LDAP logins do not work
I've ran the ovirt-engine-extension-aaa-ldap-setup command to configure LDAP authentication using Active Directory however I am unable to authenticate using valid credentials. Here is the output show while testing the login flow. [ INFO ] Executing login sequence... Login output: 2018-06-13 11:27:17,931-04 INFO ======================================================================== 2018-06-13 11:27:17,960-04 INFO ============================ Initialization ============================ 2018-06-13 11:27:17,960-04 INFO ======================================================================== 2018-06-13 11:27:17,999-04 INFO Loading extension 'example.com-authn' 2018-06-13 11:27:18,072-04 INFO Extension 'example.com-authn' loaded 2018-06-13 11:27:18,077-04 INFO Loading extension 'example.com-authz' 2018-06-13 11:27:18,089-04 INFO Extension 'example.com-authz' loaded 2018-06-13 11:27:18,090-04 INFO Initializing extension 'example.com-authn' 2018-06-13 11:27:18,091-04 INFO [ovirt-engine-extension-aaa-ldap.authn::example.com-authn] Creating LDAP pool 'authz' 2018-06-13 11:27:19,574-04 WARNING Exception: 80090308: LdapErr: DSID-0C09042A, comment: AcceptSecurityContext error, data 52e, v3839 2018-06-13 11:27:19,576-04 INFO [ovirt-engine-extension-aaa-ldap.authn::example.com-authn] Creating LDAP pool 'authn' 2018-06-13 11:27:20,668-04 INFO [ovirt-engine-extension-aaa-ldap.authn::example.com-authn] LDAP pool 'authn' information: vendor='null' version='null' 2018-06-13 11:27:20,674-04 WARNING Ignoring records from pool: 'authz' 2018-06-13 11:27:20,676-04 WARNING Ignoring records from pool: 'authz' 2018-06-13 11:27:20,676-04 INFO Extension 'example.com-authn' initialized 2018-06-13 11:27:20,677-04 INFO Initializing extension 'example.com-authz' 2018-06-13 11:27:20,679-04 INFO [ovirt-engine-extension-aaa-ldap.authz::example.com-authz] Creating LDAP pool 'authz' 2018-06-13 11:27:21,270-04 WARNING Exception: 80090308: LdapErr: DSID-0C09042A, comment: AcceptSecurityContext error, data 52e, v3839 2018-06-13 11:27:21,273-04 INFO [ovirt-engine-extension-aaa-ldap.authz::example.com-authz] Creating LDAP pool 'gc' 2018-06-13 11:27:22,065-04 WARNING Exception: 80090308: LdapErr: DSID-0C090400, comment: AcceptSecurityContext error, data 52e, v1db1 2018-06-13 11:27:22,069-04 WARNING Ignoring records from pool: 'authz' 2018-06-13 11:27:22,072-04 WARNING Ignoring records from pool: 'authz' 2018-06-13 11:27:22,085-04 WARNING Ignoring records from pool: 'authz' 2018-06-13 11:27:22,086-04 INFO [ovirt-engine-extension-aaa-ldap.authz::example.com-authz] Available Namespaces: [] 2018-06-13 11:27:22,087-04 INFO Extension 'example.com-authz' initialized 2018-06-13 11:27:22,088-04 INFO Start of enabled extensions list 2018-06-13 11:27:22,089-04 INFO Instance name: 'example.com-authz', Extension name: 'ovirt-engine-extension-aaa-ldap.authz', Version: '1.3.7', Notes: 'Display name: ovirt-engine-extension-aaa-ldap-1.3.7-1.el7.centos', License: 'ASL 2.0', Home: 'http://www.ovirt.org', Author 'The oVirt Project', Build interface Version: '0', File: '/tmp/tmpPQluAI/extensions.d/example.com-authz.properties', Initialized: 'true' 2018-06-13 11:27:22,089-04 INFO Instance name: 'example.com-authn', Extension name: 'ovirt-engine-extension-aaa-ldap.authn', Version: '1.3.7', Notes: 'Display name: ovirt-engine-extension-aaa-ldap-1.3.7-1.el7.centos', License: 'ASL 2.0', Home: 'http://www.ovirt.org', Author 'The oVirt Project', Build interface Version: '0', File: '/tmp/tmpPQluAI/extensions.d/example.com-authn.properties', Initialized: 'true' 2018-06-13 11:27:22,090-04 INFO End of enabled extensions list 2018-06-13 11:27:22,090-04 INFO ======================================================================== 2018-06-13 11:27:22,090-04 INFO ============================== Execution =============================== 2018-06-13 11:27:22,091-04 INFO ======================================================================== 2018-06-13 11:27:22,091-04 INFO Iteration: 0 2018-06-13 11:27:22,093-04 INFO Profile='example.com' authn='example.com-authn' authz='example.com-authz' mapping='null' 2018-06-13 11:27:22,094-04 INFO API: -->Authn.InvokeCommands.AUTHENTICATE_CREDENTIALS profile='example.com' user='d861703' 2018-06-13 11:27:22,251-04 INFO API: <--Authn.InvokeCommands.AUTHENTICATE_CREDENTIALS profile='example.com' result=CREDENTIALS_INCORRECT 2018-06-13 11:27:22,262-04 SEVERE Authn.Result code is: CREDENTIALS_INCORRECT [ ERROR ] Login sequence failed Does anybody know what LdapErr: DSID-0C09042A, comment: AcceptSecurityContext error, data 52e, v3839 means? Is this a TLS issue? I am quite certain the password I'm using is correct.
Can you share the debug log, and also make sure the search user you are using is correct for example by running the ldapsearch command with it. On 06/13/2018 05:33 PM, Michael Watters wrote:
I've ran the ovirt-engine-extension-aaa-ldap-setup command to configure LDAP authentication using Active Directory however I am unable to authenticate using valid credentials. Here is the output show while testing the login flow.
[ INFO ] Executing login sequence... Login output: 2018-06-13 11:27:17,931-04 INFO ======================================================================== 2018-06-13 11:27:17,960-04 INFO ============================ Initialization ============================ 2018-06-13 11:27:17,960-04 INFO ======================================================================== 2018-06-13 11:27:17,999-04 INFO Loading extension 'example.com-authn' 2018-06-13 11:27:18,072-04 INFO Extension 'example.com-authn' loaded 2018-06-13 11:27:18,077-04 INFO Loading extension 'example.com-authz' 2018-06-13 11:27:18,089-04 INFO Extension 'example.com-authz' loaded 2018-06-13 11:27:18,090-04 INFO Initializing extension 'example.com-authn' 2018-06-13 11:27:18,091-04 INFO [ovirt-engine-extension-aaa-ldap.authn::example.com-authn] Creating LDAP pool 'authz' 2018-06-13 11:27:19,574-04 WARNING Exception: 80090308: LdapErr: DSID-0C09042A, comment: AcceptSecurityContext error, data 52e, v3839 2018-06-13 11:27:19,576-04 INFO [ovirt-engine-extension-aaa-ldap.authn::example.com-authn] Creating LDAP pool 'authn' 2018-06-13 11:27:20,668-04 INFO [ovirt-engine-extension-aaa-ldap.authn::example.com-authn] LDAP pool 'authn' information: vendor='null' version='null' 2018-06-13 11:27:20,674-04 WARNING Ignoring records from pool: 'authz' 2018-06-13 11:27:20,676-04 WARNING Ignoring records from pool: 'authz' 2018-06-13 11:27:20,676-04 INFO Extension 'example.com-authn' initialized 2018-06-13 11:27:20,677-04 INFO Initializing extension 'example.com-authz' 2018-06-13 11:27:20,679-04 INFO [ovirt-engine-extension-aaa-ldap.authz::example.com-authz] Creating LDAP pool 'authz' 2018-06-13 11:27:21,270-04 WARNING Exception: 80090308: LdapErr: DSID-0C09042A, comment: AcceptSecurityContext error, data 52e, v3839 2018-06-13 11:27:21,273-04 INFO [ovirt-engine-extension-aaa-ldap.authz::example.com-authz] Creating LDAP pool 'gc' 2018-06-13 11:27:22,065-04 WARNING Exception: 80090308: LdapErr: DSID-0C090400, comment: AcceptSecurityContext error, data 52e, v1db1 2018-06-13 11:27:22,069-04 WARNING Ignoring records from pool: 'authz' 2018-06-13 11:27:22,072-04 WARNING Ignoring records from pool: 'authz' 2018-06-13 11:27:22,085-04 WARNING Ignoring records from pool: 'authz' 2018-06-13 11:27:22,086-04 INFO [ovirt-engine-extension-aaa-ldap.authz::example.com-authz] Available Namespaces: [] 2018-06-13 11:27:22,087-04 INFO Extension 'example.com-authz' initialized 2018-06-13 11:27:22,088-04 INFO Start of enabled extensions list 2018-06-13 11:27:22,089-04 INFO Instance name: 'example.com-authz', Extension name: 'ovirt-engine-extension-aaa-ldap.authz', Version: '1.3.7', Notes: 'Display name: ovirt-engine-extension-aaa-ldap-1.3.7-1.el7.centos', License: 'ASL 2.0', Home: 'http://www.ovirt.org', Author 'The oVirt Project', Build interface Version: '0', File: '/tmp/tmpPQluAI/extensions.d/example.com-authz.properties', Initialized: 'true' 2018-06-13 11:27:22,089-04 INFO Instance name: 'example.com-authn', Extension name: 'ovirt-engine-extension-aaa-ldap.authn', Version: '1.3.7', Notes: 'Display name: ovirt-engine-extension-aaa-ldap-1.3.7-1.el7.centos', License: 'ASL 2.0', Home: 'http://www.ovirt.org', Author 'The oVirt Project', Build interface Version: '0', File: '/tmp/tmpPQluAI/extensions.d/example.com-authn.properties', Initialized: 'true' 2018-06-13 11:27:22,090-04 INFO End of enabled extensions list 2018-06-13 11:27:22,090-04 INFO ======================================================================== 2018-06-13 11:27:22,090-04 INFO ============================== Execution =============================== 2018-06-13 11:27:22,091-04 INFO ======================================================================== 2018-06-13 11:27:22,091-04 INFO Iteration: 0 2018-06-13 11:27:22,093-04 INFO Profile='example.com' authn='example.com-authn' authz='example.com-authz' mapping='null' 2018-06-13 11:27:22,094-04 INFO API: -->Authn.InvokeCommands.AUTHENTICATE_CREDENTIALS profile='example.com' user='d861703' 2018-06-13 11:27:22,251-04 INFO API: <--Authn.InvokeCommands.AUTHENTICATE_CREDENTIALS profile='example.com' result=CREDENTIALS_INCORRECT 2018-06-13 11:27:22,262-04 SEVERE Authn.Result code is: CREDENTIALS_INCORRECT [ ERROR ] Login sequence failed
Does anybody know what LdapErr: DSID-0C09042A, comment: AcceptSecurityContext error, data 52e, v3839 means? Is this a TLS issue? I am quite certain the password I'm using is correct. _______________________________________________ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-leave@ovirt.org Privacy Statement: https://www.ovirt.org/site/privacy-policy/ oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/7KTJZ6ID3PB764...
ldapsearch works correctly and I'm able to bind to AD without any issues. ovirt-engine-extension-aaa-ldap-setup also shows searches working correctly. One thing I've discovered is that I can login as "user@domain.com" but then receive an error as follows.
