On Thu, 23 Feb 2012, Oved Ourfalli wrote:
It should be in
/var/log/ovirt-engine/engine-manage-domains/engine-manage-domains.log
(or in /var/log/engine/engine-manage-domains/engine-manage-domains.log... not sure).
Hmm, dont have that, all I have is /var/log/ovirt-engine/engine.log files.
and engine-setup log files.
I think the issue was old kerberos tickets, I flushed them all and retried
and now I get:
-bash-4.2# engine-manage-domains -action=add -domain=blinkmind.net -user=nathan
-interactive
Enter password:
No user in Directory was found for nathan(a)BLINKMIND.NET. Trying next LDAP server in list
Failure while testing domain
blinkmind.net. Details: No user information was found for
user
If I look on the ipa-server I do see the following in the LDAP access log:
[23/Feb/2012:18:33:34 +0000] conn=19 op=232 SRCH
base="dc=blinkmind,dc=net" scope=2
filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=nathan(a)BLINKMIND.NET))"
attrs="krbPrincipalName krbCanonicalName objectClass krbPrincipalKey
krbMaxRenewableAge krbMaxTicketLife krbTicketFlags krbPrincipalExpiration
krbTicketPolicyReference krbUPEnabled krbPwdPolicyReference
krbPasswordExpiration krbLastFailedAuth krbLoginFailedCount
krbLastSuccessfulAuth nsAccountLock krbLastPwdChange krbLastAdminUnlock
krbExtraData krbObjectReferences krballowedtodelegateto"
[23/Feb/2012:18:33:34 +0000] conn=19 op=232 RESULT err=0 tag=101
nentries=1 etime=0
[23/Feb/2012:18:33:34 +0000] conn=17 op=74 SRCH
base="cn=global_policy,cn=BLINKMIND.NET,cn=kerberos,dc=blinkmind,dc=net"
scope=0 filter="(objectClass=krbPwdPolicy)" attrs="cn krbMaxPwdLife
krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength
krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration"
[23/Feb/2012:18:33:34 +0000] conn=17 op=74 RESULT err=0 tag=101 nentries=1
etime=0
[23/Feb/2012:18:33:34 +0000] conn=19 op=233 SRCH
base="dc=blinkmind,dc=net" scope=2
filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=krbtgt/BLINKMIND.NET(a)BLINKMIND.NET))"
attrs="krbPrincipalName krbCanonicalName objectClass krbPrincipalKey
krbMaxRenewableAge krbMaxTicketLife krbTicketFlags krbPrincipalExpiration
krbTicketPolicyReference krbUPEnabled krbPwdPolicyReference
krbPasswordExpiration krbLastFailedAuth krbLoginFailedCount
krbLastSuccessfulAuth nsAccountLock krbLastPwdChange krbLastAdminUnlock
krbExtraData krbObjectReferences krballowedtodelegateto"
[23/Feb/2012:18:33:34 +0000] conn=19 op=233 RESULT err=0 tag=101
nentries=1 etime=0
[23/Feb/2012:18:33:34 +0000] conn=19 op=234 SRCH
base="cn=global_policy,cn=BLINKMIND.NET,cn=kerberos,dc=blinkmind,dc=net"
scope=0 filter="(objectClass=krbPwdPolicy)" attrs="cn krbMaxPwdLife
krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength
krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration"
[23/Feb/2012:18:33:34 +0000] conn=19 op=234 RESULT err=0 tag=101
nentries=1 etime=0
[23/Feb/2012:18:33:34 +0000] conn=20 op=220 SRCH
base="dc=blinkmind,dc=net" scope=2
filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=nathan(a)BLINKMIND.NET))"
attrs="krbPrincipalName krbCanonicalName objectClass krbPrincipalKey
krbMaxRenewableAge krbMaxTicketLife krbTicketFlags krbPrincipalExpiration
krbTicketPolicyReference krbUPEnabled krbPwdPolicyReference
krbPasswordExpiration krbLastFailedAuth krbLoginFailedCount
krbLastSuccessfulAuth nsAccountLock krbLastPwdChange krbLastAdminUnlock
krbExtraData krbObjectReferences krballowedtodelegateto"
