Re: The user admin@internal is not authorized to perform login
Perhaps Ravi can assist with this. ---------- Forwarded message --------- From: Shawn Southern <shawn.southern@entegrus.com> Date: Fri, Nov 23, 2018 at 9:52 PM Subject: [ovirt-users] The user admin@internal is not authorized to perform login To: users@ovirt.org <users@ovirt.org> No one can log in to our oVirt instance today. LDAP users cannot authenticate, and the internal ‘admin’ user gets “The user admin@internal is not authorized to perform login” after being authenticated. From engine.log: 2018-11-23 10:17:12,454-05 INFO [org.ovirt.engine.core.sso.utils.AuthenticationUtils] (default task-24) [] User admin@internal successfully logged in with scopes: ovirt-app-admin ovirt-app-api ovirt-app-portal ovirt-ext=auth:sequence-priority=~ ovirt-ext=revoke:revoke-all ovirt-ext=token-info:authz-search ovirt-ext=token-info:public-authz-search ovirt-ext=token-info:validate ovirt-ext=token:password-access 2018-11-23 10:17:12,576-05 INFO [org.ovirt.engine.core.bll.aaa.CreateUserSessionCommand] (default task-24) [43bd2e4f] Running command: CreateUserSessionCommand internal: false. 2018-11-23 10:17:12,584-05 ERROR [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] (default task-24) [43bd2e4f] EVENT_ID: USER_VDC_LOGIN_FAILED(114), User admin@internal-authz connecting from '10.11.12.13' failed to log in<UNKNOWN>. 2018-11-23 10:17:12,585-05 ERROR [org.ovirt.engine.core.aaa.servlet.SsoPostLoginServlet] (default task-24) [] The user admin@internal is not authorized to perform login Where do I go from here? _______________________________________________ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-leave@ovirt.org Privacy Statement: https://www.ovirt.org/site/privacy-policy/ oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/OQNDRRXT3EZGGK... -- GREG SHEREMETA SENIOR SOFTWARE ENGINEER - TEAM LEAD - RHV UX Red Hat NA <https://www.redhat.com/> gshereme@redhat.com IRC: gshereme <https://red.ht/sig>
Looks like the permissions for admin@internal were removed by another admin user You can try the following 1. Get the admin user external id select external_id from users where name = 'admin' and domain = 'internal-authz' 2. Add permissions for admin user select attach_user_to_role( 'admin', 'internal-authz', '*', 'b71c937c-441b-42cc-bf21-33fa2d9704ce', <=== the external id from above 'SuperUser' ) Let us know if it helps On Sat, Nov 24, 2018 at 9:22 AM Greg Sheremeta <gshereme@redhat.com> wrote:
Perhaps Ravi can assist with this.
---------- Forwarded message --------- From: Shawn Southern <shawn.southern@entegrus.com> Date: Fri, Nov 23, 2018 at 9:52 PM Subject: [ovirt-users] The user admin@internal is not authorized to perform login To: users@ovirt.org <users@ovirt.org>
No one can log in to our oVirt instance today. LDAP users cannot authenticate, and the internal ‘admin’ user gets “The user admin@internal is not authorized to perform login” after being authenticated.
From engine.log:
2018-11-23 10:17:12,454-05 INFO [org.ovirt.engine.core.sso.utils.AuthenticationUtils] (default task-24) [] User admin@internal successfully logged in with scopes: ovirt-app-admin ovirt-app-api ovirt-app-portal ovirt-ext=auth:sequence-priority=~ ovirt-ext=revoke:revoke-all ovirt-ext=token-info:authz-search ovirt-ext=token-info:public-authz-search ovirt-ext=token-info:validate ovirt-ext=token:password-access
2018-11-23 10:17:12,576-05 INFO [org.ovirt.engine.core.bll.aaa.CreateUserSessionCommand] (default task-24) [43bd2e4f] Running command: CreateUserSessionCommand internal: false.
2018-11-23 10:17:12,584-05 ERROR [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] (default task-24) [43bd2e4f] EVENT_ID: USER_VDC_LOGIN_FAILED(114), User admin@internal-authz connecting from '10.11.12.13' failed to log in<UNKNOWN>.
