1:12 a.m.
Hi,
I am trying to set up an oVirt environment with an IPA provider and
am hitting a GeneralException that I am unsure how to debug. I have
configured freeIPA in a Fedora VM using the supplied configuration
script and I can 'kinit admin' from the ovirt-engine machine. When I
run the manage-domains command I get the following exception:
I didn't realize it, but I had to add _kerberos srv records to my
dnsmasq.conf in order for the script to even find my KDC.
./engine-manage-domains -action=add -provider=IPA -domain=alitke.net
-user=admin -interactive -ldapServers=directory.alitke.net
Enter password:
General error has occurednull
java.lang.NegativeArraySizeException
at
sun.security.jgss.krb5.CipherHelper.aes256Encrypt(CipherHelper.java:1367)
at
sun.security.jgss.krb5.CipherHelper.encryptData(CipherHelper.java:722)
at
sun.security.jgss.krb5.WrapToken_v2.<init>(WrapToken_v2.java:200)
at
sun.security.jgss.krb5.Krb5Context.wrap(Krb5Context.java:861)
at
sun.security.jgss.GSSContextImpl.wrap(GSSContextImpl.java:385)
at
com.sun.security.sasl.gsskerb.GssKrb5Base.wrap(GssKrb5Base.java:104)
at
com.sun.jndi.ldap.sasl.SaslOutputStream.write(SaslOutputStream.java:89)
at
com.sun.jndi.ldap.Connection.writeRequest(Connection.java:430)
at com.sun.jndi.ldap.LdapClient.search(LdapClient.java:555)
at com.sun.jndi.ldap.LdapCtx.doSearch(LdapCtx.java:1985)
at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1847)
at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1772)
at
com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:386)
at
com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:356)
at
com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:339)
at
javax.naming.directory.InitialDirContext.search(InitialDirContext.java:267)
at
org.ovirt.engine.core.ldap.RootDSEData.<init>(RootDSEData.java:52)
at
org.ovirt.engine.core.utils.kerberos.JndiAction.getDomainDN(JndiAction.java:254)
at
org.ovirt.engine.core.utils.kerberos.JndiAction.run(JndiAction.java:87)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAs(Subject.java:356)
at
org.ovirt.engine.core.utils.kerberos.KerberosConfigCheck.promptSuccessfulAuthentication(KerberosConfigCheck.java:174)
at
org.ovirt.engine.core.utils.kerberos.KerberosConfigCheck.validateKerberosInstallation(KerberosConfigCheck.java:150)
at
org.ovirt.engine.core.utils.kerberos.KerberosConfigCheck.checkInstallation(KerberosConfigCheck.java:135)
at
org.ovirt.engine.core.domains.ManageDomains.checkKerberosConfiguration(ManageDomains.java:739)
at
org.ovirt.engine.core.domains.ManageDomains.testConfiguration(ManageDomains.java:909)
at
org.ovirt.engine.core.domains.ManageDomains.addDomain(ManageDomains.java:531)
at
org.ovirt.engine.core.domains.ManageDomains.runCommand(ManageDomains.java:308)
at
org.ovirt.engine.core.domains.ManageDomains.main(ManageDomains.java:205)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at org.jboss.modules.Module.run(Module.java:260)
at org.jboss.modules.Main.main(Main.java:291)
Failure while testing domain %1$s. Details: %2$s: One of the
parameters for this error is null and no default message to show
Any thoughts on what might be going wrong?
1:33 a.m.
Hi Adam,
Looks like you have problems in running the Root DSE query.
I would like you to try and troubleshoot by comparing this to the execution of -
ldapsearch -x -h <YOUR_IPA_SERVER_IP_ADDRESS> -s base
----- Original Message -----
From: "Adam Litke" <alitke(a)redhat.com>
To: users(a)ovirt.org
Sent: Tuesday, January 21, 2014 12:12:03 AM
Subject: [Users] Problem adding an IPA server to oVirt
Hi,
I am trying to set up an oVirt environment with an IPA provider and
am hitting a GeneralException that I am unsure how to debug. I have
configured freeIPA in a Fedora VM using the supplied configuration
script and I can 'kinit admin' from the ovirt-engine machine. When I
run the manage-domains command I get the following exception:
I didn't realize it, but I had to add _kerberos srv records to my
dnsmasq.conf in order for the script to even find my KDC.
