8:22 a.m.
Perhaps Ravi can assist with this.
---------- Forwarded message ---------
From: Shawn Southern <shawn.southern(a)entegrus.com>
Date: Fri, Nov 23, 2018 at 9:52 PM
Subject: [ovirt-users] The user admin@internal is not authorized to perform
login
To: users(a)ovirt.org <users(a)ovirt.org>
No one can log in to our oVirt instance today. LDAP users cannot
authenticate, and the internal ‘admin’ user gets “The user admin@internal
is not authorized to perform login” after being authenticated.
From engine.log:
2018-11-23 10:17:12,454-05 INFO
[org.ovirt.engine.core.sso.utils.AuthenticationUtils] (default task-24) []
User admin@internal successfully logged in with scopes: ovirt-app-admin
ovirt-app-api ovirt-app-portal ovirt-ext=auth:sequence-priority=~
ovirt-ext=revoke:revoke-all ovirt-ext=token-info:authz-search
ovirt-ext=token-info:public-authz-search ovirt-ext=token-info:validate
ovirt-ext=token:password-access
2018-11-23 10:17:12,576-05 INFO
[org.ovirt.engine.core.bll.aaa.CreateUserSessionCommand] (default task-24)
[43bd2e4f] Running command: CreateUserSessionCommand internal: false.
2018-11-23 10:17:12,584-05 ERROR
[org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector]
(default task-24) [43bd2e4f] EVENT_ID: USER_VDC_LOGIN_FAILED(114), User
admin@internal-authz connecting from '10.11.12.13' failed to log
in<UNKNOWN>.
2018-11-23 10:17:12,585-05 ERROR
[org.ovirt.engine.core.aaa.servlet.SsoPostLoginServlet] (default task-24)
[] The user admin@internal is not authorized to perform login
Where do I go from here?
_______________________________________________
Users mailing list -- users(a)ovirt.org
To unsubscribe send an email to users-leave(a)ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct:
https://www.ovirt.org/community/about/community-guidelines/
List Archives:
https://lists.ovirt.org/archives/list/users@ovirt.org/message/OQNDRRXT3EZ...
--
GREG SHEREMETA
SENIOR SOFTWARE ENGINEER - TEAM LEAD - RHV UX
Red Hat NA
<https://www.redhat.com/>
gshereme(a)redhat.com IRC: gshereme
<https://red.ht/sig>
11:13 a.m.
New subject: The user admin@internal is not authorized to perform login
Looks like the permissions for admin@internal were removed by another admin
user
You can try the following
1. Get the admin user external id
select external_id from users where name = 'admin' and domain =
'internal-authz'
2. Add permissions for admin user
select attach_user_to_role(
'admin',
'internal-authz',
'*',
'b71c937c-441b-42cc-bf21-33fa2d9704ce', <=== the
external id from above
'SuperUser'
)
Let us know if it helps
On Sat, Nov 24, 2018 at 9:22 AM Greg Sheremeta <gshereme(a)redhat.com> wrote:
Perhaps Ravi can assist with this.
---------- Forwarded message ---------
From: Shawn Southern <shawn.southern(a)entegrus.com>
Date: Fri, Nov 23, 2018 at 9:52 PM
Subject: [ovirt-users] The user admin@internal is not authorized to
perform login
To: users(a)ovirt.org <users(a)ovirt.org>
No one can log in to our oVirt instance today. LDAP users cannot
authenticate, and the internal ‘admin’ user gets “The user admin@internal
is not authorized to perform login” after being authenticated.
From engine.log:
2018-11-23 10:17:12,454-05 INFO
[org.ovirt.engine.core.sso.utils.AuthenticationUtils] (default task-24) []
User admin@internal successfully logged in with scopes: ovirt-app-admin
ovirt-app-api ovirt-app-portal ovirt-ext=auth:sequence-priority=~
ovirt-ext=revoke:revoke-all ovirt-ext=token-info:authz-search
ovirt-ext=token-info:public-authz-search ovirt-ext=token-info:validate
ovirt-ext=token:password-access
2018-11-23 10:17:12,576-05 INFO
[org.ovirt.engine.core.bll.aaa.CreateUserSessionCommand] (default task-24)
[43bd2e4f] Running command: CreateUserSessionCommand internal: false.
2018-11-23 10:17:12,584-05 ERROR
[org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector]
(default task-24) [43bd2e4f] EVENT_ID: USER_VDC_LOGIN_FAILED(114), User
admin@internal-authz connecting from '10.11.12.13' failed to log
in<UNKNOWN>.
