Re: [Users] tool engine-manage-domains
2012/11/29 Yair Zaslavsky <yzaslavs@redhat.com>
Hi, Can you redirect your question to users@ovirt.org? I think others will help you to forward your question to relevant people here (not sure I can provide a good answer).
On 11/29/2012 03:26 AM, victor nunes wrote:
So I'm trying to install FreeIPA on the same machine that oVirt-manage, but at the time of installation, the following error occurs:
FreeIPA-server conflicts with 1: mod_ssl-2.2.22-4.fc17.x86_64
Looking for a solution to the problem, I discovered that this is a bug reported by others.
Follow the link to the bug reported: https://bugzilla.redhat.com/**show_bug.cgi?id=840098<https://bugzilla.redhat.com/show_bug.cgi?id=840098>
Then, using oo FreeIPA not be possible, which otherwise I have to add new domains and users?
Em 8 de novembro de 2012 02:41, Yair Zaslavsky <yzaslavs@redhat.com <mailto:yzaslavs@redhat.com>> escreveu:
Hi, You cannot create new users for the internal domain. The internal domain was developed for quick POC, just to allow login to the system without the need for ldap provider. I recommend you install some ldap server (i.e - free IPA) and try to work with it.
On 11/08/2012 01:08 AM, victor nunes wrote:
Sorry.
Att,
2012/11/7 victor nunes <victor.rebli@gmail.com <mailto:victor.rebli@gmail.com**> <mailto:victor.rebli@gmail.com <mailto:victor.rebli@gmail.com**
__>>
Thanks for the reply.
As the command "engine-manage-domains" works with ldap, how can I create another user in the field "internal", and user "admin" that is created when you installed the engine-setup?
2012/11/4 Yair Zaslavsky <yzaslavs@redhat.com <mailto:yzaslavs@redhat.com> <mailto:yzaslavs@redhat.com <mailto:yzaslavs@redhat.com>>>
Hi, The specified tool handle only ldap domains, and not the internal domain. What would you like to change at the internal domain? I suggest you try to use engine-config for this.
------------------------------**__----------------------------** --__------------
*From: *"victor nunes" <victor.rebli@gmail.com <mailto:victor.rebli@gmail.com**> <mailto:victor.rebli@gmail.com <mailto:victor.rebli@gmail.com**>__>> *To: *users@ovirt.org <mailto:users@ovirt.org> <mailto:users@ovirt.org <mailto:users@ovirt.org>>
*Sent: *Sunday, November 4, 2012 12:18:55 AM *Subject: *[Users] tool engine-manage-domains
I'm trying to change the default domain, the "internal" with the following command:
engine-manage-domains -action=edit -domain=internal
However, i am getting the following message:
"Domain internal doesn't exist int the configuration"
This is my domain admin user that is configured in the installation ovirt-setup.
So, how can i fix it to include a user in this domain?
Att,
-- “Encarada do ponto de vista da juventude, a vida parece um futuro indefinidamente longo, ao passo que, na velhice, ela parece um passado deveras curto. Assim, a vida no seu início se apresenta do mesmo modo que as coisas quando as olhamos através de um binóculo usado ao contrário; mas, ao seu final, ela se parece com as coisas tal qual são vistas quando o binóculo é usado de modo normal. Um homem precisa ter envelhecido e vivido bastante para perceber como a vida é curta”.
(Poema de Arthur Schopenhauer)
______________________________**___________________ Users mailing list Users@ovirt.org <mailto:Users@ovirt.org> <mailto:Users@ovirt.org <mailto:Users@ovirt.org>>
http://lists.ovirt.org/__**mailman/listinfo/users<http://lists.ovirt.org/__mailman/listinfo/users>
<http://lists.ovirt.org/**mailman/listinfo/users<http://lists.ovirt.org/mailman/listinfo/users>
-- “Encarada do ponto de vista da juventude, a vida parece um futuro indefinidamente longo, ao passo que, na velhice, ela parece um passado deveras curto. Assim, a vida no seu início se apresenta do mesmo modo que as coisas quando as olhamos através de um binóculo usado ao contrário; mas, ao seu final, ela se parece com as coisas tal qual são vistas quando o binóculo é usado de modo normal. Um homem precisa ter envelhecido e vivido bastante para perceber como a vida é curta”.
(Poema de Arthur Schopenhauer)
-- “Encarada do ponto de vista da juventude, a vida parece um futuro indefinidamente longo, ao passo que, na velhice, ela parece um passado deveras curto. Assim, a vida no seu início se apresenta do mesmo modo que as coisas quando as olhamos através de um binóculo usado ao contrário; mas, ao seu final, ela se parece com as coisas tal qual são vistas quando o binóculo é usado de modo normal. Um homem precisa ter envelhecido e vivido bastante para perceber como a vida é curta”.
(Poema de Arthur Schopenhauer)
-- “Encarada do ponto de vista da juventude, a vida parece um futuro indefinidamente longo, ao passo que, na velhice, ela parece um passado deveras curto. Assim, a vida no seu início se apresenta do mesmo modo que as coisas quando as olhamos através de um binóculo usado ao contrário; mas, ao seu final, ela se parece com as coisas tal qual são vistas quando o binóculo é usado de modo normal. Um homem precisa ter envelhecido e vivido bastante para perceber como a vida é curta”.
(Poema de Arthur Schopenhauer)
-- “Encarada do ponto de vista da juventude, a vida parece um futuro indefinidamente longo, ao passo que, na velhice, ela parece um passado deveras curto. Assim, a vida no seu início se apresenta do mesmo modo que as coisas quando as olhamos através de um binóculo usado ao contrário; mas, ao seu final, ela se parece com as coisas tal qual são vistas quando o binóculo é usado de modo normal. Um homem precisa ter envelhecido e vivido bastante para perceber como a vida é curta”. (Poema de Arthur Schopenhauer)
On 11/29/2012 05:58 AM, victor nunes wrote:
2012/11/29 Yair Zaslavsky <yzaslavs@redhat.com <mailto:yzaslavs@redhat.com>>
Hi, Can you redirect your question to users@ovirt.org <mailto:users@ovirt.org>? I think others will help you to forward your question to relevant people here (not sure I can provide a good answer).
On 11/29/2012 03:26 AM, victor nunes wrote:
So I'm trying to install FreeIPA on the same machine that oVirt-manage, but at the time of installation, the following error occurs:
FreeIPA-server conflicts with 1: mod_ssl-2.2.22-4.fc17.x86_64
Looking for a solution to the problem, I discovered that this is a bug reported by others.
Follow the link to the bug reported: https://bugzilla.redhat.com/__show_bug.cgi?id=840098 <https://bugzilla.redhat.com/show_bug.cgi?id=840098>
Then, using oo FreeIPA not be possible, which otherwise I have to add new domains and users?
Em 8 de novembro de 2012 02:41, Yair Zaslavsky <yzaslavs@redhat.com <mailto:yzaslavs@redhat.com> <mailto:yzaslavs@redhat.com <mailto:yzaslavs@redhat.com>>> escreveu:
Hi, You cannot create new users for the internal domain. The internal domain was developed for quick POC, just to allow login to the system without the need for ldap provider. I recommend you install some ldap server (i.e - free IPA) and try to work with it.
On 11/08/2012 01:08 AM, victor nunes wrote:
Sorry.
Att,
2012/11/7 victor nunes <victor.rebli@gmail.com <mailto:victor.rebli@gmail.com> <mailto:victor.rebli@gmail.com <mailto:victor.rebli@gmail.com>__> <mailto:victor.rebli@gmail.com <mailto:victor.rebli@gmail.com> <mailto:victor.rebli@gmail.com <mailto:victor.rebli@gmail.com>__>__>>
Thanks for the reply.
As the command "engine-manage-domains" works with ldap, how can I create another user in the field "internal", and user "admin" that is created when you installed the engine-setup?
2012/11/4 Yair Zaslavsky <yzaslavs@redhat.com <mailto:yzaslavs@redhat.com> <mailto:yzaslavs@redhat.com <mailto:yzaslavs@redhat.com>> <mailto:yzaslavs@redhat.com <mailto:yzaslavs@redhat.com> <mailto:yzaslavs@redhat.com <mailto:yzaslavs@redhat.com>>>>
Hi, The specified tool handle only ldap domains, and not the internal domain. What would you like to change at the internal domain? I suggest you try to use engine-config for this.
------------------------------____----------------------------__--__------------
*From: *"victor nunes" <victor.rebli@gmail.com <mailto:victor.rebli@gmail.com> <mailto:victor.rebli@gmail.com <mailto:victor.rebli@gmail.com>__> <mailto:victor.rebli@gmail.com <mailto:victor.rebli@gmail.com> <mailto:victor.rebli@gmail.com <mailto:victor.rebli@gmail.com>__>__>> *To: *users@ovirt.org <mailto:users@ovirt.org> <mailto:users@ovirt.org <mailto:users@ovirt.org>> <mailto:users@ovirt.org <mailto:users@ovirt.org> <mailto:users@ovirt.org <mailto:users@ovirt.org>>>
*Sent: *Sunday, November 4, 2012 12:18:55 AM *Subject: *[Users] tool engine-manage-domains
I'm trying to change the default domain, the "internal" with the following command:
engine-manage-domains -action=edit -domain=internal
However, i am getting the following message:
"Domain internal doesn't exist int the configuration"
This is my domain admin user that is configured in the installation ovirt-setup.
So, how can i fix it to include a user in this domain?
Att,
-- “Encarada do ponto de vista da juventude, a vida parece um futuro indefinidamente longo, ao passo que, na velhice, ela parece um passado deveras curto. Assim, a vida no seu início se apresenta do mesmo modo que as coisas quando as olhamos através de um binóculo usado ao contrário; mas, ao seu final, ela se parece com as coisas tal qual são vistas quando o binóculo é usado de modo normal. Um homem precisa ter envelhecido e vivido bastante para perceber como a vida é curta”.
(Poema de Arthur Schopenhauer)
___________________________________________________ Users mailing list Users@ovirt.org <mailto:Users@ovirt.org> <mailto:Users@ovirt.org <mailto:Users@ovirt.org>> <mailto:Users@ovirt.org <mailto:Users@ovirt.org> <mailto:Users@ovirt.org <mailto:Users@ovirt.org>>>
http://lists.ovirt.org/____mailman/listinfo/users <http://lists.ovirt.org/__mailman/listinfo/users>
<http://lists.ovirt.org/__mailman/listinfo/users <http://lists.ovirt.org/mailman/listinfo/users>>
-- “Encarada do ponto de vista da juventude, a vida parece um futuro indefinidamente longo, ao passo que, na velhice, ela parece um passado deveras curto. Assim, a vida no seu início se apresenta do mesmo modo que as coisas quando as olhamos através de um binóculo usado ao contrário; mas, ao seu final, ela se parece com as coisas tal qual são vistas quando o binóculo é usado de modo normal. Um homem precisa ter envelhecido e vivido bastante para perceber como a vida é curta”.
(Poema de Arthur Schopenhauer)
-- “Encarada do ponto de vista da juventude, a vida parece um futuro indefinidamente longo, ao passo que, na velhice, ela parece um passado deveras curto. Assim, a vida no seu início se apresenta do mesmo modo que as coisas quando as olhamos através de um binóculo usado ao contrário; mas, ao seu final, ela se parece com as coisas tal qual são vistas quando o binóculo é usado de modo normal. Um homem precisa ter envelhecido e vivido bastante para perceber como a vida é curta”.
(Poema de Arthur Schopenhauer)
-- “Encarada do ponto de vista da juventude, a vida parece um futuro indefinidamente longo, ao passo que, na velhice, ela parece um passado deveras curto. Assim, a vida no seu início se apresenta do mesmo modo que as coisas quando as olhamos através de um binóculo usado ao contrário; mas, ao seu final, ela se parece com as coisas tal qual são vistas quando o binóculo é usado de modo normal. Um homem precisa ter envelhecido e vivido bastante para perceber como a vida é curta”.
(Poema de Arthur Schopenhauer)
-- “Encarada do ponto de vista da juventude, a vida parece um futuro indefinidamente longo, ao passo que, na velhice, ela parece um passado deveras curto. Assim, a vida no seu início se apresenta do mesmo modo que as coisas quando as olhamos através de um binóculo usado ao contrário; mas, ao seu final, ela se parece com as coisas tal qual são vistas quando o binóculo é usado de modo normal. Um homem precisa ter envelhecido e vivido bastante para perceber como a vida é curta”.
(Poema de Arthur Schopenhauer)
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
there are three issues with installing freeipa on same machine as ovirt: 1. the mod_ssl, which is solvable, but requires some work on our side. 2. we faced some upgrade issues around this use case, though non are relevant right now iirc. 3. freeipa will override the default apache homepage redirection ovirt placed. have you considered running freeipa in a guest? you can still use admin@internal for issues with that guest if needed.
Thanks for the reply. I do not have another machine to the power configuar FreeIPA. I have a machine, I do not have access, which is an LDAP server installed on it. I configured a machine that is oVirt-manage as ldap client, I configured the dns, but in time to include the domain happens the following error: Error: exception message: Connection refused Failure while testing domain viprede.com.br. Details: Kerberos error. Please check log for further Top details. in the logs, I have the following lines: 03/12/2012 20:25:26,390 INFO [org.ovirt.engine.core.utils.kerberos.ManageDomains] Creating kerberos configuration for domain (s): viprede.com.br 03/12/2012 20:25:26,422 INFO [org.ovirt.engine.core.utils.kerberos.ManageDomains] Successfully created kerberos configuration for domain (s): viprede.com.br 03/12/2012 20:25:26,422 INFO [org.ovirt.engine.core.utils.kerberos.ManageDomains] Testing kerberos configuration for domain: viprede.com.br. So what could be this error? 2012/11/29 Itamar Heim <iheim@redhat.com>
On 11/29/2012 05:58 AM, victor nunes wrote:
2012/11/29 Yair Zaslavsky <yzaslavs@redhat.com <mailto: yzaslavs@redhat.com>>
Hi, Can you redirect your question to users@ovirt.org <mailto:users@ovirt.org>?
I think others will help you to forward your question to relevant people here (not sure I can provide a good answer).
On 11/29/2012 03:26 AM, victor nunes wrote:
So I'm trying to install FreeIPA on the same machine that oVirt-manage, but at the time of installation, the following error occurs:
FreeIPA-server conflicts with 1: mod_ssl-2.2.22-4.fc17.x86_64
Looking for a solution to the problem, I discovered that this is a bug reported by others.
Follow the link to the bug reported: https://bugzilla.redhat.com/__**show_bug.cgi?id=840098<https://bugzilla.redhat.com/__show_bug.cgi?id=840098>
Then, using oo FreeIPA not be possible, which otherwise I have to add new domains and users?
Em 8 de novembro de 2012 02:41, Yair Zaslavsky <yzaslavs@redhat.com <mailto:yzaslavs@redhat.com> <mailto:yzaslavs@redhat.com <mailto:yzaslavs@redhat.com>>> escreveu:
Hi, You cannot create new users for the internal domain. The internal domain was developed for quick POC, just to allow login to the system without the need for ldap provider. I recommend you install some ldap server (i.e - free IPA) and try to work with it.
On 11/08/2012 01:08 AM, victor nunes wrote:
Sorry.
Att,
2012/11/7 victor nunes <victor.rebli@gmail.com <mailto:victor.rebli@gmail.com**> <mailto:victor.rebli@gmail.com <mailto:victor.rebli@gmail.com**>__> <mailto:victor.rebli@gmail.com <mailto:victor.rebli@gmail.com**> <mailto:victor.rebli@gmail.com <mailto:victor.rebli@gmail.com**>__>__>>
Thanks for the reply.
As the command "engine-manage-domains" works with ldap, how can I create another user in the field "internal", and user "admin" that is created when you installed the engine-setup?
2012/11/4 Yair Zaslavsky <yzaslavs@redhat.com <mailto:yzaslavs@redhat.com> <mailto:yzaslavs@redhat.com <mailto:yzaslavs@redhat.com
<mailto:yzaslavs@redhat.com <mailto:yzaslavs@redhat.com> <mailto:yzaslavs@redhat.com <mailto:yzaslavs@redhat.com>>>**>
Hi, The specified tool handle only ldap domains, and not the internal domain. What would you like to change at the internal domain? I suggest you try to use engine-config for this.
------------------------------**____--------------------------** --__--__------------
*From: *"victor nunes" <victor.rebli@gmail.com <mailto:victor.rebli@gmail.com**> <mailto:victor.rebli@gmail.com <mailto:victor.rebli@gmail.com**>__> <mailto:victor.rebli@gmail.com <mailto:victor.rebli@gmail.com**> <mailto:victor.rebli@gmail.com <mailto:victor.rebli@gmail.com**>__>__>>
*To: *users@ovirt.org <mailto:users@ovirt.org> <mailto:users@ovirt.org <mailto:users@ovirt.org>> <mailto:users@ovirt.org <mailto:users@ovirt.org> <mailto:users@ovirt.org <mailto:users@ovirt.org>>>
*Sent: *Sunday, November 4, 2012 12:18:55 AM *Subject: *[Users] tool engine-manage-domains
I'm trying to change the default domain, the "internal" with the following command:
engine-manage-domains -action=edit -domain=internal
However, i am getting the following message:
"Domain internal doesn't exist int the configuration"
This is my domain admin user that is configured in the installation ovirt-setup.
So, how can i fix it to include a user in this domain?
Att,
-- “Encarada do ponto de vista da juventude, a vida parece um futuro indefinidamente longo, ao passo que, na velhice, ela parece um passado deveras curto. Assim, a vida no seu início se apresenta do mesmo modo que as coisas quando as olhamos através de um binóculo usado ao contrário; mas, ao seu final, ela se parece com as coisas tal qual são vistas quando o binóculo é usado de modo normal. Um homem precisa ter envelhecido e vivido bastante para perceber como a vida é curta”.
(Poema de Arthur Schopenhauer)
______________________________**_____________________
Users mailing list Users@ovirt.org <mailto:Users@ovirt.org> <mailto:Users@ovirt.org <mailto:Users@ovirt.org>> <mailto:Users@ovirt.org <mailto:Users@ovirt.org> <mailto:Users@ovirt.org <mailto:Users@ovirt.org>>>
http://lists.ovirt.org/____**mailman/listinfo/users<http://lists.ovirt.org/____mailman/listinfo/users> <http://lists.ovirt.org/__**mailman/listinfo/users<http://lists.ovirt.org/__mailman/listinfo/users>
<http://lists.ovirt.org/__**mailman/listinfo/users<http://lists.ovirt.org/__mailman/listinfo/users> <http://lists.ovirt.org/**mailman/listinfo/users<http://lists.ovirt.org/mailman/listinfo/users>
-- “Encarada do ponto de vista da juventude, a vida parece um futuro indefinidamente longo, ao passo que, na velhice, ela parece um passado deveras curto. Assim, a vida no seu início se apresenta do mesmo modo que as coisas quando as olhamos através de um binóculo usado ao contrário; mas, ao seu final, ela se parece com as coisas tal qual são vistas quando o binóculo é usado de modo normal. Um homem precisa ter envelhecido e vivido bastante para perceber como a vida é curta”.
(Poema de Arthur Schopenhauer)
-- “Encarada do ponto de vista da juventude, a vida parece um futuro indefinidamente longo, ao passo que, na velhice, ela parece um passado deveras curto. Assim, a vida no seu início se apresenta do mesmo modo que as coisas quando as olhamos através de um binóculo usado ao contrário; mas, ao seu final, ela se parece com as coisas tal qual são vistas quando o binóculo é usado de modo normal. Um homem precisa ter envelhecido e vivido bastante para perceber como a vida é curta”.
(Poema de Arthur Schopenhauer)
-- “Encarada do ponto de vista da juventude, a vida parece um futuro indefinidamente longo, ao passo que, na velhice, ela parece um passado deveras curto. Assim, a vida no seu início se apresenta do mesmo modo que as coisas quando as olhamos através de um binóculo usado ao contrário; mas, ao seu final, ela se parece com as coisas tal qual são vistas quando o binóculo é usado de modo normal. Um homem precisa ter envelhecido e vivido bastante para perceber como a vida é curta”.
(Poema de Arthur Schopenhauer)
-- “Encarada do ponto de vista da juventude, a vida parece um futuro indefinidamente longo, ao passo que, na velhice, ela parece um passado deveras curto. Assim, a vida no seu início se apresenta do mesmo modo que as coisas quando as olhamos através de um binóculo usado ao contrário; mas, ao seu final, ela se parece com as coisas tal qual são vistas quando o binóculo é usado de modo normal. Um homem precisa ter envelhecido e vivido bastante para perceber como a vida é curta”.
(Poema de Arthur Schopenhauer)
______________________________**_________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/**mailman/listinfo/users<http://lists.ovirt.org/mailman/listinfo/users>
there are three issues with installing freeipa on same machine as ovirt: 1. the mod_ssl, which is solvable, but requires some work on our side. 2. we faced some upgrade issues around this use case, though non are relevant right now iirc. 3. freeipa will override the default apache homepage redirection ovirt placed.
have you considered running freeipa in a guest? you can still use admin@internal for issues with that guest if needed.
-- “Encarada do ponto de vista da juventude, a vida parece um futuro indefinidamente longo, ao passo que, na velhice, ela parece um passado deveras curto. Assim, a vida no seu início se apresenta do mesmo modo que as coisas quando as olhamos através de um binóculo usado ao contrário; mas, ao seu final, ela se parece com as coisas tal qual são vistas quando o binóculo é usado de modo normal. Um homem precisa ter envelhecido e vivido bastante para perceber como a vida é curta”. (Poema de Arthur Schopenhauer)
------=_Part_42299287_1325263645.1354597581386 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Hi,=20 Several things -=20 a. I think logging at this point should be improved=20 b. Since the log is not informative enough, please try the following:=20 1. Check that your credentials are correct=20 2. Check you have no clock skew issue (the time difference between the mach= ine running manage-domains and your ldap server should be less or equal to = 5 minutes).=20 3. Connection refused so there is some connectivity issue -=20 please query your ldap SRV records for the domain (IMHO dig SRV _ldap._tcp.= viperde.com.br should do the trick)=20 please try to connect to these ldap servers manually -=20 For example, if the returned host from the dig SRV query is=20 aaa.viperde.com.br=20 perform:=20 telnet aaa.viperde.com.br 389=20 Turns out that I did not have telnet installed on my fc17 machine -=20 I used yum install telnet to install it.=20 Kind regards,=20 Yair=20 ----- Original Message -----
From: "victor nunes" <victor.rebli@gmail.com> To: "Itamar Heim" <iheim@redhat.com> Cc: "Yair Zaslavsky" <yzaslavs@redhat.com>, users@ovirt.org Sent: Tuesday, December 4, 2012 3:28:56 AM Subject: Re: [Users] tool engine-manage-domains
Thanks for the reply.
I do not have another machine to the power configuar FreeIPA.
I have a machine, I do not have access, which is an LDAP server installed on it. I configured a machine that is oVirt-manage as ldap client, I configured the dns, but in time to include the domain happens the following error:
Error: exception message: Connection refused Failure while testing domain viprede.com.br . Details: Kerberos error. Please check log for further Top details.
in the logs, I have the following lines:
03/12/2012 20:25:26,390 INFO [org.ovirt.engine.core.utils.kerberos.ManageDomains] Creating kerberos configuration for domain (s): viprede.com.br 03/12/2012 20:25:26,422 INFO [org.ovirt.engine.core.utils.kerberos.ManageDomains] Successfully created kerberos configuration for domain (s): viprede.com.br 03/12/2012 20:25:26,422 INFO [org.ovirt.engine.core.utils.kerberos.ManageDomains] Testing kerberos configuration for domain: viprede.com.br .
So what could be this error?
2012/11/29 Itamar Heim < iheim@redhat.com >
On 11/29/2012 05:58 AM, victor nunes wrote: =20
2012/11/29 Yair Zaslavsky < yzaslavs@redhat.com <mailto: yzaslavs@redhat.com >> =20 =20
Hi, =20 =20 Can you redirect your question to users@ovirt.org =20 =20 <mailto: users@ovirt.org >? =20 =20
I think others will help you to forward your question to relevant =20 =20 people here (not sure I can provide a good answer). =20 =20
On 11/29/2012 03:26 AM, victor nunes wrote: =20 =20
So I'm trying to install FreeIPA on the same machine that =20 =20 oVirt-manage, =20 =20 but at the time of installation, the following error occurs: =20 =20
FreeIPA-server conflicts with 1: mod_ssl-2.2.22-4.fc17.x86_64 =20 =20
Looking for a solution to the problem, I discovered that this is =20 =20 a bug =20 =20 reported by others. =20 =20
Follow the link to the bug reported: =20 =20 https://bugzilla.redhat.com/__ show_bug.cgi?id=3D840098 =20 =20
< https://bugzilla.redhat.com/ show_bug.cgi?id=3D840098 > =20 =20
Then, using oo FreeIPA not be possible, which otherwise I have =20 =20 to add =20 =20 new domains and users? =20 =20
Em 8 de novembro de 2012 02:41, Yair Zaslavsky =20 =20 < yzaslavs@redhat.com <mailto: yzaslavs@redhat.com > =20 =20 <mailto: yzaslavs@redhat.com <mailto: yzaslavs@redhat.com >>> escreveu: =20 =20
Hi, =20 =20 You cannot create new users for the internal domain. =20 =20 The internal domain was developed for quick POC, just to =20 =20 allow login =20 =20 to the system without the need for ldap provider. =20 =20 I recommend you install some ldap server (i.e - free IPA) =20 =20 and try to =20 =20 work with it. =20 =20
On 11/08/2012 01:08 AM, victor nunes wrote: =20 =20
Sorry. =20 =20
Att, =20 =20
2012/11/7 victor nunes < victor.rebli@gmail.com =20 =20 <mailto: victor.rebli@gmail.com > =20 =20 <mailto: victor.rebli@gmail.com =20 =20 <mailto: victor.rebli@gmail.com >__> =20 =20 <mailto: victor.rebli@gmail.com =20 =20 <mailto: victor.rebli@gmail.com > <mailto: victor.rebli@gmail.com =20 =20 <mailto: victor.rebli@gmail.com >__>__>> =20 =20
Thanks for the reply. =20 =20
As the command "engine-manage-domains" works with =20 =20 ldap, how =20 =20 can I =20 =20 create another user in the field "internal", and user =20 =20 "admin" that =20 =20 is created when you installed the engine-setup? =20 =20
2012/11/4 Yair Zaslavsky < yzaslavs@redhat.com =20 =20 <mailto: yzaslavs@redhat.com > =20 =20 <mailto: yzaslavs@redhat.com <mailto: yzaslavs@redhat.com >> =20 =20 <mailto: yzaslavs@redhat.com =20 =20 <mailto: yzaslavs@redhat.com > <mailto: yzaslavs@redhat.com =20 =20 <mailto: yzaslavs@redhat.com >>> > =20 =20
Hi, =20 =20 The specified tool handle only ldap domains, =20 =20 and not the =20 =20 internal domain. =20 =20 What would you like to change at the internal =20 =20 domain? =20 =20 I suggest you try to use engine-config for this. =20 =20
------------------------------ ____-------------------------- --__--__------------ =20 =20
*From: *"victor nunes" =20 =20 < victor.rebli@gmail.com <mailto: victor.rebli@gmail.com > =20 =20 <mailto: victor.rebli@gmail.com =20 =20 <mailto: victor.rebli@gmail.com >__> =20 =20
<mailto: victor.rebli@gmail.com =20 =20 <mailto: victor.rebli@gmail.com > =20 =20 <mailto: victor.rebli@gmail.com =20 =20 <mailto: victor.rebli@gmail.com >__>__>> =20 =20
*To: * users@ovirt.org =20 =20 <mailto: users@ovirt.org > <mailto: users@ovirt.org =20 =20 <mailto: users@ovirt.org >> =20 =20 <mailto: users@ovirt.org <mailto: users@ovirt.org > =20 =20 <mailto: users@ovirt.org <mailto: users@ovirt.org >>> =20 =20
*Sent: *Sunday, November 4, 2012 12:18:55 AM =20 =20 *Subject: *[Users] tool engine-manage-domains =20 =20
I'm trying to change the default domain, the =20 =20 "internal" with =20 =20 the following command: =20 =20
engine-manage-domains -action=3Dedit =20 =20 -domain=3Dinternal =20 =20
However, i am getting the following message: =20 =20
"Domain internal doesn't exist int the =20 =20 configuration" =20 =20
This is my domain admin user that is =20 =20 configured in the =20 =20 installation ovirt-setup. =20 =20
So, how can i fix it to include a user in =20 =20 this domain? =20 =20
Att, =20 =20
-- =20 =20 =E2=80=9CEncarada do ponto de vista da juventude, =20 =20 a vida =20 =20 parece um =20 =20 futuro =20 =20 indefinidamente longo, ao passo que, na =20 =20 velhice, =20 =20 ela parece =20 =20 um passado =20 =20 deveras curto. Assim, a vida no seu in=C3=ADcio se =20 =20 apresenta do =20 =20 mesmo modo =20 =20 que as coisas quando as olhamos atrav=C3=A9s de um =20 =20 bin=C3=B3culo usado =20 =20 ao contr=C3=A1rio; mas, ao =20 =20 seu final, ela se parece com as coisas =20 =20 tal qual =20 =20 s=C3=A3o vistas =20 =20 quando o bin=C3=B3culo =20 =20 =C3=A9 usado de modo normal. Um homem precisa ter =20 =20 envelhecido e =20 =20 vivido =20 =20 bastante para perceber como a vida =C3=A9 curta=E2=80=9D. =20 =20
(Poema de Arthur Schopenhauer) =20 =20
______________________________ _____________________ =20 =20
Users mailing list =20 =20 Users@ovirt.org <mailto: Users@ovirt.org > <mailto: Users@ovirt.org =20 =20 <mailto: Users@ovirt.org >> <mailto: Users@ovirt.org =20 =20 <mailto: Users@ovirt.org > =20 =20 <mailto: Users@ovirt.org <mailto: Users@ovirt.org >>> =20 =20
http://lists.ovirt.org/____ mailman/listinfo/users =20 =20 < http://lists.ovirt.org/__ mailman/listinfo/users > =20 =20
< http://lists.ovirt.org/__ mailman/listinfo/users =20 =20 < http://lists.ovirt.org/ mailman/listinfo/users >> =20 =20
-- =20 =20 =E2=80=9CEncarada do ponto de vista da juventude, a vida =20 =20 parece um =20 =20 futuro =20 =20 indefinidamente longo, ao passo que, na velhice, =20 =20 ela parece =20 =20 um passado =20 =20 deveras curto. Assim, a vida no seu in=C3=ADcio se =20 =20 apresenta do =20 =20 mesmo modo =20 =20 que as coisas quando as olhamos atrav=C3=A9s de um =20 =20 bin=C3=B3culo usado ao =20 =20 contr=C3=A1rio; mas, ao =20 =20 seu final, ela se parece com as coisas tal qual =20 =20 s=C3=A3o vistas =20 =20 quando o =20 =20 bin=C3=B3culo =20 =20 =C3=A9 usado de modo normal. Um homem precisa ter =20 =20 envelhecido e =20 =20 vivido =20 =20 bastante para perceber como a vida =C3=A9 curta=E2=80=9D. =20 =20
(Poema de Arthur Schopenhauer) =20 =20
-- =20 =20 =E2=80=9CEncarada do ponto de vista da juventude, a vida parece =20 =20 um futuro =20 =20 indefinidamente longo, ao passo que, na velhice, ela =20 =20 parece um =20 =20 passado =20 =20 deveras curto. Assim, a vida no seu in=C3=ADcio se apresenta =20 =20 do mesmo =20 =20 modo =20 =20 que as coisas quando as olhamos atrav=C3=A9s de um bin=C3=B3culo =20 =20 usado ao =20 =20 contr=C3=A1rio; mas, ao =20 =20 seu final, ela se parece com as coisas tal qual s=C3=A3o =20 =20 vistas quando o =20 =20 bin=C3=B3culo =20 =20 =C3=A9 usado de modo normal. Um homem precisa ter =20 =20 envelhecido e vivido =20 =20 bastante para perceber como a vida =C3=A9 curta=E2=80=9D. =20 =20
(Poema de Arthur Schopenhauer) =20 =20
-- =20 =20 =E2=80=9CEncarada do ponto de vista da juventude, a vida parece um fu= turo =20 =20 indefinidamente longo, ao passo que, na velhice, ela parece um =20 =20 passado =20 =20 deveras curto. Assim, a vida no seu in=C3=ADcio se apresenta do mesmo =20 =20 modo =20 =20 que as coisas quando as olhamos atrav=C3=A9s de um bin=C3=B3culo usad= o ao =20 =20 contr=C3=A1rio; mas, ao =20 =20 seu final, ela se parece com as coisas tal qual s=C3=A3o vistas quand= o o =20 =20 bin=C3=B3culo =20 =20 =C3=A9 usado de modo normal. Um homem precisa ter envelhecido e vivid= o =20 =20 bastante para perceber como a vida =C3=A9 curta=E2=80=9D. =20 =20
(Poema de Arthur Schopenhauer) =20 =20
-- =20 =20 =E2=80=9CEncarada do ponto de vista da juventude, a vida parece um fu= turo =20 =20 indefinidamente longo, ao passo que, na velhice, ela parece um passado =20 =20 deveras curto. Assim, a vida no seu in=C3=ADcio se apresenta do mesmo modo =20 =20 que as coisas quando as olhamos atrav=C3=A9s de um bin=C3=B3culo usad= o ao =20 =20 contr=C3=A1rio; mas, ao =20 =20 seu final, ela se parece com as coisas tal qual s=C3=A3o vistas quand= o o =20 =20 bin=C3=B3culo =20 =20 =C3=A9 usado de modo normal. Um homem precisa ter envelhecido e vivid= o =20 =20 bastante para perceber como a vida =C3=A9 curta=E2=80=9D. =20 =20
(Poema de Arthur Schopenhauer) =20 =20
______________________________ _________________ =20 =20 Users mailing list =20 =20 Users@ovirt.org =20 =20 http://lists.ovirt.org/ mailman/listinfo/users =20 =20
there are three issues with installing freeipa on same machine as ovirt: =20 1. the mod_ssl, which is solvable, but requires some work on our side. =20 2. we faced some upgrade issues around this use case, though non are relevant right now iirc. =20 3. freeipa will override the default apache homepage redirection ovirt placed. =20
have you considered running freeipa in a guest? you can still use admin@internal for issues with that guest if needed. =20
-- =E2=80=9CEncarada do ponto de vista da juventude, a vida parece um futuro indefinidamente longo, ao passo que, na velhice, ela parece um passado deveras curto. Assim, a vida no seu in=C3=ADcio se apresenta do mesmo mod= o que as coisas quando as olhamos atrav=C3=A9s de um bin=C3=B3culo usado ao contr=C3=A1rio; mas, ao seu final, ela se parece com as coisas tal qual s=C3=A3o vistas quando o bin=C3=B3culo =C3=A9 usado de modo normal. Um homem precisa ter envelhecido e vivido bastante para perceber como a vida =C3=A9 curta=E2=80=9D.
