Hello, I've problems for utilization IPA Server with oVirt. Below is the error log and corresponding access, commands and log entries. Thanks for helping me. ********************************************************************* Ipa Server - 10.30.0.25 LSB Version: :base-4.0-amd64:base-4.0-noarch:core-4.0-amd64:core-4.0-noarch Distributor ID: CentOS Description: CentOS release 6.5 (Final) Release: 6.5 Codename: Final # rpm -qa | grep ipa ipa-server-3.0.0-37.el6.x86_64 ipa-pki-ca-theme-9.0.3-7.el6.noarch ipa-python-3.0.0-37.el6.x86_64 ipa-pki-common-theme-9.0.3-7.el6.noarch ipa-admintools-3.0.0-37.el6.x86_64 ipa-server-selinux-3.0.0-37.el6.x86_64 ipa-client-3.0.0-37.el6.x86_64 # dig _kerberos._tcp.din.uem.br ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.23.rc1.el6_5.1 <<>> _kerberos._ tcp.din.uem.br ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34293 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;_kerberos._tcp.din.uem.br. IN A ;; AUTHORITY SECTION: din.uem.br. 3600 IN SOA ns1.din.uem.br. root.din.uem.br. 2014100841 1800 900 60480 3600 ;; Query time: 1 msec ;; SERVER: 186.233.152.33#53(186.233.152.33) ;; WHEN: Thu Oct 9 14:19:05 2014 ;; MSG SIZE rcvd: 88 # dig _ldap._tcp.din.uem.br ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.23.rc1.el6_5.1 <<>> _ldap._tcp.din.uem.br ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21167 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;_ldap._tcp.din.uem.br. IN A ;; AUTHORITY SECTION: din.uem.br. 3600 IN SOA ns1.din.uem.br. root.din.uem.br. 2014100841 1800 900 60480 3600 ;; Query time: 1 msec ;; SERVER: 186.233.152.33#53(186.233.152.33) ;; WHEN: Thu Oct 9 14:20:16 2014 ;; MSG SIZE rcvd: 84 /var/log/dirsrv/slapd-DIN-UEM-BR/access ------------------------------------------------------------------------------------------------------------------------- conn=3 op=210 SRCH base="dc=din,dc=uem,dc=br" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName= admin@DIN.UEM.BR))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled k conn=3 op=210 RESULT err=0 tag=101 nentries=1 etime=0 conn=3 op=211 SRCH base="cn=DIN.UEM.BR,cn=kerberos,dc=din,dc=uem,dc=br" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" conn=3 op=211 RESULT err=0 tag=101 nentries=1 etime=0 conn=3 op=212 SRCH base="dc=din,dc=uem,dc=br" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/ DIN.UEM.BR@DIN.UEM.BR)(krbPrincipalName=krbtgt/DIN.UEM conn=3 op=212 RESULT err=0 tag=101 nentries=1 etime=0 conn=3 op=213 SRCH base="cn=global_policy,cn=DIN.UEM.BR,cn=kerberos,dc=din,dc=uem,dc=br" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdF conn=3 op=213 RESULT err=0 tag=101 nentries=1 etime=0 conn=50 fd=66 slot=66 connection from 10.30.0.23 to 10.30.0.25 conn=50 op=-1 fd=66 closed error 34 (Numerical result out of range) - B2 /var/log/ovirt-engine/engine-manage-domains.log ------------------------------------------------------------------------------------------------------------------------- 2014-10-09 11:23:05,901 INFO [org.ovirt.engine.core.utils.LocalConfig] Loaded file "/usr/share/ovirt-engine/services/ovirt-engine/ovirt-engine.conf". 2014-10-09 11:23:05,903 INFO [org.ovirt.engine.core.utils.LocalConfig] The file "/etc/ovirt-engine/engine.conf" doesn't exist or isn't readable. Will return an empty set of properties. 2014-10-09 11:23:05,904 INFO [org.ovirt.engine.core.utils.LocalConfig] Loaded file "/etc/ovirt-engine/engine.conf.d/10-setup-database.conf". 2014-10-09 11:23:05,905 INFO [org.ovirt.engine.core.utils.LocalConfig] Loaded file "/etc/ovirt-engine/engine.conf.d/10-setup-jboss.conf". 2014-10-09 11:23:05,906 INFO [org.ovirt.engine.core.utils.LocalConfig] Loaded file "/etc/ovirt-engine/engine.conf.d/10-setup-pki.conf". 2014-10-09 11:23:05,907 INFO [org.ovirt.engine.core.utils.LocalConfig] Loaded file "/etc/ovirt-engine/engine.conf.d/10-setup-protocols.conf". 2014-10-09 11:23:05,908 INFO [org.ovirt.engine.core.utils.LocalConfig] Loaded file "/etc/ovirt-engine/engine.conf.d/20-ovirt-engine-reports.conf". 2014-10-09 11:23:05,909 INFO [org.ovirt.engine.core.utils.LocalConfig] Value of property "ENGINE_AJP_ENABLED" is "true". 2014-10-09 11:23:05,909 INFO [org.ovirt.engine.core.utils.LocalConfig] Value of property "ENGINE_AJP_PORT" is "8702". 2014-10-09 11:23:05,909 INFO [org.ovirt.engine.core.utils.LocalConfig] Value of property "ENGINE_APPS" is "engine.ear "/var/lib/ovirt-engine-reports/ovirt-engine-reports.war"". 2014-10-09 11:23:05,910 INFO [org.ovirt.engine.core.utils.LocalConfig] Value of property "ENGINE_CACHE" is "/var/cache/ovirt-engine". 2014-10-09 11:23:05,910 INFO [org.ovirt.engine.core.utils.LocalConfig] Value of property "ENGINE_DB_CHECK_INTERVAL" is "1000". 2014-10-09 11:23:05,910 INFO [org.ovirt.engine.core.utils.LocalConfig] Value of property "ENGINE_DB_CONNECTION_TIMEOUT" is "300000". 2014-10-09 11:23:05,910 INFO [org.ovirt.engine.core.utils.LocalConfig] Value of property "ENGINE_DB_DATABASE" is "engine". 2014-10-09 11:23:05,910 INFO [org.ovirt.engine.core.utils.LocalConfig] Value of property "ENGINE_DB_DRIVER" is "org.postgresql.Driver". 2014-10-09 11:23:05,910 INFO [org.ovirt.engine.core.utils.LocalConfig] Value of property "ENGINE_DB_HOST" is "localhost". 2014-10-09 11:23:05,910 INFO [org.ovirt.engine.core.utils.LocalConfig] Value of property "ENGINE_DB_MAX_CONNECTIONS" is "100". 2014-10-09 11:23:05,910 INFO [org.ovirt.engine.core.utils.LocalConfig] Value of property "ENGINE_DB_MIN_CONNECTIONS" is "1". 2014-10-09 11:23:05,911 INFO [org.ovirt.engine.core.utils.LocalConfig] Value of property "ENGINE_DB_PASSWORD" is "***". 2014-10-09 11:23:05,911 INFO [org.ovirt.engine.core.utils.LocalConfig] Value of property "ENGINE_DB_PORT" is "5432". 2014-10-09 11:23:05,911 INFO [org.ovirt.engine.core.utils.LocalConfig] Value of property "ENGINE_DB_SECURED" is "False". 2014-10-09 11:23:05,911 INFO [org.ovirt.engine.core.utils.LocalConfig] Value of property "ENGINE_DB_SECURED_VALIDATION" is "False". 2014-10-09 11:23:05,911 INFO [org.ovirt.engine.core.utils.LocalConfig] Value of property "ENGINE_DB_URL" is "jdbc:postgresql://localhost:5432/engine?sslfactory=org.postgresql.ssl.NonValidatingFactory". 2014-10-09 11:23:05,911 INFO [org.ovirt.engine.core.utils.LocalConfig] Value of property "ENGINE_DB_USER" is "engine". 