Re: [Users] Unable to log into user portal with user account
I added the domain using engine-manage-domains and then I went into the engine admin portal and added the groups I mentioned and assigned those groups to the UserRole for ovirt. I'm not familiar with psql at all, every iteration of running the queries you requested has failed. On Sun, Apr 6, 2014 at 7:27 PM, Yair Zaslavsky <yzaslavs@redhat.com> wrote:
Hi, 1. When you log in to to the admin portal, and check the permissions the user have, does it have the UserRole? 2. Can you please provide us the following SQL queries (using psql)
select user_name, groupIds from users;
select id,name from ad_groups;
3. In addition - have you manually added your user to oVirt before the login attempt, or did you just add the mentioned group + gave it permissions?
Thanks, Yair
----- Original Message -----
From: "Jeff Clay" <jeffclay@gmail.com> To: users@ovirt.org Sent: Monday, April 7, 2014 3:01:55 AM Subject: [Users] Unable to log into user portal with user account
I have attached an AD domain. I can log in to the admin and user portals with the credentials used to add the domain. I made a new user on the AD for testing. I have added BuiltIn\Users and Domain\Users to the UserRole in Ovirt. When I try to log in to the UserPortal with a regular user account I get the error that the user isn't authorized to perform the action.
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
----- Original Message -----
From: "Jeff Clay" <jeffclay@gmail.com> To: "Yair Zaslavsky" <yzaslavs@redhat.com>, users@ovirt.org Sent: Monday, April 7, 2014 4:28:09 AM Subject: Re: [Users] Unable to log into user portal with user account
I added the domain using engine-manage-domains and then I went into the engine admin portal and added the groups I mentioned and assigned those groups to the UserRole for ovirt. I'm not familiar with psql at all, every iteration of running the queries you requested has failed.
Ok, after you fail to login to userportal, can you login to the admin portal, and check for the user you tried to login with what are the permissions he has? Thanks, Yair
On Sun, Apr 6, 2014 at 7:27 PM, Yair Zaslavsky <yzaslavs@redhat.com> wrote:
Hi, 1. When you log in to to the admin portal, and check the permissions the user have, does it have the UserRole? 2. Can you please provide us the following SQL queries (using psql)
select user_name, groupIds from users;
Should be select username, group_ids from users; - sorry, my bad.
select id,name from ad_groups;
3. In addition - have you manually added your user to oVirt before the login attempt, or did you just add the mentioned group + gave it permissions?
Thanks, Yair
----- Original Message -----
From: "Jeff Clay" <jeffclay@gmail.com> To: users@ovirt.org Sent: Monday, April 7, 2014 3:01:55 AM Subject: [Users] Unable to log into user portal with user account
I have attached an AD domain. I can log in to the admin and user portals with the credentials used to add the domain. I made a new user on the AD for testing. I have added BuiltIn\Users and Domain\Users to the UserRole in Ovirt. When I try to log in to the UserPortal with a regular user account I get the error that the user isn't authorized to perform the action.
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
[root@usarpaovrtengine01 ~]# psql select username, group_ids from users; psql: warning: extra command-line argument "group_ids" ignored psql: warning: extra command-line argument "from" ignored psql: warning: extra command-line argument "users" ignored psql: FATAL: Ident authentication failed for user "username," [root@usarpaovrtengine01 ~]# I can log into the admin portal fine with my admin users. I can log into the user portal fine with the admin users. I can not log into the user portal with a regular user account. Here's the engine.log for when I try to log in to user portal with that user account: 2014-04-06 20:51:59,208 WARN [org.ovirt.engine.core.bll.LoginUserCommand] (ajp--127.0.0.1-8702-7) CanDoAction of action LoginUser failed. Reasons:USER_NOT_AUTHORIZED_TO_PERFORM_ACTION The user account "ovirt" (which I've added to my AD) is what I'm trying to log in with. That user account is not specifically showing up in the admin portal user list; however, the group Domain\Users does show up. The 'ovirt' user is a member of Domain\Users. On Sun, Apr 6, 2014 at 8:38 PM, Yair Zaslavsky <yzaslavs@redhat.com> wrote:
----- Original Message -----
From: "Jeff Clay" <jeffclay@gmail.com> To: "Yair Zaslavsky" <yzaslavs@redhat.com>, users@ovirt.org Sent: Monday, April 7, 2014 4:28:09 AM Subject: Re: [Users] Unable to log into user portal with user account
I added the domain using engine-manage-domains and then I went into the engine admin portal and added the groups I mentioned and assigned those groups to the UserRole for ovirt. I'm not familiar with psql at all, every iteration of running the queries you requested has failed.
Ok, after you fail to login to userportal, can you login to the admin portal, and check for the user you tried to login with what are the permissions he has?
Thanks, Yair
On Sun, Apr 6, 2014 at 7:27 PM, Yair Zaslavsky <yzaslavs@redhat.com>
wrote:
Hi, 1. When you log in to to the admin portal, and check the permissions
the
user have, does it have the UserRole? 2. Can you please provide us the following SQL queries (using psql)
select user_name, groupIds from users;
Should be select username, group_ids from users; - sorry, my bad.
select id,name from ad_groups;
3. In addition - have you manually added your user to oVirt before the login attempt, or did you just add the mentioned group + gave it permissions?
Thanks, Yair
----- Original Message -----
From: "Jeff Clay" <jeffclay@gmail.com> To: users@ovirt.org Sent: Monday, April 7, 2014 3:01:55 AM Subject: [Users] Unable to log into user portal with user account
I have attached an AD domain. I can log in to the admin and user
with the credentials used to add the domain. I made a new user on
portals the AD
for testing. I have added BuiltIn\Users and Domain\Users to the UserRole in Ovirt. When I try to log in to the UserPortal with a regular user account I get the error that the user isn't authorized to perform the action.
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
On 04/07/2014 04:54 AM, Jeff Clay wrote:
[root@usarpaovrtengine01 ~]# psql select username, group_ids from users; psql: warning: extra command-line argument "group_ids" ignored psql: warning: extra command-line argument "from" ignored psql: warning: extra command-line argument "users" ignored psql: FATAL: Ident authentication failed for user "username," [root@usarpaovrtengine01 ~]#
I can log into the admin portal fine with my admin users. I can log into the user portal fine with the admin users. I can not log into the user portal with a regular user account.
Here's the engine.log for when I try to log in to user portal with that user account:
2014-04-06 20:51:59,208 WARN [org.ovirt.engine.core.bll.LoginUserCommand] (ajp--127.0.0.1-8702-7) CanDoAction of action LoginUser failed. Reasons:USER_NOT_AUTHORIZED_TO_PERFORM_ACTION
The user account "ovirt" (which I've added to my AD) is what I'm trying to log in with. That user account is not specifically showing up in the admin portal user list; however, the group Domain\Users does show up. The 'ovirt' user is a member of Domain\Users.
which role did you give that group?
participants (3)
-
Itamar Heim -
Jeff Clay -
Yair Zaslavsky