./engine-manage-domains -action=add -provider=IPA -domain=alitke.net
-user=admin -interactive -ldapServers=directory.alitke.net
Enter password:
General error has occurednull
java.lang.NegativeArraySizeException
at
sun.security.jgss.krb5.CipherHelper.aes256Encrypt(CipherHelper.java:1367)
at
sun.security.jgss.krb5.CipherHelper.encryptData(CipherHelper.java:722)
at
sun.security.jgss.krb5.WrapToken_v2.<init>(WrapToken_v2.java:200)
at
sun.security.jgss.krb5.Krb5Context.wrap(Krb5Context.java:861)
at
sun.security.jgss.GSSContextImpl.wrap(GSSContextImpl.java:385)
at
com.sun.security.sasl.gsskerb.GssKrb5Base.wrap(GssKrb5Base.java:104)
at
com.sun.jndi.ldap.sasl.SaslOutputStream.write(SaslOutputStream.java:89)
at
com.sun.jndi.ldap.Connection.writeRequest(Connection.java:430)
at com.sun.jndi.ldap.LdapClient.search(LdapClient.java:555)
at com.sun.jndi.ldap.LdapCtx.doSearch(LdapCtx.java:1985)
at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1847)
at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1772)
at
com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:386)
at
com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:356)
at
com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:339)
at
javax.naming.directory.InitialDirContext.search(InitialDirContext.java:267)
at
org.ovirt.engine.core.ldap.RootDSEData.<init>(RootDSEData.java:52)
at
org.ovirt.engine.core.utils.kerberos.JndiAction.getDomainDN(JndiAction.java:254)
at
org.ovirt.engine.core.utils.kerberos.JndiAction.run(JndiAction.java:87)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAs(Subject.java:356)
at
org.ovirt.engine.core.utils.kerberos.KerberosConfigCheck.promptSuccessfulAuthentication(KerberosConfigCheck.java:174)
at
org.ovirt.engine.core.utils.kerberos.KerberosConfigCheck.validateKerberosInstallation(KerberosConfigCheck.java:150)
at
org.ovirt.engine.core.utils.kerberos.KerberosConfigCheck.checkInstallation(KerberosConfigCheck.java:135)
at
org.ovirt.engine.core.domains.ManageDomains.checkKerberosConfiguration(ManageDomains.java:739)
at
org.ovirt.engine.core.domains.ManageDomains.testConfiguration(ManageDomains.java:909)
at
org.ovirt.engine.core.domains.ManageDomains.addDomain(ManageDomains.java:531)
at
org.ovirt.engine.core.domains.ManageDomains.runCommand(ManageDomains.java:308)
at
org.ovirt.engine.core.domains.ManageDomains.main(ManageDomains.java:205)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at org.jboss.modules.Module.run(Module.java:260)
at org.jboss.modules.Main.main(Main.java:291)
Failure while testing domain %1$s. Details: %2$s: One of the
parameters for this error is null and no default message to show
Any thoughts on what might be going wrong?
_______________________________________________
Users mailing list
Users(a)ovirt.org
http://lists.ovirt.org/mailman/listinfo/users
2:49 p.m.
On 01/20/2014 11:33 PM, Yair Zaslavsky wrote:
Hi Adam,
Looks like you have problems in running the Root DSE query.
I would like you to try and troubleshoot by comparing this to the execution of -
ldapsearch -x -h <YOUR_IPA_SERVER_IP_ADDRESS> -s base
I think the problem is that your LDAP server is configured with a
minimum security strength factor that triggers a bug in the Kerberos
support in the Java virtual machine. This is a know issue. See here for
details:
http://gerrit.ovirt.org/21505
----- Original Message -----
> From: "Adam Litke" <alitke(a)redhat.com>
> To: users(a)ovirt.org
> Sent: Tuesday, January 21, 2014 12:12:03 AM
> Subject: [Users] Problem adding an IPA server to oVirt
>
> Hi,
>
> I am trying to set up an oVirt environment with an IPA provider and
> am hitting a GeneralException that I am unsure how to debug. I have
> configured freeIPA in a Fedora VM using the supplied configuration
> script and I can 'kinit admin' from the ovirt-engine machine. When I
> run the manage-domains command I get the following exception:
>
> I didn't realize it, but I had to add _kerberos srv records to my
> dnsmasq.conf in order for the script to even find my KDC.