2014-10-09 11:23:05,912 INFO [org.ovirt.engine.core.utils.LocalConfig] Value of property "ENGINE_DEBUG_ADDRESS" is "". 2014-10-09 11:23:05,912 INFO [org.ovirt.engine.core.utils.LocalConfig] Value of property "ENGINE_DOC" is "/usr/share/doc/ovirt-engine". 2014-10-09 11:23:05,912 INFO [org.ovirt.engine.core.utils.LocalConfig] Value of property "ENGINE_ETC" is "/etc/ovirt-engine". 2014-10-09 11:23:05,912 INFO [org.ovirt.engine.core.utils.LocalConfig] Value of property "ENGINE_FQDN" is "ovirtm.din.uem.br". 2014-10-09 11:23:05,912 INFO [org.ovirt.engine.core.utils.LocalConfig] Value of property "ENGINE_GROUP" is "ovirt". 2014-10-09 11:23:05,912 INFO [org.ovirt.engine.core.utils.LocalConfig] Value of property "ENGINE_HEAP_MAX" is "1g". 2014-10-09 11:23:05,913 INFO [org.ovirt.engine.core.utils.LocalConfig] Value of property "ENGINE_HEAP_MIN" is "1g". 2014-10-09 11:23:05,913 INFO [org.ovirt.engine.core.utils.LocalConfig] Value of property "ENGINE_HTTPS_ENABLED" is "false". 2014-10-09 11:23:05,913 INFO [org.ovirt.engine.core.utils.LocalConfig] Value of property "ENGINE_HTTPS_PORT" is "None". 2014-10-09 11:23:05,913 INFO [org.ovirt.engine.core.utils.LocalConfig] Value of property "ENGINE_HTTPS_PROTOCOLS" is "SSLv3,TLSv1,TLSv1.1,TLSv1.2". 2014-10-09 11:23:05,913 INFO [org.ovirt.engine.core.utils.LocalConfig] Value of property "ENGINE_HTTP_ENABLED" is "false". 2014-10-09 11:23:05,913 INFO [org.ovirt.engine.core.utils.LocalConfig] Value of property "ENGINE_HTTP_PORT" is "None". 2014-10-09 11:23:05,914 INFO [org.ovirt.engine.core.utils.LocalConfig] Value of property "ENGINE_JAVA_MODULEPATH" is "/usr/share/ovirt-engine/modules:/var/lib/ovirt-engine-reports/modules". 2014-10-09 11:23:05,914 INFO [org.ovirt.engine.core.utils.LocalConfig] Value of property "ENGINE_JVM_ARGS" is " -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath="/var/log/ovirt-engine/dump"". 2014-10-09 11:23:05,914 INFO [org.ovirt.engine.core.utils.LocalConfig] Value of property "ENGINE_LOG" is "/var/log/ovirt-engine". 2014-10-09 11:23:05,914 INFO [org.ovirt.engine.core.utils.LocalConfig] Value of property "ENGINE_LOG_TO_CONSOLE" is "false". 2014-10-09 11:23:05,914 INFO [org.ovirt.engine.core.utils.LocalConfig] Value of property "ENGINE_MANUAL" is "/usr/share/ovirt-engine/manual". 2014-10-09 11:23:05,914 INFO [org.ovirt.engine.core.utils.LocalConfig] Value of property "ENGINE_PERM_MAX" is "256m". 2014-10-09 11:23:05,914 INFO [org.ovirt.engine.core.utils.LocalConfig] Value of property "ENGINE_PERM_MIN" is "256m". 2014-10-09 11:23:05,915 INFO [org.ovirt.engine.core.utils.LocalConfig] Value of property "ENGINE_PKI" is "/etc/pki/ovirt-engine". 2014-10-09 11:23:05,915 INFO [org.ovirt.engine.core.utils.LocalConfig] Value of property "ENGINE_PKI_CA" is "/etc/pki/ovirt-engine/ca.pem". 2014-10-09 11:23:05,915 INFO [org.ovirt.engine.core.utils.LocalConfig] Value of property "ENGINE_PKI_ENGINE_CERT" is "/etc/pki/ovirt-engine/certs/engine.cer". 2014-10-09 11:23:05,915 INFO [org.ovirt.engine.core.utils.LocalConfig] Value of property "ENGINE_PKI_ENGINE_STORE" is "/etc/pki/ovirt-engine/keys/engine.p12". 2014-10-09 11:23:05,915 INFO [org.ovirt.engine.core.utils.LocalConfig] Value of property "ENGINE_PKI_ENGINE_STORE_ALIAS" is "1". 2014-10-09 11:23:05,915 INFO [org.ovirt.engine.core.utils.LocalConfig] Value of property "ENGINE_PKI_ENGINE_STORE_PASSWORD" is "***". 2014-10-09 11:23:05,915 INFO [org.ovirt.engine.core.utils.LocalConfig] Value of property "ENGINE_PKI_TRUST_STORE" is "/etc/pki/ovirt-engine/.truststore". 2014-10-09 11:23:05,915 INFO [org.ovirt.engine.core.utils.LocalConfig] Value of property "ENGINE_PKI_TRUST_STORE_PASSWORD" is "***". 2014-10-09 11:23:05,916 INFO [org.ovirt.engine.core.utils.LocalConfig] Value of property "ENGINE_PROPERTIES" is " jsse.enableSNIExtension=false". 2014-10-09 11:23:05,916 INFO [org.ovirt.engine.core.utils.LocalConfig] Value of property "ENGINE_PROXY_ENABLED" is "true". 2014-10-09 11:23:05,916 INFO [org.ovirt.engine.core.utils.LocalConfig] Value of property "ENGINE_PROXY_HTTPS_PORT" is "443". 2014-10-09 11:23:05,916 INFO [org.ovirt.engine.core.utils.LocalConfig] Value of property "ENGINE_PROXY_HTTP_PORT" is "80". 2014-10-09 11:23:05,916 INFO [org.ovirt.engine.core.utils.LocalConfig] Value of property "ENGINE_REPORTS_UI" is "/var/lib/ovirt-engine/reports.xml". 2014-10-09 11:23:05,916 INFO [org.ovirt.engine.core.utils.LocalConfig] Value of property "ENGINE_STOP_INTERVAL" is "1". 2014-10-09 11:23:05,916 INFO [org.ovirt.engine.core.utils.LocalConfig] Value of property "ENGINE_STOP_TIME" is "10". 2014-10-09 11:23:05,916 INFO [org.ovirt.engine.core.utils.LocalConfig] Value of property "ENGINE_TMP" is "/var/tmp/ovirt-engine". 2014-10-09 11:23:05,917 INFO [org.ovirt.engine.core.utils.LocalConfig] Value of property "ENGINE_UP_MARK" is "/var/lib/ovirt-engine/engine.up". 2014-10-09 11:23:05,917 INFO [org.ovirt.engine.core.utils.LocalConfig] Value of property "ENGINE_URI" is "/ovirt-engine". 2014-10-09 11:23:05,917 INFO [org.ovirt.engine.core.utils.LocalConfig] Value of property "ENGINE_USER" is "ovirt". 2014-10-09 11:23:05,917 INFO [org.ovirt.engine.core.utils.LocalConfig] Value of property "ENGINE_USR" is "/usr/share/ovirt-engine". 2014-10-09 11:23:05,917 INFO [org.ovirt.engine.core.utils.LocalConfig] Value of property "ENGINE_VAR" is "/var/lib/ovirt-engine". 2014-10-09 11:23:05,917 INFO [org.ovirt.engine.core.utils.LocalConfig] Value of property "ENGINE_VERBOSE_GC" is "false". 2014-10-09 11:23:05,917 INFO [org.ovirt.engine.core.utils.LocalConfig] Value of property "JBOSS_HOME" is "/usr/share/jboss-as". 2014-10-09 11:23:05,917 INFO [org.ovirt.engine.core.utils.LocalConfig] Value of property "SENSITIVE_KEYS" is ",ENGINE_DB_PASSWORD,ENGINE_PKI_TRUST_STORE_PASSWORD,ENGINE_PKI_ENGINE_STORE_PASSWORD". 