This is a multi-part message in MIME format.
--------------040908060307030401050108
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 8bit
On 04/26/2013 11:12 AM, Karli Sjöberg wrote:
Hi!
IŽm trying to get this working for our VDI solution, would be awfully
cool.
I have noticed lately that the SSO in ovirt seems to be broken on the
engine side.
The bug
https://bugzilla.redhat.com/show_bug.cgi?id=922398 addresses
this issue.
And it has been fixed here:
http://gerrit.ovirt.org/#/c/13667/
The reason for this is that the engine expects a certain package name to
be reported by the guest agent to enable the SSO functionality on the
engine side. If this information is not send the engine 'thinks' that
there's no SSO capability.
There'd be a way to enable the SSO capability by modifying the ovirt
guest agent installation. e.g. you could install a fake rhev-agent
package, however I personally would not recommend that.
The ovirt 3.3 engine release should resolve this issue.
But so far, this seems to be whatŽs stopping it:
/var/log/ovirt-guest-agent/ovirt-guest-agent.log
Dummy-1::DEBUG::2013-04-26
11:02:11,840::OVirtAgentLogic::178::root::AgentLogicBase::sendUserInfo
- cur_user = '(unknown)'
Over and over again.
No. This is just reporting the currently logged in user.
This is whatŽs installed in the Fedora 17 guest:
# rpm -qa | grep ovirt-
ovirt-guest-agent-common-1.0.6-6.fc17.noarch
ovirt-guest-agent-gdm-plugin-1.0.6-6.fc17.x86_64
ovirt-guest-agent-pam-module-1.0.6-6.fc17.x86_64
And this is the engine:
# rpm -qa | grep ovirt-
ovirt-engine-config-3.1.0-4.fc17.noarch
ovirt-engine-dbscripts-3.1.0-4.fc17.noarch
ovirt-log-collector-3.1.0-0.git10d719.fc17.noarch
ovirt-engine-restapi-3.1.0-4.fc17.noarch
ovirt-image-uploader-3.1.0-0.git9c42c8.fc17.noarch
ovirt-engine-genericapi-3.1.0-4.fc17.noarch
ovirt-iso-uploader-3.1.0-0.git1841d9.fc17.noarch
ovirt-engine-webadmin-portal-3.1.0-4.fc17.noarch
ovirt-engine-setup-3.1.0-4.fc17.noarch
ovirt-engine-sdk-3.2.0.2-1.fc17.noarch
ovirt-engine-backend-3.1.0-4.fc17.noarch
ovirt-engine-tools-common-3.1.0-4.fc17.noarch
ovirt-engine-3.1.0-4.fc17.noarch
ovirt-engine-userportal-3.1.0-4.fc17.noarch
ovirt-engine-notification-service-3.1.0-4.fc17.noarch
The engine is joined to our Active Directory domain, and the guest is
as well, using winbind. Help?
Best Regards
Karli Sjöberg
tis 2012-08-21 klockan 15:15 +0400 skrev Artem:
> Hi,
>
> i don't have /var/log/ovirt-guest-agent.log, i have
> /var/log/rhev-agent/rhev-agent.log.
>
> i set in /etc/rhev-agent.conf
>
> ...
> [logger_root]
> level=DEBUG
> ...
>
> but log file output
>
> ...
> Dummy-2::DEBUG::2012-08-21
> 15:09:56,698::vdsAgentLogic::160::root::AgentLogicBase::sendUserInfo
> - cur_user = 'root'
> Dummy-2::DEBUG::2012-08-21
> 15:10:06,719::vdsAgentLogic::160::root::AgentLogicBase::sendUserInfo
> - cur_user = 'root'
> Dummy-2::DEBUG::2012-08-21
> 15:10:16,739::vdsAgentLogic::160::root::AgentLogicBase::sendUserInfo
> - cur_user = 'root'
> Dummy-2::DEBUG::2012-08-21
> 15:10:26,836::vdsAgentLogic::160::root::AgentLogicBase::sendUserInfo
> - cur_user = 'root'
> Dummy-2::DEBUG::2012-08-21
> 15:10:36,857::vdsAgentLogic::160::root::AgentLogicBase::sendUserInfo
> - cur_user = 'root'
> ....
>
> I cannot build ovirt-guest-agent for Centos 6 (aka Rhel 6) and used
> rhev-agent and rhev-agent-pam-rhev-cred.
>
> hmm..
>
> >> Linux machine is not configure to work with the same
> authentication server
>
> ~]# getent passwd sirin
> sirin:*:193200001:193200001:sirin zarin:/home/sirin:/bin/sh
>
> User sirin used FreeIPA.