[23/Feb/2012:18:33:34 +0000] conn=20 op=220 RESULT err=0 tag=101
nentries=1 etime=0
[23/Feb/2012:18:33:34 +0000] conn=18 op=71 SRCH
base="cn=global_policy,cn=BLINKMIND.NET,cn=kerberos,dc=blinkmind,dc=net"
scope=0 filter="(objectClass=krbPwdPolicy)" attrs="cn krbMaxPwdLife
krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength
krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration"
[23/Feb/2012:18:33:34 +0000] conn=18 op=71 RESULT err=0 tag=101 nentries=1
etime=0
[23/Feb/2012:18:33:34 +0000] conn=20 op=221 SRCH
base="dc=blinkmind,dc=net" scope=2
filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=krbtgt/BLINKMIND.NET(a)BLINKMIND.NET))"
attrs="krbPrincipalName krbCanonicalName objectClass krbPrincipalKey
krbMaxRenewableAge krbMaxTicketLife krbTicketFlags krbPrincipalExpiration
krbTicketPolicyReference krbUPEnabled krbPwdPolicyReference
krbPasswordExpiration krbLastFailedAuth krbLoginFailedCount
krbLastSuccessfulAuth nsAccountLock krbLastPwdChange krbLastAdminUnlock
krbExtraData krbObjectReferences krballowedtodelegateto"
[23/Feb/2012:18:33:34 +0000] conn=20 op=221 RESULT err=0 tag=101
nentries=1 etime=0
[23/Feb/2012:18:33:34 +0000] conn=20 op=222 SRCH
base="cn=global_policy,cn=BLINKMIND.NET,cn=kerberos,dc=blinkmind,dc=net"
scope=0 filter="(objectClass=krbPwdPolicy)" attrs="cn krbMaxPwdLife
krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength
krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration"
[23/Feb/2012:18:33:34 +0000] conn=20 op=222 RESULT err=0 tag=101
nentries=1 etime=0
[23/Feb/2012:18:33:34 +0000] conn=20 op=223 SRCH
base="cn=global_policy,cn=BLINKMIND.NET,cn=kerberos,dc=blinkmind,dc=net"
scope=0 filter="(objectClass=krbPwdPolicy)" attrs="cn krbMaxPwdLife
krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength
krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration"
[23/Feb/2012:18:33:34 +0000] conn=20 op=223 RESULT err=0 tag=101
nentries=1 etime=0
[23/Feb/2012:18:33:34 +0000] conn=20 op=224 SRCH
base="uid=nathan,cn=users,cn=accounts,dc=blinkmind,dc=net" scope=0
filter="(objectClass=*)" attrs="objectClass"
[23/Feb/2012:18:33:34 +0000] conn=20 op=224 RESULT err=0 tag=101
nentries=1 etime=0
[23/Feb/2012:18:33:34 +0000] conn=20 op=225 MOD
dn="uid=nathan,cn=users,cn=accounts,dc=blinkmind,dc=net"
[23/Feb/2012:18:33:34 +0000] conn=20 op=225 RESULT err=0 tag=103
nentries=0 etime=0
[23/Feb/2012:18:33:34 +0000] conn=49 fd=75 slot=75 connection from
10.13.0.245 to 10.13.0.105
[23/Feb/2012:18:33:34 +0000] conn=19 op=235 SRCH
base="dc=blinkmind,dc=net" scope=2
filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=krbtgt/BLINKMIND.NET(a)BLINKMIND.NET))"
attrs="krbPrincipalName krbCanonicalName objectClass krbPrincipalKey
krbMaxRenewableAge krbMaxTicketLife krbTicketFlags krbPrincipalExpiration
krbTicketPolicyReference krbUPEnabled krbPwdPolicyReference
krbPasswordExpiration krbLastFailedAuth krbLoginFailedCount
krbLastSuccessfulAuth nsAccountLock krbLastPwdChange krbLastAdminUnlock
krbExtraData krbObjectReferences krballowedtodelegateto"
[23/Feb/2012:18:33:34 +0000] conn=19 op=235 RESULT err=0 tag=101
nentries=1 etime=0
[23/Feb/2012:18:33:34 +0000] conn=19 op=236 SRCH
base="dc=blinkmind,dc=net" scope=2
filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=ldap/ipa-master.blinkmind.net(a)BLINKMIND.NET))"
attrs="krbPrincipalName krbCanonicalName objectClass krbPrincipalKey
krbMaxRenewableAge krbMaxTicketLife krbTicketFlags krbPrincipalExpiration