2014-10-09 11:23:39,328 INFO [org.ovirt.engine.core.domains.ManageDomains] Creating kerberos configuration for domain(s): din.uem.br 2014-10-09 11:23:39,357 INFO [org.ovirt.engine.core.domains.ManageDomains] Successfully created kerberos configuration for domain(s): din.uem.br 2014-10-09 11:23:39,357 INFO [org.ovirt.engine.core.domains.ManageDomains] Testing kerberos configuration for domain: din.uem.br 2014-10-09 11:23:39,572 ERROR [org.ovirt.engine.core.utils.kerberos.KerberosConfigCheck] Error: exception message: Cannot get a KDC reply 2014-10-09 11:23:39,577 ERROR [org.ovirt.engine.core.domains.ManageDomains] Failure while testing domain din.uem.br. Details: Kerberos error. Please check log for further details. ********************************************************************* oVirt Manager - 10.30.0.23 LSB Version: :base-4.0-amd64:base-4.0-noarch:core-4.0-amd64:core-4.0-noarch Distributor ID: CentOS Description: CentOS release 6.5 (Final) Release: 6.5 Codename: Final # rpm -qa | grep -i ovirt ovirt-engine-dwh-setup-3.4.0-2.el6.noarch ovirt-engine-dwh-3.4.0-2.el6.noarch ovirt-hosted-engine-ha-1.1.2-1.el6.noarch ovirt-engine-setup-plugin-websocket-proxy-3.4.0-1.el6.noarch ovirt-engine-cli-3.4.0.5-1.el6.noarch ovirt-engine-restapi-3.4.0-1.el6.noarch ovirt-engine-dbscripts-3.4.0-1.el6.noarch ovirt-release-11.2.0-1.noarch ovirt-engine-sdk-python-3.4.0.7-1.el6.noarch ovirt-host-deploy-1.2.0-1.el6.noarch ovirt-engine-reports-setup-3.4.0-2.el6.noarch ovirt-engine-lib-3.4.0-1.el6.noarch ovirt-engine-websocket-proxy-3.4.0-1.el6.noarch ovirt-log-collector-3.4.1-1.el6.noarch ovirt-engine-setup-plugin-ovirt-engine-common-3.4.0-1.el6.noarch ovirt-host-deploy-java-1.2.0-1.el6.noarch ovirt-engine-tools-3.4.0-1.el6.noarch ovirt-engine-userportal-3.4.0-1.el6.noarch ovirt-engine-setup-plugin-ovirt-engine-3.4.0-1.el6.noarch ovirt-engine-backend-3.4.0-1.el6.noarch ovirt-engine-reports-3.4.0-2.el6.noarch ovirt-engine-setup-base-3.4.0-1.el6.noarch ovirt-iso-uploader-3.4.0-1.el6.noarch ovirt-image-uploader-3.4.0-1.el6.noarch ovirt-engine-webadmin-portal-3.4.0-1.el6.noarch ovirt-engine-setup-3.4.0-1.el6.noarch ovirt-engine-3.4.0-1.el6.noarch engine-manage-domains add --domain=din.uem.br --provider=ipa --user=admin Enter password: Error: exception message: Cannot get a KDC reply Failure while testing domain din.uem.br. Details: Kerberos error. Please check log for further details. At. Donato. -- Ao encaminhar esta mensagem, por favor: 1. Apague o meu e-mail e o meu nome. 2. Apague também os endereços dos amigos antes de reenviar 3. Use Cco ou Bcc para enviar mensagens! Dificulte a disseminação de vírus e spam.
Can't help you with this one, but be aware that these kind of issues are all solved in 3.5 in which we do not mix kerberos and ldap. ----- Original Message -----
From: "Marcelo Donato" <donato@din.uem.br> To: users@ovirt.org Sent: Thursday, October 9, 2014 8:25:34 PM Subject: [ovirt-users] oVirt 3.4 + Ipa Server
Hello, I've problems for utilization IPA Server with oVirt. Below is the error log and corresponding access, commands and log entries. Thanks for helping me. ********************************************************************* Ipa Server - 10.30.0.25 LSB Version: :base-4.0-amd64:base-4.0-noarch:core-4.0-amd64:core-4.0-noarch Distributor ID: CentOS Description: CentOS release 6.5 (Final) Release: 6.5 Codename: Final # rpm -qa | grep ipa ipa-server-3.0.0-37.el6.x86_64 ipa-pki-ca-theme-9.0.3-7.el6.noarch ipa-python-3.0.0-37.el6.x86_64 ipa-pki-common-theme-9.0.3-7.el6.noarch ipa-admintools-3.0.0-37.el6.x86_64 ipa-server-selinux-3.0.0-37.el6.x86_64 ipa-client-3.0.0-37.el6.x86_64
# dig _kerberos._ tcp.din.uem.br
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.23.rc1.el6_5.1 <<>> _kerberos._ tcp.din.uem.br ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34293 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION: ;_kerberos._ tcp.din.uem.br . IN A
;; AUTHORITY SECTION: din.uem.br . 3600 IN SOA ns1.din.uem.br . root.din.uem.br . 2014100841 1800 900 60480 3600
;; Query time: 1 msec ;; SERVER: 186.233.152.33#53(186.233.152.33) ;; WHEN: Thu Oct 9 14:19:05 2014 ;; MSG SIZE rcvd: 88
# dig _ldap._ tcp.din.uem.br
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.23.rc1.el6_5.1 <<>> _ldap._ tcp.din.uem.br ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21167 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION: ;_ldap._ tcp.din.uem.br . IN A
;; AUTHORITY SECTION: din.uem.br . 3600 IN SOA ns1.din.uem.br . root.din.uem.br . 2014100841 1800 900 60480 3600
;; Query time: 1 msec ;; SERVER: 186.233.152.33#53(186.233.152.33) ;; WHEN: Thu Oct 9 14:20:16 2014 ;; MSG SIZE rcvd: 84
/var/log/dirsrv/slapd-DIN-UEM-BR/access ------------------------------------------------------------------------------------------------------------------------- conn=3 op=210 SRCH base="dc=din,dc=uem,dc=br" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName= admin@DIN.UEM.BR ))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled k conn=3 op=210 RESULT err=0 tag=101 nentries=1 etime=0 conn=3 op=211 SRCH base="cn= DIN.UEM.BR ,cn=kerberos,dc=din,dc=uem,dc=br" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" conn=3 op=211 RESULT err=0 tag=101 nentries=1 etime=0 conn=3 op=212 SRCH base="dc=din,dc=uem,dc=br" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/ DIN.UEM.BR@DIN.UEM.BR )(krbPrincipalName=krbtgt/DIN.UEM conn=3 op=212 RESULT err=0 tag=101 nentries=1 etime=0 conn=3 op=213 SRCH base="cn=global_policy,cn= DIN.UEM.BR ,cn=kerberos,dc=din,dc=uem,dc=br" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdF conn=3 op=213 RESULT err=0 tag=101 nentries=1 etime=0 conn=50 fd=66 slot=66 connection from 10.30.0.23 to 10.30.0.25 conn=50 op=-1 fd=66 closed error 34 (Numerical result out of range) - B2
