (auth.log):
Jul 28 12:49:39 desktop64 gdm-ovirtcred]: pam_succeed_if(gdm- ovirtcred:auth): error retrieving user name: Conversation error Jul 28 12:49:39 desktop64 gdm-ovirtcred]: pam_ovirt_cred(gdm- ovirtcred:auth): Failed to acquire user's credentials
Have no idea, where it fails. Would appreciate, if you could help me here a bit. Thank you.
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
There's another interesting error thrown out from ovirt-guest agent, when you try to login: Jul 29 13:30:24 jessie python[1969]: Exception in thread CredChannel: Ju l 29 13:30:24 jessie python[1969]: Traceback (most recent call last): Ju l 29 13:30:24 jessie python[1969]: File "/usr/lib/python2.7/threading.py", line 801, in __bootstrap_inner Jul 29 13:30:24 jessie python[1969]: self.run() Jul 29 13:30:24 jessie python[1969]: File "/usr/share/ovirt-guest-agent/CredServer.py", line 217, in run Jul 29 13:30:24 jessie python[1969]: cred = self._read_cred(conn) Jul 29 13:30:24 jessie python[1969]: File "/usr/share/ovirt-guest-agent/CredServer.py", line 146, in _read_cred Ju l 29 13:30:24 jessie python[1969]: conn.setsockopt(socket.SOL_SOCKET, socket.SO_PASSCRED, 1) Jul 29 13:30:24 jessie python[1969]: AttributeError: 'module' object has no attribute 'SO_PASSCRED' On Fri, 2016-07-29 at 13:13 +0300, Tadas wrote:
Yes, it seems that authentication does not work in any of debian releases. Oh well. On Fri, 2016-07-29 at 09:37 +0200, Vinzenz Feenstra wrote:
On Jul 28, 2016, at 4:11 PM, Tadas <tadas@ring.lt> wrote:
Thank you for your reply. Strange, but i do not see any errors in gdm debug log, just this: http://paste.ubuntu.com/21275558/
Well if it works for you, the better. It didn’t work for me though
I will try installing debian unstable and several ubuntu versions tomorrow. From: Vinzenz Feenstra Sent: Thursday, July 28, 2016 4:18 PM To: tadas@ring.lt Cc: users Subject: Re: [ovirt-users] Debian - based OS and SSO
On Jul 28, 2016, at 3:11 PM, Vinzenz Feenstra <vfeenstr@redhat. co m> wrote:
On Jul 28, 2016, at 11:53 AM, Tadas <tadas@ring.lt> wrote: Hello, still having issues with ovirt SSO and Debian OS. Other OSes (Windows/Fedora 24) works just fine. Some information: OS: Debian 8.5 (jessie) I've followed manual on https://www.ovirt.org/documentation/h ow -to/gues t-agent/install-the-guest-agent-in-debian/ and installed ovirt- agent. I can get info via spice socket on hypervisor side, this means that agent works fine. I've compiled pam-ovirt-cred and copied it into /lib/x86_64- linux- gnu/security/
It should be in /lib/security afaik
I've configured /etc/pamd/gdm-ovirtcred (just copied from working Fedora 24)
replace in that file all occurences of password-auth with passwd
But still login fails. I can see this in ovirt-agent log file:
It some how fails for me in some cases with this now:
Correction its here: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=794064
https://bugs.freedesktop.org/show_bug.cgi?id=71525 There’s not much I can do about that though
Dummy-2::INFO::2016-07-28 12:49:51,046::OVirtAgentLogic::270::root::Received an external command: login... Dummy-2::DEBUG::2016-07-28 12:49:51,047::OVirtAgentLogic::304::root::User log-in (credentials = '\x00\x00\x00\x04test********\x00') Dummy-2::INFO::2016-07-28 12:49:51,047::CredServer::207::root::The following users are allowed to connect: [0] Dummy-2::DEBUG::2016-07-28 12:49:51,047::CredServer::272::root::Token: 760258 Dummy-2::INFO::2016-07-28 12:49:51,047::CredServer::273::root::Opening credentials channel... Dummy-2::INFO::2016-07-28 12:49:51,047::CredServer::132::root::Emitting user authenticated signal (760258). Dummy-2::INFO::2016-07-28 12:49:51,178::CredServer::277::root::Credentials channel was closed.
This looks okay. The error is on pam side (auth.log):
Jul 28 12:49:39 desktop64 gdm-ovirtcred]: pam_succeed_if(gdm- ovirtcred:auth): error retrieving user name: Conversation error Jul 28 12:49:39 desktop64 gdm-ovirtcred]: pam_ovirt_cred(gdm- ovirtcred:auth): Failed to acquire user's credentials
Have no idea, where it fails. Would appreciate, if you could help me here a bit. Thank you.