(Poema de Arthur Schopenhauer)
"Yair Zaslavsky" <yzaslavs@redhat.com>, users@ovirt.org<br><b>Sent: = </b>Tuesday, December 4, 2012 3:28:56 AM<br><b>Subject: </b>Re: [Users] too= l engine-manage-domains<br><br><div>Thanks for the reply.</div><div><br></d= iv><div>I do not have another machine to the power configuar FreeIPA.</div>= <div><br></div><div>I have a machine, I do not have access, which is an LDA= P server installed on it.</div> <div>I configured a machine that is oVirt-manage as ldap client, I configur= ed the dns, but in time to include the domain happens the following error:<= /div><div><br></div><div>Error: exception message: Connection refused</div> <div>Failure while testing domain <a href=3D"http://viprede.com.br" target= =3D"_blank">viprede.com.br</a>. Details: Kerberos error. Please check log f= or further Top details.</div><div><br></div><div>in the logs, I have the fo= llowing lines:</div> <div><br></div><div>03/12/2012 20:25:26,390 INFO [org.ovirt.engine.core.uti= ls.kerberos.ManageDomains] Creating kerberos configuration for domain (s): = <a href=3D"http://viprede.com.br" target=3D"_blank">viprede.com.br</a></div= <div>03/12/2012 20:25:26,422 INFO [org.ovirt.engine.core.utils.kerberos.Ma= nageDomains] Successfully created kerberos configuration for domain (s): <a=
------=_Part_42299287_1325263645.1354597581386 Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: quoted-printable <html><head><style type=3D'text/css'>p { margin: 0; }</style></head><body><= div style=3D'font-family: times new roman,new york,times,serif; font-size: = 12pt; color: #000000'><font face=3D"times new roman, new york, times, serif= ">Hi,</font><div style=3D"font-family: 'times new roman', 'new york', times= , serif; ">Several things -</div><div style=3D"font-family: 'times new roma= n', 'new york', times, serif; ">a. I think logging at this point should be = improved</div><div style=3D"font-family: 'times new roman', 'new york', tim= es, serif; ">b. Since the log is not informative enough, please try the fol= lowing:</div><div style=3D"font-family: 'times new roman', 'new york', time= s, serif; ">1. Check that your credentials are correct</div><div styl= e=3D"font-family: 'times new roman', 'new york', times, serif; ">2. Check y= ou have no clock skew issue (the time difference between the machine runnin= g manage-domains and your ldap server should be less or equal to 5 minutes)= .</div><div style=3D"font-family: 'times new roman', 'new york', times, ser= if; ">3. Connection refused so there is some connectivity issue - </di= v><div><font face=3D"times new roman, new york, times, serif">please query = your ldap SRV records for the domain (IMHO dig SRV _ldap._tcp.</font><font = face=3D"Helvetica, Arial, sans-serif">viperde.com.br should do the trick)&n= bsp;</font></div><div><font face=3D"Helvetica, Arial, sans-serif">please tr= y to connect to these ldap servers manually -</font></div><div><br></div><d= iv><font face=3D"Helvetica, Arial, sans-serif">For example, if the returned= host from the dig SRV query is</font></div><div><font face=3D"Helvetica, A= rial, sans-serif">aaa.viperde.com.br</font></div><div><font face=3D"Helveti= ca, Arial, sans-serif"><br></font></div><div><font face=3D"Helvetica, Arial= , sans-serif">perform:</font></div><div><font face=3D"Helvetica, Arial, san= s-serif">telnet aaa.viperde.com.br 389</font></div><div><font face=3D"Helve= tica, Arial, sans-serif"><br></font></div><div><font face=3D"Helvetica, Ari= al, sans-serif">Turns out that I did not have telnet installed on my fc17 m= achine -</font></div><div><font face=3D"Helvetica, Arial, sans-serif">I use= d yum install telnet to install it.</font></div><div><font face=3D"Helvetic= a, Arial, sans-serif"><br></font></div><div><font face=3D"Helvetica, Arial,= sans-serif">Kind regards,</font></div><div><font face=3D"Helvetica, Arial,= sans-serif"><br></font></div><div><font face=3D"Helvetica, Arial, sans-ser= if">Yair</font></div><div><font face=3D"Helvetica, Arial, sans-serif"><br><= /font></div><div style=3D"font-family: 'times new roman', 'new york', times= , serif; "><br><hr id=3D"zwchr"><blockquote style=3D"border-left:2px solid = rgb(16, 16, 255);margin-left:5px;padding-left:5px;color:#000;font-weight:no= rmal;font-style:normal;text-decoration:none;font-family:Helvetica,Arial,san= s-serif;font-size:12pt;"><b>From: </b>"victor nunes" <victor.rebli@gmail= .com><br><b>To: </b>"Itamar Heim" <iheim@redhat.com><br><b>Cc: </b= href=3D"http://viprede.com.br" target=3D"_blank">viprede.com.br</a></div> <div>03/12/2012 20:25:26,422 INFO [org.ovirt.engine.core.utils.kerberos.Man= ageDomains] Testing kerberos configuration for domain: <a href=3D"http://vi= prede.com.br" target=3D"_blank">viprede.com.br</a>.</div><div><br></div><di= v>So what could be this error?</div> <br><div class=3D"gmail_quote">2012/11/29 Itamar Heim <span dir=3D"ltr"><= ;<a href=3D"mailto:iheim@redhat.com" target=3D"_blank">iheim@redhat.com</a>= ></span><br><blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex= ;border-left:1px #ccc solid;padding-left:1ex"> On 11/29/2012 05:58 AM, victor nunes wrote:<br> <blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1p= x #ccc solid;padding-left:1ex"> <br> <br> 2012/11/29 Yair Zaslavsky <<a href=3D"mailto:yzaslavs@redhat.com" target= =3D"_blank">yzaslavs@redhat.com</a> <mailto:<a href=3D"mailto:yzaslavs@r= edhat.com" target=3D"_blank">yzaslavs@redhat.com</a>>><div class=3D"i= m"><br> <br> Hi,<br> Can you redirect your question to <a href=3D"mailto:users@ovi= rt.org" target=3D"_blank">users@ovirt.org</a><br></div> <mailto:<a href=3D"mailto:users@ovirt.org" target=3D"_blan= k">users@ovirt.org</a>>?<div class=3D"im"><br> I think others will help you to forward your question to rele= vant<br> people here (not sure I can provide a good answer).<br> <br> <br> <br> On 11/29/2012 03:26 AM, victor nunes wrote:<br> <br> So I'm trying to install FreeIPA on the same ma= chine that<br> oVirt-manage,<br> but at the time of installation, the following = error occurs:<br> <br> FreeIPA-server conflicts with 1: mod_ssl-2.2.22= -4.fc17.x86_64<br> <br> <br> Looking for a solution to the problem, I discov= ered that this is<br> a bug<br> reported by others.<br> <br> Follow the link to the bug reported:<br></div> <a href=3D"https://bugzilla.redhat.com/__show_b= ug.cgi?id=3D840098" target=3D"_blank">https://bugzilla.redhat.com/__<u></u>= show_bug.cgi?id=3D840098</a><div class=3D"im"><br> <<a href=3D"https://bugzilla.redhat.com/show= _bug.cgi?id=3D840098" target=3D"_blank">https://bugzilla.redhat.com/<u></u>= show_bug.cgi?id=3D840098</a>><br> <br> Then, using oo FreeIPA not be possible, which o= therwise I have<br> to add<br> new domains and users?<br> <br> Em 8 de novembro de 2012 02:41, Yair Zaslavsky<= br> <<a href=3D"mailto:yzaslavs@redhat.com" targ= et=3D"_blank">yzaslavs@redhat.com</a> <mailto:<a href=3D"mailto:yzaslavs= @redhat.com" target=3D"_blank">yzaslavs@redhat.com</a>><br></div> <mailto:<a href=3D"mailto:yzaslavs@redhat.co= m" target=3D"_blank">yzaslavs@redhat.com</a> <mailto:<a href=3D"mailto:y= zaslavs@redhat.com" target=3D"_blank">yzaslavs@redhat.com</a>>>> e= screveu:<div class=3D"im"> <br> <br> <br> Hi,<br> You cannot create new users= for the internal domain.<br> The internal domain was dev= eloped for quick POC, just to<br> allow login<br> to the system without the n= eed for ldap provider.<br> I recommend you install som= e ldap server (i.e - free IPA)<br> and try to<br> work with it.<br> <br> <br> <br> On 11/08/2012 01:08 AM, vic= tor nunes wrote:<br> <br> Sorry.<br> <br> Att,<br> <br> 2012/11/7 vic= tor nunes <<a href=3D"mailto:victor.rebli@gmail.com" target=3D"_blank">v= ictor.rebli@gmail.com</a><br> <mailto:<a href=3D"mailto:victor.rebli@gmail= .com" target=3D"_blank">victor.rebli@gmail.com</a><u></u>><br> <mailto:<a= href=3D"mailto:victor.rebli@gmail.com" target=3D"_blank">victor.rebli@gmai= l.com</a><br> <mailto:<a href=3D"mailto:victor.rebli@gmail= .com" target=3D"_blank">victor.rebli@gmail.com</a><u></u>>__><br> <mailto:<a= href=3D"mailto:victor.rebli@gmail.com" target=3D"_blank">victor.rebli@gmai= l.com</a><br> <mailto:<a href=3D"mailto:victor.rebli@gmail= .com" target=3D"_blank">victor.rebli@gmail.com</a><u></u>> <mailto:<a= href=3D"mailto:victor.rebli@gmail.com" target=3D"_blank">victor.rebli@gmai= l.com</a><br></div> <mailto:<a href=3D"mailto:victor.rebli@gmail= .com" target=3D"_blank">victor.rebli@gmail.com</a><u></u>>__>__>&g= t;<div class=3D"im"><br> <br> <br> <br> = ; Thanks for the reply.<br> <br> = ; As the command "engine-manage-domains" works with<br> ldap, how<br> can I<br> = ; create another user in the field "internal", and user<br> "admin" that<= br> = ; is created when you installed the engine-setup?<br> <br> = ; 2012/11/4 Yair Zaslavsky <<a href=3D"mailto:yzaslavs@redhat.com" targe= t=3D"_blank">yzaslavs@redhat.com</a><br> <mailto:<a href=3D"mailto:yzaslavs@redhat.co= m" target=3D"_blank">yzaslavs@redhat.com</a>><br> <mailto:<a= href=3D"mailto:yzaslavs@redhat.com" target=3D"_blank">yzaslavs@redhat.com<= /a> <mailto:<a href=3D"mailto:yzaslavs@redhat.com" target=3D"_blank">yza= slavs@redhat.com</a>>><br> = ; <mailto:<a href=3D"mailto:yzaslavs@redhat.com" target=3D"_blank">yzasl= avs@redhat.com</a><br> <mailto:<a href=3D"mailto:yzaslavs@redhat.co= m" target=3D"_blank">yzaslavs@redhat.com</a>> <mailto:<a href=3D"mail= to:yzaslavs@redhat.com" target=3D"_blank">yzaslavs@redhat.com</a><br> <mailto:<a href=3D"mailto:yzaslavs@redhat.co= m" target=3D"_blank">yzaslavs@redhat.com</a>>>><u></u>><br> <br> <br> <br> = ; Hi,<br> = ; The specified tool handle only ldap domains,<br> and not the<br> = ; internal domain.<br> = ; What would you like to change at the internal<br> domain?<br> = ; I suggest you try to use engine-config for this.<br> <br> <br> <br> <br></div> ------------------------------<u></u>____------= --------------------<u></u>--__--__------------<div class=3D"im"><br> <br> <br> = ; *From: *"victor nunes"<br> <<a href=3D"mailto:victor.rebli@gmail.com" t= arget=3D"_blank">victor.rebli@gmail.com</a> <mailto:<a href=3D"mailto:vi= ctor.rebli@gmail.com" target=3D"_blank">victor.rebli@gmail.com</a><u></u>&g= t;<br> <mailto:<a= href=3D"mailto:victor.rebli@gmail.com" target=3D"_blank">victor.rebli@gmai= l.com</a><br> <mailto:<a href=3D"mailto:victor.rebli@gmail= .com" target=3D"_blank">victor.rebli@gmail.com</a><u></u>>__><br></di= v><div class=3D"im"> = ; <mailto:<a href=3D"mailto:victor.rebli@gma= il.com" target=3D"_blank">victor.rebli@gmail.com</a><br> <mailto:<a href=3D"mailto:victor.rebli@gmail= .com" target=3D"_blank">victor.rebli@gmail.com</a><u></u>><br> <mailto:<a= href=3D"mailto:victor.rebli@gmail.com" target=3D"_blank">victor.rebli@gmai= l.com</a><br></div> <mailto:<a href=3D"mailto:victor.rebli@gmail= .com" target=3D"_blank">victor.rebli@gmail.com</a><u></u>>__>__>&g= t;<div><div class=3D"h5"><br> = ; *To: *<a href=3D"mailto:users@ovirt.org" targ= et=3D"_blank">users@ovirt.org</a><br> <mailto:<a href=3D"mailto:users@ovirt.org" t= arget=3D"_blank">users@ovirt.org</a>> <mailto:<a href=3D"mailto:users= @ovirt.org" target=3D"_blank">users@ovirt.org</a><br> <mailto:<a href=3D"mailto:users@ovirt.org" t= arget=3D"_blank">users@ovirt.org</a>>><br> <mailto:<a= href=3D"mailto:users@ovirt.org" target=3D"_blank">users@ovirt.org</a> <= mailto:<a href=3D"mailto:users@ovirt.org" target=3D"_blank">users@ovirt.org= </a>><br> <mailto:<a href=3D"mailto:users@ovirt.org" t= arget=3D"_blank">users@ovirt.org</a> <mailto:<a href=3D"mailto:users@ovi= rt.org" target=3D"_blank">users@ovirt.org</a>>>><br> <br> = ; *Sent: *Sunday, November 4, 2012 12:18:55 AM<= br> = ; *Subject: *[Users] tool engine-manage-domains= <br> <br> <br> <br> = ; I'm trying to change the default domain, the<= br> "internal" wi= th<br> = ; the following command:<br> <br> = ; engine-manage-domains -action=3Dedit<br> -domain=3Dinternal<br> <br> = ; However, i am getting the following message:<= br> <br> = ; "Domain internal doesn't exist int the<br> configuration"<br> <br> = ; This is my domain admin user that is<br> configured in the<br> = ; installation ovirt-setup.<br> <br> = ; So, how can i fix it to include a user in<br> this domain?<br> <br> <br> = ; Att,<br> <br> <br> <br> <br> = ; --<br> = ; =E2=80=9CEncarada do ponto de vista da juvent= ude,<br> a vida<br> parece um<br> = ; futuro<br> = ; indefinidamente longo, ao passo que, na<br> velhice,<br> ela parece<br=
= ; um passado<br> = ; deveras curto. Assim, a vida no seu in=C3=ADc= io se<br> apresenta do<= br> = ; mesmo modo<br> = ; que as coisas quando as olhamos atrav=C3=A9s = de um<br> bin=C3=B3culo= usado<br> = ; ao contr=C3=A1rio; mas, ao<br> = ; seu final, ela se parece com as coisas<br> tal qual<br> s=C3=A3o vist= as<br> = ; quando o bin=C3=B3culo<br> = ; =C3=A9 usado de modo normal. Um homem precisa= ter<br> envelhecido e= <br> = ; vivido<br> = ; bastante para perceber como a vida =C3=A9 cur= ta=E2=80=9D.<br> <br> = ; (Poema de = Arthur Schopenhauer)<br> <br> <br></div></div> ______________________________<u></u>___= __________________<div class=3D"im"><br> = ; Users mailing list<br> <a href=3D"mailto:Users@ovirt.org" target=3D"_b= lank">Users@ovirt.org</a> <mailto:<a href=3D"mailto:Users@ovirt.org" tar= get=3D"_blank">Users@ovirt.org</a>> <mailto:<a href=3D"mailto:Users@o= virt.org" target=3D"_blank">Users@ovirt.org</a><br> </div> <mailto:<a href=3D"mailto:Users@ovirt.org" t= arget=3D"_blank">Users@ovirt.org</a>>> <mailto:<a href=3D"mailto:U= sers@ovirt.org" target=3D"_blank">Users@ovirt.org</a><br> <mailto:<a href=3D"mailto:Users@ovirt.org" t= arget=3D"_blank">Users@ovirt.org</a>><br> <mailto:<a= href=3D"mailto:Users@ovirt.org" target=3D"_blank">Users@ovirt.org</a> <= mailto:<a href=3D"mailto:Users@ovirt.org" target=3D"_blank">Users@ovirt.org= </a>>>><br> <br> <a href=3D"http://lists.ovirt.org/____mailman/l= istinfo/users" target=3D"_blank">http://lists.ovirt.org/____<u></u>mailman/= listinfo/users</a><br> <<a href=3D"http://lists.ovirt.org/__mailman= /listinfo/users" target=3D"_blank">http://lists.ovirt.org/__<u></u>mailman/= listinfo/users</a>><div><div class=3D"h5"><br> <br> <<a href= =3D"http://lists.ovirt.org/__mailman/listinfo/users" target=3D"_blank">http= ://lists.ovirt.org/__<u></u>mailman/listinfo/users</a><br> <<a href=3D"http://lists.ovirt.org/mailman/l= istinfo/users" target=3D"_blank">http://lists.ovirt.org/<u></u>mailman/list= info/users</a>>><br> <br> <br> <br> <br> <br> = ; --<br> = ; =E2=80=9CEncarada do ponto de vista da juventude, a vida<br> parece um<br> futuro<br> = ; indefinidamente longo, ao passo que, na velhice,<br> ela parece<br> um passado<br=
= ; deveras curto. Assim, a vida no seu in=C3=ADcio se<br> apresenta do<br> mesmo modo<br=
= ; que as coisas quando as olhamos atrav=C3=A9s de um<br> bin=C3=B3culo usado ao<br> = ; contr=C3=A1rio; mas, ao<br> = ; seu final, ela se parece com as coisas tal qual<br> s=C3=A3o vistas<br> quando o<br> = ; bin=C3=B3culo<br> = ; =C3=A9 usado de modo normal. Um homem precisa ter<br> envelhecido e<br> vivido<br> = ; bastante para perceber como a vida =C3=A9 curta=E2=80=9D.<br> <br> = ; (Poema de Arthur Schopenhauer)<br> <br> <br> <br> <br> --<br> =E2=80=9CEnca= rada do ponto de vista da juventude, a vida parece<br> um futuro<br> indefinidamen= te longo, ao passo que, na velhice, ela<br> parece um<br> passado<br> deveras curto= . Assim, a vida no seu in=C3=ADcio se apresenta<br> do mesmo<br> modo<br> que as coisas= quando as olhamos atrav=C3=A9s de um bin=C3=B3culo<br> usado ao<br> contr=C3=A1ri= o; mas, ao<br> seu final, el= a se parece com as coisas tal qual s=C3=A3o<br> vistas quando o<br> bin=C3=B3culo= <br> =C3=A9 usado = de modo normal. Um homem precisa ter<br> envelhecido e vivido<br> bastante para= perceber como a vida =C3=A9 curta=E2=80=9D.<br> <br> = ; (Poema de Arthur Schopenhauer)<br> <br> <br> <br> <br> --<br> =E2=80=9CEncarada do ponto de vista da juventud= e, a vida parece um futuro<br> indefinidamente longo, ao passo que, na velhice= , ela parece um<br> passado<br> deveras curto. Assim, a vida no seu in=C3=ADcio= se apresenta do mesmo<br> modo<br> que as coisas quando as olhamos atrav=C3=A9s de= um bin=C3=B3culo usado ao<br> contr=C3=A1rio; mas, ao<br> seu final, ela se parece com as coisas ta= l qual s=C3=A3o vistas quando o<br> bin=C3=B3culo<br> =C3=A9 usado de modo normal. Um homem precisa t= er envelhecido e vivido<br> bastante para perceber como a vida =C3=A9 curta= =E2=80=9D.<br> <br> (Poema= de Arthur Schopenhauer)<br> <br> <br> <br> <br> --<br> =E2=80=9CEncarada do ponto de vista da juventude, a vida parece um futuro<b= r> indefinidamente longo, ao passo que, na velhice, ela parece um passado<br> deveras curto. Assim, a vida no seu in=C3=ADcio se apresenta do mesmo modo<= br> que as coisas quando as olhamos atrav=C3=A9s de um bin=C3=B3culo usado ao<b= r> contr=C3=A1rio; mas, ao<br> seu final, ela se parece com as coisas tal qual s=C3=A3o vistas quand= o o<br> bin=C3=B3culo<br> =C3=A9 usado de modo normal. Um homem precisa ter envelhecido e vivido<br> bastante para perceber como a vida =C3=A9 curta=E2=80=9D.<br> <br> (Poema de Arthur Schopenhauer)<br> <br> <br></div></div><div class=3D"im"> ______________________________<u></u>_________________<br> Users mailing list<br> <a href=3D"mailto:Users@ovirt.org" target=3D"_blank">Users@ovirt.org</a><br=
</div><a href=3D"http://lists.ovirt.org/mailman/listinfo/users" target=3D"_= blank">http://lists.ovirt.org/<u></u>mailman/listinfo/users</a><br> <br> </blockquote> <br> there are three issues with installing freeipa on same machine as ovirt:<br=
1. the mod_ssl, which is solvable, but requires some work on our side.<br> 2. we faced some upgrade issues around this use case, though non are releva= nt right now iirc.<br> 3. freeipa will override the default apache homepage redirection ovirt plac= ed.<br> <br> have you considered running freeipa in a guest? you can still use admin@int= ernal for issues with that guest if needed.<br> </blockquote></div><br><br clear=3D"all"><div><br></div>-- <br>=E2=80=9CEnc= arada do ponto de vista da juventude, a vida parece um futuro<br>indefinida= mente longo, ao passo que, na velhice, ela parece um passado <br>deveras cu= rto. Assim, a vida no seu in=C3=ADcio se apresenta do mesmo modo<br> que as coisas quando as olhamos atrav=C3=A9s de um bin=C3=B3culo usado ao c= ontr=C3=A1rio; mas, ao <br>seu final, ela se parece com as coisas tal= qual s=C3=A3o vistas quando o bin=C3=B3culo<br>=C3=A9 usado de modo normal= . Um homem precisa ter envelhecido e vivido<br> bastante para perceber como a vida =C3=A9 curta=E2=80=9D. <br>= <br> (Poema de Arthur Schopenhauer)<br> </blockquote><br></div></div></body></html> ------=_Part_42299287_1325263645.1354597581386--
Hello, I'm going to do all these tests, but a question. I need to configure Kerberos on the server LDAP? Att, 2012/12/4 Yair Zaslavsky <yzaslavs@redhat.com>
Hi, Several things - a. I think logging at this point should be improved b. Since the log is not informative enough, please try the following: 1. Check that your credentials are correct 2. Check you have no clock skew issue (the time difference between the machine running manage-domains and your ldap server should be less or equal to 5 minutes). 3. Connection refused so there is some connectivity issue - please query your ldap SRV records for the domain (IMHO dig SRV _ldap._tcp. viperde.com.br should do the trick) please try to connect to these ldap servers manually -
For example, if the returned host from the dig SRV query is aaa.viperde.com.br
perform: telnet aaa.viperde.com.br 389
Turns out that I did not have telnet installed on my fc17 machine - I used yum install telnet to install it.
Kind regards,
Yair
------------------------------
*From: *"victor nunes" <victor.rebli@gmail.com> *To: *"Itamar Heim" <iheim@redhat.com> *Cc: *"Yair Zaslavsky" <yzaslavs@redhat.com>, users@ovirt.org *Sent: *Tuesday, December 4, 2012 3:28:56 AM *Subject: *Re: [Users] tool engine-manage-domains
Thanks for the reply.
I do not have another machine to the power configuar FreeIPA.
I have a machine, I do not have access, which is an LDAP server installed on it. I configured a machine that is oVirt-manage as ldap client, I configured the dns, but in time to include the domain happens the following error:
Error: exception message: Connection refused Failure while testing domain viprede.com.br. Details: Kerberos error. Please check log for further Top details.
in the logs, I have the following lines:
03/12/2012 20:25:26,390 INFO [org.ovirt.engine.core.utils.kerberos.ManageDomains] Creating kerberos configuration for domain (s): viprede.com.br 03/12/2012 20:25:26,422 INFO [org.ovirt.engine.core.utils.kerberos.ManageDomains] Successfully created kerberos configuration for domain (s): viprede.com.br 03/12/2012 20:25:26,422 INFO [org.ovirt.engine.core.utils.kerberos.ManageDomains] Testing kerberos configuration for domain: viprede.com.br.
So what could be this error?
2012/11/29 Itamar Heim <iheim@redhat.com>
On 11/29/2012 05:58 AM, victor nunes wrote:
2012/11/29 Yair Zaslavsky <yzaslavs@redhat.com <mailto: yzaslavs@redhat.com>>
Hi, Can you redirect your question to users@ovirt.org <mailto:users@ovirt.org>?
I think others will help you to forward your question to relevant people here (not sure I can provide a good answer).
On 11/29/2012 03:26 AM, victor nunes wrote:
So I'm trying to install FreeIPA on the same machine that oVirt-manage, but at the time of installation, the following error occurs:
FreeIPA-server conflicts with 1: mod_ssl-2.2.22-4.fc17.x86_64
Looking for a solution to the problem, I discovered that this is a bug reported by others.
Follow the link to the bug reported: https://bugzilla.redhat.com/__**show_bug.cgi?id=840098<https://bugzilla.redhat.com/__show_bug.cgi?id=840098>
Then, using oo FreeIPA not be possible, which otherwise I have to add new domains and users?
Em 8 de novembro de 2012 02:41, Yair Zaslavsky <yzaslavs@redhat.com <mailto:yzaslavs@redhat.com> <mailto:yzaslavs@redhat.com <mailto:yzaslavs@redhat.com>>> escreveu:
Hi, You cannot create new users for the internal domain. The internal domain was developed for quick POC, just to allow login to the system without the need for ldap provider. I recommend you install some ldap server (i.e - free IPA) and try to work with it.
On 11/08/2012 01:08 AM, victor nunes wrote:
Sorry.
Att,
2012/11/7 victor nunes <victor.rebli@gmail.com <mailto:victor.rebli@gmail.com**> <mailto:victor.rebli@gmail.com <mailto:victor.rebli@gmail.com**>__> <mailto:victor.rebli@gmail.com <mailto:victor.rebli@gmail.com**> <mailto:victor.rebli@gmail.com <mailto:victor.rebli@gmail.com**>__>__>>
Thanks for the reply.
As the command "engine-manage-domains" works with ldap, how can I create another user in the field "internal", and user "admin" that is created when you installed the engine-setup?
2012/11/4 Yair Zaslavsky <yzaslavs@redhat.com <mailto:yzaslavs@redhat.com> <mailto:yzaslavs@redhat.com <mailto:yzaslavs@redhat.com
<mailto:yzaslavs@redhat.com <mailto:yzaslavs@redhat.com> <mailto:yzaslavs@redhat.com <mailto:yzaslavs@redhat.com>>>**>
Hi, The specified tool handle only ldap domains, and not the internal domain. What would you like to change at the internal domain? I suggest you try to use engine-config for this.
------------------------------**____--------------------------** --__--__------------
*From: *"victor nunes" <victor.rebli@gmail.com <mailto:victor.rebli@gmail.com**> <mailto:victor.rebli@gmail.com <mailto:victor.rebli@gmail.com**>__> <mailto:victor.rebli@gmail.com <mailto:victor.rebli@gmail.com**> <mailto:victor.rebli@gmail.com <mailto:victor.rebli@gmail.com**>__>__>>
*To: *users@ovirt.org <mailto:users@ovirt.org> <mailto:users@ovirt.org <mailto:users@ovirt.org>> <mailto:users@ovirt.org <mailto:users@ovirt.org> <mailto:users@ovirt.org <mailto:users@ovirt.org>>>
*Sent: *Sunday, November 4, 2012 12:18:55 AM *Subject: *[Users] tool engine-manage-domains
I'm trying to change the default domain, the "internal" with the following command:
engine-manage-domains -action=edit -domain=internal
However, i am getting the following message:
"Domain internal doesn't exist int the configuration"
This is my domain admin user that is configured in the installation ovirt-setup.
So, how can i fix it to include a user in this domain?
Att,
-- “Encarada do ponto de vista da juventude, a vida parece um futuro indefinidamente longo, ao passo que, na velhice, ela parece um passado deveras curto. Assim, a vida no seu início se apresenta do mesmo modo que as coisas quando as olhamos através de um binóculo usado ao contrário; mas, ao seu final, ela se parece com as coisas tal qual são vistas quando o binóculo é usado de modo normal. Um homem precisa ter envelhecido e vivido bastante para perceber como a vida é curta”.
(Poema de Arthur Schopenhauer)
______________________________**_____________________
Users mailing list Users@ovirt.org <mailto:Users@ovirt.org> <mailto:Users@ovirt.org <mailto:Users@ovirt.org>> <mailto:Users@ovirt.org <mailto:Users@ovirt.org> <mailto:Users@ovirt.org <mailto:Users@ovirt.org>>>
http://lists.ovirt.org/____**mailman/listinfo/users<http://lists.ovirt.org/____mailman/listinfo/users> <http://lists.ovirt.org/__**mailman/listinfo/users<http://lists.ovirt.org/__mailman/listinfo/users>
<http://lists.ovirt.org/__**mailman/listinfo/users<http://lists.ovirt.org/__mailman/listinfo/users> <http://lists.ovirt.org/**mailman/listinfo/users<http://lists.ovirt.org/mailman/listinfo/users>
-- “Encarada do ponto de vista da juventude, a vida parece um futuro indefinidamente longo, ao passo que, na velhice, ela parece um passado deveras curto. Assim, a vida no seu início se apresenta do mesmo modo que as coisas quando as olhamos através de um binóculo usado ao contrário; mas, ao seu final, ela se parece com as coisas tal qual são vistas quando o binóculo é usado de modo normal. Um homem precisa ter envelhecido e vivido bastante para perceber como a vida é curta”.
(Poema de Arthur Schopenhauer)
-- “Encarada do ponto de vista da juventude, a vida parece um futuro indefinidamente longo, ao passo que, na velhice, ela parece um passado deveras curto. Assim, a vida no seu início se apresenta do mesmo modo que as coisas quando as olhamos através de um binóculo usado ao contrário; mas, ao seu final, ela se parece com as coisas tal qual são vistas quando o binóculo é usado de modo normal. Um homem precisa ter envelhecido e vivido bastante para perceber como a vida é curta”.
(Poema de Arthur Schopenhauer)
-- “Encarada do ponto de vista da juventude, a vida parece um futuro indefinidamente longo, ao passo que, na velhice, ela parece um passado deveras curto. Assim, a vida no seu início se apresenta do mesmo modo que as coisas quando as olhamos através de um binóculo usado ao contrário; mas, ao seu final, ela se parece com as coisas tal qual são vistas quando o binóculo é usado de modo normal. Um homem precisa ter envelhecido e vivido bastante para perceber como a vida é curta”.
(Poema de Arthur Schopenhauer)
-- “Encarada do ponto de vista da juventude, a vida parece um futuro indefinidamente longo, ao passo que, na velhice, ela parece um passado deveras curto. Assim, a vida no seu início se apresenta do mesmo modo que as coisas quando as olhamos através de um binóculo usado ao contrário; mas, ao seu final, ela se parece com as coisas tal qual são vistas quando o binóculo é usado de modo normal. Um homem precisa ter envelhecido e vivido bastante para perceber como a vida é curta”.
(Poema de Arthur Schopenhauer)
______________________________**_________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/**mailman/listinfo/users<http://lists.ovirt.org/mailman/listinfo/users>
there are three issues with installing freeipa on same machine as ovirt: 1. the mod_ssl, which is solvable, but requires some work on our side. 2. we faced some upgrade issues around this use case, though non are relevant right now iirc. 3. freeipa will override the default apache homepage redirection ovirt placed.
have you considered running freeipa in a guest? you can still use admin@internal for issues with that guest if needed.
-- “Encarada do ponto de vista da juventude, a vida parece um futuro indefinidamente longo, ao passo que, na velhice, ela parece um passado deveras curto. Assim, a vida no seu início se apresenta do mesmo modo que as coisas quando as olhamos através de um binóculo usado ao contrário; mas, ao seu final, ela se parece com as coisas tal qual são vistas quando o binóculo é usado de modo normal. Um homem precisa ter envelhecido e vivido bastante para perceber como a vida é curta”.
(Poema de Arthur Schopenhauer)
-- “Encarada do ponto de vista da juventude, a vida parece um futuro indefinidamente longo, ao passo que, na velhice, ela parece um passado deveras curto. Assim, a vida no seu início se apresenta do mesmo modo que as coisas quando as olhamos através de um binóculo usado ao contrário; mas, ao seu final, ela se parece com as coisas tal qual são vistas quando o binóculo é usado de modo normal. Um homem precisa ter envelhecido e vivido bastante para perceber como a vida é curta”. (Poema de Arthur Schopenhauer)
------=_Part_43646840_929471679.1354761070302 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable ----- Original Message -----
From: "victor nunes" <victor.rebli@gmail.com> To: "Yair Zaslavsky" <yzaslavs@redhat.com> Cc: users@ovirt.org, "Itamar Heim" <iheim@redhat.com> Sent: Thursday, December 6, 2012 2:14:49 AM Subject: Re: [Users] tool engine-manage-domains
Hello,
I'm going to do all these tests, but a question.
I need to configure Kerberos on the server LDAP?