The user user@example.com@example.com is not authorized to perform login
How do I enable debug logs? The log entries from the engine.log file are the same as my previous message. On 06/14/2018 06:37 AM, Ondra Machacek wrote:
Can you share the debug log, and also make sure the search user you are using is correct for example by running the ldapsearch command with it.
On 06/13/2018 05:33 PM, Michael Watters wrote:
I've ran the ovirt-engine-extension-aaa-ldap-setup command to configure LDAP authentication using Active Directory however I am unable to authenticate using valid credentials. Here is the output show while testing the login flow.
[ INFO ] Executing login sequence... Login output: 2018-06-13 11:27:17,931-04 INFO ======================================================================== 2018-06-13 11:27:17,960-04 INFO ============================ Initialization ============================ 2018-06-13 11:27:17,960-04 INFO ======================================================================== 2018-06-13 11:27:17,999-04 INFO Loading extension 'example.com-authn' 2018-06-13 11:27:18,072-04 INFO Extension 'example.com-authn' loaded 2018-06-13 11:27:18,077-04 INFO Loading extension 'example.com-authz' 2018-06-13 11:27:18,089-04 INFO Extension 'example.com-authz' loaded 2018-06-13 11:27:18,090-04 INFO Initializing extension 'example.com-authn' 2018-06-13 11:27:18,091-04 INFO [ovirt-engine-extension-aaa-ldap.authn::example.com-authn] Creating LDAP pool 'authz' 2018-06-13 11:27:19,574-04 WARNING Exception: 80090308: LdapErr: DSID-0C09042A, comment: AcceptSecurityContext error, data 52e, v3839 2018-06-13 11:27:19,576-04 INFO [ovirt-engine-extension-aaa-ldap.authn::example.com-authn] Creating LDAP pool 'authn' 2018-06-13 11:27:20,668-04 INFO [ovirt-engine-extension-aaa-ldap.authn::example.com-authn] LDAP pool 'authn' information: vendor='null' version='null' 2018-06-13 11:27:20,674-04 WARNING Ignoring records from pool: 'authz' 2018-06-13 11:27:20,676-04 WARNING Ignoring records from pool: 'authz' 2018-06-13 11:27:20,676-04 INFO Extension 'example.com-authn' initialized 2018-06-13 11:27:20,677-04 INFO Initializing extension 'example.com-authz' 2018-06-13 11:27:20,679-04 INFO [ovirt-engine-extension-aaa-ldap.authz::example.com-authz] Creating LDAP pool 'authz' 2018-06-13 11:27:21,270-04 WARNING Exception: 80090308: LdapErr: DSID-0C09042A, comment: AcceptSecurityContext error, data 52e, v3839 2018-06-13 11:27:21,273-04 INFO [ovirt-engine-extension-aaa-ldap.authz::example.com-authz] Creating LDAP pool 'gc' 2018-06-13 11:27:22,065-04 WARNING Exception: 80090308: LdapErr: DSID-0C090400, comment: AcceptSecurityContext error, data 52e, v1db1 2018-06-13 11:27:22,069-04 WARNING Ignoring records from pool: 'authz' 2018-06-13 11:27:22,072-04 WARNING Ignoring records from pool: 'authz' 2018-06-13 11:27:22,085-04 WARNING Ignoring records from pool: 'authz' 2018-06-13 11:27:22,086-04 INFO [ovirt-engine-extension-aaa-ldap.authz::example.com-authz] Available Namespaces: [] 2018-06-13 11:27:22,087-04 INFO Extension 'example.com-authz' initialized 2018-06-13 11:27:22,088-04 INFO Start of enabled extensions list 2018-06-13 11:27:22,089-04 INFO Instance name: 'example.com-authz', Extension name: 'ovirt-engine-extension-aaa-ldap.authz', Version: '1.3.7', Notes: 'Display name: ovirt-engine-extension-aaa-ldap-1.3.7-1.el7.centos', License: 'ASL 2.0', Home: 'http://www.ovirt.org', Author 'The oVirt Project', Build interface Version: '0', File: '/tmp/tmpPQluAI/extensions.d/example.com-authz.properties', Initialized: 'true' 2018-06-13 11:27:22,089-04 INFO Instance name: 'example.com-authn', Extension name: 'ovirt-engine-extension-aaa-ldap.authn', Version: '1.3.7', Notes: 'Display name: ovirt-engine-extension-aaa-ldap-1.3.7-1.el7.centos', License: 'ASL 2.0', Home: 'http://www.ovirt.org', Author 'The oVirt Project', Build interface Version: '0', File: '/tmp/tmpPQluAI/extensions.d/example.com-authn.properties', Initialized: 'true' 2018-06-13 11:27:22,090-04 INFO End of enabled extensions list 2018-06-13 11:27:22,090-04 INFO ======================================================================== 2018-06-13 11:27:22,090-04 INFO ============================== Execution =============================== 2018-06-13 11:27:22,091-04 INFO ======================================================================== 2018-06-13 11:27:22,091-04 INFO Iteration: 0 2018-06-13 11:27:22,093-04 INFO Profile='example.com' authn='example.com-authn' authz='example.com-authz' mapping='null' 2018-06-13 11:27:22,094-04 INFO API: -->Authn.InvokeCommands.AUTHENTICATE_CREDENTIALS profile='example.com' user='d861703' 2018-06-13 11:27:22,251-04 INFO API: <--Authn.InvokeCommands.AUTHENTICATE_CREDENTIALS profile='example.com' result=CREDENTIALS_INCORRECT 2018-06-13 11:27:22,262-04 SEVERE Authn.Result code is: CREDENTIALS_INCORRECT [ ERROR ] Login sequence failed
Does anybody know what LdapErr: DSID-0C09042A, comment: AcceptSecurityContext error, data 52e, v3839 means? Is this a TLS issue? I am quite certain the password I'm using is correct. _______________________________________________ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-leave@ovirt.org Privacy Statement: https://www.ovirt.org/site/privacy-policy/ oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/7KTJZ6ID3PB764...
This error: The user user@example.com@example.com is not authorized to perform login means that you don't have any role assigned to your user. Please check following documentation: https://www.ovirt.org/documentation/admin-guide/chap-Users_and_Roles/#user-a... to understand permission model of oVirt. On 06/14/2018 02:39 PM, Michael Watters wrote:
ldapsearch works correctly and I'm able to bind to AD without any issues. ovirt-engine-extension-aaa-ldap-setup also shows searches working correctly.
One thing I've discovered is that I can login as "user@domain.com" but then receive an error as follows.
The user user@example.com@example.com is not authorized to perform login
How do I enable debug logs? The log entries from the engine.log file are the same as my previous message.
On 06/14/2018 06:37 AM, Ondra Machacek wrote:
Can you share the debug log, and also make sure the search user you are using is correct for example by running the ldapsearch command with it.
On 06/13/2018 05:33 PM, Michael Watters wrote:
I've ran the ovirt-engine-extension-aaa-ldap-setup command to configure LDAP authentication using Active Directory however I am unable to authenticate using valid credentials. Here is the output show while testing the login flow.