/var/log/ovirt-engine/engine-manage-domains.log ------------------------------------------------------------------------------------------------------------------------- 2014-10-09 11:23:05,901 INFO [org.ovirt.engine.core.utils.LocalConfig] Loaded file "/usr/share/ovirt-engine/services/ovirt-engine/ovirt-engine.conf". 2014-10-09 11:23:05,903 INFO [org.ovirt.engine.core.utils.LocalConfig] The file "/etc/ovirt-engine/engine.conf" doesn't exist or isn't readable. Will return an empty set of properties. 2014-10-09 11:23:05,904 INFO [org.ovirt.engine.core.utils.LocalConfig] Loaded file "/etc/ovirt-engine/engine.conf.d/10-setup-database.conf". 2014-10-09 11:23:05,905 INFO [org.ovirt.engine.core.utils.LocalConfig] Loaded file "/etc/ovirt-engine/engine.conf.d/10-setup-jboss.conf". 2014-10-09 11:23:05,906 INFO [org.ovirt.engine.core.utils.LocalConfig] Loaded file "/etc/ovirt-engine/engine.conf.d/10-setup-pki.conf". 2014-10-09 11:23:05,907 INFO [org.ovirt.engine.core.utils.LocalConfig] Loaded file "/etc/ovirt-engine/engine.conf.d/10-setup-protocols.conf". 2014-10-09 11:23:05,908 INFO [org.ovirt.engine.core.utils.LocalConfig] Loaded file "/etc/ovirt-engine/engine.conf.d/20-ovirt-engine-reports.conf". 2014-10-09 11:23:05,909 INFO [org.ovirt.engine.core.utils.LocalConfig] Value of property "ENGINE_AJP_ENABLED" is "true". 2014-10-09 11:23:05,909 INFO [org.ovirt.engine.core.utils.LocalConfig] Value of property "ENGINE_AJP_PORT" is "8702". 2014-10-09 11:23:05,909 INFO [org.ovirt.engine.core.utils.LocalConfig] Value of property "ENGINE_APPS" is "engine.ear "/var/lib/ovirt-engine-reports/ovirt-engine-reports.war"". 2014-10-09 11:23:05,910 INFO [org.ovirt.engine.core.utils.LocalConfig] Value of property "ENGINE_CACHE" is "/var/cache/ovirt-engine". 2014-10-09 11:23:05,910 INFO [org.ovirt.engine.core.utils.LocalConfig] Value of property "ENGINE_DB_CHECK_INTERVAL" is "1000". 2014-10-09 11:23:05,910 INFO [org.ovirt.engine.core.utils.LocalConfig] Value of property "ENGINE_DB_CONNECTION_TIMEOUT" is "300000". 2014-10-09 11:23:05,910 INFO [org.ovirt.engine.core.utils.LocalConfig] Value of property "ENGINE_DB_DATABASE" is "engine". 2014-10-09 11:23:05,910 INFO [org.ovirt.engine.core.utils.LocalConfig] Value of property "ENGINE_DB_DRIVER" is "org.postgresql.Driver". 2014-10-09 11:23:05,910 INFO [org.ovirt.engine.core.utils.LocalConfig] Value of property "ENGINE_DB_HOST" is "localhost". 2014-10-09 11:23:05,910 INFO [org.ovirt.engine.core.utils.LocalConfig] Value of property "ENGINE_DB_MAX_CONNECTIONS" is "100". 2014-10-09 11:23:05,910 INFO [org.ovirt.engine.core.utils.LocalConfig] Value of property "ENGINE_DB_MIN_CONNECTIONS" is "1". 2014-10-09 11:23:05,911 INFO [org.ovirt.engine.core.utils.LocalConfig] Value of property "ENGINE_DB_PASSWORD" is "***". 2014-10-09 11:23:05,911 INFO [org.ovirt.engine.core.utils.LocalConfig] Value of property "ENGINE_DB_PORT" is "5432". 2014-10-09 11:23:05,911 INFO [org.ovirt.engine.core.utils.LocalConfig] Value of property "ENGINE_DB_SECURED" is "False". 2014-10-09 11:23:05,911 INFO [org.ovirt.engine.core.utils.LocalConfig] Value of property "ENGINE_DB_SECURED_VALIDATION" is "False". 2014-10-09 11:23:05,911 INFO [org.ovirt.engine.core.utils.LocalConfig] Value of property "ENGINE_DB_URL" is "jdbc:postgresql://localhost:5432/engine?sslfactory=org.postgresql.ssl.NonValidatingFactory". 2014-10-09 11:23:05,911 INFO [org.ovirt.engine.core.utils.LocalConfig] Value of property "ENGINE_DB_USER" is "engine". 2014-10-09 11:23:05,912 INFO [org.ovirt.engine.core.utils.LocalConfig] Value of property "ENGINE_DEBUG_ADDRESS" is "". 2014-10-09 11:23:05,912 INFO [org.ovirt.engine.core.utils.LocalConfig] Value of property "ENGINE_DOC" is "/usr/share/doc/ovirt-engine". 2014-10-09 11:23:05,912 INFO [org.ovirt.engine.core.utils.LocalConfig] Value of property "ENGINE_ETC" is "/etc/ovirt-engine". 2014-10-09 11:23:05,912 INFO [org.ovirt.engine.core.utils.LocalConfig] Value of property "ENGINE_FQDN" is " ovirtm.din.uem.br ". 2014-10-09 11:23:05,912 INFO [org.ovirt.engine.core.utils.LocalConfig] Value of property "ENGINE_GROUP" is "ovirt". 2014-10-09 11:23:05,912 INFO [org.ovirt.engine.core.utils.LocalConfig] Value of property "ENGINE_HEAP_MAX" is "1g". 2014-10-09 11:23:05,913 INFO [org.ovirt.engine.core.utils.LocalConfig] Value of property "ENGINE_HEAP_MIN" is "1g". 2014-10-09 11:23:05,913 INFO [org.ovirt.engine.core.utils.LocalConfig] Value of property "ENGINE_HTTPS_ENABLED" is "false". 2014-10-09 11:23:05,913 INFO [org.ovirt.engine.core.utils.LocalConfig] Value of property "ENGINE_HTTPS_PORT" is "None". 2014-10-09 11:23:05,913 INFO [org.ovirt.engine.core.utils.LocalConfig] Value of property "ENGINE_HTTPS_PROTOCOLS" is "SSLv3,TLSv1,TLSv1.1,TLSv1.2". 2014-10-09 11:23:05,913 INFO [org.ovirt.engine.core.utils.LocalConfig] Value of property "ENGINE_HTTP_ENABLED" is "false". 2014-10-09 11:23:05,913 INFO [org.ovirt.engine.core.utils.LocalConfig] Value of property "ENGINE_HTTP_PORT" is "None". 2014-10-09 11:23:05,914 INFO [org.ovirt.engine.core.utils.LocalConfig] Value of property "ENGINE_JAVA_MODULEPATH" is "/usr/share/ovirt-engine/modules:/var/lib/ovirt-engine-reports/modules". 2014-10-09 11:23:05,914 INFO [org.ovirt.engine.core.utils.LocalConfig] Value of property "ENGINE_JVM_ARGS" is " -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath="/var/log/ovirt-engine/dump"". 2014-10-09 11:23:05,914 INFO [org.ovirt.engine.core.utils.LocalConfig] Value of property "ENGINE_LOG" is "/var/log/ovirt-engine". 2014-10-09 11:23:05,914 INFO [org.ovirt.engine.core.utils.LocalConfig] Value of property "ENGINE_LOG_TO_CONSOLE" is "false". 2014-10-09 11:23:05,914 INFO [org.ovirt.engine.core.utils.LocalConfig] Value of property "ENGINE_MANUAL" is "/usr/share/ovirt-engine/manual". 2014-10-09 11:23:05,914 INFO [org.ovirt.engine.core.utils.LocalConfig] Value of property "ENGINE_PERM_MAX" is "256m". 2014-10-09 11:23:05,914 INFO [org.ovirt.engine.core.utils.LocalConfig] Value of property "ENGINE_PERM_MIN" is "256m". 2014-10-09 11:23:05,915 INFO [org.ovirt.engine.core.utils.LocalConfig] Value of property "ENGINE_PKI" is "/etc/pki/ovirt-engine". 2014-10-09 11:23:05,915 INFO [org.ovirt.engine.core.utils.LocalConfig] Value of property "ENGINE_PKI_CA" is "/etc/pki/ovirt-engine/ca.pem". 2014-10-09 11:23:05,915 INFO [org.ovirt.engine.core.utils.LocalConfig] Value of property "ENGINE_PKI_ENGINE_CERT" is "/etc/pki/ovirt-engine/certs/engine.cer". 2014-10-09 11:23:05,915 INFO [org.ovirt.engine.core.utils.LocalConfig] Value of property "ENGINE_PKI_ENGINE_STORE" is "/etc/pki/ovirt-engine/keys/engine.p12". 2014-10-09 11:23:05,915 INFO [org.ovirt.engine.core.utils.LocalConfig] Value of property "ENGINE_PKI_ENGINE_STORE_ALIAS" is "1". 2014-10-09 11:23:05,915 INFO [org.ovirt.engine.core.utils.LocalConfig] Value of property "ENGINE_PKI_ENGINE_STORE_PASSWORD" is "***". 2014-10-09 11:23:05,915 INFO [org.ovirt.engine.core.utils.LocalConfig] Value of property "ENGINE_PKI_TRUST_STORE" is "/etc/pki/ovirt-engine/.truststore". 