Att, Yes.=20
2012/12/4 Yair Zaslavsky < yzaslavs@redhat.com >
Hi, =20 Several things - =20 a. I think logging at this point should be improved =20 b. Since the log is not informative enough, please try the following: =20 1. Check that your credentials are correct =20 2. Check you have no clock skew issue (the time difference between the machine running manage-domains and your ldap server should be less or equal to 5 minutes). =20 3. Connection refused so there is some connectivity issue - =20 please query your ldap SRV records for the domain (IMHO dig SRV _ldap._tcp. viperde.com.br should do the trick) =20 please try to connect to these ldap servers manually - =20
For example, if the returned host from the dig SRV query is =20 aaa.viperde.com.br =20
perform: =20 telnet aaa.viperde.com.br 389 =20
Turns out that I did not have telnet installed on my fc17 machine - =20 I used yum install telnet to install it. =20
Kind regards, =20
Yair =20
From: "victor nunes" < victor.rebli@gmail.com > =20 =20 To: "Itamar Heim" < iheim@redhat.com > =20 =20 Cc: "Yair Zaslavsky" < yzaslavs@redhat.com >, users@ovirt.org =20 =20 Sent: Tuesday, December 4, 2012 3:28:56 AM =20 =20 Subject: Re: [Users] tool engine-manage-domains =20 =20
Thanks for the reply. =20 =20
I do not have another machine to the power configuar FreeIPA. =20 =20
I have a machine, I do not have access, which is an LDAP server installed on it. =20 =20 I configured a machine that is oVirt-manage as ldap client, I configured the dns, but in time to include the domain happens the following error: =20 =20
Error: exception message: Connection refused =20 =20 Failure while testing domain viprede.com.br . Details: Kerberos error. Please check log for further Top details. =20 =20
in the logs, I have the following lines: =20 =20
03/12/2012 20:25:26,390 INFO [org.ovirt.engine.core.utils.kerberos.ManageDomains] Creating kerberos configuration for domain (s): viprede.com.br =20 =20 03/12/2012 20:25:26,422 INFO [org.ovirt.engine.core.utils.kerberos.ManageDomains] Successfully created kerberos configuration for domain (s): viprede.com.br =20 =20 03/12/2012 20:25:26,422 INFO [org.ovirt.engine.core.utils.kerberos.ManageDomains] Testing kerberos configuration for domain: viprede.com.br . =20 =20
So what could be this error? =20 =20
2012/11/29 Itamar Heim < iheim@redhat.com > =20 =20
On 11/29/2012 05:58 AM, victor nunes wrote: =20 =20 =20
2012/11/29 Yair Zaslavsky < yzaslavs@redhat.com <mailto: yzaslavs@redhat.com >> =20 =20 =20 =20
Hi, =20 =20 =20 =20 Can you redirect your question to users@ovirt.org =20 =20 =20 =20 <mailto: users@ovirt.org >? =20 =20 =20 =20
I think others will help you to forward your question to relevant =20 =20 =20 =20 people here (not sure I can provide a good answer). =20 =20 =20 =20
On 11/29/2012 03:26 AM, victor nunes wrote: =20 =20 =20 =20
So I'm trying to install FreeIPA on the same machine that =20 =20 =20 =20 oVirt-manage, =20 =20 =20 =20 but at the time of installation, the following error occurs: =20 =20 =20 =20
FreeIPA-server conflicts with 1: mod_ssl-2.2.22-4.fc17.x86_64 =20 =20 =20 =20
Looking for a solution to the problem, I discovered that this is =20 =20 =20 =20 a bug =20 =20 =20 =20 reported by others. =20 =20 =20 =20
Follow the link to the bug reported: =20 =20 =20 =20 https://bugzilla.redhat.com/__ show_bug.cgi?id=3D840098 =20 =20 =20 =20
< https://bugzilla.redhat.com/ show_bug.cgi?id=3D840098 > =20 =20 =20 =20
Then, using oo FreeIPA not be possible, which otherwise I have =20 =20 =20 =20 to add =20 =20 =20 =20 new domains and users? =20 =20 =20 =20
Em 8 de novembro de 2012 02:41, Yair Zaslavsky =20 =20 =20 =20 < yzaslavs@redhat.com <mailto: yzaslavs@redhat.com > =20 =20 =20 =20 <mailto: yzaslavs@redhat.com <mailto: yzaslavs@redhat.com >>> escreveu: =20 =20 =20 =20
Hi, =20 =20 =20 =20 You cannot create new users for the internal domain. =20 =20 =20 =20 The internal domain was developed for quick POC, just to =20 =20 =20 =20 allow login =20 =20 =20 =20 to the system without the need for ldap provider. =20 =20 =20 =20 I recommend you install some ldap server (i.e - free IPA) =20 =20 =20 =20 and try to =20 =20 =20 =20 work with it. =20 =20 =20 =20
On 11/08/2012 01:08 AM, victor nunes wrote: =20 =20 =20 =20
Sorry. =20 =20 =20 =20
Att, =20 =20 =20 =20
2012/11/7 victor nunes < victor.rebli@gmail.com =20 =20 =20 =20 <mailto: victor.rebli@gmail.com > =20 =20 =20 =20 <mailto: victor.rebli@gmail.com =20 =20 =20 =20 <mailto: victor.rebli@gmail.com >__> =20 =20 =20 =20 <mailto: victor.rebli@gmail.com =20 =20 =20 =20 <mailto: victor.rebli@gmail.com > <mailto: victor.rebli@gmail.com =20 =20 =20 =20 <mailto: victor.rebli@gmail.com >__>__>> =20 =20 =20 =20
Thanks for the reply. =20 =20 =20 =20
As the command "engine-manage-domains" works with =20 =20 =20 =20 ldap, how =20 =20 =20 =20 can I =20 =20 =20 =20 create another user in the field "internal", and user =20 =20 =20 =20 "admin" that =20 =20 =20 =20 is created when you installed the engine-setup? =20 =20 =20 =20
2012/11/4 Yair Zaslavsky < yzaslavs@redhat.com =20 =20 =20 =20 <mailto: yzaslavs@redhat.com > =20 =20 =20 =20 <mailto: yzaslavs@redhat.com <mailto: yzaslavs@redhat.com >> =20 =20 =20 =20 <mailto: yzaslavs@redhat.com =20 =20 =20 =20 <mailto: yzaslavs@redhat.com > <mailto: yzaslavs@redhat.com =20 =20 =20 =20 <mailto: yzaslavs@redhat.com >>> > =20 =20 =20 =20
Hi, =20 =20 =20 =20 The specified tool handle only ldap domains, =20 =20 =20 =20 and not the =20 =20 =20 =20 internal domain. =20 =20 =20 =20 What would you like to change at the internal =20 =20 =20 =20 domain? =20 =20 =20 =20 I suggest you try to use engine-config for this. =20 =20 =20 =20
------------------------------ ____-------------------------- --__--__------------ =20 =20 =20 =20
*From: *"victor nunes" =20 =20 =20 =20 < victor.rebli@gmail.com <mailto: victor.rebli@gmail.com > =20 =20 =20 =20 <mailto: victor.rebli@gmail.com =20 =20 =20 =20 <mailto: victor.rebli@gmail.com >__> =20 =20 =20 =20
<mailto: victor.rebli@gmail.com =20 =20 =20 =20 <mailto: victor.rebli@gmail.com > =20 =20 =20 =20 <mailto: victor.rebli@gmail.com =20 =20 =20 =20 <mailto: victor.rebli@gmail.com >__>__>> =20 =20 =20 =20
*To: * users@ovirt.org =20 =20 =20 =20 <mailto: users@ovirt.org > <mailto: users@ovirt.org =20 =20 =20 =20 <mailto: users@ovirt.org >> =20 =20 =20 =20 <mailto: users@ovirt.org <mailto: users@ovirt.org > =20 =20 =20 =20 <mailto: users@ovirt.org <mailto: users@ovirt.org >>> =20 =20 =20 =20
*Sent: *Sunday, November 4, 2012 12:18:55 AM =20 =20 =20 =20 *Subject: *[Users] tool engine-manage-domains =20 =20 =20 =20
I'm trying to change the default domain, the =20 =20 =20 =20 "internal" with =20 =20 =20 =20 the following command: =20 =20 =20 =20
engine-manage-domains -action=3Dedit =20 =20 =20 =20 -domain=3Dinternal =20 =20 =20 =20
However, i am getting the following message: =20 =20 =20 =20
"Domain internal doesn't exist int the =20 =20 =20 =20 configuration" =20 =20 =20 =20
This is my domain admin user that is =20 =20 =20 =20 configured in the =20 =20 =20 =20 installation ovirt-setup. =20 =20 =20 =20
So, how can i fix it to include a user in =20 =20 =20 =20 this domain? =20 =20 =20 =20
Att, =20 =20 =20 =20
-- =20 =20 =20 =20 =E2=80=9CEncarada do ponto de vista da juventude, =20 =20 =20 =20 a vida =20 =20 =20 =20 parece um =20 =20 =20 =20 futuro =20 =20 =20 =20 indefinidamente longo, ao passo que, na =20 =20 =20 =20 velhice, =20 =20 =20 =20 ela parece =20 =20 =20 =20 um passado =20 =20 =20 =20 deveras curto. Assim, a vida no seu in=C3=ADcio se =20 =20 =20 =20 apresenta do =20 =20 =20 =20 mesmo modo =20 =20 =20 =20 que as coisas quando as olhamos atrav=C3=A9s de um =20 =20 =20 =20 bin=C3=B3culo usado =20 =20 =20 =20 ao contr=C3=A1rio; mas, ao =20 =20 =20 =20 seu final, ela se parece com as coisas =20 =20 =20 =20 tal qual =20 =20 =20 =20 s=C3=A3o vistas =20 =20 =20 =20 quando o bin=C3=B3culo =20 =20 =20 =20 =C3=A9 usado de modo normal. Um homem precisa ter =20 =20 =20 =20 envelhecido e =20 =20 =20 =20 vivido =20 =20 =20 =20 bastante para perceber como a vida =C3=A9 curta=E2=80=9D. =20 =20 =20 =20
(Poema de Arthur Schopenhauer) =20 =20 =20 =20
______________________________ _____________________ =20 =20 =20 =20
Users mailing list =20 =20 =20 =20 Users@ovirt.org <mailto: Users@ovirt.org > <mailto: Users@ovirt.org =20 =20 =20 =20 <mailto: Users@ovirt.org >> <mailto: Users@ovirt.org =20 =20 =20 =20 <mailto: Users@ovirt.org > =20 =20 =20 =20 <mailto: Users@ovirt.org <mailto: Users@ovirt.org >>> =20 =20 =20 =20
http://lists.ovirt.org/____ mailman/listinfo/users =20 =20 =20 =20 < http://lists.ovirt.org/__ mailman/listinfo/users > =20 =20 =20 =20
< http://lists.ovirt.org/__ mailman/listinfo/users =20 =20 =20 =20 < http://lists.ovirt.org/ mailman/listinfo/users >> =20 =20 =20 =20
-- =20 =20 =20 =20 =E2=80=9CEncarada do ponto de vista da juventude, a vida =20 =20 =20 =20 parece um =20 =20 =20 =20 futuro =20 =20 =20 =20 indefinidamente longo, ao passo que, na velhice, =20 =20 =20 =20 ela parece =20 =20 =20 =20 um passado =20 =20 =20 =20 deveras curto. Assim, a vida no seu in=C3=ADcio se =20 =20 =20 =20 apresenta do =20 =20 =20 =20 mesmo modo =20 =20 =20 =20 que as coisas quando as olhamos atrav=C3=A9s de um =20 =20 =20 =20 bin=C3=B3culo usado ao =20 =20 =20 =20 contr=C3=A1rio; mas, ao =20 =20 =20 =20 seu final, ela se parece com as coisas tal qual =20 =20 =20 =20 s=C3=A3o vistas =20 =20 =20 =20 quando o =20 =20 =20 =20 bin=C3=B3culo =20 =20 =20 =20 =C3=A9 usado de modo normal. Um homem precisa ter =20 =20 =20 =20 envelhecido e =20 =20 =20 =20 vivido =20 =20 =20 =20 bastante para perceber como a vida =C3=A9 curta=E2=80=9D. =20 =20 =20 =20
(Poema de Arthur Schopenhauer) =20 =20 =20 =20
-- =20 =20 =20 =20 =E2=80=9CEncarada do ponto de vista da juventude, a vida parece =20 =20 =20 =20 um futuro =20 =20 =20 =20 indefinidamente longo, ao passo que, na velhice, ela =20 =20 =20 =20 parece um =20 =20 =20 =20 passado =20 =20 =20 =20 deveras curto. Assim, a vida no seu in=C3=ADcio se apresenta =20 =20 =20 =20 do mesmo =20 =20 =20 =20 modo =20 =20 =20 =20 que as coisas quando as olhamos atrav=C3=A9s de um bin=C3=B3culo =20 =20 =20 =20 usado ao =20 =20 =20 =20 contr=C3=A1rio; mas, ao =20 =20 =20 =20 seu final, ela se parece com as coisas tal qual s=C3=A3o =20 =20 =20 =20 vistas quando o =20 =20 =20 =20 bin=C3=B3culo =20 =20 =20 =20 =C3=A9 usado de modo normal. Um homem precisa ter =20 =20 =20 =20 envelhecido e vivido =20 =20 =20 =20 bastante para perceber como a vida =C3=A9 curta=E2=80=9D. =20 =20 =20 =20
(Poema de Arthur Schopenhauer) =20 =20 =20 =20
-- =20 =20 =20 =20 =E2=80=9CEncarada do ponto de vista da juventude, a vida parece u= m futuro =20 =20 =20 =20 indefinidamente longo, ao passo que, na velhice, ela parece um =20 =20 =20 =20 passado =20 =20 =20 =20 deveras curto. Assim, a vida no seu in=C3=ADcio se apresenta do mesmo =20 =20 =20 =20 modo =20 =20 =20 =20 que as coisas quando as olhamos atrav=C3=A9s de um bin=C3=B3culo = usado ao =20 =20 =20 =20 contr=C3=A1rio; mas, ao =20 =20 =20 =20 seu final, ela se parece com as coisas tal qual s=C3=A3o vistas quando o =20 =20 =20 =20 bin=C3=B3culo =20 =20 =20 =20 =C3=A9 usado de modo normal. Um homem precisa ter envelhecido e vivido =20 =20 =20 =20 bastante para perceber como a vida =C3=A9 curta=E2=80=9D. =20 =20 =20 =20
(Poema de Arthur Schopenhauer) =20 =20 =20 =20
-- =20 =20 =20 =20 =E2=80=9CEncarada do ponto de vista da juventude, a vida parece u= m futuro =20 =20 =20 =20 indefinidamente longo, ao passo que, na velhice, ela parece um passado =20 =20 =20 =20 deveras curto. Assim, a vida no seu in=C3=ADcio se apresenta do mesmo modo =20 =20 =20 =20 que as coisas quando as olhamos atrav=C3=A9s de um bin=C3=B3culo = usado ao =20 =20 =20 =20 contr=C3=A1rio; mas, ao =20 =20 =20 =20 seu final, ela se parece com as coisas tal qual s=C3=A3o vistas quando o =20 =20 =20 =20 bin=C3=B3culo =20 =20 =20 =20 =C3=A9 usado de modo normal. Um homem precisa ter envelhecido e vivido =20 =20 =20 =20 bastante para perceber como a vida =C3=A9 curta=E2=80=9D. =20 =20 =20 =20
(Poema de Arthur Schopenhauer) =20 =20 =20 =20
______________________________ _________________ =20 =20 =20 =20 Users mailing list =20 =20 =20 =20 Users@ovirt.org =20 =20 =20 =20 http://lists.ovirt.org/ mailman/listinfo/users =20 =20 =20 =20
there are three issues with installing freeipa on same machine as ovirt: =20 =20 =20 1. the mod_ssl, which is solvable, but requires some work on our side. =20 =20 =20 2. we faced some upgrade issues around this use case, though non are relevant right now iirc. =20 =20 =20 3. freeipa will override the default apache homepage redirection ovirt placed. =20 =20 =20
have you considered running freeipa in a guest? you can still use admin@internal for issues with that guest if needed. =20 =20 =20
-- =20 =20 =E2=80=9CEncarada do ponto de vista da juventude, a vida parece um fu= turo =20 =20 indefinidamente longo, ao passo que, na velhice, ela parece um passado =20 =20 deveras curto. Assim, a vida no seu in=C3=ADcio se apresenta do mesmo modo =20 =20 que as coisas quando as olhamos atrav=C3=A9s de um bin=C3=B3culo usad= o ao contr=C3=A1rio; mas, ao =20 =20 seu final, ela se parece com as coisas tal qual s=C3=A3o vistas quand= o o bin=C3=B3culo =20 =20 =C3=A9 usado de modo normal. Um homem precisa ter envelhecido e vivid= o =20 =20 bastante para perceber como a vida =C3=A9 curta=E2=80=9D. =20 =20
(Poema de Arthur Schopenhauer) =20 =20
-- =E2=80=9CEncarada do ponto de vista da juventude, a vida parece um futuro indefinidamente longo, ao passo que, na velhice, ela parece um passado deveras curto. Assim, a vida no seu in=C3=ADcio se apresenta do mesmo mod= o que as coisas quando as olhamos atrav=C3=A9s de um bin=C3=B3culo usado ao contr=C3=A1rio; mas, ao seu final, ela se parece com as coisas tal qual s=C3=A3o vistas quando o bin=C3=B3culo =C3=A9 usado de modo normal. Um homem precisa ter envelhecido e vivido bastante para perceber como a vida =C3=A9 curta=E2=80=9D.
(Poema de Arthur Schopenhauer)
Re: [Users] tool engine-manage-domains<br><br><div>Hello,</div><div><br></=
------=_Part_43646840_929471679.1354761070302 Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: quoted-printable <html><head><style type=3D'text/css'>p { margin: 0; }</style></head><body><= div style=3D'font-family: times new roman,new york,times,serif; font-size: = 12pt; color: #000000'><br><br><hr id=3D"zwchr"><blockquote style=3D"border-= left:2px solid rgb(16, 16, 255);margin-left:5px;padding-left:5px;color:#000= ;font-weight:normal;font-style:normal;text-decoration:none;font-family:Helv= etica,Arial,sans-serif;font-size:12pt;"><b>From: </b>"victor nunes" <vic= tor.rebli@gmail.com><br><b>To: </b>"Yair Zaslavsky" <yzaslavs@redhat.= com><br><b>Cc: </b>users@ovirt.org, "Itamar Heim" <iheim@redhat.com&g= t;<br><b>Sent: </b>Thursday, December 6, 2012 2:14:49 AM<br><b>Subject: </b= div><div>I'm going to do all these tests, but a question.</div><div><br></d= iv><div>I need to configure Kerberos on the server LDAP?</div><div><br></di= v><div id=3D"DWT2299">Att,</div></blockquote>Yes.<br><br><blockquote style= =3D"border-left:2px solid rgb(16, 16, 255);margin-left:5px;padding-left:5px= ;color:#000;font-weight:normal;font-style:normal;text-decoration:none;font-= family:Helvetica,Arial,sans-serif;font-size:12pt;"><div></div><br><div clas= s=3D"gmail_quote"> 2012/12/4 Yair Zaslavsky <span dir=3D"ltr"><<a href=3D"mailto:yzaslavs@r= edhat.com" target=3D"_blank">yzaslavs@redhat.com</a>></span><br><blockqu= ote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1px #ccc s= olid;padding-left:1ex"> <div><div style=3D"font-size:12pt;font-family:times new roman,new york,time= s,serif"><font face=3D"times new roman, new york, times, serif">Hi,</font><= div style=3D"font-family:'times new roman','new york',times,serif"> Several things -</div><div style=3D"font-family:'times new roman','new york= ',times,serif">a. I think logging at this point should be improved</div><di= v style=3D"font-family:'times new roman','new york',times,serif"> b. Since the log is not informative enough, please try the following:</div>= <div style=3D"font-family:'times new roman','new york',times,serif">1. Chec= k that your credentials are correct</div><div style=3D"font-family:'t= imes new roman','new york',times,serif"> 2. Check you have no clock skew issue (the time difference between the mach= ine running manage-domains and your ldap server should be less or equal to = 5 minutes).</div><div style=3D"font-family:'times new roman','new york',tim= es,serif"> 3. Connection refused so there is some connectivity issue - </div><div=
<font face=3D"times new roman, new york, times, serif">please query your l= dap SRV records for the domain (IMHO dig SRV _ldap._tcp.</font><font face= =3D"Helvetica, Arial, sans-serif"><a href=3D"http://viperde.com.br" target= =3D"_blank">viperde.com.br</a> should do the trick) </font></div> <div><font face=3D"Helvetica, Arial, sans-serif">please try to connect to t= hese ldap servers manually -</font></div><div><br></div><div><font face=3D"= Helvetica, Arial, sans-serif">For example, if the returned host from the di= g SRV query is</font></div> <div><font face=3D"Helvetica, Arial, sans-serif"><a href=3D"http://aaa.vipe= rde.com.br" target=3D"_blank">aaa.viperde.com.br</a></font></div><div><font= face=3D"Helvetica, Arial, sans-serif"><br></font></div><div><font face=3D"= Helvetica, Arial, sans-serif">perform:</font></div> <div><font face=3D"Helvetica, Arial, sans-serif">telnet <a href=3D"http://a= aa.viperde.com.br" target=3D"_blank">aaa.viperde.com.br</a> 389</font></div= <div><font face=3D"Helvetica, Arial, sans-serif"><br></font></div><div><fo= nt face=3D"Helvetica, Arial, sans-serif">Turns out that I did not have teln= et installed on my fc17 machine -</font></div> <div><font face=3D"Helvetica, Arial, sans-serif">I used yum install telnet = to install it.</font></div><div><font face=3D"Helvetica, Arial, sans-serif"= <br></font></div><div><font face=3D"Helvetica, Arial, sans-serif">Kind reg= ards,</font></div> <div><font face=3D"Helvetica, Arial, sans-serif"><br></font></div><div><fon= t face=3D"Helvetica, Arial, sans-serif">Yair</font></div><div><font face=3D= "Helvetica, Arial, sans-serif"><br></font></div><div style=3D"font-family:'= times new roman','new york',times,serif"> <br><hr><blockquote style=3D"padding-left:5px;font-size:12pt;font-style:nor= mal;margin-left:5px;font-family:Helvetica,Arial,sans-serif;text-decoration:= none;font-weight:normal;border-left:2px solid rgb(16,16,255)"><b>From: </b>= "victor nunes" <<a href=3D"mailto:victor.rebli@gmail.com" target=3D"_bla= nk">victor.rebli@gmail.com</a>><br> <b>To: </b>"Itamar Heim" <<a href=3D"mailto:iheim@redhat.com" target=3D"= _blank">iheim@redhat.com</a>><br><b>Cc: </b>"Yair Zaslavsky" <<a href= =3D"mailto:yzaslavs@redhat.com" target=3D"_blank">yzaslavs@redhat.com</a>&g= t;, <a href=3D"mailto:users@ovirt.org" target=3D"_blank">users@ovirt.org</a= <br> <b>Sent: </b>Tuesday, December 4, 2012 3:28:56 AM<br><b>Subject: </b>Re: [U= sers] tool engine-manage-domains<div><div class=3D"h5"><br><br><div>Thanks = for the reply.</div><div><br></div><div>I do not have another machine to th= e power configuar FreeIPA.</div> <div><br></div><div>I have a machine, I do not have access, which is an LDA= P server installed on it.</div> <div>I configured a machine that is oVirt-manage as ldap client, I configur= ed the dns, but in time to include the domain happens the following error:<= /div><div><br></div><div>Error: exception message: Connection refused</div>
<div>Failure while testing domain <a href=3D"http://viprede.com.br" target= =3D"_blank">viprede.com.br</a>. Details: Kerberos error. Please check log f= or further Top details.</div><div><br></div><div>in the logs, I have the fo= llowing lines:</div> <div><br></div><div>03/12/2012 20:25:26,390 INFO [org.ovirt.engine.core.uti= ls.kerberos.ManageDomains] Creating kerberos configuration for domain (s): = <a href=3D"http://viprede.com.br" target=3D"_blank">viprede.com.br</a></div=
<div>03/12/2012 20:25:26,422 INFO [org.ovirt.engine.core.utils.kerberos.Man= ageDomains] Successfully created kerberos configuration for domain (s): <a = href=3D"http://viprede.com.br" target=3D"_blank">viprede.com.br</a></div> <div>03/12/2012 20:25:26,422 INFO [org.ovirt.engine.core.utils.kerberos.Man= ageDomains] Testing kerberos configuration for domain: <a href=3D"http://vi= prede.com.br" target=3D"_blank">viprede.com.br</a>.</div><div><br></div><di= v> So what could be this error?</div> <br><div class=3D"gmail_quote">2012/11/29 Itamar Heim <span dir=3D"ltr"><= ;<a href=3D"mailto:iheim@redhat.com" target=3D"_blank">iheim@redhat.com</a>= ></span><br><blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex= ;border-left:1px #ccc solid;padding-left:1ex"> On 11/29/2012 05:58 AM, victor nunes wrote:<br> <blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1p= x #ccc solid;padding-left:1ex"> <br> <br> 2012/11/29 Yair Zaslavsky <<a href=3D"mailto:yzaslavs@redhat.com" target= =3D"_blank">yzaslavs@redhat.com</a> <mailto:<a href=3D"mailto:yzaslavs@r= edhat.com" target=3D"_blank">yzaslavs@redhat.com</a>>><div><br> <br> Hi,<br> Can you redirect your question to <a href=3D"mailto:users@ovi= rt.org" target=3D"_blank">users@ovirt.org</a><br></div> <mailto:<a href=3D"mailto:users@ovirt.org" target=3D"_blan= k">users@ovirt.org</a>>?<div><br> I think others will help you to forward your question to rele= vant<br> people here (not sure I can provide a good answer).<br> <br> <br> <br> On 11/29/2012 03:26 AM, victor nunes wrote:<br> <br> So I'm trying to install FreeIPA on the same ma= chine that<br> oVirt-manage,<br> but at the time of installation, the following = error occurs:<br> <br> FreeIPA-server conflicts with 1: mod_ssl-2.2.22= -4.fc17.x86_64<br> <br> <br> Looking for a solution to the problem, I discov= ered that this is<br> a bug<br> reported by others.<br> <br> Follow the link to the bug reported:<br></div> <a href=3D"https://bugzilla.redhat.com/__show_b= ug.cgi?id=3D840098" target=3D"_blank">https://bugzilla.redhat.com/__<u></u>= show_bug.cgi?id=3D840098</a><div><br> <<a href=3D"https://bugzilla.redhat.com/show= _bug.cgi?id=3D840098" target=3D"_blank">https://bugzilla.redhat.com/<u></u>= show_bug.cgi?id=3D840098</a>><br> <br> Then, using oo FreeIPA not be possible, which o= therwise I have<br> to add<br> new domains and users?<br> <br> Em 8 de novembro de 2012 02:41, Yair Zaslavsky<= br> <<a href=3D"mailto:yzaslavs@redhat.com" targ= et=3D"_blank">yzaslavs@redhat.com</a> <mailto:<a href=3D"mailto:yzaslavs= @redhat.com" target=3D"_blank">yzaslavs@redhat.com</a>><br></div> <mailto:<a href=3D"mailto:yzaslavs@redhat.co= m" target=3D"_blank">yzaslavs@redhat.com</a> <mailto:<a href=3D"mailto:y= zaslavs@redhat.com" target=3D"_blank">yzaslavs@redhat.com</a>>>> e= screveu:<div> <br> <br> <br> Hi,<br> You cannot create new users= for the internal domain.<br> The internal domain was dev= eloped for quick POC, just to<br> allow login<br> to the system without the n= eed for ldap provider.<br> I recommend you install som= e ldap server (i.e - free IPA)<br> and try to<br> work with it.<br> <br> <br> <br> On 11/08/2012 01:08 AM, vic= tor nunes wrote:<br> <br> Sorry.<br> <br> Att,<br> <br> 2012/11/7 vic= tor nunes <<a href=3D"mailto:victor.rebli@gmail.com" target=3D"_blank">v= ictor.rebli@gmail.com</a><br> <mailto:<a href=3D"mailto:victor.rebli@gmail= .com" target=3D"_blank">victor.rebli@gmail.com</a><u></u>><br> <mailto:<a= href=3D"mailto:victor.rebli@gmail.com" target=3D"_blank">victor.rebli@gmai= l.com</a><br> <mailto:<a href=3D"mailto:victor.rebli@gmail= .com" target=3D"_blank">victor.rebli@gmail.com</a><u></u>>__><br> <mailto:<a= href=3D"mailto:victor.rebli@gmail.com" target=3D"_blank">victor.rebli@gmai= l.com</a><br> <mailto:<a href=3D"mailto:victor.rebli@gmail= .com" target=3D"_blank">victor.rebli@gmail.com</a><u></u>> <mailto:<a= href=3D"mailto:victor.rebli@gmail.com" target=3D"_blank">victor.rebli@gmai= l.com</a><br></div> <mailto:<a href=3D"mailto:victor.rebli@gmail= .com" target=3D"_blank">victor.rebli@gmail.com</a><u></u>>__>__>&g= t;<div><br> <br> <br> <br> = ; Thanks for the reply.<br> <br> = ; As the command "engine-manage-domains" works with<br> ldap, how<br> can I<br> = ; create another user in the field "internal", and user<br> "admin" that<= br> = ; is created when you installed the engine-setup?<br> <br> = ; 2012/11/4 Yair Zaslavsky <<a href=3D"mailto:yzaslavs@redhat.com" targe= t=3D"_blank">yzaslavs@redhat.com</a><br> <mailto:<a href=3D"mailto:yzaslavs@redhat.co= m" target=3D"_blank">yzaslavs@redhat.com</a>><br> <mailto:<a= href=3D"mailto:yzaslavs@redhat.com" target=3D"_blank">yzaslavs@redhat.com<= /a> <mailto:<a href=3D"mailto:yzaslavs@redhat.com" target=3D"_blank">yza= slavs@redhat.com</a>>><br> = ; <mailto:<a href=3D"mailto:yzaslavs@redhat.com" target=3D"_blank">yzasl= avs@redhat.com</a><br> <mailto:<a href=3D"mailto:yzaslavs@redhat.co= m" target=3D"_blank">yzaslavs@redhat.com</a>> <mailto:<a href=3D"mail= to:yzaslavs@redhat.com" target=3D"_blank">yzaslavs@redhat.com</a><br> <mailto:<a href=3D"mailto:yzaslavs@redhat.co= m" target=3D"_blank">yzaslavs@redhat.com</a>>>><u></u>><br> <br> <br> <br> = ; Hi,<br> = ; The specified tool handle only ldap domains,<br> and not the<br> = ; internal domain.<br> = ; What would you like to change at the internal<br> domain?<br> = ; I suggest you try to use engine-config for this.<br> <br> <br> <br> <br></div> ------------------------------<u></u>____------= --------------------<u></u>--__--__------------<div><br> <br> <br> = ; *From: *"victor nunes"<br> <<a href=3D"mailto:victor.rebli@gmail.com" t= arget=3D"_blank">victor.rebli@gmail.com</a> <mailto:<a href=3D"mailto:vi= ctor.rebli@gmail.com" target=3D"_blank">victor.rebli@gmail.com</a><u></u>&g= t;<br> <mailto:<a= href=3D"mailto:victor.rebli@gmail.com" target=3D"_blank">victor.rebli@gmai= l.com</a><br> <mailto:<a href=3D"mailto:victor.rebli@gmail= .com" target=3D"_blank">victor.rebli@gmail.com</a><u></u>>__><br></di= v><div> = ; <mailto:<a href=3D"mailto:victor.rebli@gma= il.com" target=3D"_blank">victor.rebli@gmail.com</a><br> <mailto:<a href=3D"mailto:victor.rebli@gmail= .com" target=3D"_blank">victor.rebli@gmail.com</a><u></u>><br> <mailto:<a= href=3D"mailto:victor.rebli@gmail.com" target=3D"_blank">victor.rebli@gmai= l.com</a><br></div> <mailto:<a href=3D"mailto:victor.rebli@gmail= .com" target=3D"_blank">victor.rebli@gmail.com</a><u></u>>__>__>&g= t;<div><div><br> = ; *To: *<a href=3D"mailto:users@ovirt.org" targ= et=3D"_blank">users@ovirt.org</a><br> <mailto:<a href=3D"mailto:users@ovirt.org" t= arget=3D"_blank">users@ovirt.org</a>> <mailto:<a href=3D"mailto:users= @ovirt.org" target=3D"_blank">users@ovirt.org</a><br> <mailto:<a href=3D"mailto:users@ovirt.org" t= arget=3D"_blank">users@ovirt.org</a>>><br> <mailto:<a= href=3D"mailto:users@ovirt.org" target=3D"_blank">users@ovirt.org</a> <= mailto:<a href=3D"mailto:users@ovirt.org" target=3D"_blank">users@ovirt.org= </a>><br> <mailto:<a href=3D"mailto:users@ovirt.org" t= arget=3D"_blank">users@ovirt.org</a> <mailto:<a href=3D"mailto:users@ovi= rt.org" target=3D"_blank">users@ovirt.org</a>>>><br> <br> = ; *Sent: *Sunday, November 4, 2012 12:18:55 AM<= br> = ; *Subject: *[Users] tool engine-manage-domains= <br> <br> <br> <br> = ; I'm trying to change the default domain, the<= br> "internal" wi= th<br> = ; the following command:<br> <br> = ; engine-manage-domains -action=3Dedit<br> -domain=3Dinternal<br> <br> = ; However, i am getting the following message:<= br> <br> = ; "Domain internal doesn't exist int the<br> configuration"<br> <br> = ; This is my domain admin user that is<br> configured in the<br> = ; installation ovirt-setup.<br> <br> = ; So, how can i fix it to include a user in<br> this domain?<br> <br> <br> = ; Att,<br> <br> <br> <br> <br> = ; --<br> = ; =E2=80=9CEncarada do ponto de vista da juvent= ude,<br> a vida<br> parece um<br> = ; futuro<br> = ; indefinidamente longo, ao passo que, na<br> velhice,<br> ela parece<br=
= ; um passado<br> = ; deveras curto. Assim, a vida no seu in=C3=ADc= io se<br> apresenta do<= br> = ; mesmo modo<br> = ; que as coisas quando as olhamos atrav=C3=A9s = de um<br> bin=C3=B3culo= usado<br> = ; ao contr=C3=A1rio; mas, ao<br> = ; seu final, ela se parece com as coisas<br> tal qual<br> s=C3=A3o vist= as<br> = ; quando o bin=C3=B3culo<br> = ; =C3=A9 usado de modo normal. Um homem precisa= ter<br> envelhecido e= <br> = ; vivido<br> = ; bastante para perceber como a vida =C3=A9 cur= ta=E2=80=9D.<br> <br> = ; (Poema de = Arthur Schopenhauer)<br> <br> <br></div></div> ______________________________<u></u>___= __________________<div><br> = ; Users mailing list<br> <a href=3D"mailto:Users@ovirt.org" target=3D"_b= lank">Users@ovirt.org</a> <mailto:<a href=3D"mailto:Users@ovirt.org" tar= get=3D"_blank">Users@ovirt.org</a>> <mailto:<a href=3D"mailto:Users@o= virt.org" target=3D"_blank">Users@ovirt.org</a><br> </div> <mailto:<a href=3D"mailto:Users@ovirt.org" t= arget=3D"_blank">Users@ovirt.org</a>>> <mailto:<a href=3D"mailto:U= sers@ovirt.org" target=3D"_blank">Users@ovirt.org</a><br> <mailto:<a href=3D"mailto:Users@ovirt.org" t= arget=3D"_blank">Users@ovirt.org</a>><br> <mailto:<a= href=3D"mailto:Users@ovirt.org" target=3D"_blank">Users@ovirt.org</a> <= mailto:<a href=3D"mailto:Users@ovirt.org" target=3D"_blank">Users@ovirt.org= </a>>>><br> <br> <a href=3D"http://lists.ovirt.org/____mailman/l= istinfo/users" target=3D"_blank">http://lists.ovirt.org/____<u></u>mailman/= listinfo/users</a><br> <<a href=3D"http://lists.ovirt.org/__mailman= /listinfo/users" target=3D"_blank">http://lists.ovirt.org/__<u></u>mailman/= listinfo/users</a>><div><div><br> <br> <<a href= =3D"http://lists.ovirt.org/__mailman/listinfo/users" target=3D"_blank">http= ://lists.ovirt.org/__<u></u>mailman/listinfo/users</a><br> <<a href=3D"http://lists.ovirt.org/mailman/l= istinfo/users" target=3D"_blank">http://lists.ovirt.org/<u></u>mailman/list= info/users</a>>><br> <br> <br> <br> <br> <br> = ; --<br> = ; =E2=80=9CEncarada do ponto de vista da juventude, a vida<br> parece um<br> futuro<br> = ; indefinidamente longo, ao passo que, na velhice,<br> ela parece<br> um passado<br=
= ; deveras curto. Assim, a vida no seu in=C3=ADcio se<br> apresenta do<br> mesmo modo<br=
= ; que as coisas quando as olhamos atrav=C3=A9s de um<br> bin=C3=B3culo usado ao<br> = ; contr=C3=A1rio; mas, ao<br> = ; seu final, ela se parece com as coisas tal qual<br> s=C3=A3o vistas<br> quando o<br> = ; bin=C3=B3culo<br> = ; =C3=A9 usado de modo normal. Um homem precisa ter<br> envelhecido e<br> vivido<br> = ; bastante para perceber como a vida =C3=A9 curta=E2=80=9D.<br> <br> = ; (Poema de Arthur Schopenhauer)<br> <br> <br> <br> <br> --<br> =E2=80=9CEnca= rada do ponto de vista da juventude, a vida parece<br> um futuro<br> indefinidamen= te longo, ao passo que, na velhice, ela<br> parece um<br> passado<br> deveras curto= . Assim, a vida no seu in=C3=ADcio se apresenta<br> do mesmo<br> modo<br> que as coisas= quando as olhamos atrav=C3=A9s de um bin=C3=B3culo<br> usado ao<br> contr=C3=A1ri= o; mas, ao<br> seu final, el= a se parece com as coisas tal qual s=C3=A3o<br> vistas quando o<br> bin=C3=B3culo= <br> =C3=A9 usado = de modo normal. Um homem precisa ter<br> envelhecido e vivido<br> bastante para= perceber como a vida =C3=A9 curta=E2=80=9D.<br> <br> = ; (Poema de Arthur Schopenhauer)<br> <br> <br> <br> <br> --<br> =E2=80=9CEncarada do ponto de vista da juventud= e, a vida parece um futuro<br> indefinidamente longo, ao passo que, na velhice= , ela parece um<br> passado<br> deveras curto. Assim, a vida no seu in=C3=ADcio= se apresenta do mesmo<br> modo<br> que as coisas quando as olhamos atrav=C3=A9s de= um bin=C3=B3culo usado ao<br> contr=C3=A1rio; mas, ao<br> seu final, ela se parece com as coisas ta= l qual s=C3=A3o vistas quando o<br> bin=C3=B3culo<br> =C3=A9 usado de modo normal. Um homem precisa t= er envelhecido e vivido<br> bastante para perceber como a vida =C3=A9 curta= =E2=80=9D.<br> <br> (Poema= de Arthur Schopenhauer)<br> <br> <br> <br> <br> --<br> =E2=80=9CEncarada do ponto de vista da juventude, a vida parece um futuro<b= r> indefinidamente longo, ao passo que, na velhice, ela parece um passado<br> deveras curto. Assim, a vida no seu in=C3=ADcio se apresenta do mesmo modo<= br> que as coisas quando as olhamos atrav=C3=A9s de um bin=C3=B3culo usado ao<b= r> contr=C3=A1rio; mas, ao<br> seu final, ela se parece com as coisas tal qual s=C3=A3o vistas quand= o o<br> bin=C3=B3culo<br> =C3=A9 usado de modo normal. Um homem precisa ter envelhecido e vivido<br> bastante para perceber como a vida =C3=A9 curta=E2=80=9D.<br> <br> (Poema de Arthur Schopenhauer)<br> <br> <br></div></div><div> ______________________________<u></u>_________________<br> Users mailing list<br> <a href=3D"mailto:Users@ovirt.org" target=3D"_blank">Users@ovirt.org</a><br=
</div><a href=3D"http://lists.ovirt.org/mailman/listinfo/users" target=3D"_= blank">http://lists.ovirt.org/<u></u>mailman/listinfo/users</a><br> <br> </blockquote> <br> there are three issues with installing freeipa on same machine as ovirt:<br=
1. the mod_ssl, which is solvable, but requires some work on our side.<br> 2. we faced some upgrade issues around this use case, though non are releva= nt right now iirc.<br> 3. freeipa will override the default apache homepage redirection ovirt plac= ed.<br> <br> have you considered running freeipa in a guest? you can still use admin@int= ernal for issues with that guest if needed.<br> </blockquote></div><br><br clear=3D"all"><div><br></div>-- <br>=E2=80=9CEnc= arada do ponto de vista da juventude, a vida parece um futuro<br>indefinida= mente longo, ao passo que, na velhice, ela parece um passado <br>deveras cu= rto. Assim, a vida no seu in=C3=ADcio se apresenta do mesmo modo<br> que as coisas quando as olhamos atrav=C3=A9s de um bin=C3=B3culo usado ao c= ontr=C3=A1rio; mas, ao <br>seu final, ela se parece com as coisas tal= qual s=C3=A3o vistas quando o bin=C3=B3culo<br>=C3=A9 usado de modo normal= . Um homem precisa ter envelhecido e vivido<br> bastante para perceber como a vida =C3=A9 curta=E2=80=9D. <br>= <br> (Poema de Arthur Schopenhauer)<br> </div></div></blockquote><br></div></div></div></blockquote></div><br><br c= lear=3D"all"><div><br></div>-- <br>=E2=80=9CEncarada do ponto de vista da j= uventude, a vida parece um futuro<br>indefinidamente longo, ao passo que, n= a velhice, ela parece um passado <br> deveras curto. Assim, a vida no seu in=C3=ADcio se apresenta do mesmo modo<= br>que as coisas quando as olhamos atrav=C3=A9s de um bin=C3=B3culo usado a= o contr=C3=A1rio; mas, ao <br>seu final, ela se parece com as coisas = tal qual s=C3=A3o vistas quando o bin=C3=B3culo<br> =C3=A9 usado de modo normal. Um homem precisa ter envelhecido e vivido<br>b= astante para perceber como a vida =C3=A9 curta=E2=80=9D. <br><= br> (Poema de Arthur Schopenhauer)<br> </blockquote><br></div></body></html> ------=_Part_43646840_929471679.1354761070302--
So returning. I got a machine, I installed Fedora 17 on it. With that I managed to install FreeIPA. FreeIPA configured, and managed to add the domain with the tool "oVirt-manage-domains". Created in FreeIPA users, set their passwords. I gave permission for them. However, I can only login with the admin user in the new domain. With users that I created, is giving the following message: Can not Login. User Password has expired, Please change your password. So, I need to give any more permission for users to login? Att, 2012/12/6 Yair Zaslavsky <yzaslavs@redhat.com>
------------------------------
*From: *"victor nunes" <victor.rebli@gmail.com> *To: *"Yair Zaslavsky" <yzaslavs@redhat.com> *Cc: *users@ovirt.org, "Itamar Heim" <iheim@redhat.com> *Sent: *Thursday, December 6, 2012 2:14:49 AM
*Subject: *Re: [Users] tool engine-manage-domains
Hello,
I'm going to do all these tests, but a question.