[ INFO ] Executing login sequence... Login output: 2018-06-13 11:27:17,931-04 INFO ======================================================================== 2018-06-13 11:27:17,960-04 INFO ============================ Initialization ============================ 2018-06-13 11:27:17,960-04 INFO ======================================================================== 2018-06-13 11:27:17,999-04 INFO Loading extension 'example.com-authn' 2018-06-13 11:27:18,072-04 INFO Extension 'example.com-authn' loaded 2018-06-13 11:27:18,077-04 INFO Loading extension 'example.com-authz' 2018-06-13 11:27:18,089-04 INFO Extension 'example.com-authz' loaded 2018-06-13 11:27:18,090-04 INFO Initializing extension 'example.com-authn' 2018-06-13 11:27:18,091-04 INFO [ovirt-engine-extension-aaa-ldap.authn::example.com-authn] Creating LDAP pool 'authz' 2018-06-13 11:27:19,574-04 WARNING Exception: 80090308: LdapErr: DSID-0C09042A, comment: AcceptSecurityContext error, data 52e, v3839 2018-06-13 11:27:19,576-04 INFO [ovirt-engine-extension-aaa-ldap.authn::example.com-authn] Creating LDAP pool 'authn' 2018-06-13 11:27:20,668-04 INFO [ovirt-engine-extension-aaa-ldap.authn::example.com-authn] LDAP pool 'authn' information: vendor='null' version='null' 2018-06-13 11:27:20,674-04 WARNING Ignoring records from pool: 'authz' 2018-06-13 11:27:20,676-04 WARNING Ignoring records from pool: 'authz' 2018-06-13 11:27:20,676-04 INFO Extension 'example.com-authn' initialized 2018-06-13 11:27:20,677-04 INFO Initializing extension 'example.com-authz' 2018-06-13 11:27:20,679-04 INFO [ovirt-engine-extension-aaa-ldap.authz::example.com-authz] Creating LDAP pool 'authz' 2018-06-13 11:27:21,270-04 WARNING Exception: 80090308: LdapErr: DSID-0C09042A, comment: AcceptSecurityContext error, data 52e, v3839 2018-06-13 11:27:21,273-04 INFO [ovirt-engine-extension-aaa-ldap.authz::example.com-authz] Creating LDAP pool 'gc' 2018-06-13 11:27:22,065-04 WARNING Exception: 80090308: LdapErr: DSID-0C090400, comment: AcceptSecurityContext error, data 52e, v1db1 2018-06-13 11:27:22,069-04 WARNING Ignoring records from pool: 'authz' 2018-06-13 11:27:22,072-04 WARNING Ignoring records from pool: 'authz' 2018-06-13 11:27:22,085-04 WARNING Ignoring records from pool: 'authz' 2018-06-13 11:27:22,086-04 INFO [ovirt-engine-extension-aaa-ldap.authz::example.com-authz] Available Namespaces: [] 2018-06-13 11:27:22,087-04 INFO Extension 'example.com-authz' initialized 2018-06-13 11:27:22,088-04 INFO Start of enabled extensions list 2018-06-13 11:27:22,089-04 INFO Instance name: 'example.com-authz', Extension name: 'ovirt-engine-extension-aaa-ldap.authz', Version: '1.3.7', Notes: 'Display name: ovirt-engine-extension-aaa-ldap-1.3.7-1.el7.centos', License: 'ASL 2.0', Home: 'http://www.ovirt.org', Author 'The oVirt Project', Build interface Version: '0', File: '/tmp/tmpPQluAI/extensions.d/example.com-authz.properties', Initialized: 'true' 2018-06-13 11:27:22,089-04 INFO Instance name: 'example.com-authn', Extension name: 'ovirt-engine-extension-aaa-ldap.authn', Version: '1.3.7', Notes: 'Display name: ovirt-engine-extension-aaa-ldap-1.3.7-1.el7.centos', License: 'ASL 2.0', Home: 'http://www.ovirt.org', Author 'The oVirt Project', Build interface Version: '0', File: '/tmp/tmpPQluAI/extensions.d/example.com-authn.properties', Initialized: 'true' 2018-06-13 11:27:22,090-04 INFO End of enabled extensions list 2018-06-13 11:27:22,090-04 INFO ======================================================================== 2018-06-13 11:27:22,090-04 INFO ============================== Execution =============================== 2018-06-13 11:27:22,091-04 INFO ======================================================================== 2018-06-13 11:27:22,091-04 INFO Iteration: 0 2018-06-13 11:27:22,093-04 INFO Profile='example.com' authn='example.com-authn' authz='example.com-authz' mapping='null' 2018-06-13 11:27:22,094-04 INFO API: -->Authn.InvokeCommands.AUTHENTICATE_CREDENTIALS profile='example.com' user='d861703' 2018-06-13 11:27:22,251-04 INFO API: <--Authn.InvokeCommands.AUTHENTICATE_CREDENTIALS profile='example.com' result=CREDENTIALS_INCORRECT 2018-06-13 11:27:22,262-04 SEVERE Authn.Result code is: CREDENTIALS_INCORRECT [ ERROR ] Login sequence failed
Does anybody know what LdapErr: DSID-0C09042A, comment: AcceptSecurityContext error, data 52e, v3839 means? Is this a TLS issue? I am quite certain the password I'm using is correct. _______________________________________________ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-leave@ovirt.org Privacy Statement: https://www.ovirt.org/site/privacy-policy/ oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/7KTJZ6ID3PB764...