2014-10-09 11:23:05,915 INFO [org.ovirt.engine.core.utils.LocalConfig] Value of property "ENGINE_PKI_TRUST_STORE_PASSWORD" is "***". 2014-10-09 11:23:05,916 INFO [org.ovirt.engine.core.utils.LocalConfig] Value of property "ENGINE_PROPERTIES" is " jsse.enableSNIExtension=false". 2014-10-09 11:23:05,916 INFO [org.ovirt.engine.core.utils.LocalConfig] Value of property "ENGINE_PROXY_ENABLED" is "true". 2014-10-09 11:23:05,916 INFO [org.ovirt.engine.core.utils.LocalConfig] Value of property "ENGINE_PROXY_HTTPS_PORT" is "443". 2014-10-09 11:23:05,916 INFO [org.ovirt.engine.core.utils.LocalConfig] Value of property "ENGINE_PROXY_HTTP_PORT" is "80". 2014-10-09 11:23:05,916 INFO [org.ovirt.engine.core.utils.LocalConfig] Value of property "ENGINE_REPORTS_UI" is "/var/lib/ovirt-engine/reports.xml". 2014-10-09 11:23:05,916 INFO [org.ovirt.engine.core.utils.LocalConfig] Value of property "ENGINE_STOP_INTERVAL" is "1". 2014-10-09 11:23:05,916 INFO [org.ovirt.engine.core.utils.LocalConfig] Value of property "ENGINE_STOP_TIME" is "10". 2014-10-09 11:23:05,916 INFO [org.ovirt.engine.core.utils.LocalConfig] Value of property "ENGINE_TMP" is "/var/tmp/ovirt-engine". 2014-10-09 11:23:05,917 INFO [org.ovirt.engine.core.utils.LocalConfig] Value of property "ENGINE_UP_MARK" is "/var/lib/ovirt-engine/engine.up". 2014-10-09 11:23:05,917 INFO [org.ovirt.engine.core.utils.LocalConfig] Value of property "ENGINE_URI" is "/ovirt-engine". 2014-10-09 11:23:05,917 INFO [org.ovirt.engine.core.utils.LocalConfig] Value of property "ENGINE_USER" is "ovirt". 2014-10-09 11:23:05,917 INFO [org.ovirt.engine.core.utils.LocalConfig] Value of property "ENGINE_USR" is "/usr/share/ovirt-engine". 2014-10-09 11:23:05,917 INFO [org.ovirt.engine.core.utils.LocalConfig] Value of property "ENGINE_VAR" is "/var/lib/ovirt-engine". 2014-10-09 11:23:05,917 INFO [org.ovirt.engine.core.utils.LocalConfig] Value of property "ENGINE_VERBOSE_GC" is "false". 2014-10-09 11:23:05,917 INFO [org.ovirt.engine.core.utils.LocalConfig] Value of property "JBOSS_HOME" is "/usr/share/jboss-as". 2014-10-09 11:23:05,917 INFO [org.ovirt.engine.core.utils.LocalConfig] Value of property "SENSITIVE_KEYS" is ",ENGINE_DB_PASSWORD,ENGINE_PKI_TRUST_STORE_PASSWORD,ENGINE_PKI_ENGINE_STORE_PASSWORD". 2014-10-09 11:23:39,328 INFO [org.ovirt.engine.core.domains.ManageDomains] Creating kerberos configuration for domain(s): din.uem.br 2014-10-09 11:23:39,357 INFO [org.ovirt.engine.core.domains.ManageDomains] Successfully created kerberos configuration for domain(s): din.uem.br 2014-10-09 11:23:39,357 INFO [org.ovirt.engine.core.domains.ManageDomains] Testing kerberos configuration for domain: din.uem.br 2014-10-09 11:23:39,572 ERROR [org.ovirt.engine.core.utils.kerberos.KerberosConfigCheck] Error: exception message: Cannot get a KDC reply 2014-10-09 11:23:39,577 ERROR [org.ovirt.engine.core.domains.ManageDomains] Failure while testing domain din.uem.br . Details: Kerberos error. Please check log for further details. ********************************************************************* oVirt Manager - 10.30.0.23 LSB Version: :base-4.0-amd64:base-4.0-noarch:core-4.0-amd64:core-4.0-noarch Distributor ID: CentOS Description: CentOS release 6.5 (Final) Release: 6.5 Codename: Final
# rpm -qa | grep -i ovirt
ovirt-engine-dwh-setup-3.4.0-2.el6.noarch ovirt-engine-dwh-3.4.0-2.el6.noarch ovirt-hosted-engine-ha-1.1.2-1.el6.noarch ovirt-engine-setup-plugin-websocket-proxy-3.4.0-1.el6.noarch ovirt-engine-cli-3.4.0.5-1.el6.noarch ovirt-engine-restapi-3.4.0-1.el6.noarch ovirt-engine-dbscripts-3.4.0-1.el6.noarch ovirt-release-11.2.0-1.noarch ovirt-engine-sdk-python-3.4.0.7-1.el6.noarch ovirt-host-deploy-1.2.0-1.el6.noarch ovirt-engine-reports-setup-3.4.0-2.el6.noarch ovirt-engine-lib-3.4.0-1.el6.noarch ovirt-engine-websocket-proxy-3.4.0-1.el6.noarch ovirt-log-collector-3.4.1-1.el6.noarch ovirt-engine-setup-plugin-ovirt-engine-common-3.4.0-1.el6.noarch ovirt-host-deploy-java-1.2.0-1.el6.noarch ovirt-engine-tools-3.4.0-1.el6.noarch ovirt-engine-userportal-3.4.0-1.el6.noarch ovirt-engine-setup-plugin-ovirt-engine-3.4.0-1.el6.noarch ovirt-engine-backend-3.4.0-1.el6.noarch ovirt-engine-reports-3.4.0-2.el6.noarch ovirt-engine-setup-base-3.4.0-1.el6.noarch ovirt-iso-uploader-3.4.0-1.el6.noarch ovirt-image-uploader-3.4.0-1.el6.noarch ovirt-engine-webadmin-portal-3.4.0-1.el6.noarch ovirt-engine-setup-3.4.0-1.el6.noarch ovirt-engine-3.4.0-1.el6.noarch
engine-manage-domains add --domain= din.uem.br --provider=ipa --user=admin Enter password: Error: exception message: Cannot get a KDC reply Failure while testing domain din.uem.br . Details: Kerberos error. Please check log for further details.
At. Donato.
-- Ao encaminhar esta mensagem, por favor: 1. Apague o meu e-mail e o meu nome. 2. Apague também os endereços dos amigos antes de reenviar 3. Use Cco ou Bcc para enviar mensagens! Dificulte a disseminação de vírus e spam.
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
----- Original Message -----
From: "Alon Bar-Lev" <alonbl@redhat.com> To: "Marcelo Donato" <donato@din.uem.br> Cc: users@ovirt.org Sent: Thursday, October 9, 2014 8:30:47 PM Subject: Re: [ovirt-users] oVirt 3.4 + Ipa Server
Can't help you with this one, but be aware that these kind of issues are all solved in 3.5 in which we do not mix kerberos and ldap.
----- Original Message -----
From: "Marcelo Donato" <donato@din.uem.br> To: users@ovirt.org Sent: Thursday, October 9, 2014 8:25:34 PM Subject: [ovirt-users] oVirt 3.4 + Ipa Server
Hello, I've problems for utilization IPA Server with oVirt. Below is the error log and corresponding access, commands and log entries. Thanks for helping me. ********************************************************************* Ipa Server - 10.30.0.25 LSB Version: :base-4.0-amd64:base-4.0-noarch:core-4.0-amd64:core-4.0-noarch Distributor ID: CentOS Description: CentOS release 6.5 (Final) Release: 6.5 Codename: Final # rpm -qa | grep ipa ipa-server-3.0.0-37.el6.x86_64 ipa-pki-ca-theme-9.0.3-7.el6.noarch ipa-python-3.0.0-37.el6.x86_64 ipa-pki-common-theme-9.0.3-7.el6.noarch ipa-admintools-3.0.0-37.el6.x86_64 ipa-server-selinux-3.0.0-37.el6.x86_64 ipa-client-3.0.0-37.el6.x86_64
# dig _kerberos._ tcp.din.uem.br
Shouldn't this be dig SRV _kerberos._ tcp.din.uem.br ?