I need to configure Kerberos on the server LDAP?
Att,
Yes.
2012/12/4 Yair Zaslavsky <yzaslavs@redhat.com>
Hi, Several things - a. I think logging at this point should be improved b. Since the log is not informative enough, please try the following: 1. Check that your credentials are correct 2. Check you have no clock skew issue (the time difference between the machine running manage-domains and your ldap server should be less or equal to 5 minutes). 3. Connection refused so there is some connectivity issue - please query your ldap SRV records for the domain (IMHO dig SRV _ldap._tcp.viperde.com.br should do the trick) please try to connect to these ldap servers manually -
For example, if the returned host from the dig SRV query is aaa.viperde.com.br
perform: telnet aaa.viperde.com.br 389
Turns out that I did not have telnet installed on my fc17 machine - I used yum install telnet to install it.
Kind regards,
Yair
------------------------------
*From: *"victor nunes" <victor.rebli@gmail.com> *To: *"Itamar Heim" <iheim@redhat.com> *Cc: *"Yair Zaslavsky" <yzaslavs@redhat.com>, users@ovirt.org *Sent: *Tuesday, December 4, 2012 3:28:56 AM *Subject: *Re: [Users] tool engine-manage-domains
Thanks for the reply.
I do not have another machine to the power configuar FreeIPA.
I have a machine, I do not have access, which is an LDAP server installed on it. I configured a machine that is oVirt-manage as ldap client, I configured the dns, but in time to include the domain happens the following error:
Error: exception message: Connection refused Failure while testing domain viprede.com.br. Details: Kerberos error. Please check log for further Top details.
in the logs, I have the following lines:
03/12/2012 20:25:26,390 INFO [org.ovirt.engine.core.utils.kerberos.ManageDomains] Creating kerberos configuration for domain (s): viprede.com.br 03/12/2012 20:25:26,422 INFO [org.ovirt.engine.core.utils.kerberos.ManageDomains] Successfully created kerberos configuration for domain (s): viprede.com.br 03/12/2012 20:25:26,422 INFO [org.ovirt.engine.core.utils.kerberos.ManageDomains] Testing kerberos configuration for domain: viprede.com.br.
So what could be this error?
2012/11/29 Itamar Heim <iheim@redhat.com>
On 11/29/2012 05:58 AM, victor nunes wrote:
2012/11/29 Yair Zaslavsky <yzaslavs@redhat.com <mailto: yzaslavs@redhat.com>>
Hi, Can you redirect your question to users@ovirt.org <mailto:users@ovirt.org>?
I think others will help you to forward your question to relevant people here (not sure I can provide a good answer).
On 11/29/2012 03:26 AM, victor nunes wrote:
So I'm trying to install FreeIPA on the same machine that oVirt-manage, but at the time of installation, the following error occurs:
FreeIPA-server conflicts with 1: mod_ssl-2.2.22-4.fc17.x86_64
Looking for a solution to the problem, I discovered that this is a bug reported by others.
Follow the link to the bug reported: https://bugzilla.redhat.com/__**show_bug.cgi?id=840098<https://bugzilla.redhat.com/__show_bug.cgi?id=840098>
Then, using oo FreeIPA not be possible, which otherwise I have to add new domains and users?
Em 8 de novembro de 2012 02:41, Yair Zaslavsky <yzaslavs@redhat.com <mailto:yzaslavs@redhat.com> <mailto:yzaslavs@redhat.com <mailto:yzaslavs@redhat.com>>> escreveu:
Hi, You cannot create new users for the internal domain. The internal domain was developed for quick POC, just to allow login to the system without the need for ldap provider. I recommend you install some ldap server (i.e - free IPA) and try to work with it.
On 11/08/2012 01:08 AM, victor nunes wrote:
Sorry.
Att,
2012/11/7 victor nunes <victor.rebli@gmail.com <mailto:victor.rebli@gmail.com**> <mailto:victor.rebli@gmail.com <mailto:victor.rebli@gmail.com**>__> <mailto:victor.rebli@gmail.com <mailto:victor.rebli@gmail.com**> <mailto: victor.rebli@gmail.com <mailto:victor.rebli@gmail.com**>__>__>>
Thanks for the reply.
As the command "engine-manage-domains" works with ldap, how can I create another user in the field "internal", and user "admin" that is created when you installed the engine-setup?
2012/11/4 Yair Zaslavsky <yzaslavs@redhat.com <mailto:yzaslavs@redhat.com> <mailto:yzaslavs@redhat.com <mailto: yzaslavs@redhat.com>> <mailto:yzaslavs@redhat.com <mailto:yzaslavs@redhat.com> <mailto:yzaslavs@redhat.com <mailto:yzaslavs@redhat.com>>>**>
Hi, The specified tool handle only ldap domains, and not the internal domain. What would you like to change at the internal domain? I suggest you try to use engine-config for this.
------------------------------**____--------------------------* *--__--__------------
*From: *"victor nunes" <victor.rebli@gmail.com <mailto:victor.rebli@gmail.com**> <mailto:victor.rebli@gmail.com <mailto:victor.rebli@gmail.com**>__> <mailto:victor.rebli@gmail.com <mailto:victor.rebli@gmail.com**> <mailto:victor.rebli@gmail.com <mailto:victor.rebli@gmail.com**>__>__>>
*To: *users@ovirt.org <mailto:users@ovirt.org> <mailto:users@ovirt.org <mailto:users@ovirt.org>> <mailto:users@ovirt.org <mailto:users@ovirt.org> <mailto:users@ovirt.org <mailto:users@ovirt.org>>>
*Sent: *Sunday, November 4, 2012 12:18:55 AM *Subject: *[Users] tool engine-manage-domains
I'm trying to change the default domain, the "internal" with the following command:
engine-manage-domains -action=edit -domain=internal
However, i am getting the following message:
"Domain internal doesn't exist int the configuration"
This is my domain admin user that is configured in the installation ovirt-setup.
So, how can i fix it to include a user in this domain?
Att,
-- “Encarada do ponto de vista da juventude, a vida parece um futuro indefinidamente longo, ao passo que, na velhice, ela parece um passado deveras curto. Assim, a vida no seu início se apresenta do mesmo modo que as coisas quando as olhamos através de um binóculo usado ao contrário; mas, ao seu final, ela se parece com as coisas tal qual são vistas quando o binóculo é usado de modo normal. Um homem precisa ter envelhecido e vivido bastante para perceber como a vida é curta”.
(Poema de Arthur Schopenhauer)
______________________________**_____________________
Users mailing list Users@ovirt.org <mailto:Users@ovirt.org> <mailto: Users@ovirt.org <mailto:Users@ovirt.org>> <mailto:Users@ovirt.org <mailto:Users@ovirt.org> <mailto:Users@ovirt.org <mailto:Users@ovirt.org>>>
http://lists.ovirt.org/____**mailman/listinfo/users<http://lists.ovirt.org/____mailman/listinfo/users> <http://lists.ovirt.org/__**mailman/listinfo/users<http://lists.ovirt.org/__mailman/listinfo/users>
<http://lists.ovirt.org/__**mailman/listinfo/users<http://lists.ovirt.org/__mailman/listinfo/users> <http://lists.ovirt.org/**mailman/listinfo/users<http://lists.ovirt.org/mailman/listinfo/users>
-- “Encarada do ponto de vista da juventude, a vida parece um futuro indefinidamente longo, ao passo que, na velhice, ela parece um passado deveras curto. Assim, a vida no seu início se apresenta do mesmo modo que as coisas quando as olhamos através de um binóculo usado ao contrário; mas, ao seu final, ela se parece com as coisas tal qual são vistas quando o binóculo é usado de modo normal. Um homem precisa ter envelhecido e vivido bastante para perceber como a vida é curta”.
(Poema de Arthur Schopenhauer)
-- “Encarada do ponto de vista da juventude, a vida parece um futuro indefinidamente longo, ao passo que, na velhice, ela parece um passado deveras curto. Assim, a vida no seu início se apresenta do mesmo modo que as coisas quando as olhamos através de um binóculo usado ao contrário; mas, ao seu final, ela se parece com as coisas tal qual são vistas quando o binóculo é usado de modo normal. Um homem precisa ter envelhecido e vivido bastante para perceber como a vida é curta”.
(Poema de Arthur Schopenhauer)
-- “Encarada do ponto de vista da juventude, a vida parece um futuro indefinidamente longo, ao passo que, na velhice, ela parece um passado deveras curto. Assim, a vida no seu início se apresenta do mesmo modo que as coisas quando as olhamos através de um binóculo usado ao contrário; mas, ao seu final, ela se parece com as coisas tal qual são vistas quando o binóculo é usado de modo normal. Um homem precisa ter envelhecido e vivido bastante para perceber como a vida é curta”.
(Poema de Arthur Schopenhauer)
-- “Encarada do ponto de vista da juventude, a vida parece um futuro indefinidamente longo, ao passo que, na velhice, ela parece um passado deveras curto. Assim, a vida no seu início se apresenta do mesmo modo que as coisas quando as olhamos através de um binóculo usado ao contrário; mas, ao seu final, ela se parece com as coisas tal qual são vistas quando o binóculo é usado de modo normal. Um homem precisa ter envelhecido e vivido bastante para perceber como a vida é curta”.
(Poema de Arthur Schopenhauer)
______________________________**_________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/**mailman/listinfo/users<http://lists.ovirt.org/mailman/listinfo/users>
there are three issues with installing freeipa on same machine as ovirt: 1. the mod_ssl, which is solvable, but requires some work on our side. 2. we faced some upgrade issues around this use case, though non are relevant right now iirc. 3. freeipa will override the default apache homepage redirection ovirt placed.
have you considered running freeipa in a guest? you can still use admin@internal for issues with that guest if needed.
-- “Encarada do ponto de vista da juventude, a vida parece um futuro indefinidamente longo, ao passo que, na velhice, ela parece um passado deveras curto. Assim, a vida no seu início se apresenta do mesmo modo que as coisas quando as olhamos através de um binóculo usado ao contrário; mas, ao seu final, ela se parece com as coisas tal qual são vistas quando o binóculo é usado de modo normal. Um homem precisa ter envelhecido e vivido bastante para perceber como a vida é curta”.
(Poema de Arthur Schopenhauer)
-- “Encarada do ponto de vista da juventude, a vida parece um futuro indefinidamente longo, ao passo que, na velhice, ela parece um passado deveras curto. Assim, a vida no seu início se apresenta do mesmo modo que as coisas quando as olhamos através de um binóculo usado ao contrário; mas, ao seu final, ela se parece com as coisas tal qual são vistas quando o binóculo é usado de modo normal. Um homem precisa ter envelhecido e vivido bastante para perceber como a vida é curta”.
(Poema de Arthur Schopenhauer)
-- “Encarada do ponto de vista da juventude, a vida parece um futuro indefinidamente longo, ao passo que, na velhice, ela parece um passado deveras curto. Assim, a vida no seu início se apresenta do mesmo modo que as coisas quando as olhamos através de um binóculo usado ao contrário; mas, ao seu final, ela se parece com as coisas tal qual são vistas quando o binóculo é usado de modo normal. Um homem precisa ter envelhecido e vivido bastante para perceber como a vida é curta”. (Poema de Arthur Schopenhauer)
------=_Part_48839715_2061586021.1355812226098 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable No,=20 Have you tried to perform authentication using this user regardless of oVir= t?=20 My speculation (Pavel, Oved , can you approve?)=20 it seems like your password policy might require to change the password at = first login (I saw such password policy at ActiveDirectory ).=20 Yair=20 ----- Original Message -----
From: "victor nunes" <victor.rebli@gmail.com> To: "Yair Zaslavsky" <yzaslavs@redhat.com> Cc: users@ovirt.org Sent: Tuesday, December 18, 2012 3:36:15 AM Subject: Re: [Users] tool engine-manage-domains
So returning.
I got a machine, I installed Fedora 17 on it. With that I managed to install FreeIPA. FreeIPA configured, and managed to add the domain with the tool "oVirt-manage-domains".
Created in FreeIPA users, set their passwords. I gave permission for them. However, I can only login with the admin user in the new domain. With users that I created, is giving the following message:
Can not Login. User Password has expired, Please change your password.
So, I need to give any more permission for users to login?
Att,
2012/12/6 Yair Zaslavsky < yzaslavs@redhat.com >
From: "victor nunes" < victor.rebli@gmail.com > =20 =20 To: "Yair Zaslavsky" < yzaslavs@redhat.com > =20 =20 Cc: users@ovirt.org , "Itamar Heim" < iheim@redhat.com > =20 =20 Sent: Thursday, December 6, 2012 2:14:49 AM =20 =20
Subject: Re: [Users] tool engine-manage-domains =20 =20
Hello, =20 =20
I'm going to do all these tests, but a question. =20 =20
I need to configure Kerberos on the server LDAP? =20 =20
Att, =20 =20 Yes. =20
2012/12/4 Yair Zaslavsky < yzaslavs@redhat.com > =20 =20
Hi, =20 =20 =20 Several things - =20 =20 =20 a. I think logging at this point should be improved =20 =20 =20 b. Since the log is not informative enough, please try the following: =20 =20 =20 1. Check that your credentials are correct =20 =20 =20 2. Check you have no clock skew issue (the time difference between the machine running manage-domains and your ldap server should be less or equal to 5 minutes). =20 =20 =20 3. Connection refused so there is some connectivity issue - =20 =20 =20 please query your ldap SRV records for the domain (IMHO dig SRV _ldap._tcp. viperde.com.br should do the trick) =20 =20 =20 please try to connect to these ldap servers manually - =20 =20 =20
For example, if the returned host from the dig SRV query is =20 =20 =20 aaa.viperde.com.br =20 =20 =20
perform: =20 =20 =20 telnet aaa.viperde.com.br 389 =20 =20 =20
Turns out that I did not have telnet installed on my fc17 machine - =20 =20 =20 I used yum install telnet to install it. =20 =20 =20
Kind regards, =20 =20 =20
Yair =20 =20 =20
From: "victor nunes" < victor.rebli@gmail.com > =20 =20 =20 =20 To: "Itamar Heim" < iheim@redhat.com > =20 =20 =20 =20 Cc: "Yair Zaslavsky" < yzaslavs@redhat.com >, users@ovirt.org =20 =20 =20 =20 Sent: Tuesday, December 4, 2012 3:28:56 AM =20 =20 =20 =20 Subject: Re: [Users] tool engine-manage-domains =20 =20 =20 =20
Thanks for the reply. =20 =20 =20 =20
I do not have another machine to the power configuar FreeIPA. =20 =20 =20 =20
I have a machine, I do not have access, which is an LDAP server installed on it. =20 =20 =20 =20 I configured a machine that is oVirt-manage as ldap client, I configured the dns, but in time to include the domain happens the following error: =20 =20 =20 =20
Error: exception message: Connection refused =20 =20 =20 =20 Failure while testing domain viprede.com.br . Details: Kerberos error. Please check log for further Top details. =20 =20 =20 =20
in the logs, I have the following lines: =20 =20 =20 =20
03/12/2012 20:25:26,390 INFO [org.ovirt.engine.core.utils.kerberos.ManageDomains] Creating kerberos configuration for domain (s): viprede.com.br =20 =20 =20 =20 03/12/2012 20:25:26,422 INFO [org.ovirt.engine.core.utils.kerberos.ManageDomains] Successfully created kerberos configuration for domain (s): viprede.com.br =20 =20 =20 =20 03/12/2012 20:25:26,422 INFO [org.ovirt.engine.core.utils.kerberos.ManageDomains] Testing kerberos configuration for domain: viprede.com.br . =20 =20 =20 =20
So what could be this error? =20 =20 =20 =20
2012/11/29 Itamar Heim < iheim@redhat.com > =20 =20 =20 =20
On 11/29/2012 05:58 AM, victor nunes wrote: =20 =20 =20 =20 =20
> 2012/11/29 Yair Zaslavsky < yzaslavs@redhat.com <mailto: > yzaslavs@redhat.com >> =20 =20 =20 =20 =20 =20
> Hi, =20 =20 =20 =20 =20 =20 > Can you redirect your question to users@ovirt.org =20 =20 =20 =20 =20 =20 > <mailto: users@ovirt.org >? =20 =20 =20 =20 =20 =20
> I think others will help you to forward your question to > relevant =20 =20 =20 =20 =20 =20 > people here (not sure I can provide a good answer). =20 =20 =20 =20 =20 =20
> On 11/29/2012 03:26 AM, victor nunes wrote: =20 =20 =20 =20 =20 =20
> So I'm trying to install FreeIPA on the same machine that =20 =20 =20 =20 =20 =20 > oVirt-manage, =20 =20 =20 =20 =20 =20 > but at the time of installation, the following error > occurs: =20 =20 =20 =20 =20 =20
> FreeIPA-server conflicts with 1: > mod_ssl-2.2.22-4.fc17.x86_64 =20 =20 =20 =20 =20 =20
> Looking for a solution to the problem, I discovered that > this > is =20 =20 =20 =20 =20 =20 > a bug =20 =20 =20 =20 =20 =20 > reported by others. =20 =20 =20 =20 =20 =20
> Follow the link to the bug reported: =20 =20 =20 =20 =20 =20 > https://bugzilla.redhat.com/__ show_bug.cgi?id=3D840098 =20 =20 =20 =20 =20 =20
> < https://bugzilla.redhat.com/ show_bug.cgi?id=3D840098 > =20 =20 =20 =20 =20 =20
> Then, using oo FreeIPA not be possible, which otherwise I > have =20 =20 =20 =20 =20 =20 > to add =20 =20 =20 =20 =20 =20 > new domains and users? =20 =20 =20 =20 =20 =20
> Em 8 de novembro de 2012 02:41, Yair Zaslavsky =20 =20 =20 =20 =20 =20 > < yzaslavs@redhat.com <mailto: yzaslavs@redhat.com > =20 =20 =20 =20 =20 =20 > <mailto: yzaslavs@redhat.com <mailto: yzaslavs@redhat.com > >>> > escreveu: =20 =20 =20 =20 =20 =20
> Hi, =20 =20 =20 =20 =20 =20 > You cannot create new users for the internal domain. =20 =20 =20 =20 =20 =20 > The internal domain was developed for quick POC, just to =20 =20 =20 =20 =20 =20 > allow login =20 =20 =20 =20 =20 =20 > to the system without the need for ldap provider. =20 =20 =20 =20 =20 =20 > I recommend you install some ldap server (i.e - free IPA) =20 =20 =20 =20 =20 =20 > and try to =20 =20 =20 =20 =20 =20 > work with it. =20 =20 =20 =20 =20 =20
> On 11/08/2012 01:08 AM, victor nunes wrote: =20 =20 =20 =20 =20 =20
> Sorry. =20 =20 =20 =20 =20 =20
> Att, =20 =20 =20 =20 =20 =20
> 2012/11/7 victor nunes < victor.rebli@gmail.com =20 =20 =20 =20 =20 =20 > <mailto: victor.rebli@gmail.com > =20 =20 =20 =20 =20 =20 > <mailto: victor.rebli@gmail.com =20 =20 =20 =20 =20 =20 > <mailto: victor.rebli@gmail.com >__> =20 =20 =20 =20 =20 =20 > <mailto: victor.rebli@gmail.com =20 =20 =20 =20 =20 =20 > <mailto: victor.rebli@gmail.com > <mailto: > victor.rebli@gmail.com =20 =20 =20 =20 =20 =20 > <mailto: victor.rebli@gmail.com >__>__>> =20 =20 =20 =20 =20 =20
> Thanks for the reply. =20 =20 =20 =20 =20 =20
> As the command "engine-manage-domains" works with =20 =20 =20 =20 =20 =20 > ldap, how =20 =20 =20 =20 =20 =20 > can I =20 =20 =20 =20 =20 =20 > create another user in the field "internal", and user =20 =20 =20 =20 =20 =20 > "admin" that =20 =20 =20 =20 =20 =20 > is created when you installed the engine-setup? =20 =20 =20 =20 =20 =20
> 2012/11/4 Yair Zaslavsky < yzaslavs@redhat.com =20 =20 =20 =20 =20 =20 > <mailto: yzaslavs@redhat.com > =20 =20 =20 =20 =20 =20 > <mailto: yzaslavs@redhat.com <mailto: yzaslavs@redhat.com > >> =20 =20 =20 =20 =20 =20 > <mailto: yzaslavs@redhat.com =20 =20 =20 =20 =20 =20 > <mailto: yzaslavs@redhat.com > <mailto: > yzaslavs@redhat.com =20 =20 =20 =20 =20 =20 > <mailto: yzaslavs@redhat.com >>> > =20 =20 =20 =20 =20 =20
> Hi, =20 =20 =20 =20 =20 =20 > The specified tool handle only ldap domains, =20 =20 =20 =20 =20 =20 > and not the =20 =20 =20 =20 =20 =20 > internal domain. =20 =20 =20 =20 =20 =20 > What would you like to change at the internal =20 =20 =20 =20 =20 =20 > domain? =20 =20 =20 =20 =20 =20 > I suggest you try to use engine-config for this. =20 =20 =20 =20 =20 =20
> ------------------------------ > ____-------------------------- > --__--__------------ =20 =20 =20 =20 =20 =20
> *From: *"victor nunes" =20 =20 =20 =20 =20 =20 > < victor.rebli@gmail.com <mailto: victor.rebli@gmail.com > > =20 =20 =20 =20 =20 =20 > <mailto: victor.rebli@gmail.com =20 =20 =20 =20 =20 =20 > <mailto: victor.rebli@gmail.com >__> =20 =20 =20 =20 =20 =20
> <mailto: victor.rebli@gmail.com =20 =20 =20 =20 =20 =20 > <mailto: victor.rebli@gmail.com > =20 =20 =20 =20 =20 =20 > <mailto: victor.rebli@gmail.com =20 =20 =20 =20 =20 =20 > <mailto: victor.rebli@gmail.com >__>__>> =20 =20 =20 =20 =20 =20
> *To: * users@ovirt.org =20 =20 =20 =20 =20 =20 > <mailto: users@ovirt.org > <mailto: users@ovirt.org =20 =20 =20 =20 =20 =20 > <mailto: users@ovirt.org >> =20 =20 =20 =20 =20 =20 > <mailto: users@ovirt.org <mailto: users@ovirt.org > =20 =20 =20 =20 =20 =20 > <mailto: users@ovirt.org <mailto: users@ovirt.org >>> =20 =20 =20 =20 =20 =20
> *Sent: *Sunday, November 4, 2012 12:18:55 AM =20 =20 =20 =20 =20 =20 > *Subject: *[Users] tool engine-manage-domains =20 =20 =20 =20 =20 =20
> I'm trying to change the default domain, the =20 =20 =20 =20 =20 =20 > "internal" with =20 =20 =20 =20 =20 =20 > the following command: =20 =20 =20 =20 =20 =20
> engine-manage-domains -action=3Dedit =20 =20 =20 =20 =20 =20 > -domain=3Dinternal =20 =20 =20 =20 =20 =20
> However, i am getting the following message: =20 =20 =20 =20 =20 =20
> "Domain internal doesn't exist int the =20 =20 =20 =20 =20 =20 > configuration" =20 =20 =20 =20 =20 =20
> This is my domain admin user that is =20 =20 =20 =20 =20 =20 > configured in the =20 =20 =20 =20 =20 =20 > installation ovirt-setup. =20 =20 =20 =20 =20 =20
> So, how can i fix it to include a user in =20 =20 =20 =20 =20 =20 > this domain? =20 =20 =20 =20 =20 =20
> Att, =20 =20 =20 =20 =20 =20
> -- =20 =20 =20 =20 =20 =20 > =E2=80=9CEncarada do ponto de vista da juventude, =20 =20 =20 =20 =20 =20 > a vida =20 =20 =20 =20 =20 =20 > parece um =20 =20 =20 =20 =20 =20 > futuro =20 =20 =20 =20 =20 =20 > indefinidamente longo, ao passo que, na =20 =20 =20 =20 =20 =20 > velhice, =20 =20 =20 =20 =20 =20 > ela parece =20 =20 =20 =20 =20 =20 > um passado =20 =20 =20 =20 =20 =20 > deveras curto. Assim, a vida no seu in=C3=ADcio se =20 =20 =20 =20 =20 =20 > apresenta do =20 =20 =20 =20 =20 =20 > mesmo modo =20 =20 =20 =20 =20 =20 > que as coisas quando as olhamos atrav=C3=A9s de um =20 =20 =20 =20 =20 =20 > bin=C3=B3culo usado =20 =20 =20 =20 =20 =20 > ao contr=C3=A1rio; mas, ao =20 =20 =20 =20 =20 =20 > seu final, ela se parece com as coisas =20 =20 =20 =20 =20 =20 > tal qual =20 =20 =20 =20 =20 =20 > s=C3=A3o vistas =20 =20 =20 =20 =20 =20 > quando o bin=C3=B3culo =20 =20 =20 =20 =20 =20 > =C3=A9 usado de modo normal. Um homem precisa ter =20 =20 =20 =20 =20 =20 > envelhecido e =20 =20 =20 =20 =20 =20 > vivido =20 =20 =20 =20 =20 =20 > bastante para perceber como a vida =C3=A9 curta=E2=80=9D. =20 =20 =20 =20 =20 =20
> (Poema de Arthur Schopenhauer) =20 =20 =20 =20 =20 =20
> ______________________________ _____________________ =20 =20 =20 =20 =20 =20
> Users mailing list =20 =20 =20 =20 =20 =20 > Users@ovirt.org <mailto: Users@ovirt.org > <mailto: > Users@ovirt.org =20 =20 =20 =20 =20 =20 > <mailto: Users@ovirt.org >> <mailto: Users@ovirt.org =20 =20 =20 =20 =20 =20 > <mailto: Users@ovirt.org > =20 =20 =20 =20 =20 =20 > <mailto: Users@ovirt.org <mailto: Users@ovirt.org >>> =20 =20 =20 =20 =20 =20
> http://lists.ovirt.org/____ mailman/listinfo/users =20 =20 =20 =20 =20 =20 > < http://lists.ovirt.org/__ mailman/listinfo/users > =20 =20 =20 =20 =20 =20
> < http://lists.ovirt.org/__ mailman/listinfo/users =20 =20 =20 =20 =20 =20 > < http://lists.ovirt.org/ mailman/listinfo/users >> =20 =20 =20 =20 =20 =20
> -- =20 =20 =20 =20 =20 =20 > =E2=80=9CEncarada do ponto de vista da juventude, a vida =20 =20 =20 =20 =20 =20 > parece um =20 =20 =20 =20 =20 =20 > futuro =20 =20 =20 =20 =20 =20 > indefinidamente longo, ao passo que, na velhice, =20 =20 =20 =20 =20 =20 > ela parece =20 =20 =20 =20 =20 =20 > um passado =20 =20 =20 =20 =20 =20 > deveras curto. Assim, a vida no seu in=C3=ADcio se =20 =20 =20 =20 =20 =20 > apresenta do =20 =20 =20 =20 =20 =20 > mesmo modo =20 =20 =20 =20 =20 =20 > que as coisas quando as olhamos atrav=C3=A9s de um =20 =20 =20 =20 =20 =20 > bin=C3=B3culo usado ao =20 =20 =20 =20 =20 =20 > contr=C3=A1rio; mas, ao =20 =20 =20 =20 =20 =20 > seu final, ela se parece com as coisas tal qual =20 =20 =20 =20 =20 =20 > s=C3=A3o vistas =20 =20 =20 =20 =20 =20 > quando o =20 =20 =20 =20 =20 =20 > bin=C3=B3culo =20 =20 =20 =20 =20 =20 > =C3=A9 usado de modo normal. Um homem precisa ter =20 =20 =20 =20 =20 =20 > envelhecido e =20 =20 =20 =20 =20 =20 > vivido =20 =20 =20 =20 =20 =20 > bastante para perceber como a vida =C3=A9 curta=E2=80=9D. =20 =20 =20 =20 =20 =20
> (Poema de Arthur Schopenhauer) =20 =20 =20 =20 =20 =20
> -- =20 =20 =20 =20 =20 =20 > =E2=80=9CEncarada do ponto de vista da juventude, a vida pare= ce =20 =20 =20 =20 =20 =20 > um futuro =20 =20 =20 =20 =20 =20 > indefinidamente longo, ao passo que, na velhice, ela =20 =20 =20 =20 =20 =20 > parece um =20 =20 =20 =20 =20 =20 > passado =20 =20 =20 =20 =20 =20 > deveras curto. Assim, a vida no seu in=C3=ADcio se apresenta =20 =20 =20 =20 =20 =20 > do mesmo =20 =20 =20 =20 =20 =20 > modo =20 =20 =20 =20 =20 =20 > que as coisas quando as olhamos atrav=C3=A9s de um bin=C3=B3c= ulo =20 =20 =20 =20 =20 =20 > usado ao =20 =20 =20 =20 =20 =20 > contr=C3=A1rio; mas, ao =20 =20 =20 =20 =20 =20 > seu final, ela se parece com as coisas tal qual s=C3=A3o =20 =20 =20 =20 =20 =20 > vistas quando o =20 =20 =20 =20 =20 =20 > bin=C3=B3culo =20 =20 =20 =20 =20 =20 > =C3=A9 usado de modo normal. Um homem precisa ter =20 =20 =20 =20 =20 =20 > envelhecido e vivido =20 =20 =20 =20 =20 =20 > bastante para perceber como a vida =C3=A9 curta=E2=80=9D. =20 =20 =20 =20 =20 =20
> (Poema de Arthur Schopenhauer) =20 =20 =20 =20 =20 =20
> -- =20 =20 =20 =20 =20 =20 > =E2=80=9CEncarada do ponto de vista da juventude, a vida pare= ce > um > futuro =20 =20 =20 =20 =20 =20 > indefinidamente longo, ao passo que, na velhice, ela > parece > um =20 =20 =20 =20 =20 =20 > passado =20 =20 =20 =20 =20 =20 > deveras curto. Assim, a vida no seu in=C3=ADcio se apresenta > do > mesmo =20 =20 =20 =20 =20 =20 > modo =20 =20 =20 =20 =20 =20 > que as coisas quando as olhamos atrav=C3=A9s de um bin=C3=B3c= ulo > usado > ao =20 =20 =20 =20 =20 =20 > contr=C3=A1rio; mas, ao =20 =20 =20 =20 =20 =20 > seu final, ela se parece com as coisas tal qual s=C3=A3o > vistas > quando > o =20 =20 =20 =20 =20 =20 > bin=C3=B3culo =20 =20 =20 =20 =20 =20 > =C3=A9 usado de modo normal. Um homem precisa ter envelhecido > e > vivido =20 =20 =20 =20 =20 =20 > bastante para perceber como a vida =C3=A9 curta=E2=80=9D. =20 =20 =20 =20 =20 =20
> (Poema de Arthur Schopenhauer) =20 =20 =20 =20 =20 =20
> -- =20 =20 =20 =20 =20 =20 > =E2=80=9CEncarada do ponto de vista da juventude, a vida pare= ce > um > futuro =20 =20 =20 =20 =20 =20 > indefinidamente longo, ao passo que, na velhice, ela > parece > um > passado =20 =20 =20 =20 =20 =20 > deveras curto. Assim, a vida no seu in=C3=ADcio se apresenta > do > mesmo > modo =20 =20 =20 =20 =20 =20 > que as coisas quando as olhamos atrav=C3=A9s de um bin=C3=B3c= ulo > usado > ao =20 =20 =20 =20 =20 =20 > contr=C3=A1rio; mas, ao =20 =20 =20 =20 =20 =20 > seu final, ela se parece com as coisas tal qual s=C3=A3o > vistas > quando > o =20 =20 =20 =20 =20 =20 > bin=C3=B3culo =20 =20 =20 =20 =20 =20 > =C3=A9 usado de modo normal. Um homem precisa ter envelhecido > e > vivido =20 =20 =20 =20 =20 =20 > bastante para perceber como a vida =C3=A9 curta=E2=80=9D. =20 =20 =20 =20 =20 =20
> (Poema de Arthur Schopenhauer) =20 =20 =20 =20 =20 =20
> ______________________________ _________________ =20 =20 =20 =20 =20 =20 > Users mailing list =20 =20 =20 =20 =20 =20 > Users@ovirt.org =20 =20 =20 =20 =20 =20 > http://lists.ovirt.org/ mailman/listinfo/users =20 =20 =20 =20 =20 =20
there are three issues with installing freeipa on same machine as ovirt: =20 =20 =20 =20 =20 1. the mod_ssl, which is solvable, but requires some work on our side. =20 =20 =20 =20 =20 2. we faced some upgrade issues around this use case, though non are relevant right now iirc. =20 =20 =20 =20 =20 3. freeipa will override the default apache homepage redirection ovirt placed. =20 =20 =20 =20 =20
have you considered running freeipa in a guest? you can still use admin@internal for issues with that guest if needed. =20 =20 =20 =20 =20
-- =20 =20 =20 =20 =E2=80=9CEncarada do ponto de vista da juventude, a vida parece u= m futuro =20 =20 =20 =20 indefinidamente longo, ao passo que, na velhice, ela parece um passado =20 =20 =20 =20 deveras curto. Assim, a vida no seu in=C3=ADcio se apresenta do mesmo modo =20 =20 =20 =20 que as coisas quando as olhamos atrav=C3=A9s de um bin=C3=B3culo = usado ao contr=C3=A1rio; mas, ao =20 =20 =20 =20 seu final, ela se parece com as coisas tal qual s=C3=A3o vistas quando o bin=C3=B3culo =20 =20 =20 =20 =C3=A9 usado de modo normal. Um homem precisa ter envelhecido e vivido =20 =20 =20 =20 bastante para perceber como a vida =C3=A9 curta=E2=80=9D. =20 =20 =20 =20
(Poema de Arthur Schopenhauer) =20 =20 =20 =20
-- =20 =20 =E2=80=9CEncarada do ponto de vista da juventude, a vida parece um fu= turo =20 =20 indefinidamente longo, ao passo que, na velhice, ela parece um passado =20 =20 deveras curto. Assim, a vida no seu in=C3=ADcio se apresenta do mesmo modo =20 =20 que as coisas quando as olhamos atrav=C3=A9s de um bin=C3=B3culo usad= o ao contr=C3=A1rio; mas, ao =20 =20 seu final, ela se parece com as coisas tal qual s=C3=A3o vistas quand= o o bin=C3=B3culo =20 =20 =C3=A9 usado de modo normal. Um homem precisa ter envelhecido e vivid= o =20 =20 bastante para perceber como a vida =C3=A9 curta=E2=80=9D. =20 =20
(Poema de Arthur Schopenhauer) =20 =20
-- =E2=80=9CEncarada do ponto de vista da juventude, a vida parece um futuro indefinidamente longo, ao passo que, na velhice, ela parece um passado deveras curto. Assim, a vida no seu in=C3=ADcio se apresenta do mesmo mod= o que as coisas quando as olhamos atrav=C3=A9s de um bin=C3=B3culo usado ao contr=C3=A1rio; mas, ao seu final, ela se parece com as coisas tal qual s=C3=A3o vistas quando o bin=C3=B3culo =C3=A9 usado de modo normal. Um homem precisa ter envelhecido e vivido bastante para perceber como a vida =C3=A9 curta=E2=80=9D.