>
> Artem
>
> 2012/8/20 Gal Hammer <ghammer(a)redhat.com <mailto:ghammer@redhat.com>>
>
> On 20/08/2012 08:31, Roy Golan wrote:
>
> Cannot login with SSO on system...
>
> cat /var/log/secure
>
> Aug 19 03:54:43 ws2 pam: gdm-rhevcred[2618]:
> pam_unix(gdm-rhevcred:auth): conversation failed
> Aug 19 03:54:43 ws2 pam: gdm-rhevcred[2618]:
> pam_unix(gdm-rhevcred:auth): auth could not identify password for
> [sirin]
> Aug 19 03:54:43 ws2 pam: gdm-rhevcred[2618]:
> pam_sss(gdm-rhevcred:auth): system info: [Cannot read password]
> Aug 19 03:54:43 ws2 pam: gdm-rhevcred[2618]:
> pam_sss(gdm-rhevcred:auth): authentication failure; logname=
> uid=0
> euid=0 tty=:0 ruser= rhost= user=sirin
> Aug 19 03:54:43 ws2 pam: gdm-rhevcred[2618]:
> pam_sss(gdm-rhevcred:auth): received for user sirin: 4
> (System error)
> Aug 19 03:54:43 ws2 pam: gdm-password[2617]:
> pam_unix(gdm-password:auth): conversation failed
> Aug 19 03:54:43 ws2 pam: gdm-password[2617]:
> pam_unix(gdm-password:auth): auth could not identify password for
> [sirin]
> Aug 19 03:54:43 ws2 pam: gdm-password[2617]:
> pam_sss(gdm-password:auth): system info: [Cannot read password]
> Aug 19 03:54:43 ws2 pam: gdm-password[2617]:
> pam_sss(gdm-password:auth): authentication failure; logname=
> uid=0
> euid=0 tty=:0 ruser= rhost= user=sirin
> Aug 19 03:54:43 ws2 pam: gdm-password[2617]:
> pam_sss(gdm-password:auth): received for user sirin: 4
> (System error)
> Aug 19 03:54:43 ws2 pam: gdm-password[2617]: gkr-pam: no
> password is
> available for user
>
> But login with user and password done... I use FreeIPA for
> this user.
>
> What could be wrong?
>
>
>
> What does the agent's log say (/var/log/ovirt-guest-agent.log)?
>
> Usually, if everything is running as it should, the problem is
> that the Linux machine is not configure to work with the same
> authentication server as the one that the RHEV-M is using.
>
> Gal.
>
>
--
Med Vänliga Hälsningar
-------------------------------------------------------------------------------
Karli Sjöberg
Swedish University of Agricultural Sciences
Box 7079 (Visiting Address Kronåsvägen 8)
S-750 07 Uppsala, Sweden
Phone: +46-(0)18-67 15 66
karli.sjoberg(a)slu.se <mailto:karli.sjoberg@adm.slu.se>
_______________________________________________
Users mailing list
Users(a)ovirt.org
http://lists.ovirt.org/mailman/listinfo/users
--
Regards,
Vinzenz Feenstra | Senior Software Engineer
RedHat Engineering Virtualization R & D
Phone: +420 532 294 625
IRC: vfeenstr or evilissimo
Better technology. Faster innovation. Powered by community collaboration.
See how it works at
redhat.com
--------------040908060307030401050108
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">On 04/26/2013 11:12 AM, Karli
Sjöberg
wrote:<br>
</div>
<blockquote
cite="mid:5F9E965F5A80BC468BE5F40576769F0925511C14@exchange2-1"
type="cite">
<meta http-equiv="Content-Type" content="text/html;
charset=ISO-8859-1">
<meta name="GENERATOR" content="GtkHTML/4.4.4">
Hi!<br>
<br>
I´m trying to get this working for our VDI solution, would be
awfully cool. <br>
</blockquote>
I have noticed lately that the SSO in ovirt seems to be broken on
the engine side.<br>
The bug <a class="moz-txt-link-freetext"
href="https://bugzilla.redhat.com/show_bug.cgi?id=922398">ht...
addresses
this issue.<br>
And it has been fixed here: <a class="moz-txt-link-freetext"
href="http://gerrit.ovirt.org/#/c/13667/">http://gerrit.ovir...