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.23.rc1.el6_5.1 <<>> _kerberos._ tcp.din.uem.br ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34293 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION: ;_kerberos._ tcp.din.uem.br . IN A
;; AUTHORITY SECTION: din.uem.br . 3600 IN SOA ns1.din.uem.br . root.din.uem.br . 2014100841 1800 900 60480 3600
;; Query time: 1 msec ;; SERVER: 186.233.152.33#53(186.233.152.33) ;; WHEN: Thu Oct 9 14:19:05 2014 ;; MSG SIZE rcvd: 88
# dig _ldap._ tcp.din.uem.br
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.23.rc1.el6_5.1 <<>> _ldap._ tcp.din.uem.br ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21167 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION: ;_ldap._ tcp.din.uem.br . IN A
;; AUTHORITY SECTION: din.uem.br . 3600 IN SOA ns1.din.uem.br . root.din.uem.br . 2014100841 1800 900 60480 3600
;; Query time: 1 msec ;; SERVER: 186.233.152.33#53(186.233.152.33) ;; WHEN: Thu Oct 9 14:20:16 2014 ;; MSG SIZE rcvd: 84
/var/log/dirsrv/slapd-DIN-UEM-BR/access ------------------------------------------------------------------------------------------------------------------------- conn=3 op=210 SRCH base="dc=din,dc=uem,dc=br" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName= admin@DIN.UEM.BR ))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled k conn=3 op=210 RESULT err=0 tag=101 nentries=1 etime=0 conn=3 op=211 SRCH base="cn= DIN.UEM.BR ,cn=kerberos,dc=din,dc=uem,dc=br" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" conn=3 op=211 RESULT err=0 tag=101 nentries=1 etime=0 conn=3 op=212 SRCH base="dc=din,dc=uem,dc=br" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/ DIN.UEM.BR@DIN.UEM.BR )(krbPrincipalName=krbtgt/DIN.UEM conn=3 op=212 RESULT err=0 tag=101 nentries=1 etime=0 conn=3 op=213 SRCH base="cn=global_policy,cn= DIN.UEM.BR ,cn=kerberos,dc=din,dc=uem,dc=br" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdF conn=3 op=213 RESULT err=0 tag=101 nentries=1 etime=0 conn=50 fd=66 slot=66 connection from 10.30.0.23 to 10.30.0.25 conn=50 op=-1 fd=66 closed error 34 (Numerical result out of range) - B2
/var/log/ovirt-engine/engine-manage-domains.log ------------------------------------------------------------------------------------------------------------------------- 2014-10-09 11:23:05,901 INFO [org.ovirt.engine.core.utils.LocalConfig] Loaded file "/usr/share/ovirt-engine/services/ovirt-engine/ovirt-engine.conf". 2014-10-09 11:23:05,903 INFO [org.ovirt.engine.core.utils.LocalConfig] The file "/etc/ovirt-engine/engine.conf" doesn't exist or isn't readable. Will return an empty set of properties. 2014-10-09 11:23:05,904 INFO [org.ovirt.engine.core.utils.LocalConfig] Loaded file "/etc/ovirt-engine/engine.conf.d/10-setup-database.conf". 2014-10-09 11:23:05,905 INFO [org.ovirt.engine.core.utils.LocalConfig] Loaded file "/etc/ovirt-engine/engine.conf.d/10-setup-jboss.conf". 2014-10-09 11:23:05,906 INFO [org.ovirt.engine.core.utils.LocalConfig] Loaded file "/etc/ovirt-engine/engine.conf.d/10-setup-pki.conf". 2014-10-09 11:23:05,907 INFO [org.ovirt.engine.core.utils.LocalConfig] Loaded file "/etc/ovirt-engine/engine.conf.d/10-setup-protocols.conf". 2014-10-09 11:23:05,908 INFO [org.ovirt.engine.core.utils.LocalConfig] Loaded file "/etc/ovirt-engine/engine.conf.d/20-ovirt-engine-reports.conf". 2014-10-09 11:23:05,909 INFO [org.ovirt.engine.core.utils.LocalConfig] Value of property "ENGINE_AJP_ENABLED" is "true". 2014-10-09 11:23:05,909 INFO [org.ovirt.engine.core.utils.LocalConfig] Value of property "ENGINE_AJP_PORT" is "8702". 2014-10-09 11:23:05,909 INFO [org.ovirt.engine.core.utils.LocalConfig] Value of property "ENGINE_APPS" is "engine.ear "/var/lib/ovirt-engine-reports/ovirt-engine-reports.war"". 2014-10-09 11:23:05,910 INFO [org.ovirt.engine.core.utils.LocalConfig] Value of property "ENGINE_CACHE" is "/var/cache/ovirt-engine". 2014-10-09 11:23:05,910 INFO [org.ovirt.engine.core.utils.LocalConfig] Value of property "ENGINE_DB_CHECK_INTERVAL" is "1000". 2014-10-09 11:23:05,910 INFO [org.ovirt.engine.core.utils.LocalConfig] Value of property "ENGINE_DB_CONNECTION_TIMEOUT" is "300000". 2014-10-09 11:23:05,910 INFO [org.ovirt.engine.core.utils.LocalConfig] Value of property "ENGINE_DB_DATABASE" is "engine". 2014-10-09 11:23:05,910 INFO [org.ovirt.engine.core.utils.LocalConfig] Value of property "ENGINE_DB_DRIVER" is "org.postgresql.Driver". 2014-10-09 11:23:05,910 INFO [org.ovirt.engine.core.utils.LocalConfig] Value of property "ENGINE_DB_HOST" is "localhost". 2014-10-09 11:23:05,910 INFO [org.ovirt.engine.core.utils.LocalConfig] Value of property "ENGINE_DB_MAX_CONNECTIONS" is "100". 2014-10-09 11:23:05,910 INFO [org.ovirt.engine.core.utils.LocalConfig] Value of property "ENGINE_DB_MIN_CONNECTIONS" is "1". 2014-10-09 11:23:05,911 INFO [org.ovirt.engine.core.utils.LocalConfig] Value of property "ENGINE_DB_PASSWORD" is "***". 2014-10-09 11:23:05,911 INFO [org.ovirt.engine.core.utils.LocalConfig] Value of property "ENGINE_DB_PORT" is "5432". 2014-10-09 11:23:05,911 INFO [org.ovirt.engine.core.utils.LocalConfig] Value of property "ENGINE_DB_SECURED" is "False". 2014-10-09 11:23:05,911 INFO [org.ovirt.engine.core.utils.LocalConfig] Value of property "ENGINE_DB_SECURED_VALIDATION" is "False". 2014-10-09 11:23:05,911 INFO [org.ovirt.engine.core.utils.LocalConfig] Value of property "ENGINE_DB_URL" is "jdbc:postgresql://localhost:5432/engine?sslfactory=org.postgresql.ssl.NonValidatingFactory". 2014-10-09 11:23:05,911 INFO [org.ovirt.engine.core.utils.LocalConfig] Value of property "ENGINE_DB_USER" is "engine". 2014-10-09 11:23:05,912 INFO [org.ovirt.engine.core.utils.LocalConfig] Value of property "ENGINE_DEBUG_ADDRESS" is "". 2014-10-09 11:23:05,912 INFO [org.ovirt.engine.core.utils.LocalConfig] Value of property "ENGINE_DOC" is "/usr/share/doc/ovirt-engine". 2014-10-09 11:23:05,912 INFO [org.ovirt.engine.core.utils.LocalConfig] Value of property "ENGINE_ETC" is "/etc/ovirt-engine". 2014-10-09 11:23:05,912 INFO [org.ovirt.engine.core.utils.LocalConfig] Value of property "ENGINE_FQDN" is " ovirtm.din.uem.br ". 2014-10-09 11:23:05,912 INFO [org.ovirt.engine.core.utils.LocalConfig] Value of property "ENGINE_GROUP" is "ovirt". 