3:05 p.m.
Use /etc/hosts and add this to your .properties
pool.default.socketfactory.type = java
On Jan 29, 2015 5:50 AM, Alon Bar-Lev wrote: > > > > ----- Original Message
----- > > From: "Koen Vanoppen" > > To: "Alon Bar-Lev"
> > Cc: users(a)ovirt.org > > Sent: Thursday, January 29, 2015 2:41:52 PM >
> Subject: Re: [ovirt-users] AAA > > > > Yes We have: > > > >
[root@ovirtmgmt01prod ~]# dig @srvdc03.mydomain.com SRV _gc._ > > tcp.mydomain.com
> > > > ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.23.rc1.el6_5.1
<<>> @srvdc03.mydomain.com > > SRV _gc._tcp.mydomain.com > > ; (1
server found) > > ;; global options: +cmd > > ;; Got answer: > > ;;
->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 33340 > > ;; flags: qr
aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 > > > > ;; QUESTION
SECTION: > > ;_gc._tcp.mydomain.com. IN SRV > > this ^^^^^^^ means that
you do not have srv record. are you sure you replace mydomain.com with your actual active
directory domain name? > have you tried to look into your dns manager for this
information as well? > > > > > ;; AUTHORITY SECTION: > >
mydomain.com. 3600 IN SOA srvdc03.mydomain.com. > >
hostmaster.airport. 1398582 900 600 86400 3600 > > > > ;; Query time: 12 msec
> > ;; SERVER: 10.110.3.123#53(10.110.3.123) > > ;; WHEN: Thu Jan 29 13:40:41
2015 > > ;; MSG SIZE rcvd: 98 > > > > > > > > 2015-01-29
13:33 GMT+01:00 Alon Bar-Lev : > > > > > > > > > > >
----- Original Message ----- > > > > From: "Koen Vanoppen" > >
> > To: "Alon Bar-Lev" , users(a)ovirt.org > > > > Sent:
Thursday, January 29, 2015 2:19:32 PM > > > > Subject: Re: [ovirt-users] AAA
> > > > > > > > Big thanks for your help, but still the same: >
> > > > > > > # > > > > # Active directory domain name.
> > > > # > > > > vars.domain = mydomain.com > > > >
> > > > # > > > > # Search user and its password. > > >
> # > > > > vars.user = admin@${global:vars.domain} > > > >
vars.password = ***** > > > > > > > > # > > > > #
Optional DNS servers, if enterprise > > > > # DNS server cannot resolve the
domain srvrecord. > > > > # > > > > vars.dns =
dns://srvdc03.${global:vars.domain} > > > >
dns://srvdc04.${global:vars.domain} > > > > > > > >
pool.default.serverset.type = srvrecord > > > >
pool.default.serverset.srvrecord.domain = ${global:vars.domain} > > > >
pool.default.auth.simple.bindDN = ${global:vars.user} > > > >
pool.default.auth.simple.password = ${global:vars.password} > > > > > >
> > # Uncomment if using custom DNS > > > > > > >
pool.default.serverset.srvrecord.jndi-properties.java.naming.provider.url = > > >
> ${global:vars.dns} > > > > pool.default.socketfactory.resolver.uRL =
${global:vars.dns} > > > > > > > > > > > > > >
> > [ovirt-engine-extension-aaa-ldap.authz::BRU_AIR-authz] Cannot initialize >
> > > LDAP framework, deferring initialization. Error: No DNS SRV records were
> > > > found with record name '_gc._tcp.brussels.airport'. > >
> > > > > > And I can't put '_gc._tcp.mydomain.com in the dns...