krbTicketPolicyReference krbUPEnabled krbPwdPolicyReference
krbPasswordExpiration krbLastFailedAuth krbLoginFailedCount
krbLastSuccessfulAuth nsAccountLock krbLastPwdChange krbLastAdminUnlock
krbExtraData krbObjectReferences krballowedtodelegateto"
[23/Feb/2012:18:33:34 +0000] conn=19 op=236 RESULT err=0 tag=101
nentries=1 etime=0
[23/Feb/2012:18:33:34 +0000] conn=19 op=237 SRCH
base="dc=blinkmind,dc=net" scope=2
filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=nathan(a)BLINKMIND.NET))"
attrs="krbPrincipalName krbCanonicalName objectClass krbPrincipalKey
krbMaxRenewableAge krbMaxTicketLife krbTicketFlags krbPrincipalExpiration
krbTicketPolicyReference krbUPEnabled krbPwdPolicyReference
krbPasswordExpiration krbLastFailedAuth krbLoginFailedCount
krbLastSuccessfulAuth nsAccountLock krbLastPwdChange krbLastAdminUnlock
krbExtraData krbObjectReferences krballowedtodelegateto"
[23/Feb/2012:18:33:34 +0000] conn=19 op=237 RESULT err=0 tag=101
nentries=1 etime=0
[23/Feb/2012:18:33:34 +0000] conn=17 op=75 SRCH
base="cn=global_policy,cn=BLINKMIND.NET,cn=kerberos,dc=blinkmind,dc=net"
scope=0 filter="(objectClass=krbPwdPolicy)" attrs="cn krbMaxPwdLife
krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength
krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration"
[23/Feb/2012:18:33:34 +0000] conn=17 op=75 RESULT err=0 tag=101 nentries=1
etime=0
[23/Feb/2012:18:33:34 +0000] conn=49 op=0 BIND dn="" method=sasl version=3
mech=GSSAPI
[23/Feb/2012:18:33:34 +0000] conn=49 op=0 RESULT err=14 tag=97 nentries=0
etime=0, SASL bind in progress
[23/Feb/2012:18:33:34 +0000] conn=49 op=1 BIND dn="" method=sasl version=3
mech=GSSAPI
[23/Feb/2012:18:33:34 +0000] conn=49 op=1 RESULT err=14 tag=97 nentries=0
etime=0, SASL bind in progress
[23/Feb/2012:18:33:34 +0000] conn=49 op=2 BIND dn="" method=sasl version=3
mech=GSSAPI
[23/Feb/2012:18:33:34 +0000] conn=49 op=2 RESULT err=0 tag=97 nentries=0
etime=0 dn="uid=nathan,cn=users,cn=accounts,dc=blinkmind,dc=net"
[23/Feb/2012:18:33:34 +0000] conn=49 op=3 SRCH base="" scope=0
filter="(objectClass=*)" attrs=ALL
[23/Feb/2012:18:33:34 +0000] conn=49 op=3 RESULT err=0 tag=101 nentries=1
etime=0
[23/Feb/2012:18:33:34 +0000] conn=50 fd=76 slot=76 connection from
10.13.0.245 to 10.13.0.105
[23/Feb/2012:18:33:34 +0000] conn=50 op=0 BIND dn="" method=sasl version=3
mech=GSSAPI
[23/Feb/2012:18:33:34 +0000] conn=50 op=0 RESULT err=14 tag=97 nentries=0
etime=0, SASL bind in progress
[23/Feb/2012:18:33:34 +0000] conn=50 op=1 BIND dn="" method=sasl version=3
mech=GSSAPI
[23/Feb/2012:18:33:34 +0000] conn=50 op=1 RESULT err=14 tag=97 nentries=0
etime=0, SASL bind in progress
[23/Feb/2012:18:33:34 +0000] conn=50 op=2 BIND dn="" method=sasl version=3
mech=GSSAPI
[23/Feb/2012:18:33:34 +0000] conn=50 op=2 RESULT err=0 tag=97 nentries=0
etime=0 dn="uid=nathan,cn=users,cn=accounts,dc=blinkmind,dc=net"
[23/Feb/2012:18:33:34 +0000] conn=50 op=3 SRCH base="dc=blinkmind,dc=net"
scope=2
filter="(&(samaccounttype=805306368)(userprincipalname=nathan(a)BLINKMIND.NET))"
attrs="nsUniqueId ipaUniqueID objectguid objectClass javaSerializedData
javaClassName javaFactory javaCodebase javaReferenceAddress javaClassNames
javaremotelocation"
[23/Feb/2012:18:33:34 +0000] conn=50 op=3 RESULT err=0 tag=101 nentries=0
etime=0 notes=U
[23/Feb/2012:18:33:34 +0000] conn=50 op=4 UNBIND
[23/Feb/2012:18:33:34 +0000] conn=50 op=4 fd=76 closed - U1
[23/Feb/2012:18:33:34 +0000] conn=49 op=-1 fd=75 closed - B1