2014-10-09 11:23:05,912 INFO [org.ovirt.engine.core.utils.LocalConfig] Value of property "ENGINE_HEAP_MAX" is "1g". 2014-10-09 11:23:05,913 INFO [org.ovirt.engine.core.utils.LocalConfig] Value of property "ENGINE_HEAP_MIN" is "1g". 2014-10-09 11:23:05,913 INFO [org.ovirt.engine.core.utils.LocalConfig] Value of property "ENGINE_HTTPS_ENABLED" is "false". 2014-10-09 11:23:05,913 INFO [org.ovirt.engine.core.utils.LocalConfig] Value of property "ENGINE_HTTPS_PORT" is "None". 2014-10-09 11:23:05,913 INFO [org.ovirt.engine.core.utils.LocalConfig] Value of property "ENGINE_HTTPS_PROTOCOLS" is "SSLv3,TLSv1,TLSv1.1,TLSv1.2". 2014-10-09 11:23:05,913 INFO [org.ovirt.engine.core.utils.LocalConfig] Value of property "ENGINE_HTTP_ENABLED" is "false". 2014-10-09 11:23:05,913 INFO [org.ovirt.engine.core.utils.LocalConfig] Value of property "ENGINE_HTTP_PORT" is "None". 2014-10-09 11:23:05,914 INFO [org.ovirt.engine.core.utils.LocalConfig] Value of property "ENGINE_JAVA_MODULEPATH" is "/usr/share/ovirt-engine/modules:/var/lib/ovirt-engine-reports/modules". 2014-10-09 11:23:05,914 INFO [org.ovirt.engine.core.utils.LocalConfig] Value of property "ENGINE_JVM_ARGS" is " -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath="/var/log/ovirt-engine/dump"". 2014-10-09 11:23:05,914 INFO [org.ovirt.engine.core.utils.LocalConfig] Value of property "ENGINE_LOG" is "/var/log/ovirt-engine". 2014-10-09 11:23:05,914 INFO [org.ovirt.engine.core.utils.LocalConfig] Value of property "ENGINE_LOG_TO_CONSOLE" is "false". 2014-10-09 11:23:05,914 INFO [org.ovirt.engine.core.utils.LocalConfig] Value of property "ENGINE_MANUAL" is "/usr/share/ovirt-engine/manual". 2014-10-09 11:23:05,914 INFO [org.ovirt.engine.core.utils.LocalConfig] Value of property "ENGINE_PERM_MAX" is "256m". 2014-10-09 11:23:05,914 INFO [org.ovirt.engine.core.utils.LocalConfig] Value of property "ENGINE_PERM_MIN" is "256m". 2014-10-09 11:23:05,915 INFO [org.ovirt.engine.core.utils.LocalConfig] Value of property "ENGINE_PKI" is "/etc/pki/ovirt-engine". 2014-10-09 11:23:05,915 INFO [org.ovirt.engine.core.utils.LocalConfig] Value of property "ENGINE_PKI_CA" is "/etc/pki/ovirt-engine/ca.pem". 2014-10-09 11:23:05,915 INFO [org.ovirt.engine.core.utils.LocalConfig] Value of property "ENGINE_PKI_ENGINE_CERT" is "/etc/pki/ovirt-engine/certs/engine.cer". 2014-10-09 11:23:05,915 INFO [org.ovirt.engine.core.utils.LocalConfig] Value of property "ENGINE_PKI_ENGINE_STORE" is "/etc/pki/ovirt-engine/keys/engine.p12". 2014-10-09 11:23:05,915 INFO [org.ovirt.engine.core.utils.LocalConfig] Value of property "ENGINE_PKI_ENGINE_STORE_ALIAS" is "1". 2014-10-09 11:23:05,915 INFO [org.ovirt.engine.core.utils.LocalConfig] Value of property "ENGINE_PKI_ENGINE_STORE_PASSWORD" is "***". 2014-10-09 11:23:05,915 INFO [org.ovirt.engine.core.utils.LocalConfig] Value of property "ENGINE_PKI_TRUST_STORE" is "/etc/pki/ovirt-engine/.truststore". 2014-10-09 11:23:05,915 INFO [org.ovirt.engine.core.utils.LocalConfig] Value of property "ENGINE_PKI_TRUST_STORE_PASSWORD" is "***". 2014-10-09 11:23:05,916 INFO [org.ovirt.engine.core.utils.LocalConfig] Value of property "ENGINE_PROPERTIES" is " jsse.enableSNIExtension=false". 2014-10-09 11:23:05,916 INFO [org.ovirt.engine.core.utils.LocalConfig] Value of property "ENGINE_PROXY_ENABLED" is "true". 2014-10-09 11:23:05,916 INFO [org.ovirt.engine.core.utils.LocalConfig] Value of property "ENGINE_PROXY_HTTPS_PORT" is "443". 2014-10-09 11:23:05,916 INFO [org.ovirt.engine.core.utils.LocalConfig] Value of property "ENGINE_PROXY_HTTP_PORT" is "80". 2014-10-09 11:23:05,916 INFO [org.ovirt.engine.core.utils.LocalConfig] Value of property "ENGINE_REPORTS_UI" is "/var/lib/ovirt-engine/reports.xml". 2014-10-09 11:23:05,916 INFO [org.ovirt.engine.core.utils.LocalConfig] Value of property "ENGINE_STOP_INTERVAL" is "1". 2014-10-09 11:23:05,916 INFO [org.ovirt.engine.core.utils.LocalConfig] Value of property "ENGINE_STOP_TIME" is "10". 2014-10-09 11:23:05,916 INFO [org.ovirt.engine.core.utils.LocalConfig] Value of property "ENGINE_TMP" is "/var/tmp/ovirt-engine". 2014-10-09 11:23:05,917 INFO [org.ovirt.engine.core.utils.LocalConfig] Value of property "ENGINE_UP_MARK" is "/var/lib/ovirt-engine/engine.up". 2014-10-09 11:23:05,917 INFO [org.ovirt.engine.core.utils.LocalConfig] Value of property "ENGINE_URI" is "/ovirt-engine". 2014-10-09 11:23:05,917 INFO [org.ovirt.engine.core.utils.LocalConfig] Value of property "ENGINE_USER" is "ovirt". 2014-10-09 11:23:05,917 INFO [org.ovirt.engine.core.utils.LocalConfig] Value of property "ENGINE_USR" is "/usr/share/ovirt-engine". 2014-10-09 11:23:05,917 INFO [org.ovirt.engine.core.utils.LocalConfig] Value of property "ENGINE_VAR" is "/var/lib/ovirt-engine". 2014-10-09 11:23:05,917 INFO [org.ovirt.engine.core.utils.LocalConfig] Value of property "ENGINE_VERBOSE_GC" is "false". 2014-10-09 11:23:05,917 INFO [org.ovirt.engine.core.utils.LocalConfig] Value of property "JBOSS_HOME" is "/usr/share/jboss-as". 2014-10-09 11:23:05,917 INFO [org.ovirt.engine.core.utils.LocalConfig] Value of property "SENSITIVE_KEYS" is ",ENGINE_DB_PASSWORD,ENGINE_PKI_TRUST_STORE_PASSWORD,ENGINE_PKI_ENGINE_STORE_PASSWORD". 2014-10-09 11:23:39,328 INFO [org.ovirt.engine.core.domains.ManageDomains] Creating kerberos configuration for domain(s): din.uem.br 2014-10-09 11:23:39,357 INFO [org.ovirt.engine.core.domains.ManageDomains] Successfully created kerberos configuration for domain(s): din.uem.br 2014-10-09 11:23:39,357 INFO [org.ovirt.engine.core.domains.ManageDomains] Testing kerberos configuration for domain: din.uem.br 2014-10-09 11:23:39,572 ERROR [org.ovirt.engine.core.utils.kerberos.KerberosConfigCheck] Error: exception message: Cannot get a KDC reply 2014-10-09 11:23:39,577 ERROR [org.ovirt.engine.core.domains.ManageDomains] Failure while testing domain din.uem.br . Details: Kerberos error. Please check log for further details. ********************************************************************* oVirt Manager - 10.30.0.23 LSB Version: :base-4.0-amd64:base-4.0-noarch:core-4.0-amd64:core-4.0-noarch Distributor ID: CentOS Description: CentOS release 6.5 (Final) Release: 6.5 Codename: Final