>
> ./engine-manage-domains -action=add -provider=IPA -domain=alitke.net
> -user=admin -interactive -ldapServers=directory.alitke.net
> Enter password:
> General error has occurednull
> java.lang.NegativeArraySizeException
> at
> sun.security.jgss.krb5.CipherHelper.aes256Encrypt(CipherHelper.java:1367)
> at
> sun.security.jgss.krb5.CipherHelper.encryptData(CipherHelper.java:722)
> at
> sun.security.jgss.krb5.WrapToken_v2.<init>(WrapToken_v2.java:200)
> at
> sun.security.jgss.krb5.Krb5Context.wrap(Krb5Context.java:861)
> at
> sun.security.jgss.GSSContextImpl.wrap(GSSContextImpl.java:385)
> at
> com.sun.security.sasl.gsskerb.GssKrb5Base.wrap(GssKrb5Base.java:104)
> at
> com.sun.jndi.ldap.sasl.SaslOutputStream.write(SaslOutputStream.java:89)
> at
> com.sun.jndi.ldap.Connection.writeRequest(Connection.java:430)
> at com.sun.jndi.ldap.LdapClient.search(LdapClient.java:555)
> at com.sun.jndi.ldap.LdapCtx.doSearch(LdapCtx.java:1985)
> at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1847)
> at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1772)
> at
> com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:386)
> at
>
com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:356)
> at
>
com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:339)
> at
> javax.naming.directory.InitialDirContext.search(InitialDirContext.java:267)
> at
> org.ovirt.engine.core.ldap.RootDSEData.<init>(RootDSEData.java:52)
> at
> org.ovirt.engine.core.utils.kerberos.JndiAction.getDomainDN(JndiAction.java:254)
> at
> org.ovirt.engine.core.utils.kerberos.JndiAction.run(JndiAction.java:87)
> at java.security.AccessController.doPrivileged(Native Method)
> at javax.security.auth.Subject.doAs(Subject.java:356)
> at
>
org.ovirt.engine.core.utils.kerberos.KerberosConfigCheck.promptSuccessfulAuthentication(KerberosConfigCheck.java:174)
> at
>
org.ovirt.engine.core.utils.kerberos.KerberosConfigCheck.validateKerberosInstallation(KerberosConfigCheck.java:150)
> at
>
org.ovirt.engine.core.utils.kerberos.KerberosConfigCheck.checkInstallation(KerberosConfigCheck.java:135)
> at
>
org.ovirt.engine.core.domains.ManageDomains.checkKerberosConfiguration(ManageDomains.java:739)
> at
>
org.ovirt.engine.core.domains.ManageDomains.testConfiguration(ManageDomains.java:909)
> at
> org.ovirt.engine.core.domains.ManageDomains.addDomain(ManageDomains.java:531)
> at
> org.ovirt.engine.core.domains.ManageDomains.runCommand(ManageDomains.java:308)
> at
> org.ovirt.engine.core.domains.ManageDomains.main(ManageDomains.java:205)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
> at
>
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:606)
> at org.jboss.modules.Module.run(Module.java:260)
> at org.jboss.modules.Main.main(Main.java:291)
> Failure while testing domain %1$s. Details: %2$s: One of the
> parameters for this error is null and no default message to show
>
> Any thoughts on what might be going wrong?
>
--
Dirección Comercial: C/Jose Bardasano Baos, 9, Edif. Gorbea 3, planta
3ºD, 28016 Madrid, Spain
Inscrita en el Reg. Mercantil de Madrid – C.I.F. B82657941 - Red Hat S.L.
4:26 p.m.
On 21/01/14 12:49 +0100, Juan Hernandez wrote:
On 01/20/2014 11:33 PM, Yair Zaslavsky wrote:
> Hi Adam,
> Looks like you have problems in running the Root DSE query.
> I would like you to try and troubleshoot by comparing this to the execution of -
>
> ldapsearch -x -h <YOUR_IPA_SERVER_IP_ADDRESS> -s base
>
I think the problem is that your LDAP server is configured with a
minimum security strength factor that triggers a bug in the Kerberos
support in the Java virtual machine. This is a know issue. See here for
details:
http://gerrit.ovirt.org/21505
Thanks. Does this affect openIPA as well?