Thanks. I've deleted the old roles/users and recreated them using the System Permissions tab and logins are working now. On 06/14/2018 09:20 AM, Ondra Machacek wrote:
This error:
The user user@example.com@example.com is not authorized to perform login
means that you don't have any role assigned to your user.
Please check following documentation:
https://www.ovirt.org/documentation/admin-guide/chap-Users_and_Roles/#user-a...
to understand permission model of oVirt.
On 06/14/2018 02:39 PM, Michael Watters wrote:
ldapsearch works correctly and I'm able to bind to AD without any issues. ovirt-engine-extension-aaa-ldap-setup also shows searches working correctly.
One thing I've discovered is that I can login as "user@domain.com" but then receive an error as follows.
The user user@example.com@example.com is not authorized to perform login
How do I enable debug logs? The log entries from the engine.log file are the same as my previous message.
On 06/14/2018 06:37 AM, Ondra Machacek wrote:
Can you share the debug log, and also make sure the search user you are using is correct for example by running the ldapsearch command with it.
On 06/13/2018 05:33 PM, Michael Watters wrote:
I've ran the ovirt-engine-extension-aaa-ldap-setup command to configure LDAP authentication using Active Directory however I am unable to authenticate using valid credentials. Here is the output show while testing the login flow.
[ INFO ] Executing login sequence... Login output: 2018-06-13 11:27:17,931-04 INFO ========================================================================
2018-06-13 11:27:17,960-04 INFO ============================ Initialization ============================ 2018-06-13 11:27:17,960-04 INFO ========================================================================
2018-06-13 11:27:17,999-04 INFO Loading extension 'example.com-authn' 2018-06-13 11:27:18,072-04 INFO Extension 'example.com-authn' loaded 2018-06-13 11:27:18,077-04 INFO Loading extension 'example.com-authz' 2018-06-13 11:27:18,089-04 INFO Extension 'example.com-authz' loaded 2018-06-13 11:27:18,090-04 INFO Initializing extension 'example.com-authn' 2018-06-13 11:27:18,091-04 INFO [ovirt-engine-extension-aaa-ldap.authn::example.com-authn] Creating LDAP pool 'authz' 2018-06-13 11:27:19,574-04 WARNING Exception: 80090308: LdapErr: DSID-0C09042A, comment: AcceptSecurityContext error, data 52e, v3839 2018-06-13 11:27:19,576-04 INFO [ovirt-engine-extension-aaa-ldap.authn::example.com-authn] Creating LDAP pool 'authn' 2018-06-13 11:27:20,668-04 INFO [ovirt-engine-extension-aaa-ldap.authn::example.com-authn] LDAP pool 'authn' information: vendor='null' version='null' 2018-06-13 11:27:20,674-04 WARNING Ignoring records from pool: 'authz' 2018-06-13 11:27:20,676-04 WARNING Ignoring records from pool: 'authz' 2018-06-13 11:27:20,676-04 INFO Extension 'example.com-authn' initialized 2018-06-13 11:27:20,677-04 INFO Initializing extension 'example.com-authz' 2018-06-13 11:27:20,679-04 INFO [ovirt-engine-extension-aaa-ldap.authz::example.com-authz] Creating LDAP pool 'authz' 