# rpm -qa | grep -i ovirt
ovirt-engine-dwh-setup-3.4.0-2.el6.noarch ovirt-engine-dwh-3.4.0-2.el6.noarch ovirt-hosted-engine-ha-1.1.2-1.el6.noarch ovirt-engine-setup-plugin-websocket-proxy-3.4.0-1.el6.noarch ovirt-engine-cli-3.4.0.5-1.el6.noarch ovirt-engine-restapi-3.4.0-1.el6.noarch ovirt-engine-dbscripts-3.4.0-1.el6.noarch ovirt-release-11.2.0-1.noarch ovirt-engine-sdk-python-3.4.0.7-1.el6.noarch ovirt-host-deploy-1.2.0-1.el6.noarch ovirt-engine-reports-setup-3.4.0-2.el6.noarch ovirt-engine-lib-3.4.0-1.el6.noarch ovirt-engine-websocket-proxy-3.4.0-1.el6.noarch ovirt-log-collector-3.4.1-1.el6.noarch ovirt-engine-setup-plugin-ovirt-engine-common-3.4.0-1.el6.noarch ovirt-host-deploy-java-1.2.0-1.el6.noarch ovirt-engine-tools-3.4.0-1.el6.noarch ovirt-engine-userportal-3.4.0-1.el6.noarch ovirt-engine-setup-plugin-ovirt-engine-3.4.0-1.el6.noarch ovirt-engine-backend-3.4.0-1.el6.noarch ovirt-engine-reports-3.4.0-2.el6.noarch ovirt-engine-setup-base-3.4.0-1.el6.noarch ovirt-iso-uploader-3.4.0-1.el6.noarch ovirt-image-uploader-3.4.0-1.el6.noarch ovirt-engine-webadmin-portal-3.4.0-1.el6.noarch ovirt-engine-setup-3.4.0-1.el6.noarch ovirt-engine-3.4.0-1.el6.noarch
engine-manage-domains add --domain= din.uem.br --provider=ipa --user=admin Enter password: Error: exception message: Cannot get a KDC reply Failure while testing domain din.uem.br . Details: Kerberos error. Please check log for further details.
At. Donato.
-- Ao encaminhar esta mensagem, por favor: 1. Apague o meu e-mail e o meu nome. 2. Apague também os endereços dos amigos antes de reenviar 3. Use Cco ou Bcc para enviar mensagens! Dificulte a disseminação de vírus e spam.
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Below is result. # dig SRV _kerberos._ tcp.din.uem.br ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.23.rc1.el6_5.1 <<>> SRV _kerberos._ tcp.din.uem.br ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 55207 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;_kerberos._. IN SRV ;; AUTHORITY SECTION: . 10668 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2014101000 1800 900 604800 86400 ;; Query time: 1 msec ;; SERVER: 10.30.0.15#53(10.30.0.15) ;; WHEN: Fri Oct 10 09:15:56 2014 ;; MSG SIZE rcvd: 104 ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 9293 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;tcp.din.uem.br. IN SRV ;; AUTHORITY SECTION: din.uem.br. 3468 IN SOA ns2.din.uem.br. analistas.din.uem.br. 2014032613 1800 900 60480 3600 ;; Query time: 0 msec ;; SERVER: 10.30.0.15#53(10.30.0.15) ;; WHEN: Fri Oct 10 09:15:56 2014 ;; MSG SIZE rcvd: 82 -- Ao encaminhar esta mensagem, por favor: 1. Apague o meu e-mail e o meu nome. 2. Apague também os endereços dos amigos antes de reenviar 3. Use Cco ou Bcc para enviar mensagens! Dificulte a disseminação de vírus e spam.
----- Original Message -----
From: "Marcelo Donato" <donato@din.uem.br> To: "Yair Zaslavsky" <yzaslavs@redhat.com> Cc: "Alon Bar-Lev" <alonbl@redhat.com>, users@ovirt.org Sent: Friday, October 10, 2014 3:20:57 PM Subject: Re: [ovirt-users] oVirt 3.4 + Ipa Server
Below is result.
# dig SRV _kerberos._ tcp.din.uem.br
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.23.rc1.el6_5.1 <<>> SRV _kerberos._ tcp.din.uem.br ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 55207 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION: ;_kerberos._. IN SRV
;; AUTHORITY SECTION: . 10668 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2014101000 1800 900 604800 86400
The resutlt is invalid - I have tried it myself with an unexisting DNS entry - got the same. You probably have some issue with your IPA setup, I'm afraid. The result should contain answer section ; ANSWER SECTION: _kerberos._tcp.yair.test. 600 IN SRV 0 100 88 machine1.yair.test. _kerberos._tcp.yair.test. 600 IN SRV 0 100 88 machine2.yair.test. Notice the number 88 - that's the default port number for kerberos.
;; Query time: 1 msec ;; SERVER: 10.30.0.15#53(10.30.0.15) ;; WHEN: Fri Oct 10 09:15:56 2014 ;; MSG SIZE rcvd: 104
;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 9293 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION: ;tcp.din.uem.br. IN SRV
;; AUTHORITY SECTION: din.uem.br. 3468 IN SOA ns2.din.uem.br. analistas.din.uem.br. 2014032613 1800 900 60480 3600
;; Query time: 0 msec ;; SERVER: 10.30.0.15#53(10.30.0.15) ;; WHEN: Fri Oct 10 09:15:56 2014 ;; MSG SIZE rcvd: 82
-- Ao encaminhar esta mensagem, por favor: 1. Apague o meu e-mail e o meu nome. 2. Apague também os endereços dos amigos antes de reenviar 3. Use Cco ou Bcc para enviar mensagens! Dificulte a disseminação de vírus e spam.
oVirt 3.4 is not possible to integrate with IPA? -- Ao encaminhar esta mensagem, por favor: 1. Apague o meu e-mail e o meu nome. 2. Apague também os endereços dos amigos antes de reenviar 3. Use Cco ou Bcc para enviar mensagens! Dificulte a disseminação de vírus e spam.
I have the latest 3.4 version and it works with FreeIPA. An earlier version did not properly populate the users sections for adding users to Ovirt. When I rebuilt with the latest 3.4 version, I did NOT join the Ovirt host to the domain using ipa-join tools. I only joined it using the engine-manage-domain tools. 2014-10-13 12:49 GMT-04:00 Marcelo Donato <donato@din.uem.br>:
oVirt 3.4 is not possible to integrate with IPA?
-- Ao encaminhar esta mensagem, por favor: 1. Apague o meu e-mail e o meu nome. 2. Apague também os endereços dos amigos antes de reenviar 3. Use Cco ou Bcc para enviar mensagens! Dificulte a disseminação de vírus e spam.
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
-- -- James P. Kinney III Every time you stop a school, you will have to build a jail. What you gain at one end you lose at the other. It's like feeding a dog on his own tail. It won't fatten the dog. - Speech 11/23/1900 Mark Twain *http://heretothereideas.blogspot.com/ <http://heretothereideas.blogspot.com/>*
Hi Jim. oVirt + FreeIPA, I'm in trouble, can you help me? -- Ao encaminhar esta mensagem, por favor: 1. Apague o meu e-mail e o meu nome. 2. Apague também os endereços dos amigos antes de reenviar 3. Use Cco ou Bcc para enviar mensagens! Dificulte a disseminação de vírus e spam.
participants (4)
-
Alon Bar-Lev -
Jim Kinney -
Marcelo Donato -
Yair Zaslavsky