2018-11-23 10:17:12,585-05 ERROR [org.ovirt.engine.core.aaa.servlet.SsoPostLoginServlet] (default task-24) [] The user admin@internal is not authorized to perform login
Where do I go from here? _______________________________________________ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-leave@ovirt.org Privacy Statement: https://www.ovirt.org/site/privacy-policy/ oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/OQNDRRXT3EZGGK...
--
GREG SHEREMETA
SENIOR SOFTWARE ENGINEER - TEAM LEAD - RHV UX
Red Hat NA
gshereme@redhat.com IRC: gshereme <https://red.ht/sig>
Thanks! That fixed it (I just added the Admin user back to SuperUser group via the web interface with an LDAP account that had SuperUser). From: Ravi Shankar Nori <rnori@redhat.com> Sent: November 26, 2018 12:14 PM To: Greg Sheremeta <gshereme@redhat.com> Cc: Shawn Southern <shawn.southern@entegrus.com>; users@oVirt.org Subject: Re: [ovirt-users] The user admin@internal is not authorized to perform login Looks like the permissions for admin@internal were removed by another admin user You can try the following 1. Get the admin user external id select external_id from users where name = 'admin' and domain = 'internal-authz' 2. Add permissions for admin user select attach_user_to_role( 'admin', 'internal-authz', '*', 'b71c937c-441b-42cc-bf21-33fa2d9704ce', <=== the external id from above 'SuperUser' ) Let us know if it helps On Sat, Nov 24, 2018 at 9:22 AM Greg Sheremeta <gshereme@redhat.com<mailto:gshereme@redhat.com>> wrote: Perhaps Ravi can assist with this. ---------- Forwarded message --------- From: Shawn Southern <shawn.southern@entegrus.com<mailto:shawn.southern@entegrus.com>> Date: Fri, Nov 23, 2018 at 9:52 PM Subject: [ovirt-users] The user admin@internal is not authorized to perform login To: users@ovirt.org<mailto:users@ovirt.org> <users@ovirt.org<mailto:users@ovirt.org>> No one can log in to our oVirt instance today. LDAP users cannot authenticate, and the internal ‘admin’ user gets “The user admin@internal is not authorized to perform login” after being authenticated. From engine.log: 2018-11-23 10:17:12,454-05 INFO [org.ovirt.engine.core.sso.utils.AuthenticationUtils] (default task-24) [] User admin@internal successfully logged in with scopes: ovirt-app-admin ovirt-app-api ovirt-app-portal ovirt-ext=auth:sequence-priority=~ ovirt-ext=revoke:revoke-all ovirt-ext=token-info:authz-search ovirt-ext=token-info:public-authz-search ovirt-ext=token-info:validate ovirt-ext=token:password-access 2018-11-23 10:17:12,576-05 INFO [org.ovirt.engine.core.bll.aaa.CreateUserSessionCommand] (default task-24) [43bd2e4f] Running command: CreateUserSessionCommand internal: false. 2018-11-23 10:17:12,584-05 ERROR [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] (default task-24) [43bd2e4f] EVENT_ID: USER_VDC_LOGIN_FAILED(114), User admin@internal-authz connecting from '10.11.12.13' failed to log in<UNKNOWN>. 2018-11-23 10:17:12,585-05 ERROR [org.ovirt.engine.core.aaa.servlet.SsoPostLoginServlet] (default task-24) [] The user admin@internal is not authorized to perform login Where do I go from here? _______________________________________________ Users mailing list -- users@ovirt.org<mailto:users@ovirt.org> To unsubscribe send an email to users-leave@ovirt.org<mailto:users-leave@ovirt.org> Privacy Statement: https://www.ovirt.org/site/privacy-policy/ oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/OQNDRRXT3EZGGK... -- GREG SHEREMETA SENIOR SOFTWARE ENGINEER - TEAM LEAD - RHV UX Red Hat NA <https://www.redhat.com/> gshereme@redhat.com<mailto:gshereme@redhat.com> IRC: gshereme [Image removed by sender.]<https://red.ht/sig>
participants (3)
-
Greg Sheremeta -
Ravi Shankar Nori -
Shawn Southern