2018-06-13 11:27:21,270-04 WARNING Exception: 80090308: LdapErr: DSID-0C09042A, comment: AcceptSecurityContext error, data 52e, v3839 2018-06-13 11:27:21,273-04 INFO [ovirt-engine-extension-aaa-ldap.authz::example.com-authz] Creating LDAP pool 'gc' 2018-06-13 11:27:22,065-04 WARNING Exception: 80090308: LdapErr: DSID-0C090400, comment: AcceptSecurityContext error, data 52e, v1db1 2018-06-13 11:27:22,069-04 WARNING Ignoring records from pool: 'authz' 2018-06-13 11:27:22,072-04 WARNING Ignoring records from pool: 'authz' 2018-06-13 11:27:22,085-04 WARNING Ignoring records from pool: 'authz' 2018-06-13 11:27:22,086-04 INFO [ovirt-engine-extension-aaa-ldap.authz::example.com-authz] Available Namespaces: [] 2018-06-13 11:27:22,087-04 INFO Extension 'example.com-authz' initialized 2018-06-13 11:27:22,088-04 INFO Start of enabled extensions list 2018-06-13 11:27:22,089-04 INFO Instance name: 'example.com-authz', Extension name: 'ovirt-engine-extension-aaa-ldap.authz', Version: '1.3.7', Notes: 'Display name: ovirt-engine-extension-aaa-ldap-1.3.7-1.el7.centos', License: 'ASL 2.0', Home: 'http://www.ovirt.org', Author 'The oVirt Project', Build interface Version: '0', File: '/tmp/tmpPQluAI/extensions.d/example.com-authz.properties', Initialized: 'true' 2018-06-13 11:27:22,089-04 INFO Instance name: 'example.com-authn', Extension name: 'ovirt-engine-extension-aaa-ldap.authn', Version: '1.3.7', Notes: 'Display name: ovirt-engine-extension-aaa-ldap-1.3.7-1.el7.centos', License: 'ASL 2.0', Home: 'http://www.ovirt.org', Author 'The oVirt Project', Build interface Version: '0', File: '/tmp/tmpPQluAI/extensions.d/example.com-authn.properties', Initialized: 'true' 2018-06-13 11:27:22,090-04 INFO End of enabled extensions list 2018-06-13 11:27:22,090-04 INFO ========================================================================
2018-06-13 11:27:22,090-04 INFO ============================== Execution =============================== 2018-06-13 11:27:22,091-04 INFO ========================================================================
2018-06-13 11:27:22,091-04 INFO Iteration: 0 2018-06-13 11:27:22,093-04 INFO Profile='example.com' authn='example.com-authn' authz='example.com-authz' mapping='null' 2018-06-13 11:27:22,094-04 INFO API: -->Authn.InvokeCommands.AUTHENTICATE_CREDENTIALS profile='example.com' user='d861703' 2018-06-13 11:27:22,251-04 INFO API: <--Authn.InvokeCommands.AUTHENTICATE_CREDENTIALS profile='example.com' result=CREDENTIALS_INCORRECT 2018-06-13 11:27:22,262-04 SEVERE Authn.Result code is: CREDENTIALS_INCORRECT [ ERROR ] Login sequence failed
Does anybody know what LdapErr: DSID-0C09042A, comment: AcceptSecurityContext error, data 52e, v3839 means? Is this a TLS issue? I am quite certain the password I'm using is correct. _______________________________________________ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-leave@ovirt.org Privacy Statement: https://www.ovirt.org/site/privacy-policy/ oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/7KTJZ6ID3PB764...
participants (2)
-
Michael Watters -
Ondra Machacek