> ----- Original Message -----
>> From: "Adam Litke" <alitke(a)redhat.com>
>> To: users(a)ovirt.org
>> Sent: Tuesday, January 21, 2014 12:12:03 AM
>> Subject: [Users] Problem adding an IPA server to oVirt
>>
>> Hi,
>>
>> I am trying to set up an oVirt environment with an IPA provider and
>> am hitting a GeneralException that I am unsure how to debug. I have
>> configured freeIPA in a Fedora VM using the supplied configuration
>> script and I can 'kinit admin' from the ovirt-engine machine. When I
>> run the manage-domains command I get the following exception:
>>
>> I didn't realize it, but I had to add _kerberos srv records to my
>> dnsmasq.conf in order for the script to even find my KDC.
>>
>> ./engine-manage-domains -action=add -provider=IPA -domain=alitke.net
>> -user=admin -interactive -ldapServers=directory.alitke.net
>> Enter password:
>> General error has occurednull
>> java.lang.NegativeArraySizeException
>> at
>> sun.security.jgss.krb5.CipherHelper.aes256Encrypt(CipherHelper.java:1367)
>> at
>> sun.security.jgss.krb5.CipherHelper.encryptData(CipherHelper.java:722)
>> at
>> sun.security.jgss.krb5.WrapToken_v2.<init>(WrapToken_v2.java:200)
>> at
>> sun.security.jgss.krb5.Krb5Context.wrap(Krb5Context.java:861)
>> at
>> sun.security.jgss.GSSContextImpl.wrap(GSSContextImpl.java:385)
>> at
>> com.sun.security.sasl.gsskerb.GssKrb5Base.wrap(GssKrb5Base.java:104)
>> at
>> com.sun.jndi.ldap.sasl.SaslOutputStream.write(SaslOutputStream.java:89)
>> at
>> com.sun.jndi.ldap.Connection.writeRequest(Connection.java:430)
>> at com.sun.jndi.ldap.LdapClient.search(LdapClient.java:555)
>> at com.sun.jndi.ldap.LdapCtx.doSearch(LdapCtx.java:1985)
>> at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1847)
>> at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1772)
>> at
>>
com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:386)
>> at
>>
com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:356)
>> at
>>
com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:339)
>> at
>> javax.naming.directory.InitialDirContext.search(InitialDirContext.java:267)
>> at
>> org.ovirt.engine.core.ldap.RootDSEData.<init>(RootDSEData.java:52)
>> at
>> org.ovirt.engine.core.utils.kerberos.JndiAction.getDomainDN(JndiAction.java:254)
>> at
>> org.ovirt.engine.core.utils.kerberos.JndiAction.run(JndiAction.java:87)
>> at java.security.AccessController.doPrivileged(Native Method)
>> at javax.security.auth.Subject.doAs(Subject.java:356)
>> at
>>
org.ovirt.engine.core.utils.kerberos.KerberosConfigCheck.promptSuccessfulAuthentication(KerberosConfigCheck.java:174)
>> at
>>
org.ovirt.engine.core.utils.kerberos.KerberosConfigCheck.validateKerberosInstallation(KerberosConfigCheck.java:150)
>> at
>>
org.ovirt.engine.core.utils.kerberos.KerberosConfigCheck.checkInstallation(KerberosConfigCheck.java:135)
>> at
>>
org.ovirt.engine.core.domains.ManageDomains.checkKerberosConfiguration(ManageDomains.java:739)
>> at
>>
org.ovirt.engine.core.domains.ManageDomains.testConfiguration(ManageDomains.java:909)
>> at
>> org.ovirt.engine.core.domains.ManageDomains.addDomain(ManageDomains.java:531)
>> at
>> org.ovirt.engine.core.domains.ManageDomains.runCommand(ManageDomains.java:308)
>> at
>> org.ovirt.engine.core.domains.ManageDomains.main(ManageDomains.java:205)
>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>> at
>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
>> at
>>
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>> at java.lang.reflect.Method.invoke(Method.java:606)
>> at org.jboss.modules.Module.run(Module.java:260)
>> at org.jboss.modules.Main.main(Main.java:291)
>> Failure while testing domain %1$s. Details: %2$s: One of the
>> parameters for this error is null and no default message to show
>>
>> Any thoughts on what might be going wrong?
>>
--
Dirección Comercial: C/Jose Bardasano Baos, 9, Edif. Gorbea 3, planta
3ºD, 28016 Madrid, Spain
Inscrita en el Reg. Mercantil de Madrid – C.I.F. B82657941 - Red Hat S.L.
8:59 p.m.