Isn't there another > > > > way it just resolves the dns servers I gave
him? > > > > > > > > > > Microsoft Domain controller must
have gc service entry within DNS to work > > > properly. > > > 1. Are
you sure you have Microsoft DNS installed on srvdc03.mydomain.com ? > > > 2. Can
you please execute: > > > $ dig @srvdc03.mydomain.com SRV _gc._tcp.mydomain.com
> > > 3. Can you please open the DNS manager within your domain and search for
> > > srv records? Maybe you have DNS installed only on few servers, using the
> > > DNS manager you can also see which. > > > > > > > >
> > > 2015-01-29 13:02 GMT+01:00 Alon Bar-Lev : > > > > > >
> > > > > > > > > > > > > ----- Original Message
----- > > > > > > From: "Ondra Machacek" > > > >
> > To: "Koen Vanoppen" , users(a)ovirt.org > > > > > >
Sent: Thursday, January 29, 2015 1:49:00 PM > > > > > > Subject: Re:
[ovirt-users] AAA > > > > > > > > > > > > > >
> > > > On 01/29/2015 12:30 PM, Koen Vanoppen wrote: > > > > >
> > No, I don't. and I wouldn't know how he got to this name... > >
> > > > > > > > > > Well, then you have to, if you want to
use > > > 'pool.default.serverset.type > > > > > > =
srvrecord'. > > > > > > > > > > > > It just need
to know where your global catalog is running, since it's > > > > > >
needed for new provider. > > > > > > > > > > > > It
searches for global catalog like this: > > > > > > dig @${vars.dns} -t
SRV _gc._tcp.${vars.domain} > > > > > > > > > > > > So
you need to have this SRV record in DNS, if you want to use > > > srvrecord >
> > > > > serverset type. Or you don't have to if you use single server
type. > > > > > > > > > > active directory will not work
without access to global catalog. > > > > > please set one or more of the
domain controllers as dns server, for > > > > > example: > > >
> > > > > > > vars.dns = dns://dc1.${global:vars.domain} > >
> dns://dc2.${global:vars.domain} > > > > > > > > > >
please also uncomment/add these lines to make vars.dns effective. > > > > >
> > > > > > > >
pool.default.serverset.srvrecord.jndi-properties.java.naming.provider.url > > >
> > = ${global:vars.dns} > > > > >
pool.default.socketfactory.resolver.uRL = ${global:vars.dns} > > > > > >
> > > > Thanks! > > > > > > > > > > > >
> > > > > > > > > > > > > Thanks for the reply!
> > > > > > > > > > > > > > 2015-01-29 11:53
GMT+01:00 Ondra Machacek > > > > > > >: > > > > > >
> > > > > > > > On 01/29/2015 11:41 AM, Koen Vanoppen wrote:
> > > > > > > > > > > > > > Can somebody
help me setting up AAA for ovirt 3.5.1? > > > > > > > > > >
> > > > I'm getting this now: > > > > > > >
> > > > > > > 2015-01-29 11:35:36,889 WARN > > >
> > > > [org.ovirt.engineextensions.__aaa.ldap.AuthzExtension] (MSC
> > > > > > > service thread > > > > > >
> 1-1) > > > [ovirt-engine-extension-aaa-__ldap.authz::BRU_AIR-authz]
> > > > > > > Cannot > > > > > >
> initialize LDAP framework, deferring initialization. > > > Error: An
> > > > > > > error > > > > > >
> occurred while attempting to query DNS in order to > > > retrieve
SRV > > > > > > > records > > > > > >
> with name '_gc._tcp.brussels.airport': > > > > > >
> javax.naming.__NameNotFoundException: DNS name not found > > > >
> > > [response code > > > > > > > 3];
remaining name '_gc._tcp.brussels.airport' > > > > > > > >
> > > > > > > > > > > > > Do you have this
'_gc._tcp.brussels.airport' SRV record in DNS > > > ? > > > >
> > > > > > > > > > > > > > > >
> my 3 configs: > > > > > > >
_*BRU_AIR-authn.properties*_ > > > > > > >
ovirt.engine.extension.name < > > > > >
http://ovirt.engine.extension.name> > > > > > > > >
> > > > > > = > > > > > > >
BRU_AIR-authn > > > > > > >