(Poema de Arthur Schopenhauer)
------=_Part_48839715_2061586021.1355812226098 Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: quoted-printable <html><head><style type=3D'text/css'>p { margin: 0; }</style></head><body><= div style=3D'font-family: times new roman,new york,times,serif; font-size: = 12pt; color: #000000'>No, <div>Have you tried to perform authenticatio= n using this user regardless of oVirt?</div><div><br></div><div>My speculat= ion (Pavel, Oved , can you approve?)</div><div><br></div><div>it seems like= your password policy might require to change the password at first login (= I saw such password policy at ActiveDirectory ).</div><div><br></div><div>Y= air<br><hr id=3D"zwchr"><blockquote style=3D"border-left:2px solid rgb(16, = 16, 255);margin-left:5px;padding-left:5px;color:#000;font-weight:normal;fon= t-style:normal;text-decoration:none;font-family:Helvetica,Arial,sans-serif;= font-size:12pt;"><b>From: </b>"victor nunes" <victor.rebli@gmail.com>= <br><b>To: </b>"Yair Zaslavsky" <yzaslavs@redhat.com><br><b>Cc: </b>u= sers@ovirt.org<br><b>Sent: </b>Tuesday, December 18, 2012 3:36:15 AM<br><b>= Subject: </b>Re: [Users] tool engine-manage-domains<br><br><div><br></div><= div><div>So returning.</div><div><br></div><div>I got a machine, I installe= d Fedora 17 on it.</div><div>With that I managed to install FreeIPA.</div><= div>FreeIPA configured, and managed to add the domain with the tool</div> <div>"oVirt-manage-domains".</div><div><br></div><div>Created in FreeIPA us= ers, set their passwords.</div><div>I gave permission for them.</div><div>H= owever, I can only login with the admin user in the new domain.</div> <div>With users that I created, is giving the following message:</div><div>= <br></div><div>Can not Login. User Password has expired, Please change your= password.</div><div><br></div><div>So, I need to give any more permission = for users to login?</div> </div><div><br></div><div><br></div>Att,<br><br><div class=3D"gmail_quote">= 2012/12/6 Yair Zaslavsky <span dir=3D"ltr"><<a href=3D"mailto:yzaslavs@r= edhat.com" target=3D"_blank">yzaslavs@redhat.com</a>></span><br><blockqu= ote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1px #ccc s= olid;padding-left:1ex"> <div><div style=3D"font-size:12pt;font-family:times new roman,new york,time= s,serif"><br><br><hr><blockquote style=3D"padding-left:5px;font-size:12pt;f= ont-style:normal;margin-left:5px;font-family:Helvetica,Arial,sans-serif;tex= t-decoration:none;font-weight:normal;border-left:2px solid rgb(16,16,255)"> <b>From: </b>"victor nunes" <<a href=3D"mailto:victor.rebli@gmail.com" t= arget=3D"_blank">victor.rebli@gmail.com</a>><br><b>To: </b>"Yair Zaslavs= ky" <<a href=3D"mailto:yzaslavs@redhat.com" target=3D"_blank">yzaslavs@r= edhat.com</a>><br> <b>Cc: </b><a href=3D"mailto:users@ovirt.org" target=3D"_blank">users@ovirt= .org</a>, "Itamar Heim" <<a href=3D"mailto:iheim@redhat.com" target=3D"_= blank">iheim@redhat.com</a>><br><b>Sent: </b>Thursday, December 6, 2012 = 2:14:49 AM<div> <br><b>Subject: </b>Re: [Users] tool engine-manage-domains<br><br></div><di= v><div>Hello,</div><div><br></div><div>I'm going to do all these tests, but= a question.</div><div><br></div><div>I need to configure Kerberos on the s= erver LDAP?</div> <div><br></div><div>Att,</div></div></blockquote>Yes.<div><div><br><br><blo= ckquote style=3D"padding-left:5px;font-size:12pt;font-style:normal;margin-l= eft:5px;font-family:Helvetica,Arial,sans-serif;text-decoration:none;font-we= ight:normal;border-left:2px solid rgb(16,16,255)"> <div></div><br><div class=3D"gmail_quote"> 2012/12/4 Yair Zaslavsky <span dir=3D"ltr"><<a href=3D"mailto:yzaslavs@r= edhat.com" target=3D"_blank">yzaslavs@redhat.com</a>></span><br><blockqu= ote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1px #ccc s= olid;padding-left:1ex"> <div><div style=3D"font-size:12pt;font-family:times new roman,new york,time= s,serif"><font face=3D"times new roman, new york, times, serif">Hi,</font><= div style=3D"font-family:'times new roman','new york',times,serif"> Several things -</div><div style=3D"font-family:'times new roman','new york= ',times,serif">a. I think logging at this point should be improved</div><di= v style=3D"font-family:'times new roman','new york',times,serif"> b. Since the log is not informative enough, please try the following:</div>= <div style=3D"font-family:'times new roman','new york',times,serif">1. Chec= k that your credentials are correct</div><div style=3D"font-family:'t= imes new roman','new york',times,serif"> 2. Check you have no clock skew issue (the time difference between the mach= ine running manage-domains and your ldap server should be less or equal to = 5 minutes).</div><div style=3D"font-family:'times new roman','new york',tim= es,serif"> 3. Connection refused so there is some connectivity issue - </div><div=
<font face=3D"times new roman, new york, times, serif">please query your l= dap SRV records for the domain (IMHO dig SRV _ldap._tcp.</font><font face= =3D"Helvetica, Arial, sans-serif"><a href=3D"http://viperde.com.br" target= =3D"_blank">viperde.com.br</a> should do the trick) </font></div>
<div><font face=3D"Helvetica, Arial, sans-serif">please try to connect to t= hese ldap servers manually -</font></div><div><br></div><div><font face=3D"= Helvetica, Arial, sans-serif">For example, if the returned host from the di= g SRV query is</font></div> <div><font face=3D"Helvetica, Arial, sans-serif"><a href=3D"http://aaa.vipe= rde.com.br" target=3D"_blank">aaa.viperde.com.br</a></font></div><div><font= face=3D"Helvetica, Arial, sans-serif"><br></font></div><div><font face=3D"= Helvetica, Arial, sans-serif">perform:</font></div> <div><font face=3D"Helvetica, Arial, sans-serif">telnet <a href=3D"http://a= aa.viperde.com.br" target=3D"_blank">aaa.viperde.com.br</a> 389</font></div=
<div><font face=3D"Helvetica, Arial, sans-serif"><br></font></div><div><fo= nt face=3D"Helvetica, Arial, sans-serif">Turns out that I did not have teln= et installed on my fc17 machine -</font></div>
<div><font face=3D"Helvetica, Arial, sans-serif">I used yum install telnet = to install it.</font></div><div><font face=3D"Helvetica, Arial, sans-serif"=
<br></font></div><div><font face=3D"Helvetica, Arial, sans-serif">Kind reg= ards,</font></div>
<div><font face=3D"Helvetica, Arial, sans-serif"><br></font></div><div><fon= t face=3D"Helvetica, Arial, sans-serif">Yair</font></div><div><font face=3D= "Helvetica, Arial, sans-serif"><br></font></div><div style=3D"font-family:'= times new roman','new york',times,serif"> <br><hr><blockquote style=3D"padding-left:5px;font-size:12pt;font-style:nor= mal;margin-left:5px;font-family:Helvetica,Arial,sans-serif;text-decoration:= none;font-weight:normal;border-left:2px solid rgb(16,16,255)"><b>From: </b>= "victor nunes" <<a href=3D"mailto:victor.rebli@gmail.com" target=3D"_bla= nk">victor.rebli@gmail.com</a>><br> <b>To: </b>"Itamar Heim" <<a href=3D"mailto:iheim@redhat.com" target=3D"= _blank">iheim@redhat.com</a>><br><b>Cc: </b>"Yair Zaslavsky" <<a href= =3D"mailto:yzaslavs@redhat.com" target=3D"_blank">yzaslavs@redhat.com</a>&g= t;, <a href=3D"mailto:users@ovirt.org" target=3D"_blank">users@ovirt.org</a=
<br>
<b>Sent: </b>Tuesday, December 4, 2012 3:28:56 AM<br><b>Subject: </b>Re: [U= sers] tool engine-manage-domains<div><div><br><br><div>Thanks for the reply= .</div><div><br></div><div>I do not have another machine to the power confi= guar FreeIPA.</div> <div><br></div><div>I have a machine, I do not have access, which is an LDA= P server installed on it.</div> <div>I configured a machine that is oVirt-manage as ldap client, I configur= ed the dns, but in time to include the domain happens the following error:<= /div><div><br></div><div>Error: exception message: Connection refused</div> <div>Failure while testing domain <a href=3D"http://viprede.com.br" target= =3D"_blank">viprede.com.br</a>. Details: Kerberos error. Please check log f= or further Top details.</div><div><br></div><div>in the logs, I have the fo= llowing lines:</div> <div><br></div><div>03/12/2012 20:25:26,390 INFO [org.ovirt.engine.core.uti= ls.kerberos.ManageDomains] Creating kerberos configuration for domain (s): = <a href=3D"http://viprede.com.br" target=3D"_blank">viprede.com.br</a></div=
<div>03/12/2012 20:25:26,422 INFO [org.ovirt.engine.core.utils.kerberos.Man= ageDomains] Successfully created kerberos configuration for domain (s): <a = href=3D"http://viprede.com.br" target=3D"_blank">viprede.com.br</a></div> <div>03/12/2012 20:25:26,422 INFO [org.ovirt.engine.core.utils.kerberos.Man= ageDomains] Testing kerberos configuration for domain: <a href=3D"http://vi= prede.com.br" target=3D"_blank">viprede.com.br</a>.</div><div><br></div><di= v> So what could be this error?</div> <br><div class=3D"gmail_quote">2012/11/29 Itamar Heim <span dir=3D"ltr"><= ;<a href=3D"mailto:iheim@redhat.com" target=3D"_blank">iheim@redhat.com</a>= ></span><br><blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex= ;border-left:1px #ccc solid;padding-left:1ex"> On 11/29/2012 05:58 AM, victor nunes wrote:<br> <blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1p= x #ccc solid;padding-left:1ex"> <br> <br> 2012/11/29 Yair Zaslavsky <<a href=3D"mailto:yzaslavs@redhat.com" target= =3D"_blank">yzaslavs@redhat.com</a> <mailto:<a href=3D"mailto:yzaslavs@r= edhat.com" target=3D"_blank">yzaslavs@redhat.com</a>>><div><br> <br> Hi,<br> Can you redirect your question to <a href=3D"mailto:users@ovi= rt.org" target=3D"_blank">users@ovirt.org</a><br></div> <mailto:<a href=3D"mailto:users@ovirt.org" target=3D"_blan= k">users@ovirt.org</a>>?<div><br> I think others will help you to forward your question to rele= vant<br> people here (not sure I can provide a good answer).<br> <br> <br> <br> On 11/29/2012 03:26 AM, victor nunes wrote:<br> <br> So I'm trying to install FreeIPA on the same ma= chine that<br> oVirt-manage,<br> but at the time of installation, the following = error occurs:<br> <br> FreeIPA-server conflicts with 1: mod_ssl-2.2.22= -4.fc17.x86_64<br> <br> <br> Looking for a solution to the problem, I discov= ered that this is<br> a bug<br> reported by others.<br> <br> Follow the link to the bug reported:<br></div> <a href=3D"https://bugzilla.redhat.com/__show_b= ug.cgi?id=3D840098" target=3D"_blank">https://bugzilla.redhat.com/__<u></u>= show_bug.cgi?id=3D840098</a><div><br> <<a href=3D"https://bugzilla.redhat.com/show= _bug.cgi?id=3D840098" target=3D"_blank">https://bugzilla.redhat.com/<u></u>= show_bug.cgi?id=3D840098</a>><br> <br> Then, using oo FreeIPA not be possible, which o= therwise I have<br> to add<br> new domains and users?<br> <br> Em 8 de novembro de 2012 02:41, Yair Zaslavsky<= br> <<a href=3D"mailto:yzaslavs@redhat.com" targ= et=3D"_blank">yzaslavs@redhat.com</a> <mailto:<a href=3D"mailto:yzaslavs= @redhat.com" target=3D"_blank">yzaslavs@redhat.com</a>><br></div> <mailto:<a href=3D"mailto:yzaslavs@redhat.co= m" target=3D"_blank">yzaslavs@redhat.com</a> <mailto:<a href=3D"mailto:y= zaslavs@redhat.com" target=3D"_blank">yzaslavs@redhat.com</a>>>> e= screveu:<div> <br> <br> <br> Hi,<br> You cannot create new users= for the internal domain.<br> The internal domain was dev= eloped for quick POC, just to<br> allow login<br> to the system without the n= eed for ldap provider.<br> I recommend you install som= e ldap server (i.e - free IPA)<br> and try to<br> work with it.<br> <br> <br> <br> On 11/08/2012 01:08 AM, vic= tor nunes wrote:<br> <br> Sorry.<br> <br> Att,<br> <br> 2012/11/7 vic= tor nunes <<a href=3D"mailto:victor.rebli@gmail.com" target=3D"_blank">v= ictor.rebli@gmail.com</a><br> <mailto:<a href=3D"mailto:victor.rebli@gmail= .com" target=3D"_blank">victor.rebli@gmail.com</a><u></u>><br> <mailto:<a= href=3D"mailto:victor.rebli@gmail.com" target=3D"_blank">victor.rebli@gmai= l.com</a><br> <mailto:<a href=3D"mailto:victor.rebli@gmail= .com" target=3D"_blank">victor.rebli@gmail.com</a><u></u>>__><br> <mailto:<a= href=3D"mailto:victor.rebli@gmail.com" target=3D"_blank">victor.rebli@gmai= l.com</a><br> <mailto:<a href=3D"mailto:victor.rebli@gmail= .com" target=3D"_blank">victor.rebli@gmail.com</a><u></u>> <mailto:<a= href=3D"mailto:victor.rebli@gmail.com" target=3D"_blank">victor.rebli@gmai= l.com</a><br></div> <mailto:<a href=3D"mailto:victor.rebli@gmail= .com" target=3D"_blank">victor.rebli@gmail.com</a><u></u>>__>__>&g= t;<div><br> <br> <br> <br> = ; Thanks for the reply.<br> <br> = ; As the command "engine-manage-domains" works with<br> ldap, how<br> can I<br> = ; create another user in the field "internal", and user<br> "admin" that<= br> = ; is created when you installed the engine-setup?<br> <br> = ; 2012/11/4 Yair Zaslavsky <<a href=3D"mailto:yzaslavs@redhat.com" targe= t=3D"_blank">yzaslavs@redhat.com</a><br> <mailto:<a href=3D"mailto:yzaslavs@redhat.co= m" target=3D"_blank">yzaslavs@redhat.com</a>><br> <mailto:<a= href=3D"mailto:yzaslavs@redhat.com" target=3D"_blank">yzaslavs@redhat.com<= /a> <mailto:<a href=3D"mailto:yzaslavs@redhat.com" target=3D"_blank">yza= slavs@redhat.com</a>>><br> = ; <mailto:<a href=3D"mailto:yzaslavs@redhat.com" target=3D"_blank">yzasl= avs@redhat.com</a><br> <mailto:<a href=3D"mailto:yzaslavs@redhat.co= m" target=3D"_blank">yzaslavs@redhat.com</a>> <mailto:<a href=3D"mail= to:yzaslavs@redhat.com" target=3D"_blank">yzaslavs@redhat.com</a><br> <mailto:<a href=3D"mailto:yzaslavs@redhat.co= m" target=3D"_blank">yzaslavs@redhat.com</a>>>><u></u>><br> <br> <br> <br> = ; Hi,<br> = ; The specified tool handle only ldap domains,<br> and not the<br> = ; internal domain.<br> = ; What would you like to change at the internal<br> domain?<br> = ; I suggest you try to use engine-config for this.<br> <br> <br> <br> <br></div> ------------------------------<u></u>____------= --------------------<u></u>--__--__------------<div><br> <br> <br> = ; *From: *"victor nunes"<br> <<a href=3D"mailto:victor.rebli@gmail.com" t= arget=3D"_blank">victor.rebli@gmail.com</a> <mailto:<a href=3D"mailto:vi= ctor.rebli@gmail.com" target=3D"_blank">victor.rebli@gmail.com</a><u></u>&g= t;<br> <mailto:<a= href=3D"mailto:victor.rebli@gmail.com" target=3D"_blank">victor.rebli@gmai= l.com</a><br> <mailto:<a href=3D"mailto:victor.rebli@gmail= .com" target=3D"_blank">victor.rebli@gmail.com</a><u></u>>__><br></di= v><div> = ; <mailto:<a href=3D"mailto:victor.rebli@gma= il.com" target=3D"_blank">victor.rebli@gmail.com</a><br> <mailto:<a href=3D"mailto:victor.rebli@gmail= .com" target=3D"_blank">victor.rebli@gmail.com</a><u></u>><br> <mailto:<a= href=3D"mailto:victor.rebli@gmail.com" target=3D"_blank">victor.rebli@gmai= l.com</a><br></div> <mailto:<a href=3D"mailto:victor.rebli@gmail= .com" target=3D"_blank">victor.rebli@gmail.com</a><u></u>>__>__>&g= t;<div><div><br> = ; *To: *<a href=3D"mailto:users@ovirt.org" targ= et=3D"_blank">users@ovirt.org</a><br> <mailto:<a href=3D"mailto:users@ovirt.org" t= arget=3D"_blank">users@ovirt.org</a>> <mailto:<a href=3D"mailto:users= @ovirt.org" target=3D"_blank">users@ovirt.org</a><br> <mailto:<a href=3D"mailto:users@ovirt.org" t= arget=3D"_blank">users@ovirt.org</a>>><br> <mailto:<a= href=3D"mailto:users@ovirt.org" target=3D"_blank">users@ovirt.org</a> <= mailto:<a href=3D"mailto:users@ovirt.org" target=3D"_blank">users@ovirt.org= </a>><br> <mailto:<a href=3D"mailto:users@ovirt.org" t= arget=3D"_blank">users@ovirt.org</a> <mailto:<a href=3D"mailto:users@ovi= rt.org" target=3D"_blank">users@ovirt.org</a>>>><br> <br> = ; *Sent: *Sunday, November 4, 2012 12:18:55 AM<= br> = ; *Subject: *[Users] tool engine-manage-domains= <br> <br> <br> <br> = ; I'm trying to change the default domain, the<= br> "internal" wi= th<br> = ; the following command:<br> <br> = ; engine-manage-domains -action=3Dedit<br> -domain=3Dinternal<br> <br> = ; However, i am getting the following message:<= br> <br> = ; "Domain internal doesn't exist int the<br> configuration"<br> <br> = ; This is my domain admin user that is<br> configured in the<br> = ; installation ovirt-setup.<br> <br> = ; So, how can i fix it to include a user in<br> this domain?<br> <br> <br> = ; Att,<br> <br> <br> <br> <br> = ; --<br> = ; =E2=80=9CEncarada do ponto de vista da juvent= ude,<br> a vida<br> parece um<br> = ; futuro<br> = ; indefinidamente longo, ao passo que, na<br> velhice,<br> ela parece<br=
= ; um passado<br> = ; deveras curto. Assim, a vida no seu in=C3=ADc= io se<br> apresenta do<= br> = ; mesmo modo<br> = ; que as coisas quando as olhamos atrav=C3=A9s = de um<br> bin=C3=B3culo= usado<br> = ; ao contr=C3=A1rio; mas, ao<br> = ; seu final, ela se parece com as coisas<br> tal qual<br> s=C3=A3o vist= as<br> = ; quando o bin=C3=B3culo<br> = ; =C3=A9 usado de modo normal. Um homem precisa= ter<br> envelhecido e= <br> = ; vivido<br> = ; bastante para perceber como a vida =C3=A9 cur= ta=E2=80=9D.<br> <br> = ; (Poema de = Arthur Schopenhauer)<br> <br> <br></div></div> ______________________________<u></u>___= __________________<div><br> = ; Users mailing list<br> <a href=3D"mailto:Users@ovirt.org" target=3D"_b= lank">Users@ovirt.org</a> <mailto:<a href=3D"mailto:Users@ovirt.org" tar= get=3D"_blank">Users@ovirt.org</a>> <mailto:<a href=3D"mailto:Users@o= virt.org" target=3D"_blank">Users@ovirt.org</a><br> </div> <mailto:<a href=3D"mailto:Users@ovirt.org" t= arget=3D"_blank">Users@ovirt.org</a>>> <mailto:<a href=3D"mailto:U= sers@ovirt.org" target=3D"_blank">Users@ovirt.org</a><br> <mailto:<a href=3D"mailto:Users@ovirt.org" t= arget=3D"_blank">Users@ovirt.org</a>><br> <mailto:<a= href=3D"mailto:Users@ovirt.org" target=3D"_blank">Users@ovirt.org</a> <= mailto:<a href=3D"mailto:Users@ovirt.org" target=3D"_blank">Users@ovirt.org= </a>>>><br> <br> <a href=3D"http://lists.ovirt.org/____mailman/l= istinfo/users" target=3D"_blank">http://lists.ovirt.org/____<u></u>mailman/= listinfo/users</a><br> <<a href=3D"http://lists.ovirt.org/__mailman= /listinfo/users" target=3D"_blank">http://lists.ovirt.org/__<u></u>mailman/= listinfo/users</a>><div><div><br> <br> <<a href= =3D"http://lists.ovirt.org/__mailman/listinfo/users" target=3D"_blank">http= ://lists.ovirt.org/__<u></u>mailman/listinfo/users</a><br> <<a href=3D"http://lists.ovirt.org/mailman/l= istinfo/users" target=3D"_blank">http://lists.ovirt.org/<u></u>mailman/list= info/users</a>>><br> <br> <br> <br> <br> <br> = ; --<br> = ; =E2=80=9CEncarada do ponto de vista da juventude, a vida<br> parece um<br> futuro<br> = ; indefinidamente longo, ao passo que, na velhice,<br> ela parece<br> um passado<br=
= ; deveras curto. Assim, a vida no seu in=C3=ADcio se<br> apresenta do<br> mesmo modo<br=
= ; que as coisas quando as olhamos atrav=C3=A9s de um<br> bin=C3=B3culo usado ao<br> = ; contr=C3=A1rio; mas, ao<br> = ; seu final, ela se parece com as coisas tal qual<br> s=C3=A3o vistas<br> quando o<br> = ; bin=C3=B3culo<br> = ; =C3=A9 usado de modo normal. Um homem precisa ter<br> envelhecido e<br> vivido<br> = ; bastante para perceber como a vida =C3=A9 curta=E2=80=9D.<br> <br> = ; (Poema de Arthur Schopenhauer)<br> <br> <br> <br> <br> --<br> =E2=80=9CEnca= rada do ponto de vista da juventude, a vida parece<br> um futuro<br> indefinidamen= te longo, ao passo que, na velhice, ela<br> parece um<br> passado<br> deveras curto= . Assim, a vida no seu in=C3=ADcio se apresenta<br> do mesmo<br> modo<br> que as coisas= quando as olhamos atrav=C3=A9s de um bin=C3=B3culo<br> usado ao<br> contr=C3=A1ri= o; mas, ao<br> seu final, el= a se parece com as coisas tal qual s=C3=A3o<br> vistas quando o<br> bin=C3=B3culo= <br> =C3=A9 usado = de modo normal. Um homem precisa ter<br> envelhecido e vivido<br> bastante para= perceber como a vida =C3=A9 curta=E2=80=9D.<br> <br> = ; (Poema de Arthur Schopenhauer)<br> <br> <br> <br> <br> --<br> =E2=80=9CEncarada do ponto de vista da juventud= e, a vida parece um futuro<br> indefinidamente longo, ao passo que, na velhice= , ela parece um<br> passado<br> deveras curto. Assim, a vida no seu in=C3=ADcio= se apresenta do mesmo<br> modo<br> que as coisas quando as olhamos atrav=C3=A9s de= um bin=C3=B3culo usado ao<br> contr=C3=A1rio; mas, ao<br> seu final, ela se parece com as coisas ta= l qual s=C3=A3o vistas quando o<br> bin=C3=B3culo<br> =C3=A9 usado de modo normal. Um homem precisa t= er envelhecido e vivido<br> bastante para perceber como a vida =C3=A9 curta= =E2=80=9D.<br> <br> (Poema= de Arthur Schopenhauer)<br> <br> <br> <br> <br> --<br> =E2=80=9CEncarada do ponto de vista da juventude, a vida parece um futuro<b= r> indefinidamente longo, ao passo que, na velhice, ela parece um passado<br> deveras curto. Assim, a vida no seu in=C3=ADcio se apresenta do mesmo modo<= br> que as coisas quando as olhamos atrav=C3=A9s de um bin=C3=B3culo usado ao<b= r> contr=C3=A1rio; mas, ao<br> seu final, ela se parece com as coisas tal qual s=C3=A3o vistas quand= o o<br> bin=C3=B3culo<br> =C3=A9 usado de modo normal. Um homem precisa ter envelhecido e vivido<br> bastante para perceber como a vida =C3=A9 curta=E2=80=9D.<br> <br> (Poema de Arthur Schopenhauer)<br> <br> <br></div></div><div> ______________________________<u></u>_________________<br> Users mailing list<br> <a href=3D"mailto:Users@ovirt.org" target=3D"_blank">Users@ovirt.org</a><br=
</div><a href=3D"http://lists.ovirt.org/mailman/listinfo/users" target=3D"_= blank">http://lists.ovirt.org/<u></u>mailman/listinfo/users</a><br> <br> </blockquote> <br> there are three issues with installing freeipa on same machine as ovirt:<br=
1. the mod_ssl, which is solvable, but requires some work on our side.<br> 2. we faced some upgrade issues around this use case, though non are releva= nt right now iirc.<br> 3. freeipa will override the default apache homepage redirection ovirt plac= ed.<br> <br> have you considered running freeipa in a guest? you can still use admin@int= ernal for issues with that guest if needed.<br> </blockquote></div><br><br clear=3D"all"><div><br></div>-- <br>=E2=80=9CEnc= arada do ponto de vista da juventude, a vida parece um futuro<br>indefinida= mente longo, ao passo que, na velhice, ela parece um passado <br>deveras cu= rto. Assim, a vida no seu in=C3=ADcio se apresenta do mesmo modo<br> que as coisas quando as olhamos atrav=C3=A9s de um bin=C3=B3culo usado ao c= ontr=C3=A1rio; mas, ao <br>seu final, ela se parece com as coisas tal= qual s=C3=A3o vistas quando o bin=C3=B3culo<br>=C3=A9 usado de modo normal= . Um homem precisa ter envelhecido e vivido<br> bastante para perceber como a vida =C3=A9 curta=E2=80=9D. <br>= <br> (Poema de Arthur Schopenhauer)<br> </div></div></blockquote><br></div></div></div></blockquote></div><br><br c= lear=3D"all"><div><br></div>-- <br>=E2=80=9CEncarada do ponto de vista da j= uventude, a vida parece um futuro<br>indefinidamente longo, ao passo que, n= a velhice, ela parece um passado <br> deveras curto. Assim, a vida no seu in=C3=ADcio se apresenta do mesmo modo<= br>que as coisas quando as olhamos atrav=C3=A9s de um bin=C3=B3culo usado a= o contr=C3=A1rio; mas, ao <br>seu final, ela se parece com as coisas = tal qual s=C3=A3o vistas quando o bin=C3=B3culo<br> =C3=A9 usado de modo normal. Um homem precisa ter envelhecido e vivido<br>b= astante para perceber como a vida =C3=A9 curta=E2=80=9D. <br><= br> (Poema de Arthur Schopenhauer)<br> </blockquote><br></div></div></div></div></blockquote></div><br><br clear= =3D"all"><div><br></div>-- <br>=E2=80=9CEncarada do ponto de vista da juven= tude, a vida parece um futuro<br>indefinidamente longo, ao passo que, na ve= lhice, ela parece um passado <br> deveras curto. Assim, a vida no seu in=C3=ADcio se apresenta do mesmo modo<= br>que as coisas quando as olhamos atrav=C3=A9s de um bin=C3=B3culo usado a= o contr=C3=A1rio; mas, ao <br>seu final, ela se parece com as coisas = tal qual s=C3=A3o vistas quando o bin=C3=B3culo<br> =C3=A9 usado de modo normal. Um homem precisa ter envelhecido e vivido<br>b= astante para perceber como a vida =C3=A9 curta=E2=80=9D. <br><= br> (Poema de Arthur Schopenhauer)<br> </blockquote><br></div></div></body></html> ------=_Part_48839715_2061586021.1355812226098--
