
Hello, We managed to setup oVirt Engine with your help, now we're facing other issue. I'm trying to configure AD auth for web portal, but unfortunately I got error during ovirt-engine-extension-aaa-ldap-setup: 2018-06-27 09:06:21,926+02 INFO ======================================================================== 2018-06-27 09:06:21,926+02 INFO ============================== Execution =============================== 2018-06-27 09:06:21,926+02 INFO ======================================================================== 2018-06-27 09:06:21,927+02 INFO Iteration: 0 2018-06-27 09:06:21,928+02 INFO Profile='ad' authn='ad-authn' authz='ad-authz' mapping='null' 2018-06-27 09:06:21,928+02 INFO API: -->Authn.InvokeCommands.AUTHENTICATE_CREDENTIALS profile='ad' user='username' 2018-06-27 09:06:21,945+02 INFO API: <--Authn.InvokeCommands.AUTHENTICATE_CREDENTIALS profile='ad' result=SUCCESS 2018-06-27 09:06:21,948+02 INFO --- Begin AuthRecord --- 2018-06-27 09:06:21,949+02 INFO AAA_AUTHN_AUTH_RECORD_PRINCIPAL: username 2018-06-27 09:06:21,949+02 INFO --- End AuthRecord --- 2018-06-27 09:06:21,950+02 INFO API: -->Authz.InvokeCommands.FETCH_PRINCIPAL_RECORD principal='username' 2018-06-27 09:06:21,952+02 WARNING Ignoring records from pool: 'gc' 2018-06-27 09:06:21,953+02 SEVERE Cannot resolve principal 'username' Do you have any idea what's the issue and what we're missing? As it looks like credentials are correct - passing wrong username gives fail earlier, so issue is somewhere after authentication. -- Best regards/Pozdrawiam/MfG Mariusz Kozakowski Site Reliability Engineer Dansk Supermarked Group Baltic Business Park ul. 1 Maja 38-39 71-627 Szczecin dansksupermarked.com

On Wed, Jun 27, 2018 at 9:14 AM, Mariusz Kozakowski < mariusz.kozakowski@sallinggroup.com> wrote:
Hello,
We managed to setup oVirt Engine with your help, now we're facing other issue.
I'm trying to configure AD auth for web portal, but unfortunately I got error during ovirt-engine-extension-aaa-ldap-setup:
2018-06-27 09:06:21,926+02 INFO ====================== ================================================== 2018-06-27 09:06:21,926+02 INFO ============================== Execution =============================== 2018-06-27 09:06:21,926+02 INFO ====================== ================================================== 2018-06-27 09:06:21,927+02 INFO Iteration: 0 2018-06-27 09:06:21,928+02 INFO Profile='ad' authn='ad-authn' authz='ad-authz' mapping='null' 2018-06-27 09:06:21,928+02 INFO API: -->Authn.InvokeCommands.AUTHENTICATE_CREDENTIALS profile='ad' user='username' 2018-06-27 09:06:21,945+02 INFO API: <--Authn.InvokeCommands.AUTHENTICATE_CREDENTIALS profile='ad' result=SUCCESS 2018-06-27 09:06:21,948+02 INFO --- Begin AuthRecord --- 2018-06-27 09:06:21,949+02 INFO AAA_AUTHN_AUTH_RECORD_PRINCIPAL: username 2018-06-27 09:06:21,949+02 INFO --- End AuthRecord --- 2018-06-27 09:06:21,950+02 INFO API: -->Authz.InvokeCommands.FETCH_PRINCIPAL_RECORD principal='username' 2018-06-27 09:06:21,952+02 WARNING Ignoring records from pool: 'gc' 2018-06-27 09:06:21,953+02 SEVERE Cannot resolve principal 'username'
Hi, are you sure that you are trying to configure either "standalone AD domain" or "AD forrest with multi-domain trust" using the tool? I'm asking because if want to configure AD which is part of AD forrest, you cannot do that using the tool, as this is advanced configuration. And we don't support multi-forrest with multi-domain trusts at all. Could you please describe your AD setup and share with us full output of aaa-ldap-setup tool? Thanks Martin
Do you have any idea what's the issue and what we're missing? As it looks like credentials are correct - passing wrong username gives fail earlier, so issue is somewhere after authentication.
--
Best regards/Pozdrawiam/MfG
*Mariusz Kozakowski*
Site Reliability Engineer
Dansk Supermarked Group Baltic Business Park ul. 1 Maja 38-39 71-627 Szczecin dansksupermarked.com
_______________________________________________ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-leave@ovirt.org Privacy Statement: https://www.ovirt.org/site/privacy-policy/ oVirt Code of Conduct: https://www.ovirt.org/community/about/community- guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/ message/6BZXOA6ZXMSN5EPC67LNBUSANJLUBHA7/
-- Martin Perina Associate Manager, Software Engineering Red Hat Czech s.r.o.
participants (2)
-
Mariusz Kozakowski
-
Martin Perina