On 01/21/2014 02:26 PM, Adam Litke wrote:
On 21/01/14 12:49 +0100, Juan Hernandez wrote:
> On 01/20/2014 11:33 PM, Yair Zaslavsky wrote:
>> Hi Adam,
>> Looks like you have problems in running the Root DSE query.
>> I would like you to try and troubleshoot by comparing this to the execution of -
>>
>> ldapsearch -x -h <YOUR_IPA_SERVER_IP_ADDRESS> -s base
>>
>
> I think the problem is that your LDAP server is configured with a
> minimum security strength factor that triggers a bug in the Kerberos
> support in the Java virtual machine. This is a know issue. See here for
> details:
>
> http://gerrit.ovirt.org/21505
Thanks. Does this affect openIPA as well?
I guess you mean FreeIPA.
Yes, it affects any LDAP server that sets missf to 0 by default,
including the the 389-ds used by FreeIPA.
>
>> ----- Original Message -----
>>> From: "Adam Litke" <alitke(a)redhat.com>
>>> To: users(a)ovirt.org
>>> Sent: Tuesday, January 21, 2014 12:12:03 AM
>>> Subject: [Users] Problem adding an IPA server to oVirt
>>>
>>> Hi,
>>>
>>> I am trying to set up an oVirt environment with an IPA provider and
>>> am hitting a GeneralException that I am unsure how to debug. I have
>>> configured freeIPA in a Fedora VM using the supplied configuration
>>> script and I can 'kinit admin' from the ovirt-engine machine. When
I
>>> run the manage-domains command I get the following exception:
>>>
>>> I didn't realize it, but I had to add _kerberos srv records to my
>>> dnsmasq.conf in order for the script to even find my KDC.
>>>
>>> ./engine-manage-domains -action=add -provider=IPA -domain=alitke.net
>>> -user=admin -interactive -ldapServers=directory.alitke.net
>>> Enter password:
>>> General error has occurednull
>>> java.lang.NegativeArraySizeException
>>> at
>>> sun.security.jgss.krb5.CipherHelper.aes256Encrypt(CipherHelper.java:1367)
>>> at
>>> sun.security.jgss.krb5.CipherHelper.encryptData(CipherHelper.java:722)
>>> at
>>> sun.security.jgss.krb5.WrapToken_v2.<init>(WrapToken_v2.java:200)
>>> at
>>> sun.security.jgss.krb5.Krb5Context.wrap(Krb5Context.java:861)
>>> at
>>> sun.security.jgss.GSSContextImpl.wrap(GSSContextImpl.java:385)
>>> at
>>> com.sun.security.sasl.gsskerb.GssKrb5Base.wrap(GssKrb5Base.java:104)
>>> at
>>> com.sun.jndi.ldap.sasl.SaslOutputStream.write(SaslOutputStream.java:89)
>>> at
>>> com.sun.jndi.ldap.Connection.writeRequest(Connection.java:430)
>>> at com.sun.jndi.ldap.LdapClient.search(LdapClient.java:555)
>>> at com.sun.jndi.ldap.LdapCtx.doSearch(LdapCtx.java:1985)
>>> at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1847)
>>> at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1772)
>>> at
>>>
com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:386)
>>> at
>>>
com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:356)
>>> at
>>>
com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:339)
>>> at
>>> javax.naming.directory.InitialDirContext.search(InitialDirContext.java:267)
>>> at
>>> org.ovirt.engine.core.ldap.RootDSEData.<init>(RootDSEData.java:52)
>>> at
>>>
org.ovirt.engine.core.utils.kerberos.JndiAction.getDomainDN(JndiAction.java:254)
>>> at
>>> org.ovirt.engine.core.utils.kerberos.JndiAction.run(JndiAction.java:87)
>>> at java.security.AccessController.doPrivileged(Native Method)
>>> at javax.security.auth.Subject.doAs(Subject.java:356)
>>> at
>>>
org.ovirt.engine.core.utils.kerberos.KerberosConfigCheck.promptSuccessfulAuthentication(KerberosConfigCheck.java:174)
>>> at
>>>
org.ovirt.engine.core.utils.kerberos.KerberosConfigCheck.validateKerberosInstallation(KerberosConfigCheck.java:150)
>>> at
>>>
org.ovirt.engine.core.utils.kerberos.KerberosConfigCheck.checkInstallation(KerberosConfigCheck.java:135)
>>> at
>>>
org.ovirt.engine.core.domains.ManageDomains.checkKerberosConfiguration(ManageDomains.java:739)
>>> at
>>>
org.ovirt.engine.core.domains.ManageDomains.testConfiguration(ManageDomains.java:909)
>>> at
>>>
org.ovirt.engine.core.domains.ManageDomains.addDomain(ManageDomains.java:531)
>>> at
>>>
org.ovirt.engine.core.domains.ManageDomains.runCommand(ManageDomains.java:308)
>>> at
>>> org.ovirt.engine.core.domains.ManageDomains.main(ManageDomains.java:205)
>>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>>> at
>>>
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
>>> at
>>>
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>>> at java.lang.reflect.Method.invoke(Method.java:606)
>>> at org.jboss.modules.Module.run(Module.java:260)
>>> at org.jboss.modules.Main.main(Main.java:291)
>>> Failure while testing domain %1$s. Details: %2$s: One of the
>>> parameters for this error is null and no default message to show
>>>
>>> Any thoughts on what might be going wrong?