ovirt.engine.extension.__bindings.method = jbossmodule > > > > > >
> ovirt.engine.extension.__binding.jbossmodule.module = > > > >
> > > org.ovirt.engine-extensions.__aaa.ldap > > > > >
> > ovirt.engine.extension.__binding.jbossmodule.class = > > > >
> > > org.ovirt.engineextensions.__aaa.ldap.AuthnExtension > > >
> > > > ovirt.engine.extension.__provides = > > > > >
> > org.ovirt.engine.api.__extensions.aaa.Authn > > > > >
> > ovirt.engine.aaa.authn.__profile.name > > > > > >
> > > > > > > > > > > > >
> > = BRU-AIR > > > > > > >
ovirt.engine.aaa.authn.authz.__plugin = BRU_AIR-authz > > > > > >
> config.profile.file.1 = > > > > >
/etc/ovirt-engine/aaa/BRU_AIR.__properties > > > > > > > > >
> > > > > _*BRU_AIR-authz.properties*_ > > > > >
> > ovirt.engine.extension.name < > > > > >
http://ovirt.engine.extension.name> > > > > > > > >
> > > > > > = > > > > > > >
BRU_AIR-authz > > > > > > >
ovirt.engine.extension.__bindings.method = jbossmodule > > > > > >
> ovirt.engine.extension.__binding.jbossmodule.module = > > > >
> > > org.ovirt.engine-extensions.__aaa.ldap > > > > >
> > ovirt.engine.extension.__binding.jbossmodule.class = > > > >
> > > org.ovirt.engineextensions.__aaa.ldap.AuthzExtension > > >
> > > > ovirt.engine.extension.__provides = > > > > >
> > org.ovirt.engine.api.__extensions.aaa.Authz > > > > >
> > config.profile.file.1 = > > > > >
/etc/ovirt-engine/aaa/BRU_AIR.__properties > > > > > > > > >
> > > > > _*BRU_AIR.properties*_ > > > > > >
> include = > > > > > > > > > > > > >
> # > > > > > > > # Active directory domain name.
> > > > > > > # > > > > > > >
vars.domain = mydomain.com > > > > > > > > > > >
> > > > > > > > > > # > > > > > >
> # Search user and its password. > > > > > > > #
> > > > > > > vars.user = admin@${global:vars.domain} >
> > > > > > vars.password = *********** > > > > >
> > > > > > > > > # > > > > > >
> # Optional DNS servers, if enterprise > > > > > >
> # DNS server cannot resolve the domain srvrecord. > > > > >
> > # > > > > > > > vars.dns =
dns://dc01.mydomain.com < > > > http://dc01.mydomain.com> > > >
> > > > > > > > > > > > > > > >
> > pool.default.serverset.type = srvrecord > > > > > >
> pool.default.serverset.__srvrecord.domain = > > > > >
${global:vars.domain} > > > > > > >
pool.default.auth.simple.__bindDN = ${global:vars.user} > > > > > >
> pool.default.auth.simple.__password = > > > ${global:vars.password
> > > > > > > > > > > > > > In the GUI
for adding user I get this: > > > > > > > > > > > >
> > An error occurred while attempting to query DNS in order to > >
> > > > > retrieve SRV > > > > > > >
records with name '_gc__tcp_brussels_airport': > > > > > >
> javax_naming___NameNotFoundException: DNS name not found > > > >
> > > [response code > > > > > > > 3];
remaining name '_gc__tcp_brussels_airport' > > > > > > > >
> > > > > > Any ideas? I ran out... > > > > >
> > > > > > > > > Kind regards, > > > >
> > > > > > > > > > Koen > > > > >
> > > > > > > > > > > > > > > >
_________________________________________________ > > > > > >
> Users mailing list > > > > > > > Users(a)ovirt.org
> > > > > > > http://lists.ovirt.org/__mailman/listinfo/users
> > > > > > > > > > > > > > > >
> > > > > > > > > > >
_______________________________________________ > > > > > > Users
mailing list > > > > > > Users(a)ovirt.org > > > > > >
http://lists.ovirt.org/mailman/listinfo/users > > > > > > > > >
> > > > > > > > > > > >
_______________________________________________ > Users mailing list >
Users(a)ovirt.org > http://lists.ovirt.org/mailman/listinfo/users
3586
days inactive
3586
days old
0 comments
1 participants
participants (1)
-
Donny Davis