Hi, indeed, looks like that. It can be easily checked by 'kinit my-user@domain' from IPA machine (or any client which uses correct settings in /etc/krb5.conf). In case you create user in ipa it's default policy will ask you for pwd change when auth performs for 1st time. P. On Tuesday 18 of December 2012 01:30:26 Yair Zaslavsky wrote: No, Have you tried to perform authentication using this user regardless of oVirt? My speculation (Pavel, Oved , can you approve?) it seems like your password policy might require to change the password at first login (I saw such password policy at ActiveDirectory ). Yair From: "victor nunes" <victor.rebli@gmail.com> To: "Yair Zaslavsky" <yzaslavs@redhat.com> Cc: users@ovirt.org Sent: Tuesday, December 18, 2012 3:36:15 AM Subject: Re: [Users] tool engine-manage-domains So returning. I got a machine, I installed Fedora 17 on it. With that I managed to install FreeIPA. FreeIPA configured, and managed to add the domain with the tool "oVirt-manage-domains". Created in FreeIPA users, set their passwords. I gave permission for them. However, I can only login with the admin user in the new domain. With users that I created, is giving the following message: Can not Login. User Password has expired, Please change your password. So, I need to give any more permission for users to login? Att, 2012/12/6 Yair Zaslavsky <yzaslavs@redhat.com> From: "victor nunes" <victor.rebli@gmail.com> To: "Yair Zaslavsky" <yzaslavs@redhat.com> Cc: users@ovirt.org, "Itamar Heim" <iheim@redhat.com> Sent: Thursday, December 6, 2012 2:14:49 AM Subject: Re: [Users] tool engine-manage-domains Hello, I'm going to do all these tests, but a question. I need to configure Kerberos on the server LDAP? Att, Yes. 2012/12/4 Yair Zaslavsky <yzaslavs@redhat.com> Hi, Several things - a. I think logging at this point should be improved b. Since the log is not informative enough, please try the following: 1. Check that your credentials are correct 2. Check you have no clock skew issue (the time difference between the machine running manage-domains and your ldap server should be less or equal to 5 minutes). 3. Connection refused so there is some connectivity issue - please query your ldap SRV records for the domain (IMHO dig SRV _ldap._tcp.viperde.com.br should do the trick) please try to connect to these ldap servers manually - For example, if the returned host from the dig SRV query is aaa.viperde.com.br perform: telnet aaa.viperde.com.br 389 Turns out that I did not have telnet installed on my fc17 machine - I used yum install telnet to install it. Kind regards, Yair From: "victor nunes" <victor.rebli@gmail.com> To: "Itamar Heim" <iheim@redhat.com> Cc: "Yair Zaslavsky" <yzaslavs@redhat.com>, users@ovirt.org Sent: Tuesday, December 4, 2012 3:28:56 AM Subject: Re: [Users] tool engine-manage-domains Thanks for the reply. I do not have another machine to the power configuar FreeIPA. I have a machine, I do not have access, which is an LDAP server installed on it. I configured a machine that is oVirt-manage as ldap client, I configured the dns, but in time to include the domain happens the following error: Error: exception message: Connection refused Failure while testing domain viprede.com.br. Details: Kerberos error. Please check log for further Top details. in the logs, I have the following lines: 03/12/2012 20:25:26,390 INFO [org.ovirt.engine.core.utils.kerberos.ManageDomains] Creating kerberos configuration for domain (s): viprede.com.br 03/12/2012 20:25:26,422 INFO [org.ovirt.engine.core.utils.kerberos.ManageDomains] Successfully created kerberos configuration for domain (s): viprede.com.br 03/12/2012 20:25:26,422 INFO [org.ovirt.engine.core.utils.kerberos.ManageDomains] Testing kerberos configuration for domain: viprede.com.br. So what could be this error? 2012/11/29 Itamar Heim <iheim@redhat.com> On 11/29/2012 05:58 AM, victor nunes wrote: 2012/11/29 Yair Zaslavsky <yzaslavs@redhat.com <mailto:yzaslavs@redhat.com>> Hi, Can you redirect your question to users@ovirt.org <mailto:users@ovirt.org>? I think others will help you to forward your question to relevant people here (not sure I can provide a good answer). On 11/29/2012 03:26 AM, victor nunes wrote: So I'm trying to install FreeIPA on the same machine that oVirt-manage, but at the time of installation, the following error occurs: FreeIPA-server conflicts with 1: mod_ssl-2.2.22-4.fc17.x86_64 Looking for a solution to the problem, I discovered that this is a bug reported by others. Follow the link to the bug reported: https://bugzilla.redhat.com/__show_bug.cgi?id=840098 <https://bugzilla.redhat.com/show_bug.cgi?id=840098> Then, using oo FreeIPA not be possible, which otherwise I have to add new domains and users? Em 8 de novembro de 2012 02:41, Yair Zaslavsky <yzaslavs@redhat.com <mailto:yzaslavs@redhat.com> <mailto:yzaslavs@redhat.com <mailto:yzaslavs@redhat.com>>> escreveu: Hi, You cannot create new users for the internal domain. The internal domain was developed for quick POC, just to allow login to the system without the need for ldap provider. I recommend you install some ldap server (i.e - free IPA) and try to work with it. On 11/08/2012 01:08 AM, victor nunes wrote: Sorry. Att, 2012/11/7 victor nunes <victor.rebli@gmail.com <mailto:victor.rebli@gmail.com> <mailto:victor.rebli@gmail.com <mailto:victor.rebli@gmail.com>__> <mailto:victor.rebli@gmail.com <mailto:victor.rebli@gmail.com> <mailto:victor.rebli@gmail.com <mailto:victor.rebli@gmail.com>__>__>> Thanks for the reply. As the command "engine-manage-domains" works with ldap, how can I create another user in the field "internal", and user "admin" that is created when you installed the engine-setup? 2012/11/4 Yair Zaslavsky <yzaslavs@redhat.com <mailto:yzaslavs@redhat.com> <mailto:yzaslavs@redhat.com <mailto:yzaslavs@redhat.com>> <mailto:yzaslavs@redhat.com <mailto:yzaslavs@redhat.com> <mailto:yzaslavs@redhat.com <mailto:yzaslavs@redhat.com>>>> Hi, The specified tool handle only ldap domains, and not the internal domain. What would you like to change at the internal domain? I suggest you try to use engine-config for this. ------------------------------____----------------------------__-- __------------ *From: *"victor nunes" <victor.rebli@gmail.com <mailto:victor.rebli@gmail.com> <mailto:victor.rebli@gmail.com <mailto:victor.rebli@gmail.com>__> <mailto:victor.rebli@gmail.com <mailto:victor.rebli@gmail.com> <mailto:victor.rebli@gmail.com <mailto:victor.rebli@gmail.com>__>__>> *To: *users@ovirt.org <mailto:users@ovirt.org> <mailto:users@ovirt.org <mailto:users@ovirt.org>> <mailto:users@ovirt.org <mailto:users@ovirt.org> <mailto:users@ovirt.org <mailto:users@ovirt.org>>> *Sent: *Sunday, November 4, 2012 12:18:55 AM *Subject: *[Users] tool engine-manage-domains I'm trying to change the default domain, the "internal" with the following command: engine-manage-domains -action=edit -domain=internal However, i am getting the following message: "Domain internal doesn't exist int the configuration" This is my domain admin user that is configured in the installation ovirt-setup. So, how can i fix it to include a user in this domain? Att, -- “Encarada do ponto de vista da juventude, a vida parece um futuro indefinidamente longo, ao passo que, na velhice, ela parece um passado deveras curto. Assim, a vida no seu início se apresenta do mesmo modo que as coisas quando as olhamos através de um binóculo usado ao contrário; mas, ao seu final, ela se parece com as coisas tal qual são vistas quando o binóculo é usado de modo normal. Um homem precisa ter envelhecido e vivido bastante para perceber como a vida é curta”. (Poema de Arthur Schopenhauer) ___________________________________________________ Users mailing list Users@ovirt.org <mailto:Users@ovirt.org> <mailto:Users@ovirt.org <http://lists.ovirt.org/__mailman/listinfo/users <http://lists.ovirt.org/mailman/listinfo/users>> -- “Encarada do ponto de vista da juventude, a vida parece um futuro indefinidamente longo, ao passo que, na velhice, ela parece um passado deveras curto. Assim, a vida no seu início se apresenta do mesmo modo que as coisas quando as olhamos através de um binóculo usado ao contrário; mas, ao seu final, ela se parece com as coisas tal qual são vistas quando o binóculo é usado de modo normal. Um homem precisa ter envelhecido e vivido bastante para perceber como a vida é curta”. (Poema de Arthur Schopenhauer) -- “Encarada do ponto de vista da juventude, a vida parece um futuro indefinidamente longo, ao passo que, na velhice, ela parece um passado deveras curto. Assim, a vida no seu início se apresenta do mesmo modo que as coisas quando as olhamos através de um binóculo usado ao contrário; mas, ao seu final, ela se parece com as coisas tal qual são vistas quando o binóculo é usado de modo normal. Um homem precisa ter envelhecido e vivido bastante para perceber como a vida é curta”. (Poema de Arthur Schopenhauer) -- “Encarada do ponto de vista da juventude, a vida parece um futuro indefinidamente longo, ao passo que, na velhice, ela parece um passado deveras curto. Assim, a vida no seu início se apresenta do mesmo modo que as coisas quando as olhamos através de um binóculo usado ao contrário; mas, ao seu final, ela se parece com as coisas tal qual são vistas quando o binóculo é usado de modo normal. Um homem precisa ter envelhecido e vivido bastante para perceber como a vida é curta”. (Poema de Arthur Schopenhauer) -- “Encarada do ponto de vista da juventude, a vida parece um futuro indefinidamente longo, ao passo que, na velhice, ela parece um passado deveras curto. Assim, a vida no seu início se apresenta do mesmo modo que as coisas quando as olhamos através de um binóculo usado ao contrário; mas, ao seu final, ela se parece com as coisas tal qual são vistas quando o binóculo é usado de modo normal. Um homem precisa ter envelhecido e vivido bastante para perceber como a vida é curta”. (Poema de Arthur Schopenhauer) _______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users there are three issues with installing freeipa on same machine as ovirt: 1. the mod_ssl, which is solvable, but requires some work on our side. 2. we faced some upgrade issues around this use case, though non are relevant right now iirc. 3. freeipa will override the default apache homepage redirection ovirt placed. have you considered running freeipa in a guest? you can still use admin@internal for issues with that guest if needed. -- “Encarada do ponto de vista da juventude, a vida parece um futuro indefinidamente longo, ao passo que, na velhice, ela parece um passado deveras curto. Assim, a vida no seu início se apresenta do mesmo modo que as coisas quando as olhamos através de um binóculo usado ao contrário; mas, ao seu final, ela se parece com as coisas tal qual são vistas quando o binóculo é usado de modo normal. Um homem precisa ter envelhecido e vivido bastante para perceber como a vida é curta”. (Poema de Arthur Schopenhauer) -- “Encarada do ponto de vista da juventude, a vida parece um futuro indefinidamente longo, ao passo que, na velhice, ela parece um passado deveras curto. Assim, a vida no seu início se apresenta do mesmo modo que as coisas quando as olhamos através de um binóculo usado ao contrário; mas, ao seu final, ela se parece com as coisas tal qual são vistas quando o binóculo é usado de modo normal. Um homem precisa ter envelhecido e vivido bastante para perceber como a vida é curta”. (Poema de Arthur Schopenhauer) -- “Encarada do ponto de vista da juventude, a vida parece um futuro indefinidamente longo, ao passo que, na velhice, ela parece um passado deveras curto. Assim, a vida no seu início se apresenta do mesmo modo que as coisas quando as olhamos através de um binóculo usado ao contrário; mas, ao seu final, ela se parece com as coisas tal qual são vistas quando o binóculo é usado de modo normal. Um homem precisa ter envelhecido e vivido bastante para perceber como a vida é curta”. (Poema de Arthur Schopenhauer)
In fact, I just created the user in FreeIPA, added and gave permission for the user in oVirt, and tried to login with it. Att, 2012/12/18 pstehlik <pstehlik@redhat.com>
**
Hi,
indeed, looks like that. It can be easily checked by 'kinit my-user@domain' from IPA machine (or any client which uses correct settings in /etc/krb5.conf). In case you create user in ipa it's default policy will ask you for pwd change when auth performs for 1st time.
P.
On Tuesday 18 of December 2012 01:30:26 Yair Zaslavsky wrote:
No,
Have you tried to perform authentication using this user regardless of oVirt?
My speculation (Pavel, Oved , can you approve?)
it seems like your password policy might require to change the password at first login (I saw such password policy at ActiveDirectory ).
Yair ------------------------------
From: "victor nunes" <victor.rebli@gmail.com> To: "Yair Zaslavsky" <yzaslavs@redhat.com> Cc: users@ovirt.org Sent: Tuesday, December 18, 2012 3:36:15 AM Subject: Re: [Users] tool engine-manage-domains
So returning.
I got a machine, I installed Fedora 17 on it.
With that I managed to install FreeIPA.
FreeIPA configured, and managed to add the domain with the tool
"oVirt-manage-domains".
Created in FreeIPA users, set their passwords.
I gave permission for them.
However, I can only login with the admin user in the new domain.
With users that I created, is giving the following message:
Can not Login. User Password has expired, Please change your password.
So, I need to give any more permission for users to login?
Att,
2012/12/6 Yair Zaslavsky <yzaslavs@redhat.com>
------------------------------
From: "victor nunes" <victor.rebli@gmail.com> To: "Yair Zaslavsky" <yzaslavs@redhat.com> Cc: users@ovirt.org, "Itamar Heim" <iheim@redhat.com> Sent: Thursday, December 6, 2012 2:14:49 AM
Subject: Re: [Users] tool engine-manage-domains
Hello,
I'm going to do all these tests, but a question.
I need to configure Kerberos on the server LDAP?
Att,
Yes.
2012/12/4 Yair Zaslavsky <yzaslavs@redhat.com>
Hi,
Several things -
a. I think logging at this point should be improved
b. Since the log is not informative enough, please try the following:
1. Check that your credentials are correct
2. Check you have no clock skew issue (the time difference between the machine running manage-domains and your ldap server should be less or equal to 5 minutes).
3. Connection refused so there is some connectivity issue -
please query your ldap SRV records for the domain (IMHO dig SRV _ldap._tcp. viperde.com.br should do the trick)
please try to connect to these ldap servers manually -
For example, if the returned host from the dig SRV query is
aaa.viperde.com.br
perform:
telnet aaa.viperde.com.br 389
Turns out that I did not have telnet installed on my fc17 machine -
I used yum install telnet to install it.
Kind regards,
Yair
------------------------------
From: "victor nunes" <victor.rebli@gmail.com> To: "Itamar Heim" <iheim@redhat.com> Cc: "Yair Zaslavsky" <yzaslavs@redhat.com>, users@ovirt.org Sent: Tuesday, December 4, 2012 3:28:56 AM Subject: Re: [Users] tool engine-manage-domains
Thanks for the reply.
I do not have another machine to the power configuar FreeIPA.
I have a machine, I do not have access, which is an LDAP server installed on it.
I configured a machine that is oVirt-manage as ldap client, I configured the dns, but in time to include the domain happens the following error:
Error: exception message: Connection refused
Failure while testing domain viprede.com.br. Details: Kerberos error. Please check log for further Top details.
in the logs, I have the following lines:
03/12/2012 20:25:26,390 INFO [org.ovirt.engine.core.utils.kerberos.ManageDomains] Creating kerberos configuration for domain (s): viprede.com.br
03/12/2012 20:25:26,422 INFO [org.ovirt.engine.core.utils.kerberos.ManageDomains] Successfully created kerberos configuration for domain (s): viprede.com.br
03/12/2012 20:25:26,422 INFO [org.ovirt.engine.core.utils.kerberos.ManageDomains] Testing kerberos configuration for domain: viprede.com.br.
So what could be this error?
2012/11/29 Itamar Heim <iheim@redhat.com>
On 11/29/2012 05:58 AM, victor nunes wrote:
2012/11/29 Yair Zaslavsky <yzaslavs@redhat.com <mailto:yzaslavs@redhat.com
Hi, Can you redirect your question to users@ovirt.org
<mailto:users@ovirt.org>?
I think others will help you to forward your question to relevant people here (not sure I can provide a good answer).
On 11/29/2012 03:26 AM, victor nunes wrote:
So I'm trying to install FreeIPA on the same machine that oVirt-manage, but at the time of installation, the following error occurs:
FreeIPA-server conflicts with 1: mod_ssl-2.2.22-4.fc17.x86_64
Looking for a solution to the problem, I discovered that this is a bug reported by others.
Follow the link to the bug reported: https://bugzilla.redhat.com/__show_bug.cgi?id=840098
<https://bugzilla.redhat.com/show_bug.cgi?id=840098>
Then, using oo FreeIPA not be possible, which otherwise I have to add new domains and users?
Em 8 de novembro de 2012 02:41, Yair Zaslavsky <yzaslavs@redhat.com <mailto:yzaslavs@redhat.com>
<mailto:yzaslavs@redhat.com <mailto:yzaslavs@redhat.com>>> escreveu:
Hi, You cannot create new users for the internal domain. The internal domain was developed for quick POC, just to allow login to the system without the need for ldap provider. I recommend you install some ldap server (i.e - free IPA) and try to work with it.
On 11/08/2012 01:08 AM, victor nunes wrote:
Sorry.
Att,
2012/11/7 victor nunes <victor.rebli@gmail.com <mailto:victor.rebli@gmail.com> <mailto:victor.rebli@gmail.com <mailto:victor.rebli@gmail.com>__> <mailto:victor.rebli@gmail.com <mailto:victor.rebli@gmail.com> <mailto:victor.rebli@gmail.com
<mailto:victor.rebli@gmail.com>__>__>>
Thanks for the reply.
As the command "engine-manage-domains" works with ldap, how can I create another user in the field "internal", and user "admin" that is created when you installed the engine-setup?
2012/11/4 Yair Zaslavsky <yzaslavs@redhat.com <mailto:yzaslavs@redhat.com> <mailto:yzaslavs@redhat.com <mailto:yzaslavs@redhat.com>> <mailto:yzaslavs@redhat.com <mailto:yzaslavs@redhat.com> <mailto:yzaslavs@redhat.com <mailto:yzaslavs@redhat.com>>>>
Hi, The specified tool handle only ldap domains, and not the internal domain. What would you like to change at the internal domain? I suggest you try to use engine-config for this.
------------------------------____----------------------------__--__------------
*From: *"victor nunes" <victor.rebli@gmail.com <mailto:victor.rebli@gmail.com> <mailto:victor.rebli@gmail.com <mailto:victor.rebli@gmail.com>__>
<mailto:victor.rebli@gmail.com <mailto:victor.rebli@gmail.com> <mailto:victor.rebli@gmail.com
<mailto:victor.rebli@gmail.com>__>__>>
*To: *users@ovirt.org <mailto:users@ovirt.org> <mailto:users@ovirt.org <mailto:users@ovirt.org>> <mailto:users@ovirt.org <mailto:users@ovirt.org> <mailto:users@ovirt.org <mailto:users@ovirt.org>>>
*Sent: *Sunday, November 4, 2012 12:18:55 AM *Subject: *[Users] tool engine-manage-domains
I'm trying to change the default domain, the "internal" with the following command:
engine-manage-domains -action=edit -domain=internal
However, i am getting the following message:
"Domain internal doesn't exist int the configuration"
This is my domain admin user that is configured in the installation ovirt-setup.
So, how can i fix it to include a user in this domain?
Att,
-- “Encarada do ponto de vista da juventude, a vida parece um futuro indefinidamente longo, ao passo que, na velhice, ela parece um passado deveras curto. Assim, a vida no seu início se apresenta do mesmo modo que as coisas quando as olhamos através de um binóculo usado ao contrário; mas, ao seu final, ela se parece com as coisas tal qual são vistas quando o binóculo é usado de modo normal. Um homem precisa ter envelhecido e vivido bastante para perceber como a vida é curta”.
(Poema de Arthur Schopenhauer)
___________________________________________________
Users mailing list Users@ovirt.org <mailto:Users@ovirt.org> <mailto:Users@ovirt.org
<mailto:Users@ovirt.org>> <mailto:Users@ovirt.org <mailto:Users@ovirt.org> <mailto:Users@ovirt.org <mailto:Users@ovirt.org>>>
http://lists.ovirt.org/____mailman/listinfo/users <http://lists.ovirt.org/__mailman/listinfo/users>
<http://lists.ovirt.org/__mailman/listinfo/users <http://lists.ovirt.org/mailman/listinfo/users>>
-- “Encarada do ponto de vista da juventude, a vida parece um futuro indefinidamente longo, ao passo que, na velhice, ela parece um passado deveras curto. Assim, a vida no seu início se apresenta do mesmo modo que as coisas quando as olhamos através de um binóculo usado ao contrário; mas, ao seu final, ela se parece com as coisas tal qual são vistas quando o binóculo é usado de modo normal. Um homem precisa ter envelhecido e vivido bastante para perceber como a vida é curta”.
(Poema de Arthur Schopenhauer)
-- “Encarada do ponto de vista da juventude, a vida parece um futuro indefinidamente longo, ao passo que, na velhice, ela parece um passado deveras curto. Assim, a vida no seu início se apresenta do mesmo modo que as coisas quando as olhamos através de um binóculo usado ao contrário; mas, ao seu final, ela se parece com as coisas tal qual são vistas quando o binóculo é usado de modo normal. Um homem precisa ter envelhecido e vivido bastante para perceber como a vida é curta”.
(Poema de Arthur Schopenhauer)
-- “Encarada do ponto de vista da juventude, a vida parece um futuro indefinidamente longo, ao passo que, na velhice, ela parece um passado deveras curto. Assim, a vida no seu início se apresenta do mesmo modo que as coisas quando as olhamos através de um binóculo usado ao contrário; mas, ao seu final, ela se parece com as coisas tal qual são vistas quando o binóculo é usado de modo normal. Um homem precisa ter envelhecido e vivido bastante para perceber como a vida é curta”.
(Poema de Arthur Schopenhauer)
-- “Encarada do ponto de vista da juventude, a vida parece um futuro indefinidamente longo, ao passo que, na velhice, ela parece um passado deveras curto. Assim, a vida no seu início se apresenta do mesmo modo que as coisas quando as olhamos através de um binóculo usado ao contrário; mas, ao seu final, ela se parece com as coisas tal qual são vistas quando o binóculo é usado de modo normal. Um homem precisa ter envelhecido e vivido bastante para perceber como a vida é curta”.
(Poema de Arthur Schopenhauer)
_______________________________________________ Users mailing list Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users
there are three issues with installing freeipa on same machine as ovirt: 1. the mod_ssl, which is solvable, but requires some work on our side. 2. we faced some upgrade issues around this use case, though non are relevant right now iirc. 3. freeipa will override the default apache homepage redirection ovirt placed.
have you considered running freeipa in a guest? you can still use admin@internal for issues with that guest if needed.
-- “Encarada do ponto de vista da juventude, a vida parece um futuro indefinidamente longo, ao passo que, na velhice, ela parece um passado deveras curto. Assim, a vida no seu início se apresenta do mesmo modo que as coisas quando as olhamos através de um binóculo usado ao contrário; mas, ao seu final, ela se parece com as coisas tal qual são vistas quando o binóculo é usado de modo normal. Um homem precisa ter envelhecido e vivido bastante para perceber como a vida é curta”.
(Poema de Arthur Schopenhauer)
-- “Encarada do ponto de vista da juventude, a vida parece um futuro indefinidamente longo, ao passo que, na velhice, ela parece um passado deveras curto. Assim, a vida no seu início se apresenta do mesmo modo que as coisas quando as olhamos através de um binóculo usado ao contrário; mas, ao seu final, ela se parece com as coisas tal qual são vistas quando o binóculo é usado de modo normal. Um homem precisa ter envelhecido e vivido bastante para perceber como a vida é curta”.
(Poema de Arthur Schopenhauer)
-- “Encarada do ponto de vista da juventude, a vida parece um futuro indefinidamente longo, ao passo que, na velhice, ela parece um passado deveras curto. Assim, a vida no seu início se apresenta do mesmo modo que as coisas quando as olhamos através de um binóculo usado ao contrário; mas, ao seu final, ela se parece com as coisas tal qual são vistas quando o binóculo é usado de modo normal. Um homem precisa ter envelhecido e vivido bastante para perceber como a vida é curta”.
(Poema de Arthur Schopenhauer)
-- “Encarada do ponto de vista da juventude, a vida parece um futuro indefinidamente longo, ao passo que, na velhice, ela parece um passado deveras curto. Assim, a vida no seu início se apresenta do mesmo modo que as coisas quando as olhamos através de um binóculo usado ao contrário; mas, ao seu final, ela se parece com as coisas tal qual são vistas quando o binóculo é usado de modo normal. Um homem precisa ter envelhecido e vivido bastante para perceber como a vida é curta”. (Poema de Arthur Schopenhauer)
------=_Part_48948452_769510213.1355828748015 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable ----- Original Message -----
From: "victor nunes" <victor.rebli@gmail.com> To: "pstehlik" <pstehlik@redhat.com> Cc: "Yair Zaslavsky" <yzaslavs@redhat.com>, users@ovirt.org, "Oved Ourfalli" <oourfali@redhat.com> Sent: Tuesday, December 18, 2012 12:39:35 PM Subject: Re: [Users] tool engine-manage-domains
In fact, I just created the user in FreeIPA, added and gave permission for the user in oVirt, and tried to login with it.