<br>
The reason for this is that the engine expects a certain package
name to be reported by the guest agent to enable the SSO
functionality on the engine side. If this information is not send
the engine 'thinks' that there's no SSO capability.<br>
<br>
There'd be a way to enable the SSO capability by modifying the ovirt
guest agent installation. e.g. you could install a fake rhev-agent
package, however I personally would not recommend that.<br>
<br>
The ovirt 3.3 engine release should resolve this issue.<br>
<br>
<blockquote
cite="mid:5F9E965F5A80BC468BE5F40576769F0925511C14@exchange2-1"
type="cite">
But so far, this seems to be what´s stopping it:<br>
/var/log/ovirt-guest-agent/ovirt-guest-agent.log<br>
Dummy-1::DEBUG::2013-04-26
11:02:11,840::OVirtAgentLogic::178::root::AgentLogicBase::sendUserInfo
- cur_user = '(unknown)'<br>
<br>
Over and over again.<br>
</blockquote>
No. This is just reporting the currently logged in user.<br>
<blockquote
cite="mid:5F9E965F5A80BC468BE5F40576769F0925511C14@exchange2-1"
type="cite">
<br>
This is what´s installed in the Fedora 17 guest:<br>
# rpm -qa | grep ovirt-<br>
ovirt-guest-agent-common-1.0.6-6.fc17.noarch<br>
ovirt-guest-agent-gdm-plugin-1.0.6-6.fc17.x86_64<br>
ovirt-guest-agent-pam-module-1.0.6-6.fc17.x86_64<br>
<br>
And this is the engine:<br>
# rpm -qa | grep ovirt-<br>
ovirt-engine-config-3.1.0-4.fc17.noarch<br>
ovirt-engine-dbscripts-3.1.0-4.fc17.noarch<br>
ovirt-log-collector-3.1.0-0.git10d719.fc17.noarch<br>
ovirt-engine-restapi-3.1.0-4.fc17.noarch<br>
ovirt-image-uploader-3.1.0-0.git9c42c8.fc17.noarch<br>
ovirt-engine-genericapi-3.1.0-4.fc17.noarch<br>
ovirt-iso-uploader-3.1.0-0.git1841d9.fc17.noarch<br>
ovirt-engine-webadmin-portal-3.1.0-4.fc17.noarch<br>
ovirt-engine-setup-3.1.0-4.fc17.noarch<br>
ovirt-engine-sdk-3.2.0.2-1.fc17.noarch<br>
ovirt-engine-backend-3.1.0-4.fc17.noarch<br>
ovirt-engine-tools-common-3.1.0-4.fc17.noarch<br>
ovirt-engine-3.1.0-4.fc17.noarch<br>
ovirt-engine-userportal-3.1.0-4.fc17.noarch<br>
ovirt-engine-notification-service-3.1.0-4.fc17.noarch<br>
<br>
The engine is joined to our Active Directory domain, and the guest
is as well, using winbind. Help?<br>
<br>
Best Regards<br>
Karli Sjöberg<br>
<br>
tis 2012-08-21 klockan 15:15 +0400 skrev Artem:<br>
<blockquote type="CITE">Hi, <br>
<br>
i don't have /var/log/ovirt-guest-agent.log, i have
/var/log/rhev-agent/rhev-agent.log.<br>
<br>
i set in /etc/rhev-agent.conf <br>
<br>
...<br>
[logger_root]<br>
level=DEBUG<br>
...<br>
<br>
but log file output<br>
<br>
...<br>
Dummy-2::DEBUG::2012-08-21
15:09:56,698::vdsAgentLogic::160::root::AgentLogicBase::sendUserInfo
- cur_user = 'root'<br>
Dummy-2::DEBUG::2012-08-21
15:10:06,719::vdsAgentLogic::160::root::AgentLogicBase::sendUserInfo
- cur_user = 'root'<br>
Dummy-2::DEBUG::2012-08-21
15:10:16,739::vdsAgentLogic::160::root::AgentLogicBase::sendUserInfo
- cur_user = 'root'<br>
Dummy-2::DEBUG::2012-08-21
15:10:26,836::vdsAgentLogic::160::root::AgentLogicBase::sendUserInfo
- cur_user = 'root'<br>
Dummy-2::DEBUG::2012-08-21
15:10:36,857::vdsAgentLogic::160::root::AgentLogicBase::sendUserInfo
- cur_user = 'root'<br>
....<br>
<br>
I cannot build ovirt-guest-agent for Centos 6 (aka Rhel 6) and
used rhev-agent and rhev-agent-pam-rhev-cred.<br>
<br>
hmm.. <br>
<br>
>> Linux machine is not configure to work with the same
authentication server<br>
<br>
~]# getent passwd sirin<br>
sirin:*:193200001:193200001:sirin zarin:/home/sirin:/bin/sh<br>