>>>
>
>
>
> --
> Dirección Comercial: C/Jose Bardasano Baos, 9, Edif. Gorbea 3, planta
> 3ºD, 28016 Madrid, Spain
> Inscrita en el Reg. Mercantil de Madrid – C.I.F. B82657941 - Red Hat S.L.
_______________________________________________
Users mailing list
Users(a)ovirt.org
http://lists.ovirt.org/mailman/listinfo/users
--
Dirección Comercial: C/Jose Bardasano Baos, 9, Edif. Gorbea 3, planta
3ºD, 28016 Madrid, Spain
Inscrita en el Reg. Mercantil de Madrid – C.I.F. B82657941 - Red Hat S.L.
11:06 a.m.
Hi,
just a little OT:
I think it would be awesome if "known issues" would be
documented somewhere else, not just in source code.
Am 21.01.2014 12:49, schrieb Juan Hernandez:
I think the problem is that your LDAP server is configured with a
minimum security strength factor that triggers a bug in the Kerberos
support in the Java virtual machine. This is a know issue. See here for
details:
http://gerrit.ovirt.org/21505
--
Mit freundlichen Grüßen / Regards
Sven Kieske
Systemadministrator
Mittwald CM Service GmbH & Co. KG
Königsberger Straße 6
32339 Espelkamp
T: +49-5772-293-100
F: +49-5772-293-333
https://www.mittwald.de
Geschäftsführer: Robert Meyer
St.Nr.: 331/5721/1033, USt-IdNr.: DE814773217, HRA 6640, AG Bad Oeynhausen
Komplementärin: Robert Meyer Verwaltungs GmbH, HRB 13260, AG Bad Oeynhausen
11:08 p.m.
On 01/22/2014 10:06 AM, Sven Kieske wrote:
Hi,
just a little OT:
I think it would be awesome if "known issues" would be
documented somewhere else, not just in source code.
its not documented in code - its a specific check for this specific
error case to give a detailed error feedback to the admin.
Am 21.01.2014 12:49, schrieb Juan Hernandez:
> I think the problem is that your LDAP server is configured with a
> minimum security strength factor that triggers a bug in the Kerberos
> support in the Java virtual machine. This is a know issue. See here for
> details:
>
> http://gerrit.ovirt.org/21505
4:21 p.m.
On 20/01/14 17:33 -0500, Yair Zaslavsky wrote:
Hi Adam,
Looks like you have problems in running the Root DSE query.
I would like you to try and troubleshoot by comparing this to the execution of -
ldapsearch -x -h <YOUR_IPA_SERVER_IP_ADDRESS> -s base
Thanks for taking a look. Here is the result:
[alitke:~] $ ldapsearch -x -h 192.168.2.106 -s base
# extended LDIF
#
# LDAPv3
# base <dc=alitke,dc=net> (default) with scope baseObject
# filter: (objectclass=*)
# requesting: ALL
#
# alitke.net
dn: dc=alitke,dc=net
objectClass: top
objectClass: domain
objectClass: pilotObject
objectClass: domainRelatedObject
objectClass: nisDomainObject
dc: alitke
info: IPA V2.0
nisDomain: alitke.net
associatedDomain: alitke.net
# search result
search: 2
result: 0 Success
# numResponses: 2
# numEntries: 1
3954
days inactive
3960
days old
7 comments
5 participants
participants (5)
-
Adam Litke -
Itamar Heim -
Juan Hernandez -
Sven Kieske -
Yair Zaslavsky