Att,
Look at Pavel's comment - This is indeed the problem. We do not support password change via oVirt - you must set a proper policy via freeIPA. 2012/12/18 pstehlik < pstehlik@redhat.com >
Hi, =20 indeed, looks like that. It can be easily checked by 'kinit my-user@domain' from IPA machine (or any client which uses correct settings in /etc/krb5.conf). In case you create user in ipa it's default policy will ask you for pwd change when auth performs for 1st time. =20 P. =20
On Tuesday 18 of December 2012 01:30:26 Yair Zaslavsky wrote: =20
No, =20 Have you tried to perform authentication using this user regardless of oVirt? =20
My speculation (Pavel, Oved , can you approve?) =20
it seems like your password policy might require to change the password at first login (I saw such password policy at ActiveDirectory ). =20
Yair =20
From: "victor nunes" < victor.rebli@gmail.com > =20 To: "Yair Zaslavsky" < yzaslavs@redhat.com > =20 Cc: users@ovirt.org =20 Sent: Tuesday, December 18, 2012 3:36:15 AM =20 Subject: Re: [Users] tool engine-manage-domains =20
So returning. =20
I got a machine, I installed Fedora 17 on it. =20 With that I managed to install FreeIPA. =20 FreeIPA configured, and managed to add the domain with the tool =20 "oVirt-manage-domains". =20
Created in FreeIPA users, set their passwords. =20 I gave permission for them. =20 However, I can only login with the admin user in the new domain. =20 With users that I created, is giving the following message: =20
Can not Login. User Password has expired, Please change your password. =20
So, I need to give any more permission for users to login? =20
Att, =20
2012/12/6 Yair Zaslavsky < yzaslavs@redhat.com > =20
From: "victor nunes" < victor.rebli@gmail.com > =20 To: "Yair Zaslavsky" < yzaslavs@redhat.com > =20 Cc: users@ovirt.org , "Itamar Heim" < iheim@redhat.com > =20 Sent: Thursday, December 6, 2012 2:14:49 AM =20
Subject: Re: [Users] tool engine-manage-domains =20
Hello, =20
I'm going to do all these tests, but a question. =20
I need to configure Kerberos on the server LDAP? =20
Att, =20 Yes. =20
2012/12/4 Yair Zaslavsky < yzaslavs@redhat.com > =20
Hi, =20 Several things - =20 a. I think logging at this point should be improved =20 b. Since the log is not informative enough, please try the following: =20 1. Check that your credentials are correct =20 2. Check you have no clock skew issue (the time difference between the machine running manage-domains and your ldap server should be less or equal to 5 minutes). =20 3. Connection refused so there is some connectivity issue - =20 please query your ldap SRV records for the domain (IMHO dig SRV _ldap._tcp. viperde.com.br should do the trick) =20 please try to connect to these ldap servers manually - =20
For example, if the returned host from the dig SRV query is =20 aaa.viperde.com.br =20
perform: =20 telnet aaa.viperde.com.br 389 =20
Turns out that I did not have telnet installed on my fc17 machine - =20 I used yum install telnet to install it. =20
Kind regards, =20
Yair =20
From: "victor nunes" < victor.rebli@gmail.com > =20 To: "Itamar Heim" < iheim@redhat.com > =20 Cc: "Yair Zaslavsky" < yzaslavs@redhat.com >, users@ovirt.org =20 Sent: Tuesday, December 4, 2012 3:28:56 AM =20 Subject: Re: [Users] tool engine-manage-domains =20
Thanks for the reply. =20
I do not have another machine to the power configuar FreeIPA. =20
I have a machine, I do not have access, which is an LDAP server installed on it. =20 I configured a machine that is oVirt-manage as ldap client, I configured the dns, but in time to include the domain happens the following error: =20
Error: exception message: Connection refused =20 Failure while testing domain viprede.com.br . Details: Kerberos error. Please check log for further Top details. =20
in the logs, I have the following lines: =20
03/12/2012 20:25:26,390 INFO [org.ovirt.engine.core.utils.kerberos.ManageDomains] Creating kerberos configuration for domain (s): viprede.com.br =20 03/12/2012 20:25:26,422 INFO [org.ovirt.engine.core.utils.kerberos.ManageDomains] Successfully created kerberos configuration for domain (s): viprede.com.br =20 03/12/2012 20:25:26,422 INFO [org.ovirt.engine.core.utils.kerberos.ManageDomains] Testing kerberos configuration for domain: viprede.com.br . =20
So what could be this error? =20
2012/11/29 Itamar Heim < iheim@redhat.com > =20
On 11/29/2012 05:58 AM, victor nunes wrote: =20
2012/11/29 Yair Zaslavsky < yzaslavs@redhat.com <mailto: yzaslavs@redhat.com >> =20
Hi, =20 Can you redirect your question to users@ovirt.org =20
<mailto: users@ovirt.org >? =20
I think others will help you to forward your question to relevant =20 people here (not sure I can provide a good answer). =20
On 11/29/2012 03:26 AM, victor nunes wrote: =20
So I'm trying to install FreeIPA on the same machine that =20 oVirt-manage, =20 but at the time of installation, the following error occurs: =20
FreeIPA-server conflicts with 1: mod_ssl-2.2.22-4.fc17.x86_64 =20
Looking for a solution to the problem, I discovered that this is =20 a bug =20 reported by others. =20
Follow the link to the bug reported: =20 https://bugzilla.redhat.com/__show_bug.cgi?id=3D840098 =20
< https://bugzilla.redhat.com/show_bug.cgi?id=3D840098 > =20
Then, using oo FreeIPA not be possible, which otherwise I have =20 to add =20 new domains and users? =20
Em 8 de novembro de 2012 02:41, Yair Zaslavsky =20 < yzaslavs@redhat.com <mailto: yzaslavs@redhat.com > =20
<mailto: yzaslavs@redhat.com <mailto: yzaslavs@redhat.com >>> escreveu: =20
Hi, =20 You cannot create new users for the internal domain. =20 The internal domain was developed for quick POC, just to =20 allow login =20 to the system without the need for ldap provider. =20 I recommend you install some ldap server (i.e - free IPA) =20 and try to =20 work with it. =20
On 11/08/2012 01:08 AM, victor nunes wrote: =20
Sorry. =20
Att, =20
2012/11/7 victor nunes < victor.rebli@gmail.com =20 <mailto: victor.rebli@gmail.com > =20 <mailto: victor.rebli@gmail.com =20 <mailto: victor.rebli@gmail.com >__> =20 <mailto: victor.rebli@gmail.com =20 <mailto: victor.rebli@gmail.com > <mailto: victor.rebli@gmail.com =20
<mailto: victor.rebli@gmail.com >__>__>> =20
Thanks for the reply. =20
As the command "engine-manage-domains" works with =20 ldap, how =20 can I =20 create another user in the field "internal", and user =20 "admin" that =20 is created when you installed the engine-setup? =20
2012/11/4 Yair Zaslavsky < yzaslavs@redhat.com =20 <mailto: yzaslavs@redhat.com > =20 <mailto: yzaslavs@redhat.com <mailto: yzaslavs@redhat.com >> =20 <mailto: yzaslavs@redhat.com =20 <mailto: yzaslavs@redhat.com > <mailto: yzaslavs@redhat.com =20 <mailto: yzaslavs@redhat.com >>>> =20
Hi, =20 The specified tool handle only ldap domains, =20 and not the =20 internal domain. =20 What would you like to change at the internal =20 domain? =20 I suggest you try to use engine-config for this. =20
------------------------------____----------------------------__--__---=
=20
*From: *"victor nunes" =20 < victor.rebli@gmail.com <mailto: victor.rebli@gmail.com > =20 <mailto: victor.rebli@gmail.com =20 <mailto: victor.rebli@gmail.com >__> =20
<mailto: victor.rebli@gmail.com =20 <mailto: victor.rebli@gmail.com > =20 <mailto: victor.rebli@gmail.com =20
<mailto: victor.rebli@gmail.com >__>__>> =20
*To: * users@ovirt.org =20 <mailto: users@ovirt.org > <mailto: users@ovirt.org =20 <mailto: users@ovirt.org >> =20 <mailto: users@ovirt.org <mailto: users@ovirt.org > =20 <mailto: users@ovirt.org <mailto: users@ovirt.org >>> =20
*Sent: *Sunday, November 4, 2012 12:18:55 AM =20 *Subject: *[Users] tool engine-manage-domains =20
I'm trying to change the default domain, the =20 "internal" with =20 the following command: =20
engine-manage-domains -action=3Dedit =20 -domain=3Dinternal =20
However, i am getting the following message: =20
"Domain internal doesn't exist int the =20 configuration" =20
This is my domain admin user that is =20 configured in the =20 installation ovirt-setup. =20
So, how can i fix it to include a user in =20 this domain? =20
Att, =20
-- =20 =E2=80=9CEncarada do ponto de vista da juventude, =20 a vida =20 parece um =20 futuro =20 indefinidamente longo, ao passo que, na =20 velhice, =20 ela parece =20 um passado =20 deveras curto. Assim, a vida no seu in=C3=ADcio se =20 apresenta do =20 mesmo modo =20 que as coisas quando as olhamos atrav=C3=A9s de um =20 bin=C3=B3culo usado =20 ao contr=C3=A1rio; mas, ao =20 seu final, ela se parece com as coisas =20 tal qual =20 s=C3=A3o vistas =20 quando o bin=C3=B3culo =20 =C3=A9 usado de modo normal. Um homem precisa ter =20 envelhecido e =20 vivido =20 bastante para perceber como a vida =C3=A9 curta=E2=80=9D. =20
(Poema de Arthur Schopenhauer) =20
___________________________________________________ =20
Users mailing list =20 Users@ovirt.org <mailto: Users@ovirt.org > <mailto: Users@ovirt.org =20
<mailto: Users@ovirt.org >> <mailto: Users@ovirt.org =20 <mailto: Users@ovirt.org > =20 <mailto: Users@ovirt.org <mailto: Users@ovirt.org >>> =20
http://lists.ovirt.org/____mailman/listinfo/users =20 < http://lists.ovirt.org/__mailman/listinfo/users > =20
< http://lists.ovirt.org/__mailman/listinfo/users =20 < http://lists.ovirt.org/mailman/listinfo/users >> =20
-- =20 =E2=80=9CEncarada do ponto de vista da juventude, a vida =20 parece um =20 futuro =20 indefinidamente longo, ao passo que, na velhice, =20 ela parece =20 um passado =20 deveras curto. Assim, a vida no seu in=C3=ADcio se =20 apresenta do =20 mesmo modo =20 que as coisas quando as olhamos atrav=C3=A9s de um =20 bin=C3=B3culo usado ao =20 contr=C3=A1rio; mas, ao =20 seu final, ela se parece com as coisas tal qual =20 s=C3=A3o vistas =20 quando o =20 bin=C3=B3culo =20 =C3=A9 usado de modo normal. Um homem precisa ter =20 envelhecido e =20 vivido =20 bastante para perceber como a vida =C3=A9 curta=E2=80=9D. =20
(Poema de Arthur Schopenhauer) =20
-- =20 =E2=80=9CEncarada do ponto de vista da juventude, a vida parece =20 um futuro =20 indefinidamente longo, ao passo que, na velhice, ela =20 parece um =20 passado =20 deveras curto. Assim, a vida no seu in=C3=ADcio se apresenta =20 do mesmo =20 modo =20 que as coisas quando as olhamos atrav=C3=A9s de um bin=C3=B3culo =20 usado ao =20 contr=C3=A1rio; mas, ao =20 seu final, ela se parece com as coisas tal qual s=C3=A3o =20 vistas quando o =20 bin=C3=B3culo =20 =C3=A9 usado de modo normal. Um homem precisa ter =20 envelhecido e vivido =20 bastante para perceber como a vida =C3=A9 curta=E2=80=9D. =20
(Poema de Arthur Schopenhauer) =20
-- =20 =E2=80=9CEncarada do ponto de vista da juventude, a vida parece um futu= ro =20 indefinidamente longo, ao passo que, na velhice, ela parece um =20 passado =20 deveras curto. Assim, a vida no seu in=C3=ADcio se apresenta do mesmo =20 modo =20 que as coisas quando as olhamos atrav=C3=A9s de um bin=C3=B3culo usado = ao =20 contr=C3=A1rio; mas, ao =20 seu final, ela se parece com as coisas tal qual s=C3=A3o vistas quando = o =20 bin=C3=B3culo =20 =C3=A9 usado de modo normal. Um homem precisa ter envelhecido e vivido =20 bastante para perceber como a vida =C3=A9 curta=E2=80=9D. =20
(Poema de Arthur Schopenhauer) =20
-- =20 =E2=80=9CEncarada do ponto de vista da juventude, a vida parece um futu= ro =20 indefinidamente longo, ao passo que, na velhice, ela parece um passado =20 deveras curto. Assim, a vida no seu in=C3=ADcio se apresenta do mesmo modo =20 que as coisas quando as olhamos atrav=C3=A9s de um bin=C3=B3culo usado = ao =20 contr=C3=A1rio; mas, ao =20 seu final, ela se parece com as coisas tal qual s=C3=A3o vistas quando = o =20 bin=C3=B3culo =20 =C3=A9 usado de modo normal. Um homem precisa ter envelhecido e vivido =20 bastante para perceber como a vida =C3=A9 curta=E2=80=9D. =20
(Poema de Arthur Schopenhauer) =20
_______________________________________________ =20 Users mailing list =20 Users@ovirt.org =20
there are three issues with installing freeipa on same machine as ovirt: =20 1. the mod_ssl, which is solvable, but requires some work on our side. =20 2. we faced some upgrade issues around this use case, though non are relevant right now iirc. =20 3. freeipa will override the default apache homepage redirection ovirt placed. =20
have you considered running freeipa in a guest? you can still use admin@internal for issues with that guest if needed. =20
-- =20 =E2=80=9CEncarada do ponto de vista da juventude, a vida parece um futu= ro =20 indefinidamente longo, ao passo que, na velhice, ela parece um passado =20 deveras curto. Assim, a vida no seu in=C3=ADcio se apresenta do mesmo modo =20 que as coisas quando as olhamos atrav=C3=A9s de um bin=C3=B3culo usado = ao contr=C3=A1rio; mas, ao =20 seu final, ela se parece com as coisas tal qual s=C3=A3o vistas quando = o bin=C3=B3culo =20 =C3=A9 usado de modo normal. Um homem precisa ter envelhecido e vivido =20 bastante para perceber como a vida =C3=A9 curta=E2=80=9D. =20
(Poema de Arthur Schopenhauer) =20
-- =20 =E2=80=9CEncarada do ponto de vista da juventude, a vida parece um futu= ro =20 indefinidamente longo, ao passo que, na velhice, ela parece um passado =20 deveras curto. Assim, a vida no seu in=C3=ADcio se apresenta do mesmo modo =20 que as coisas quando as olhamos atrav=C3=A9s de um bin=C3=B3culo usado = ao contr=C3=A1rio; mas, ao =20 seu final, ela se parece com as coisas tal qual s=C3=A3o vistas quando = o bin=C3=B3culo =20 =C3=A9 usado de modo normal. Um homem precisa ter envelhecido e vivido =20 bastante para perceber como a vida =C3=A9 curta=E2=80=9D. =20
(Poema de Arthur Schopenhauer) =20
-- =20 =E2=80=9CEncarada do ponto de vista da juventude, a vida parece um futu= ro =20 indefinidamente longo, ao passo que, na velhice, ela parece um passado =20 deveras curto. Assim, a vida no seu in=C3=ADcio se apresenta do mesmo modo =20 que as coisas quando as olhamos atrav=C3=A9s de um bin=C3=B3culo usado = ao contr=C3=A1rio; mas, ao =20 seu final, ela se parece com as coisas tal qual s=C3=A3o vistas quando = o bin=C3=B3culo =20 =C3=A9 usado de modo normal. Um homem precisa ter envelhecido e vivido =20 bastante para perceber como a vida =C3=A9 curta=E2=80=9D. =20
(Poema de Arthur Schopenhauer) =20
-- =E2=80=9CEncarada do ponto de vista da juventude, a vida parece um futuro indefinidamente longo, ao passo que, na velhice, ela parece um passado deveras curto. Assim, a vida no seu in=C3=ADcio se apresenta do mesmo mod= o que as coisas quando as olhamos atrav=C3=A9s de um bin=C3=B3culo usado ao contr=C3=A1rio; mas, ao seu final, ela se parece com as coisas tal qual s=C3=A3o vistas quando o bin=C3=B3culo =C3=A9 usado de modo normal. Um homem precisa ter envelhecido e vivido bastante para perceber como a vida =C3=A9 curta=E2=80=9D.
(Poema de Arthur Schopenhauer)
</div><div><div class=3D"gmail_quote"><br></div><div class=3D"gmail_quote"= id=3D"DWT2536">This is indeed the problem. We do not support password chan= ge via oVirt - you must set a proper policy via freeIPA.</div></div></block= quote><blockquote style=3D"border-left:2px solid rgb(16, 16, 255);margin-le= ft:5px;padding-left:5px;color:#000;font-weight:normal;font-style:normal;tex= t-decoration:none;font-family:Helvetica,Arial,sans-serif;font-size:12pt;"><=
------=_Part_48948452_769510213.1355828748015 Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: quoted-printable <html><head><style type=3D'text/css'>p { margin: 0; }</style></head><body><= div style=3D'font-family: times new roman,new york,times,serif; font-size: = 12pt; color: #000000'><br><br><hr id=3D"zwchr"><blockquote style=3D"border-= left:2px solid rgb(16, 16, 255);margin-left:5px;padding-left:5px;color:#000= ;font-weight:normal;font-style:normal;text-decoration:none;font-family:Helv= etica,Arial,sans-serif;font-size:12pt;"><b>From: </b>"victor nunes" <vic= tor.rebli@gmail.com><br><b>To: </b>"pstehlik" <pstehlik@redhat.com>= ;<br><b>Cc: </b>"Yair Zaslavsky" <yzaslavs@redhat.com>, users@ovirt.o= rg, "Oved Ourfalli" <oourfali@redhat.com><br><b>Sent: </b>Tuesday, De= cember 18, 2012 12:39:35 PM<br><b>Subject: </b>Re: [Users] tool engine-mana= ge-domains<br><br>In fact, I just created the user in FreeIPA, added and ga= ve permission for the user in oVirt, and tried to login with it.<div><br></= div><div id=3D"DWT2522">Att,<br></div><div id=3D"DWT2523"><br></div></block= quote><blockquote style=3D"border-left:2px solid rgb(16, 16, 255);margin-le= ft:5px;padding-left:5px;color:#000;font-weight:normal;font-style:normal;tex= t-decoration:none;font-family:Helvetica,Arial,sans-serif;font-size:12pt;"><= div><br></div><div id=3D"DWT2526">Look at Pavel's comment -</div></blockquo= te><blockquote style=3D"border-left:2px solid rgb(16, 16, 255);margin-left:= 5px;padding-left:5px;color:#000;font-weight:normal;font-style:normal;text-d= ecoration:none;font-family:Helvetica,Arial,sans-serif;font-size:12pt;"><div= div><div class=3D"gmail_quote"></div><div class=3D"gmail_quote"><br></div><= div class=3D"gmail_quote">2012/12/18 pstehlik <span dir=3D"ltr"><<a href= =3D"mailto:pstehlik@redhat.com" target=3D"_blank">pstehlik@redhat.com</a>&g= t;</span><br> <blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1p= x #ccc solid;padding-left:1ex"><u></u> <div style=3D"font-family:'Sans Serif';font-size:10pt;font-weight:400;font-= style:normal"> <p style=3D"margin-top:0px;margin-bottom:0px;margin-left:0px;margin-right:0= px;text-indent:0px">Hi,</p> <p style=3D"margin-top:0px;margin-bottom:0px;margin-left:0px;margin-right:0= px;text-indent:0px">indeed, looks like that. It can be easily checked by '= kinit my-user@domain' from IPA machine (or any client which uses correct se= ttings in /etc/krb5.conf). In case you create user in ipa it's default pol= icy will ask you for pwd change when auth performs for 1st time.</p> <span class=3D"HOEnZb"><font color=3D"#888888"> <p style=3D"margin-top:0px;margin-bottom:0px;margin-left:0px;margin-right:0= px;text-indent:0px">P.</p></font></span><div><div class=3D"h5"> <p style=3D"margin-top:0px;margin-bottom:0px;margin-left:0px;margin-right:0= px;text-indent:0px"> </p> <p style=3D"margin-top:0px;margin-bottom:0px;margin-left:0px;margin-right:0= px;text-indent:0px"><br>On Tuesday 18 of December 2012 01:30:26 Yair Zaslav= sky wrote:<br></p> <p style=3D"margin-top:12px;margin-bottom:0px;margin-left:40px;margin-right= :40px;text-indent:0px"><span style=3D"font-size:12pt;font-family:'times new= roman,new york,times,serif'">No, </span></p> <p style=3D"margin-top:0px;margin-bottom:0px;margin-left:40px;margin-right:= 40px;text-indent:0px"><span style=3D"font-size:12pt;font-family:'times new = roman,new york,times,serif'">Have you tried to perform authentication using= this user regardless of oVirt?</span></p> <p style=3D"margin-top:0px;margin-bottom:0px;margin-left:40px;margin-right:= 40px;text-indent:0px"><span style=3D"font-size:12pt;font-family:'times new = roman,new york,times,serif'"><br></span></p> <p style=3D"margin-top:0px;margin-bottom:0px;margin-left:40px;margin-right:= 40px;text-indent:0px"><span style=3D"font-size:12pt;font-family:'times new = roman,new york,times,serif'">My speculation (Pavel, Oved , can you approve?= )</span></p> <p style=3D"margin-top:0px;margin-bottom:0px;margin-left:40px;margin-right:= 40px;text-indent:0px"><span style=3D"font-size:12pt;font-family:'times new = roman,new york,times,serif'"><br></span></p> <p style=3D"margin-top:0px;margin-bottom:0px;margin-left:40px;margin-right:= 40px;text-indent:0px"><span style=3D"font-size:12pt;font-family:'times new = roman,new york,times,serif'">it seems like your password policy might requi= re to change the password at first login (I saw such password policy at Act= iveDirectory ).</span></p> <p style=3D"margin-top:0px;margin-bottom:0px;margin-left:40px;margin-right:= 40px;text-indent:0px"><span style=3D"font-size:12pt;font-family:'times new = roman,new york,times,serif'"><br></span></p> <p style=3D"margin-top:0px;margin-bottom:0px;margin-left:40px;margin-right:= 40px;text-indent:0px"><span style=3D"font-size:12pt;font-family:'times new = roman,new york,times,serif'">Yair<br></span></p> <hr> <p style=3D"margin-top:12px;margin-bottom:12px;margin-left:45px;margin-righ= t:80px;text-indent:0px"><span style=3D"font-size:12pt;font-family:'Helvetic= a,Arial,sans-serif';font-weight:600">From: </span><span style=3D"font-size:= 12pt;font-family:'Helvetica,Arial,sans-serif'">"victor nunes" <<a href= =3D"mailto:victor.rebli@gmail.com" target=3D"_blank">victor.rebli@gmail.com= </a>><br> </span><span style=3D"font-size:12pt;font-family:'Helvetica,Arial,sans-seri= f';font-weight:600">To: </span><span style=3D"font-size:12pt;font-family:'H= elvetica,Arial,sans-serif'">"Yair Zaslavsky" <<a href=3D"mailto:yzaslavs= @redhat.com" target=3D"_blank">yzaslavs@redhat.com</a>><br> </span><span style=3D"font-size:12pt;font-family:'Helvetica,Arial,sans-seri= f';font-weight:600">Cc: </span><span style=3D"font-size:12pt;font-family:'H= elvetica,Arial,sans-serif'"><a href=3D"mailto:users@ovirt.org" target=3D"_b= lank">users@ovirt.org</a><br> </span><span style=3D"font-size:12pt;font-family:'Helvetica,Arial,sans-seri= f';font-weight:600">Sent: </span><span style=3D"font-size:12pt;font-family:= 'Helvetica,Arial,sans-serif'">Tuesday, December 18, 2012 3:36:15 AM<br> </span><span style=3D"font-size:12pt;font-family:'Helvetica,Arial,sans-seri= f';font-weight:600">Subject: </span><span style=3D"font-size:12pt;font-fami= ly:'Helvetica,Arial,sans-serif'">Re: [Users] tool engine-manage-domains<br> <br></span></p> <p style=3D"margin-top:0px;margin-bottom:0px;margin-left:45px;margin-right:= 80px;text-indent:0px"><span style=3D"font-size:12pt;font-family:'Helvetica,= Arial,sans-serif'"><br></span></p> <p style=3D"margin-top:0px;margin-bottom:0px;margin-left:45px;margin-right:= 80px;text-indent:0px"><span style=3D"font-size:12pt;font-family:'Helvetica,= Arial,sans-serif'">So returning.</span></p> <p style=3D"margin-top:0px;margin-bottom:0px;margin-left:45px;margin-right:= 80px;text-indent:0px"><span style=3D"font-size:12pt;font-family:'Helvetica,= Arial,sans-serif'"><br></span></p> <p style=3D"margin-top:0px;margin-bottom:0px;margin-left:45px;margin-right:= 80px;text-indent:0px"><span style=3D"font-size:12pt;font-family:'Helvetica,= Arial,sans-serif'">I got a machine, I installed Fedora 17 on it.</span></p> <p style=3D"margin-top:0px;margin-bottom:0px;margin-left:45px;margin-right:= 80px;text-indent:0px"><span style=3D"font-size:12pt;font-family:'Helvetica,= Arial,sans-serif'">With that I managed to install FreeIPA.</span></p> <p style=3D"margin-top:0px;margin-bottom:0px;margin-left:45px;margin-right:= 80px;text-indent:0px"><span style=3D"font-size:12pt;font-family:'Helvetica,= Arial,sans-serif'">FreeIPA configured, and managed to add the domain with t= he tool</span></p> <p style=3D"margin-top:0px;margin-bottom:0px;margin-left:45px;margin-right:= 80px;text-indent:0px"><span style=3D"font-size:12pt;font-family:'Helvetica,= Arial,sans-serif'">"oVirt-manage-domains".</span></p> <p style=3D"margin-top:0px;margin-bottom:0px;margin-left:45px;margin-right:= 80px;text-indent:0px"><span style=3D"font-size:12pt;font-family:'Helvetica,= Arial,sans-serif'"><br></span></p> <p style=3D"margin-top:0px;margin-bottom:0px;margin-left:45px;margin-right:= 80px;text-indent:0px"><span style=3D"font-size:12pt;font-family:'Helvetica,= Arial,sans-serif'">Created in FreeIPA users, set their passwords.</span></p=
<p style=3D"margin-top:0px;margin-bottom:0px;margin-left:45px;margin-right:= 80px;text-indent:0px"><span style=3D"font-size:12pt;font-family:'Helvetica,= Arial,sans-serif'">I gave permission for them.</span></p> <p style=3D"margin-top:0px;margin-bottom:0px;margin-left:45px;margin-right:= 80px;text-indent:0px"><span style=3D"font-size:12pt;font-family:'Helvetica,= Arial,sans-serif'">However, I can only login with the admin user in the new= domain.</span></p> <p style=3D"margin-top:0px;margin-bottom:0px;margin-left:45px;margin-right:= 80px;text-indent:0px"><span style=3D"font-size:12pt;font-family:'Helvetica,= Arial,sans-serif'">With users that I created, is giving the following messa= ge:</span></p> <p style=3D"margin-top:0px;margin-bottom:0px;margin-left:45px;margin-right:= 80px;text-indent:0px"><span style=3D"font-size:12pt;font-family:'Helvetica,= Arial,sans-serif'"><br></span></p> <p style=3D"margin-top:0px;margin-bottom:0px;margin-left:45px;margin-right:= 80px;text-indent:0px"><span style=3D"font-size:12pt;font-family:'Helvetica,= Arial,sans-serif'">Can not Login. User Password has expired, Please change = your password.</span></p> <p style=3D"margin-top:0px;margin-bottom:0px;margin-left:45px;margin-right:= 80px;text-indent:0px"><span style=3D"font-size:12pt;font-family:'Helvetica,= Arial,sans-serif'"><br></span></p> <p style=3D"margin-top:0px;margin-bottom:0px;margin-left:45px;margin-right:= 80px;text-indent:0px"><span style=3D"font-size:12pt;font-family:'Helvetica,= Arial,sans-serif'">So, I need to give any more permission for users to logi= n?</span></p> <p style=3D"margin-top:0px;margin-bottom:0px;margin-left:45px;margin-right:= 80px;text-indent:0px"><span style=3D"font-size:12pt;font-family:'Helvetica,= Arial,sans-serif'"><br></span></p> <p style=3D"margin-top:0px;margin-bottom:0px;margin-left:45px;margin-right:= 80px;text-indent:0px"><span style=3D"font-size:12pt;font-family:'Helvetica,= Arial,sans-serif'"><br></span></p> <p style=3D"margin-top:0px;margin-bottom:0px;margin-left:0px;margin-right:0= px;text-indent:0px"><span style=3D"font-size:12pt;font-family:'Helvetica,Ar= ial,sans-serif'">Att,<br><br></span></p> <p style=3D"margin-top:0px;margin-bottom:0px;margin-left:45px;margin-right:= 80px;text-indent:0px"><span style=3D"font-size:12pt;font-family:'Helvetica,= Arial,sans-serif'">2012/12/6 Yair Zaslavsky <</span><a href=3D"mailto:yz= aslavs@redhat.com" target=3D"_blank"><span style=3D"font-family:'Helvetica,= Arial,sans-serif';font-size:12pt;text-decoration:underline;color:#0057ae">y= zaslavs@redhat.com</span></a><span style=3D"font-size:12pt;font-family:'Hel= vetica,Arial,sans-serif'">><br> </span></p> <p style=3D"margin-top:0px;margin-bottom:0px;margin-left:49px;margin-right:= 80px;text-indent:0px"><span style=3D"font-size:12pt;font-family:'times new = roman,new york,times,serif'"><br><br></span></p> <hr> <p style=3D"margin-top:12px;margin-bottom:12px;margin-left:54px;margin-righ= t:120px;text-indent:0px"><span style=3D"font-size:12pt;font-family:'Helveti= ca,Arial,sans-serif';font-weight:600">From: </span><span style=3D"font-size= :12pt;font-family:'Helvetica,Arial,sans-serif'">"victor nunes" <</span><= a href=3D"mailto:victor.rebli@gmail.com" target=3D"_blank"><span style=3D"f= ont-family:'Helvetica,Arial,sans-serif';font-size:12pt;text-decoration:unde= rline;color:#0057ae">victor.rebli@gmail.com</span></a><span style=3D"font-s= ize:12pt;font-family:'Helvetica,Arial,sans-serif'">><br> </span><span style=3D"font-size:12pt;font-family:'Helvetica,Arial,sans-seri= f';font-weight:600">To: </span><span style=3D"font-size:12pt;font-family:'H= elvetica,Arial,sans-serif'">"Yair Zaslavsky" <</span><a href=3D"mailto:y= zaslavs@redhat.com" target=3D"_blank"><span style=3D"font-family:'Helvetica= ,Arial,sans-serif';font-size:12pt;text-decoration:underline;color:#0057ae">= yzaslavs@redhat.com</span></a><span style=3D"font-size:12pt;font-family:'He= lvetica,Arial,sans-serif'">><br> </span><span style=3D"font-size:12pt;font-family:'Helvetica,Arial,sans-seri= f';font-weight:600">Cc: </span><a href=3D"mailto:users@ovirt.org" target=3D= "_blank"><span style=3D"font-family:'Helvetica,Arial,sans-serif';font-size:= 12pt;text-decoration:underline;color:#0057ae">users@ovirt.org</span></a><sp= an style=3D"font-size:12pt;font-family:'Helvetica,Arial,sans-serif'">, "Ita= mar Heim" <</span><a href=3D"mailto:iheim@redhat.com" target=3D"_blank">= <span style=3D"font-family:'Helvetica,Arial,sans-serif';font-size:12pt;text= -decoration:underline;color:#0057ae">iheim@redhat.com</span></a><span style= =3D"font-size:12pt;font-family:'Helvetica,Arial,sans-serif'">><br> </span><span style=3D"font-size:12pt;font-family:'Helvetica,Arial,sans-seri= f';font-weight:600">Sent: </span><span style=3D"font-size:12pt;font-family:= 'Helvetica,Arial,sans-serif'">Thursday, December 6, 2012 2:14:49 AM</span><= /p> <p style=3D"margin-top:0px;margin-bottom:0px;margin-left:54px;margin-right:= 120px;text-indent:0px"><span style=3D"font-size:12pt;font-family:'Helvetica= ,Arial,sans-serif'"><br></span><span style=3D"font-size:12pt;font-family:'H= elvetica,Arial,sans-serif';font-weight:600">Subject: </span><span style=3D"= font-size:12pt;font-family:'Helvetica,Arial,sans-serif'">Re: [Users] tool e= ngine-manage-domains<br> <br></span></p> <p style=3D"margin-top:0px;margin-bottom:0px;margin-left:54px;margin-right:= 120px;text-indent:0px"><span style=3D"font-size:12pt;font-family:'Helvetica= ,Arial,sans-serif'">Hello,</span></p> <p style=3D"margin-top:0px;margin-bottom:0px;margin-left:54px;margin-right:= 120px;text-indent:0px"><span style=3D"font-size:12pt;font-family:'Helvetica= ,Arial,sans-serif'"><br></span></p> <p style=3D"margin-top:0px;margin-bottom:0px;margin-left:54px;margin-right:= 120px;text-indent:0px"><span style=3D"font-size:12pt;font-family:'Helvetica= ,Arial,sans-serif'">I'm going to do all these tests, but a question.</span>= </p> <p style=3D"margin-top:0px;margin-bottom:0px;margin-left:54px;margin-right:= 120px;text-indent:0px"><span style=3D"font-size:12pt;font-family:'Helvetica= ,Arial,sans-serif'"><br></span></p> <p style=3D"margin-top:0px;margin-bottom:0px;margin-left:54px;margin-right:= 120px;text-indent:0px"><span style=3D"font-size:12pt;font-family:'Helvetica= ,Arial,sans-serif'">I need to configure Kerberos on the server LDAP? </span=
</p>