<br>
User sirin used FreeIPA.<br>
<br>
Artem<br>
<br>
</blockquote>
<blockquote type="CITE">2012/8/20 Gal Hammer <<a
moz-do-not-send="true"
href="mailto:ghammer@redhat.com">ghammer@redhat.com</a>>
</blockquote>
<blockquote type="CITE">
<blockquote>On 20/08/2012 08:31, Roy Golan wrote:<br>
<br>
<blockquote>Cannot login with SSO on system...<br>
<br>
cat /var/log/secure<br>
<br>
Aug 19 03:54:43 ws2 pam: gdm-rhevcred[2618]:<br>
pam_unix(gdm-rhevcred:auth): conversation failed<br>
Aug 19 03:54:43 ws2 pam: gdm-rhevcred[2618]:<br>
pam_unix(gdm-rhevcred:auth): auth could not identify
password for<br>
[sirin]<br>
Aug 19 03:54:43 ws2 pam: gdm-rhevcred[2618]:<br>
pam_sss(gdm-rhevcred:auth): system info: [Cannot read
password]<br>
Aug 19 03:54:43 ws2 pam: gdm-rhevcred[2618]:<br>
pam_sss(gdm-rhevcred:auth): authentication failure; logname=
uid=0<br>
euid=0 tty=:0 ruser= rhost= user=sirin<br>
Aug 19 03:54:43 ws2 pam: gdm-rhevcred[2618]:<br>
pam_sss(gdm-rhevcred:auth): received for user sirin: 4
(System error)<br>
Aug 19 03:54:43 ws2 pam: gdm-password[2617]:<br>
pam_unix(gdm-password:auth): conversation failed<br>
Aug 19 03:54:43 ws2 pam: gdm-password[2617]:<br>
pam_unix(gdm-password:auth): auth could not identify
password for<br>
[sirin]<br>
Aug 19 03:54:43 ws2 pam: gdm-password[2617]:<br>
pam_sss(gdm-password:auth): system info: [Cannot read
password]<br>
Aug 19 03:54:43 ws2 pam: gdm-password[2617]:<br>
pam_sss(gdm-password:auth): authentication failure; logname=
uid=0<br>
euid=0 tty=:0 ruser= rhost= user=sirin<br>
Aug 19 03:54:43 ws2 pam: gdm-password[2617]:<br>
pam_sss(gdm-password:auth): received for user sirin: 4
(System error)<br>
Aug 19 03:54:43 ws2 pam: gdm-password[2617]: gkr-pam: no
password is<br>
available for user<br>
<br>
But login with user and password done... I use FreeIPA for
this user.<br>
<br>
What could be wrong?<br>
</blockquote>
<br>
<br>
</blockquote>
</blockquote>
<blockquote type="CITE">
<blockquote>What does the agent's log say
(/var/log/ovirt-guest-agent.log)?<br>
<br>
Usually, if everything is running as it should, the problem is
that the Linux machine is not configure to work with the same
authentication server as the one that the RHEV-M is using.<br>
<br>
<font color="#888888">
Gal.</font><br>
<br>
</blockquote>
</blockquote>
<blockquote type="CITE"><br>
</blockquote>
<br>
<table cellpadding="0" cellspacing="0"
width="100%">
<tbody>
<tr>
<td>-- <br>
<br>
Med Vänliga Hälsningar<br>
-------------------------------------------------------------------------------<br>
Karli Sjöberg<br>
Swedish University of Agricultural Sciences<br>
Box 7079 (Visiting Address Kronåsvägen 8)<br>
S-750 07 Uppsala, Sweden<br>
Phone: +46-(0)18-67 15 66<br>
<a moz-do-not-send="true"
href="mailto:karli.sjoberg@adm.slu.se">karli.sjoberg@slu.se</a>
</td>
</tr>
</tbody>
</table>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Users mailing list
<a class="moz-txt-link-abbreviated"
href="mailto:Users@ovirt.org">Users@ovirt.org</a>
<a class="moz-txt-link-freetext"
href="http://lists.ovirt.org/mailman/listinfo/users">http://...
</pre>
</blockquote>
<br>
<br>
<pre class="moz-signature" cols="72">--
Regards,
Vinzenz Feenstra | Senior Software Engineer
RedHat Engineering Virtualization R & D
Phone: +420 532 294 625
IRC: vfeenstr or evilissimo
Better technology. Faster innovation. Powered by community collaboration.
See how it works at redhat.com</pre>
</body>
</html>
--------------040908060307030401050108--