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
As far as I understand, there's something really wrong with credential check on Debian distribution. ovirt-agent fails to set PASSCRED flag on socket and thus throws exception. If i try to catch it, it fails silently and agent is unable to get credentials from pam module via socket. So it fails credential check. If I comment out credential validation segment in CredServer.py, authentication seems to pass, gdm3 tries to load user profile and then crashes: http://paste.ubuntu.com/21391057/ On Fri, 2016-07-29 at 13:35 +0300, Tadas wrote:
There's another interesting error thrown out from ovirt-guest agent, when you try to login:
Jul 29 13:30:24 jessie python[1969]: Exception in thread CredChannel: Ju l 29 13:30:24 jessie python[1969]: Traceback (most recent call last): Ju l 29 13:30:24 jessie python[1969]: File "/usr/lib/python2.7/threading.py", line 801, in __bootstrap_inner Jul 29 13:30:24 jessie python[1969]: self.run() Jul 29 13:30:24 jessie python[1969]: File "/usr/share/ovirt-guest-agent/CredServer.py", line 217, in run Jul 29 13:30:24 jessie python[1969]: cred = self._read_cred(conn) Jul 29 13:30:24 jessie python[1969]: File "/usr/share/ovirt-guest-agent/CredServer.py", line 146, in _read_cred Ju l 29 13:30:24 jessie python[1969]: conn.setsockopt(socket.SOL_SOCKET, socket.SO_PASSCRED, 1) Jul 29 13:30:24 jessie python[1969]: AttributeError: 'module' object has no attribute 'SO_PASSCRED'
On Fri, 2016-07-29 at 13:13 +0300, Tadas wrote:
Yes, it seems that authentication does not work in any of debian releases. Oh well. On Fri, 2016-07-29 at 09:37 +0200, Vinzenz Feenstra wrote:
On Jul 28, 2016, at 4:11 PM, Tadas <tadas@ring.lt> wrote:
Thank you for your reply. Strange, but i do not see any errors in gdm debug log, just this: http://paste.ubuntu.com/21275558/
Well if it works for you, the better. It didn’t work for me though
I will try installing debian unstable and several ubuntu versions tomorrow. From: Vinzenz Feenstra Sent: Thursday, July 28, 2016 4:18 PM To: tadas@ring.lt Cc: users Subject: Re: [ovirt-users] Debian - based OS and SSO
On Jul 28, 2016, at 3:11 PM, Vinzenz Feenstra <vfeenstr@redha t. co m> wrote:
On Jul 28, 2016, at 11:53 AM, Tadas <tadas@ring.lt> wrote: Hello, still having issues with ovirt SSO and Debian OS. Other OSes (Windows/Fedora 24) works just fine. Some information: OS: Debian 8.5 (jessie) I've followed manual on https://www.ovirt.org/documentation /h ow -to/gues t-agent/install-the-guest-agent-in-debian/ and installed ovirt- agent. I can get info via spice socket on hypervisor side, this means that agent works fine. I've compiled pam-ovirt-cred and copied it into /lib/x86_64- linux- gnu/security/
It should be in /lib/security afaik
I've configured /etc/pamd/gdm-ovirtcred (just copied from working Fedora 24)
replace in that file all occurences of password-auth with passwd
But still login fails. I can see this in ovirt-agent log file:
It some how fails for me in some cases with this now:
Correction its here: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=794064
https://bugs.freedesktop.org/show_bug.cgi?id=71525 There’s not much I can do about that though
Dummy-2::INFO::2016-07-28 12:49:51,046::OVirtAgentLogic::270::root::Received an external command: login... Dummy-2::DEBUG::2016-07-28 12:49:51,047::OVirtAgentLogic::304::root::User log-in (credentials = '\x00\x00\x00\x04test********\x00') Dummy-2::INFO::2016-07-28 12:49:51,047::CredServer::207::root::The following users are allowed to connect: [0] Dummy-2::DEBUG::2016-07-28 12:49:51,047::CredServer::272::root::Token: 760258 Dummy-2::INFO::2016-07-28 12:49:51,047::CredServer::273::root::Opening credentials channel... Dummy-2::INFO::2016-07-28 12:49:51,047::CredServer::132::root::Emitting user authenticated signal (760258). Dummy-2::INFO::2016-07-28 12:49:51,178::CredServer::277::root::Credentials channel was closed.
This looks okay. The error is on pam side (auth.log):
Jul 28 12:49:39 desktop64 gdm-ovirtcred]: pam_succeed_if(gdm- ovirtcred:auth): error retrieving user name: Conversation error Jul 28 12:49:39 desktop64 gdm-ovirtcred]: pam_ovirt_cred(gdm- ovirtcred:auth): Failed to acquire user's credentials
Have no idea, where it fails. Would appreciate, if you could help me here a bit. Thank you.
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
participants (2)
-
Tadas -
Vinzenz Feenstra