2018-11-23 10:17:12,585-05 ERROR
[org.ovirt.engine.core.aaa.servlet.SsoPostLoginServlet] (default task-24)
[] The user admin@internal is not authorized to perform login
Where do I go from here?
_______________________________________________
Users mailing list -- users(a)ovirt.org
To unsubscribe send an email to users-leave(a)ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct:
https://www.ovirt.org/community/about/community-guidelines/
List Archives:
https://lists.ovirt.org/archives/list/users@ovirt.org/message/OQNDRRXT3EZ...
--
GREG SHEREMETA
SENIOR SOFTWARE ENGINEER - TEAM LEAD - RHV UX
Red Hat NA
<https://www.redhat.com/>
gshereme(a)redhat.com IRC: gshereme
<https://red.ht/sig>
11:49 a.m.
New subject: The user admin@internal is not authorized to perform login
Thanks! That fixed it (I just added the Admin user back to SuperUser group via the web
interface with an LDAP account that had SuperUser).
From: Ravi Shankar Nori <rnori(a)redhat.com>
Sent: November 26, 2018 12:14 PM
To: Greg Sheremeta <gshereme(a)redhat.com>
Cc: Shawn Southern <shawn.southern(a)entegrus.com>; users(a)oVirt.org
Subject: Re: [ovirt-users] The user admin@internal is not authorized to perform login
Looks like the permissions for admin@internal were removed by another admin user
You can try the following
1. Get the admin user external id
select external_id from users where name = 'admin' and domain =
'internal-authz'
2. Add permissions for admin user
select attach_user_to_role(
'admin',
'internal-authz',
'*',
'b71c937c-441b-42cc-bf21-33fa2d9704ce', <=== the external
id from above
'SuperUser'
)
Let us know if it helps
On Sat, Nov 24, 2018 at 9:22 AM Greg Sheremeta
<gshereme@redhat.com<mailto:gshereme@redhat.com>> wrote:
Perhaps Ravi can assist with this.
---------- Forwarded message ---------
From: Shawn Southern
<shawn.southern@entegrus.com<mailto:shawn.southern@entegrus.com>>
Date: Fri, Nov 23, 2018 at 9:52 PM
Subject: [ovirt-users] The user admin@internal is not authorized to perform login
To: users@ovirt.org<mailto:users@ovirt.org>
<users@ovirt.org<mailto:users@ovirt.org>>
No one can log in to our oVirt instance today. LDAP users cannot authenticate, and the
internal ‘admin’ user gets “The user admin@internal is not authorized to perform login”
after being authenticated.
From engine.log:
2018-11-23 10:17:12,454-05 INFO [org.ovirt.engine.core.sso.utils.AuthenticationUtils]
(default task-24) [] User admin@internal successfully logged in with scopes:
ovirt-app-admin ovirt-app-api ovirt-app-portal ovirt-ext=auth:sequence-priority=~
ovirt-ext=revoke:revoke-all ovirt-ext=token-info:authz-search
ovirt-ext=token-info:public-authz-search ovirt-ext=token-info:validate
ovirt-ext=token:password-access
2018-11-23 10:17:12,576-05 INFO [org.ovirt.engine.core.bll.aaa.CreateUserSessionCommand]
(default task-24) [43bd2e4f] Running command: CreateUserSessionCommand internal: false.
2018-11-23 10:17:12,584-05 ERROR
[org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] (default task-24)
[43bd2e4f] EVENT_ID: USER_VDC_LOGIN_FAILED(114), User admin@internal-authz connecting from
'10.11.12.13' failed to log in<UNKNOWN>.
2018-11-23 10:17:12,585-05 ERROR [org.ovirt.engine.core.aaa.servlet.SsoPostLoginServlet]
(default task-24) [] The user admin@internal is not authorized to perform login
Where do I go from here?
_______________________________________________
Users mailing list -- users@ovirt.org<mailto:users@ovirt.org>
To unsubscribe send an email to
users-leave@ovirt.org<mailto:users-leave@ovirt.org>
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/
List Archives:
https://lists.ovirt.org/archives/list/users@ovirt.org/message/OQNDRRXT3EZ...
--
GREG SHEREMETA
SENIOR SOFTWARE ENGINEER - TEAM LEAD - RHV UX
Red Hat NA
<https://www.redhat.com/>
gshereme@redhat.com<mailto:gshereme@redhat.com> IRC: gshereme
[Image removed by sender.]<https://red.ht/sig>
2410
days inactive
2412
days old
2 comments
3 participants
participants (3)
-
Greg Sheremeta -
Ravi Shankar Nori -
Shawn Southern