<p style=3D"margin-top:0px;margin-bottom:0px;margin-left:54px;margin-right:= 120px;text-indent:0px"><span style=3D"font-size:12pt;font-family:'Helvetica= ,Arial,sans-serif'"><br></span></p> <p style=3D"margin-top:0px;margin-bottom:0px;margin-left:54px;margin-right:= 120px;text-indent:0px"><span style=3D"font-size:12pt;font-family:'Helvetica= ,Arial,sans-serif'">Att,</span></p> <p style=3D"margin-top:0px;margin-bottom:0px;margin-left:0px;margin-right:0= px;text-indent:0px"><span style=3D"font-size:12pt;font-family:'times new ro= man,new york,times,serif'">Yes.</span></p> <p style=3D"margin-top:0px;margin-bottom:0px;margin-left:49px;margin-right:= 80px;text-indent:0px"><span style=3D"font-size:12pt;font-family:'times new = roman,new york,times,serif'"><br><br></span></p> <p style=3D"margin-top:0px;margin-bottom:0px;margin-left:0px;margin-right:0= px;text-indent:0px"><span style=3D"font-size:12pt;font-family:'Helvetica,Ar= ial,sans-serif'"><br></span></p> <p style=3D"margin-top:0px;margin-bottom:0px;margin-left:54px;margin-right:= 120px;text-indent:0px"><span style=3D"font-size:12pt;font-family:'Helvetica= ,Arial,sans-serif'">2012/12/4 Yair Zaslavsky <</span><a href=3D"mailto:y= zaslavs@redhat.com" target=3D"_blank"><span style=3D"font-family:'Helvetica= ,Arial,sans-serif';font-size:12pt;text-decoration:underline;color:#0057ae">= yzaslavs@redhat.com</span></a><span style=3D"font-size:12pt;font-family:'He= lvetica,Arial,sans-serif'">><br> </span></p> <p style=3D"margin-top:0px;margin-bottom:0px;margin-left:58px;margin-right:= 120px;text-indent:0px"><span style=3D"font-size:12pt;font-family:'times new= roman, new york, times, serif'">Hi,</span></p> <p style=3D"margin-top:0px;margin-bottom:0px;margin-left:58px;margin-right:= 120px;text-indent:0px"><span style=3D"font-size:12pt;font-family:'times new= roman,new york,times,serif'">Several things -</span></p> <p style=3D"margin-top:0px;margin-bottom:0px;margin-left:58px;margin-right:= 120px;text-indent:0px"><span style=3D"font-size:12pt;font-family:'times new= roman,new york,times,serif'">a. I think logging at this point should be im= proved</span></p> <p style=3D"margin-top:0px;margin-bottom:0px;margin-left:58px;margin-right:= 120px;text-indent:0px"><span style=3D"font-size:12pt;font-family:'times new= roman,new york,times,serif'">b. Since the log is not informative enough, p= lease try the following:</span></p> <p style=3D"margin-top:0px;margin-bottom:0px;margin-left:58px;margin-right:= 120px;text-indent:0px"><span style=3D"font-size:12pt;font-family:'times new= roman,new york,times,serif'">1. Check that your credentials are corr= ect</span></p> <p style=3D"margin-top:0px;margin-bottom:0px;margin-left:58px;margin-right:= 120px;text-indent:0px"><span style=3D"font-size:12pt;font-family:'times new= roman,new york,times,serif'">2. Check you have no clock skew issue (the ti= me difference between the machine running manage-domains and your ldap serv= er should be less or equal to 5 minutes).</span></p> <p style=3D"margin-top:0px;margin-bottom:0px;margin-left:58px;margin-right:= 120px;text-indent:0px"><span style=3D"font-size:12pt;font-family:'times new= roman,new york,times,serif'">3. Connection refused so there is some connec= tivity issue - </span></p> <p style=3D"margin-top:0px;margin-bottom:0px;margin-left:58px;margin-right:= 120px;text-indent:0px"><span style=3D"font-size:12pt;font-family:'times new= roman, new york, times, serif'">please query your ldap SRV records for the= domain (IMHO dig SRV _ldap._tcp.</span><a href=3D"http://viperde.com.br" t= arget=3D"_blank"><span style=3D"font-family:'Helvetica, Arial, sans-serif';= font-size:12pt;text-decoration:underline;color:#0057ae">viperde.com.br</spa= n></a><span style=3D"font-size:12pt;font-family:'Helvetica, Arial, sans-ser= if'"> should do the trick) </span><span style=3D"font-size:12pt;font-f= amily:'times new roman,new york,times,serif'"> </span></p> <p style=3D"margin-top:0px;margin-bottom:0px;margin-left:58px;margin-right:= 120px;text-indent:0px"><span style=3D"font-size:12pt;font-family:'Helvetica= , Arial, sans-serif'">please try to connect to these ldap servers manually = -</span></p> <p style=3D"margin-top:0px;margin-bottom:0px;margin-left:58px;margin-right:= 120px;text-indent:0px"><span style=3D"font-size:12pt;font-family:'times new= roman,new york,times,serif'"><br></span></p> <p style=3D"margin-top:0px;margin-bottom:0px;margin-left:58px;margin-right:= 120px;text-indent:0px"><span style=3D"font-size:12pt;font-family:'Helvetica= , Arial, sans-serif'">For example, if the returned host from the dig SRV qu= ery is</span><span style=3D"font-size:12pt;font-family:'times new roman,new= york,times,serif'"> </span></p> <p style=3D"margin-top:0px;margin-bottom:0px;margin-left:58px;margin-right:= 120px;text-indent:0px"><a href=3D"http://aaa.viperde.com.br" target=3D"_bla= nk"><span style=3D"font-family:'Helvetica, Arial, sans-serif';font-size:12p= t;text-decoration:underline;color:#0057ae">aaa.viperde.com.br</span></a></p=
<p style=3D"margin-top:0px;margin-bottom:0px;margin-left:58px;margin-right:= 120px;text-indent:0px"><span style=3D"font-size:12pt;font-family:'Helvetica= , Arial, sans-serif'"><br></span></p> <p style=3D"margin-top:0px;margin-bottom:0px;margin-left:58px;margin-right:= 120px;text-indent:0px"><span style=3D"font-size:12pt;font-family:'Helvetica= , Arial, sans-serif'">perform:</span><span style=3D"font-size:12pt;font-fam= ily:'times new roman,new york,times,serif'"> </span></p> <p style=3D"margin-top:0px;margin-bottom:0px;margin-left:58px;margin-right:= 120px;text-indent:0px"><span style=3D"font-size:12pt;font-family:'Helvetica= , Arial, sans-serif'">telnet </span><a href=3D"http://aaa.viperde.com.br" t= arget=3D"_blank"><span style=3D"font-family:'Helvetica, Arial, sans-serif';= font-size:12pt;text-decoration:underline;color:#0057ae">aaa.viperde.com.br<= /span></a><span style=3D"font-size:12pt;font-family:'Helvetica, Arial, sans= -serif'"> 389</span></p> <p style=3D"margin-top:0px;margin-bottom:0px;margin-left:58px;margin-right:= 120px;text-indent:0px"><span style=3D"font-size:12pt;font-family:'Helvetica= , Arial, sans-serif'"><br></span></p> <p style=3D"margin-top:0px;margin-bottom:0px;margin-left:58px;margin-right:= 120px;text-indent:0px"><span style=3D"font-size:12pt;font-family:'Helvetica= , Arial, sans-serif'">Turns out that I did not have telnet installed on my = fc17 machine -</span><span style=3D"font-size:12pt;font-family:'times new r= oman,new york,times,serif'"> </span></p> <p style=3D"margin-top:0px;margin-bottom:0px;margin-left:58px;margin-right:= 120px;text-indent:0px"><span style=3D"font-size:12pt;font-family:'Helvetica= , Arial, sans-serif'">I used yum install telnet to install it.</span></p> <p style=3D"margin-top:0px;margin-bottom:0px;margin-left:58px;margin-right:= 120px;text-indent:0px"><span style=3D"font-size:12pt;font-family:'Helvetica= , Arial, sans-serif'"><br></span></p> <p style=3D"margin-top:0px;margin-bottom:0px;margin-left:58px;margin-right:= 120px;text-indent:0px"><span style=3D"font-size:12pt;font-family:'Helvetica= , Arial, sans-serif'">Kind regards,</span><span style=3D"font-size:12pt;fon= t-family:'times new roman,new york,times,serif'"> </span></p> <p style=3D"margin-top:0px;margin-bottom:0px;margin-left:58px;margin-right:= 120px;text-indent:0px"><span style=3D"font-size:12pt;font-family:'Helvetica= , Arial, sans-serif'"><br></span></p> <p style=3D"margin-top:0px;margin-bottom:0px;margin-left:58px;margin-right:= 120px;text-indent:0px"><span style=3D"font-size:12pt;font-family:'Helvetica= , Arial, sans-serif'">Yair</span></p> <p style=3D"margin-top:0px;margin-bottom:0px;margin-left:58px;margin-right:= 120px;text-indent:0px"><span style=3D"font-size:12pt;font-family:'Helvetica= , Arial, sans-serif'"><br></span></p> <p style=3D"margin-top:0px;margin-bottom:0px;margin-left:58px;margin-right:= 120px;text-indent:0px"><span style=3D"font-size:12pt;font-family:'times new= roman,new york,times,serif'"><br></span></p> <hr> <p style=3D"margin-top:12px;margin-bottom:12px;margin-left:63px;margin-righ= t:160px;text-indent:0px"><span style=3D"font-size:12pt;font-family:'Helveti= ca,Arial,sans-serif';font-weight:600">From: </span><span style=3D"font-size= :12pt;font-family:'Helvetica,Arial,sans-serif'">"victor nunes" <</span><= a href=3D"mailto:victor.rebli@gmail.com" target=3D"_blank"><span style=3D"f= ont-family:'Helvetica,Arial,sans-serif';font-size:12pt;text-decoration:unde= rline;color:#0057ae">victor.rebli@gmail.com</span></a><span style=3D"font-s= ize:12pt;font-family:'Helvetica,Arial,sans-serif'">><br> </span><span style=3D"font-size:12pt;font-family:'Helvetica,Arial,sans-seri= f';font-weight:600">To: </span><span style=3D"font-size:12pt;font-family:'H= elvetica,Arial,sans-serif'">"Itamar Heim" <</span><a href=3D"mailto:ihei= m@redhat.com" target=3D"_blank"><span style=3D"font-family:'Helvetica,Arial= ,sans-serif';font-size:12pt;text-decoration:underline;color:#0057ae">iheim@= redhat.com</span></a><span style=3D"font-size:12pt;font-family:'Helvetica,A= rial,sans-serif'">><br> </span><span style=3D"font-size:12pt;font-family:'Helvetica,Arial,sans-seri= f';font-weight:600">Cc: </span><span style=3D"font-size:12pt;font-family:'H= elvetica,Arial,sans-serif'">"Yair Zaslavsky" <</span><a href=3D"mailto:y= zaslavs@redhat.com" target=3D"_blank"><span style=3D"font-family:'Helvetica= ,Arial,sans-serif';font-size:12pt;text-decoration:underline;color:#0057ae">= yzaslavs@redhat.com</span></a><span style=3D"font-size:12pt;font-family:'He= lvetica,Arial,sans-serif'">>, </span><a href=3D"mailto:users@ovirt.org" = target=3D"_blank"><span style=3D"font-family:'Helvetica,Arial,sans-serif';f= ont-size:12pt;text-decoration:underline;color:#0057ae">users@ovirt.org</spa= n></a><span style=3D"font-size:12pt;font-family:'Helvetica,Arial,sans-serif= '"><br> </span><span style=3D"font-size:12pt;font-family:'Helvetica,Arial,sans-seri= f';font-weight:600">Sent: </span><span style=3D"font-size:12pt;font-family:= 'Helvetica,Arial,sans-serif'">Tuesday, December 4, 2012 3:28:56 AM<br> </span><span style=3D"font-size:12pt;font-family:'Helvetica,Arial,sans-seri= f';font-weight:600">Subject: </span><span style=3D"font-size:12pt;font-fami= ly:'Helvetica,Arial,sans-serif'">Re: [Users] tool engine-manage-domains</sp= an></p> <p style=3D"margin-top:0px;margin-bottom:0px;margin-left:63px;margin-right:= 160px;text-indent:0px"><span style=3D"font-size:12pt;font-family:'Helvetica= ,Arial,sans-serif'"><br><br></span></p> <p style=3D"margin-top:0px;margin-bottom:0px;margin-left:63px;margin-right:= 160px;text-indent:0px"><span style=3D"font-size:12pt;font-family:'Helvetica= ,Arial,sans-serif'">Thanks for the reply.</span></p> <p style=3D"margin-top:0px;margin-bottom:0px;margin-left:63px;margin-right:= 160px;text-indent:0px"><span style=3D"font-size:12pt;font-family:'Helvetica= ,Arial,sans-serif'"><br></span></p> <p style=3D"margin-top:0px;margin-bottom:0px;margin-left:63px;margin-right:= 160px;text-indent:0px"><span style=3D"font-size:12pt;font-family:'Helvetica= ,Arial,sans-serif'">I do not have another machine to the power configuar Fr= eeIPA. </span></p> <p style=3D"margin-top:0px;margin-bottom:0px;margin-left:63px;margin-right:= 160px;text-indent:0px"><span style=3D"font-size:12pt;font-family:'Helvetica= ,Arial,sans-serif'"><br></span></p> <p style=3D"margin-top:0px;margin-bottom:0px;margin-left:63px;margin-right:= 160px;text-indent:0px"><span style=3D"font-size:12pt;font-family:'Helvetica= ,Arial,sans-serif'">I have a machine, I do not have access, which is an LDA= P server installed on it.</span></p> <p style=3D"margin-top:0px;margin-bottom:0px;margin-left:63px;margin-right:= 160px;text-indent:0px"><span style=3D"font-size:12pt;font-family:'Helvetica= ,Arial,sans-serif'">I configured a machine that is oVirt-manage as ldap cli= ent, I configured the dns, but in time to include the domain happens the fo= llowing error:</span></p> <p style=3D"margin-top:0px;margin-bottom:0px;margin-left:63px;margin-right:= 160px;text-indent:0px"><span style=3D"font-size:12pt;font-family:'Helvetica= ,Arial,sans-serif'"><br></span></p> <p style=3D"margin-top:0px;margin-bottom:0px;margin-left:63px;margin-right:= 160px;text-indent:0px"><span style=3D"font-size:12pt;font-family:'Helvetica= ,Arial,sans-serif'">Error: exception message: Connection refused </span></p=
<a href=3D"mailto:yzaslavs@redhat.com" target=3D"_blank"><span style=3D"fo= nt-family:'Helvetica,Arial,sans-serif';font-size:12pt;text-decoration:under=
to the system without the = need for ldap provider.<br> = I recommend you install some ldap server (i.e - free IPA)<br> and try to<br> = ; work with it.<br><br><br><br> &nb= sp; On 11/08/2012 01:08 AM, victor nunes wrote:<br><br> = Sorry.<br><br> = Att,<br><br> = 2012/11/7 victor nun= es <</span><a href=3D"mailto:victor.rebli@gmail.com" target=3D"_blank"><= span style=3D"font-family:'Helvetica,Arial,sans-serif';font-size:12pt;text-= decoration:underline;color:#0057ae">victor.rebli@gmail.com</span></a><span =
<p style=3D"margin-top:0px;margin-bottom:0px;margin-left:63px;margin-right:= 160px;text-indent:0px"><span style=3D"font-size:12pt;font-family:'Helvetica= ,Arial,sans-serif'">Failure while testing domain </span><a href=3D"http://v= iprede.com.br" target=3D"_blank"><span style=3D"font-family:'Helvetica,Aria= l,sans-serif';font-size:12pt;text-decoration:underline;color:#0057ae">vipre= de.com.br</span></a><span style=3D"font-size:12pt;font-family:'Helvetica,Ar= ial,sans-serif'">. Details: Kerberos error. Please check log for further To= p details.</span></p> <p style=3D"margin-top:0px;margin-bottom:0px;margin-left:63px;margin-right:= 160px;text-indent:0px"><span style=3D"font-size:12pt;font-family:'Helvetica= ,Arial,sans-serif'"><br></span></p> <p style=3D"margin-top:0px;margin-bottom:0px;margin-left:63px;margin-right:= 160px;text-indent:0px"><span style=3D"font-size:12pt;font-family:'Helvetica= ,Arial,sans-serif'">in the logs, I have the following lines: </span></p> <p style=3D"margin-top:0px;margin-bottom:0px;margin-left:63px;margin-right:= 160px;text-indent:0px"><span style=3D"font-size:12pt;font-family:'Helvetica= ,Arial,sans-serif'"><br></span></p> <p style=3D"margin-top:0px;margin-bottom:0px;margin-left:63px;margin-right:= 160px;text-indent:0px"><span style=3D"font-size:12pt;font-family:'Helvetica= ,Arial,sans-serif'">03/12/2012 20:25:26,390 INFO [org.ovirt.engine.core.uti= ls.kerberos.ManageDomains] Creating kerberos configuration for domain (s): = </span><a href=3D"http://viprede.com.br" target=3D"_blank"><span style=3D"f= ont-family:'Helvetica,Arial,sans-serif';font-size:12pt;text-decoration:unde= rline;color:#0057ae">viprede.com.br</span></a><span style=3D"font-size:12pt= ;font-family:'Helvetica,Arial,sans-serif'"> </span></p> <p style=3D"margin-top:0px;margin-bottom:0px;margin-left:63px;margin-right:= 160px;text-indent:0px"><span style=3D"font-size:12pt;font-family:'Helvetica= ,Arial,sans-serif'">03/12/2012 20:25:26,422 INFO [org.ovirt.engine.core.uti= ls.kerberos.ManageDomains] Successfully created kerberos configuration for = domain (s): </span><a href=3D"http://viprede.com.br" target=3D"_blank"><spa= n style=3D"font-family:'Helvetica,Arial,sans-serif';font-size:12pt;text-dec= oration:underline;color:#0057ae">viprede.com.br</span></a></p> <p style=3D"margin-top:0px;margin-bottom:0px;margin-left:63px;margin-right:= 160px;text-indent:0px"><span style=3D"font-size:12pt;font-family:'Helvetica= ,Arial,sans-serif'">03/12/2012 20:25:26,422 INFO [org.ovirt.engine.core.uti= ls.kerberos.ManageDomains] Testing kerberos configuration for domain: </spa= n><a href=3D"http://viprede.com.br" target=3D"_blank"><span style=3D"font-f= amily:'Helvetica,Arial,sans-serif';font-size:12pt;text-decoration:underline= ;color:#0057ae">viprede.com.br</span></a><span style=3D"font-size:12pt;font= -family:'Helvetica,Arial,sans-serif'">.</span></p> <p style=3D"margin-top:0px;margin-bottom:0px;margin-left:63px;margin-right:= 160px;text-indent:0px"><span style=3D"font-size:12pt;font-family:'Helvetica= ,Arial,sans-serif'"><br></span></p> <p style=3D"margin-top:0px;margin-bottom:0px;margin-left:63px;margin-right:= 160px;text-indent:0px"><span style=3D"font-size:12pt;font-family:'Helvetica= ,Arial,sans-serif'">So what could be this error?<br></span></p> <p style=3D"margin-top:0px;margin-bottom:0px;margin-left:63px;margin-right:= 160px;text-indent:0px"><span style=3D"font-size:12pt;font-family:'Helvetica= ,Arial,sans-serif'">2012/11/29 Itamar Heim <</span><a href=3D"mailto:ihe= im@redhat.com" target=3D"_blank"><span style=3D"font-family:'Helvetica,Aria= l,sans-serif';font-size:12pt;text-decoration:underline;color:#0057ae">iheim= @redhat.com</span></a><span style=3D"font-size:12pt;font-family:'Helvetica,= Arial,sans-serif'">><br> </span></p> <p style=3D"margin-top:0px;margin-bottom:0px;margin-left:67px;margin-right:= 160px;text-indent:0px"><span style=3D"font-size:12pt;font-family:'Helvetica= ,Arial,sans-serif'">On 11/29/2012 05:58 AM, victor nunes wrote:<br> </span></p> <p style=3D"margin-top:0px;margin-bottom:0px;margin-left:71px;margin-right:= 160px;text-indent:0px"><span style=3D"font-size:12pt;font-family:'Helvetica= ,Arial,sans-serif'"><br><br>2012/11/29 Yair Zaslavsky <</span><a href=3D= "mailto:yzaslavs@redhat.com" target=3D"_blank"><span style=3D"font-family:'= Helvetica,Arial,sans-serif';font-size:12pt;text-decoration:underline;color:= #0057ae">yzaslavs@redhat.com</span></a><span style=3D"font-size:12pt;font-f= amily:'Helvetica,Arial,sans-serif'"> <mailto:</span><a href=3D"mailto:yz= aslavs@redhat.com" target=3D"_blank"><span style=3D"font-family:'Helvetica,= Arial,sans-serif';font-size:12pt;text-decoration:underline;color:#0057ae">y= zaslavs@redhat.com</span></a><span style=3D"font-size:12pt;font-family:'Hel= vetica,Arial,sans-serif'">>></span></p> <p style=3D"margin-top:0px;margin-bottom:0px;margin-left:71px;margin-right:= 160px;text-indent:0px"><span style=3D"font-size:12pt;font-family:'Helvetica= ,Arial,sans-serif'"><br><br> Hi,<br> Can you redi= rect your question to </span><a href=3D"mailto:users@ovirt.org" target=3D"_= blank"><span style=3D"font-family:'Helvetica,Arial,sans-serif';font-size:12= pt;text-decoration:underline;color:#0057ae">users@ovirt.org</span></a><span= style=3D"font-size:12pt;font-family:'Helvetica,Arial,sans-serif'"><br> </span></p> <p style=3D"margin-top:0px;margin-bottom:0px;margin-left:0px;margin-right:0= px;text-indent:0px"><span style=3D"font-size:12pt;font-family:'Helvetica,Ar= ial,sans-serif'"> <mailto:</span><a href=3D"mailto:users@ov= irt.org" target=3D"_blank"><span style=3D"font-family:'Helvetica,Arial,sans= -serif';font-size:12pt;text-decoration:underline;color:#0057ae">users@ovirt= .org</span></a><span style=3D"font-size:12pt;font-family:'Helvetica,Arial,s= ans-serif'">>?</span></p> <p style=3D"margin-top:0px;margin-bottom:0px;margin-left:71px;margin-right:= 160px;text-indent:0px"><span style=3D"font-size:12pt;font-family:'Helvetica= ,Arial,sans-serif'"><br> I think others will help you to forwa= rd your question to relevant<br> people here (not sure I can provide a good answer).<br><br><b= r><br> On 11/29/2012 03:26 AM, victor nunes wrote:<br><br>&nbs= p; So I'm trying to install FreeIPA on the same machin= e that<br> oVirt-manage,<br> but at the time of installation, the following = error occurs:<br><br> FreeIPA-server conflicts w= ith 1: mod_ssl-2.2.22-4.fc17.x86_64<br><br><br> = Looking for a solution to the problem, I discovered that this is<br> a bug<br> reported b= y others.<br><br> Follow the link to the bug rep= orted:<br> </span><a href=3D"https://bugzilla.re= dhat.com/__show_bug.cgi?id=3D840098" target=3D"_blank"><span style=3D"font-= family:'Helvetica,Arial,sans-serif';font-size:12pt;text-decoration:underlin= e;color:#0057ae">https://bugzilla.redhat.com/__show_bug.cgi?id=3D840098</sp= an></a></p> <p style=3D"margin-top:0px;margin-bottom:0px;margin-left:71px;margin-right:= 160px;text-indent:0px"><span style=3D"font-size:12pt;font-family:'Helvetica= ,Arial,sans-serif'"><br> <</span><a href=3D"h= ttps://bugzilla.redhat.com/show_bug.cgi?id=3D840098" target=3D"_blank"><spa= n style=3D"font-family:'Helvetica,Arial,sans-serif';font-size:12pt;text-dec= oration:underline;color:#0057ae">https://bugzilla.redhat.com/show_bug.cgi?i= d=3D840098</span></a><span style=3D"font-size:12pt;font-family:'Helvetica,A= rial,sans-serif'">><br> <br> Then, using oo FreeIPA not be possible, whi= ch otherwise I have<br> to add<br> = new domains and users?<br><br> Em = 8 de novembro de 2012 02:41, Yair Zaslavsky<br> = <</span><a href=3D"mailto:yzaslavs@redhat.com" target=3D"_blank"><span s= tyle=3D"font-family:'Helvetica,Arial,sans-serif';font-size:12pt;text-decora= tion:underline;color:#0057ae">yzaslavs@redhat.com</span></a><span style=3D"= font-size:12pt;font-family:'Helvetica,Arial,sans-serif'"> <mailto:</span= line;color:#0057ae">yzaslavs@redhat.com</span></a><span style=3D"font-size:= 12pt;font-family:'Helvetica,Arial,sans-serif'">><br> </span></p> <p style=3D"margin-top:0px;margin-bottom:0px;margin-left:0px;margin-right:0= px;text-indent:0px"><span style=3D"font-size:12pt;font-family:'Helvetica,Ar= ial,sans-serif'"> <mailto:</span><a href=3D"m= ailto:yzaslavs@redhat.com" target=3D"_blank"><span style=3D"font-family:'He= lvetica,Arial,sans-serif';font-size:12pt;text-decoration:underline;color:#0= 057ae">yzaslavs@redhat.com</span></a><span style=3D"font-size:12pt;font-fam= ily:'Helvetica,Arial,sans-serif'"> <mailto:</span><a href=3D"mailto:yzas= lavs@redhat.com" target=3D"_blank"><span style=3D"font-family:'Helvetica,Ar= ial,sans-serif';font-size:12pt;text-decoration:underline;color:#0057ae">yza= slavs@redhat.com</span></a><span style=3D"font-size:12pt;font-family:'Helve= tica,Arial,sans-serif'">>>> escreveu:</span></p> <p style=3D"margin-top:0px;margin-bottom:0px;margin-left:71px;margin-right:= 160px;text-indent:0px"><span style=3D"font-size:12pt;font-family:'Helvetica= ,Arial,sans-serif'"><br><br><br> &= nbsp;Hi,<br> You cannot crea= te new users for the internal domain.<br> The internal domain was dev= eloped for quick POC, just to<br> allow login<br= style=3D"font-size:12pt;font-family:'Helvetica,Arial,sans-serif'"><br> <mailto:</span><a href=3D"mailto:victor.rebl= i@gmail.com" target=3D"_blank"><span style=3D"font-family:'Helvetica,Arial,= sans-serif';font-size:12pt;text-decoration:underline;color:#0057ae">victor.= rebli@gmail.com</span></a><span style=3D"font-size:12pt;font-family:'Helvet= ica,Arial,sans-serif'">><br> <mailto:</= span><a href=3D"mailto:victor.rebli@gmail.com" target=3D"_blank"><span styl= e=3D"font-family:'Helvetica,Arial,sans-serif';font-size:12pt;text-decoratio= n:underline;color:#0057ae">victor.rebli@gmail.com</span></a><span style=3D"= font-size:12pt;font-family:'Helvetica,Arial,sans-serif'"><br> <mailto:</span><a href=3D"mailto:victor.rebl= i@gmail.com" target=3D"_blank"><span style=3D"font-family:'Helvetica,Arial,= sans-serif';font-size:12pt;text-decoration:underline;color:#0057ae">victor.= rebli@gmail.com</span></a><span style=3D"font-size:12pt;font-family:'Helvet= ica,Arial,sans-serif'">>__><br> <mailto:</= span><a href=3D"mailto:victor.rebli@gmail.com" target=3D"_blank"><span styl= e=3D"font-family:'Helvetica,Arial,sans-serif';font-size:12pt;text-decoratio= n:underline;color:#0057ae">victor.rebli@gmail.com</span></a><span style=3D"= font-size:12pt;font-family:'Helvetica,Arial,sans-serif'"><br> <mailto:</span><a href=3D"mailto:victor.rebl= i@gmail.com" target=3D"_blank"><span style=3D"font-family:'Helvetica,Arial,= sans-serif';font-size:12pt;text-decoration:underline;color:#0057ae">victor.= rebli@gmail.com</span></a><span style=3D"font-size:12pt;font-family:'Helvet= ica,Arial,sans-serif'">> <mailto:</span><a href=3D"mailto:victor.rebl= i@gmail.com" target=3D"_blank"><span style=3D"font-family:'Helvetica,Arial,= sans-serif';font-size:12pt;text-decoration:underline;color:#0057ae">victor.= rebli@gmail.com</span></a><span style=3D"font-size:12pt;font-family:'Helvet= ica,Arial,sans-serif'"><br> </span></p> <p style=3D"margin-top:0px;margin-bottom:0px;margin-left:0px;margin-right:0= px;text-indent:0px"><span style=3D"font-size:12pt;font-family:'Helvetica,Ar= ial,sans-serif'"> <mailto:</span><a href=3D"m= ailto:victor.rebli@gmail.com" target=3D"_blank"><span style=3D"font-family:= 'Helvetica,Arial,sans-serif';font-size:12pt;text-decoration:underline;color= :#0057ae">victor.rebli@gmail.com</span></a><span style=3D"font-size:12pt;fo= nt-family:'Helvetica,Arial,sans-serif'">>__>__>></span></p> <p style=3D"margin-top:0px;margin-bottom:0px;margin-left:71px;margin-right:= 160px;text-indent:0px"><span style=3D"font-size:12pt;font-family:'Helvetica= ,Arial,sans-serif'"><br><br><br><br> &nbs= p; Thanks for the reply.<br> <br> &= nbsp; As the command "engine-manage-domains" works with<br> &n= bsp; ldap, how<br> &= nbsp; can I<br> = ; create another user in the field "internal", and use= r<br> "admin" that<= br> &n= bsp; is created when you installed the engine-setup?<br><br> &= nbsp; 2012/11/4 Yai= r Zaslavsky <</span><a href=3D"mailto:yzaslavs@redhat.com" target=3D"_bl= ank"><span style=3D"font-family:'Helvetica,Arial,sans-serif';font-size:12pt= ;text-decoration:underline;color:#0057ae">yzaslavs@redhat.com</span></a><sp= an style=3D"font-size:12pt;font-family:'Helvetica,Arial,sans-serif'"><br> <mailto:</span><a href=3D"mailto:yzaslavs@re= dhat.com" target=3D"_blank"><span style=3D"font-family:'Helvetica,Arial,san= s-serif';font-size:12pt;text-decoration:underline;color:#0057ae">yzaslavs@r= edhat.com</span></a><span style=3D"font-size:12pt;font-family:'Helvetica,Ar= ial,sans-serif'">><br> <mailto:</= span><a href=3D"mailto:yzaslavs@redhat.com" target=3D"_blank"><span style= =3D"font-family:'Helvetica,Arial,sans-serif';font-size:12pt;text-decoration= :underline;color:#0057ae">yzaslavs@redhat.com</span></a><span style=3D"font= -size:12pt;font-family:'Helvetica,Arial,sans-serif'"> <mailto:</span><a = href=3D"mailto:yzaslavs@redhat.com" target=3D"_blank"><span style=3D"font-f= amily:'Helvetica,Arial,sans-serif';font-size:12pt;text-decoration:underline= ;color:#0057ae">yzaslavs@redhat.com</span></a><span style=3D"font-size:12pt= ;font-family:'Helvetica,Arial,sans-serif'">>><br> = ; <mailto:</span><a href=3D"mailto:yzaslavs@redhat.com" target=3D"_blank= "><span style=3D"font-family:'Helvetica,Arial,sans-serif';font-size:12pt;te= xt-decoration:underline;color:#0057ae">yzaslavs@redhat.com</span></a><span = style=3D"font-size:12pt;font-family:'Helvetica,Arial,sans-serif'"><br> <mailto:</span><a href=3D"mailto:yzaslavs@re= dhat.com" target=3D"_blank"><span style=3D"font-family:'Helvetica,Arial,san= s-serif';font-size:12pt;text-decoration:underline;color:#0057ae">yzaslavs@r= edhat.com</span></a><span style=3D"font-size:12pt;font-family:'Helvetica,Ar= ial,sans-serif'">> <mailto:</span><a href=3D"mailto:yzaslavs@redhat.c= om" target=3D"_blank"><span style=3D"font-family:'Helvetica,Arial,sans-seri= f';font-size:12pt;text-decoration:underline;color:#0057ae">yzaslavs@redhat.= com</span></a><span style=3D"font-size:12pt;font-family:'Helvetica,Arial,sa= ns-serif'"><br> <mailto:</span><a href=3D"mailto:yzaslavs@re= dhat.com" target=3D"_blank"><span style=3D"font-family:'Helvetica,Arial,san= s-serif';font-size:12pt;text-decoration:underline;color:#0057ae">yzaslavs@r= edhat.com</span></a><span style=3D"font-size:12pt;font-family:'Helvetica,Ar= ial,sans-serif'">>>>><br> <br><br><br> = Hi,<br> = ; The specified tool handl= e only ldap domains,<br> and not the<br> &= nbsp; = internal domain.<br> = ; What would you like to change a= t the internal<br> domain?<br> &= nbsp; I suggest you try to= use engine-config for this.<br><br><br><br><br></span></p> <p style=3D"margin-top:0px;margin-bottom:0px;margin-left:0px;margin-right:0= px;text-indent:0px"><span style=3D"font-size:12pt;font-family:'Helvetica,Ar= ial,sans-serif'"> ------------------------------= ____----------------------------__--__------------</span></p> <p style=3D"margin-top:0px;margin-bottom:0px;margin-left:71px;margin-right:= 160px;text-indent:0px"><span style=3D"font-size:12pt;font-family:'Helvetica= ,Arial,sans-serif'"><br><br><br> &= nbsp; *From: *"vict= or nunes"<br> <</span><a href=3D"mailto:victor.rebli@gmail= .com" target=3D"_blank"><span style=3D"font-family:'Helvetica,Arial,sans-se= rif';font-size:12pt;text-decoration:underline;color:#0057ae">victor.rebli@g= mail.com</span></a><span style=3D"font-size:12pt;font-family:'Helvetica,Ari= al,sans-serif'"> <mailto:</span><a href=3D"mailto:victor.rebli@gmail.com= " target=3D"_blank"><span style=3D"font-family:'Helvetica,Arial,sans-serif'= ;font-size:12pt;text-decoration:underline;color:#0057ae">victor.rebli@gmail= .com</span></a><span style=3D"font-size:12pt;font-family:'Helvetica,Arial,s= ans-serif'">><br> <mailto:</= span><a href=3D"mailto:victor.rebli@gmail.com" target=3D"_blank"><span styl= e=3D"font-family:'Helvetica,Arial,sans-serif';font-size:12pt;text-decoratio= n:underline;color:#0057ae">victor.rebli@gmail.com</span></a><span style=3D"= font-size:12pt;font-family:'Helvetica,Arial,sans-serif'"><br> <mailto:</span><a href=3D"mailto:victor.rebl= i@gmail.com" target=3D"_blank"><span style=3D"font-family:'Helvetica,Arial,= sans-serif';font-size:12pt;text-decoration:underline;color:#0057ae">victor.= rebli@gmail.com</span></a><span style=3D"font-size:12pt;font-family:'Helvet= ica,Arial,sans-serif'">>__><br> </span></p> <p style=3D"margin-top:0px;margin-bottom:0px;margin-left:71px;margin-right:= 160px;text-indent:0px"><span style=3D"font-size:12pt;font-family:'Helvetica= ,Arial,sans-serif'"> = <mailto:</span><a href= =3D"mailto:victor.rebli@gmail.com" target=3D"_blank"><span style=3D"font-fa= mily:'Helvetica,Arial,sans-serif';font-size:12pt;text-decoration:underline;= color:#0057ae">victor.rebli@gmail.com</span></a><span style=3D"font-size:12= pt;font-family:'Helvetica,Arial,sans-serif'"><br> <mailto:</span><a href=3D"mailto:victor.rebl= i@gmail.com" target=3D"_blank"><span style=3D"font-family:'Helvetica,Arial,= sans-serif';font-size:12pt;text-decoration:underline;color:#0057ae">victor.= rebli@gmail.com</span></a><span style=3D"font-size:12pt;font-family:'Helvet= ica,Arial,sans-serif'">><br> <mailto:</= span><a href=3D"mailto:victor.rebli@gmail.com" target=3D"_blank"><span styl= e=3D"font-family:'Helvetica,Arial,sans-serif';font-size:12pt;text-decoratio= n:underline;color:#0057ae">victor.rebli@gmail.com</span></a><span style=3D"= font-size:12pt;font-family:'Helvetica,Arial,sans-serif'"><br> </span></p> <p style=3D"margin-top:0px;margin-bottom:0px;margin-left:0px;margin-right:0= px;text-indent:0px"><span style=3D"font-size:12pt;font-family:'Helvetica,Ar= ial,sans-serif'"> <mailto:</span><a href=3D"m= ailto:victor.rebli@gmail.com" target=3D"_blank"><span style=3D"font-family:= 'Helvetica,Arial,sans-serif';font-size:12pt;text-decoration:underline;color= :#0057ae">victor.rebli@gmail.com</span></a><span style=3D"font-size:12pt;fo= nt-family:'Helvetica,Arial,sans-serif'">>__>__>></span></p> <p style=3D"margin-top:0px;margin-bottom:0px;margin-left:71px;margin-right:= 160px;text-indent:0px"><span style=3D"font-size:12pt;font-family:'Helvetica= ,Arial,sans-serif'"><br> &n= bsp; *To: *</span><a href= =3D"mailto:users@ovirt.org" target=3D"_blank"><span style=3D"font-family:'H= elvetica,Arial,sans-serif';font-size:12pt;text-decoration:underline;color:#= 0057ae">users@ovirt.org</span></a><span style=3D"font-size:12pt;font-family= :'Helvetica,Arial,sans-serif'"><br> <mailto:</span><a href=3D"mailto:users@ovirt= .org" target=3D"_blank"><span style=3D"font-family:'Helvetica,Arial,sans-se= rif';font-size:12pt;text-decoration:underline;color:#0057ae">users@ovirt.or= g</span></a><span style=3D"font-size:12pt;font-family:'Helvetica,Arial,sans= -serif'">> <mailto:</span><a href=3D"mailto:users@ovirt.org" target= =3D"_blank"><span style=3D"font-family:'Helvetica,Arial,sans-serif';font-si= ze:12pt;text-decoration:underline;color:#0057ae">users@ovirt.org</span></a>= <span style=3D"font-size:12pt;font-family:'Helvetica,Arial,sans-serif'"><br=
configuration"<br><br> &nb= sp; &= nbsp; This is my domain admin user that is<br> c= onfigured in the<br> = installation ovirt-setup.= <br> <br> &= nbsp; So, how can i fix it to include a user in= <br> this domain?<br><br><br> = ; &nb= sp; Att,<br><br><br><br><br> = ; --<br>&nbs=
velhice,<br> = ela parece<br> = ; um =
<mailto:</span><a href=3D"mailto:users@ovirt= .org" target=3D"_blank"><span style=3D"font-family:'Helvetica,Arial,sans-se= rif';font-size:12pt;text-decoration:underline;color:#0057ae">users@ovirt.or= g</span></a><span style=3D"font-size:12pt;font-family:'Helvetica,Arial,sans= -serif'">>><br> <mailto:</= span><a href=3D"mailto:users@ovirt.org" target=3D"_blank"><span style=3D"fo= nt-family:'Helvetica,Arial,sans-serif';font-size:12pt;text-decoration:under= line;color:#0057ae">users@ovirt.org</span></a><span style=3D"font-size:12pt= ;font-family:'Helvetica,Arial,sans-serif'"> <mailto:</span><a href=3D"ma= ilto:users@ovirt.org" target=3D"_blank"><span style=3D"font-family:'Helveti= ca,Arial,sans-serif';font-size:12pt;text-decoration:underline;color:#0057ae= ">users@ovirt.org</span></a><span style=3D"font-size:12pt;font-family:'Helv= etica,Arial,sans-serif'">><br> <mailto:</span><a href=3D"mailto:users@ovirt= .org" target=3D"_blank"><span style=3D"font-family:'Helvetica,Arial,sans-se= rif';font-size:12pt;text-decoration:underline;color:#0057ae">users@ovirt.or= g</span></a><span style=3D"font-size:12pt;font-family:'Helvetica,Arial,sans= -serif'"> <mailto:</span><a href=3D"mailto:users@ovirt.org" target=3D"_b= lank"><span style=3D"font-family:'Helvetica,Arial,sans-serif';font-size:12p= t;text-decoration:underline;color:#0057ae">users@ovirt.org</span></a><span = style=3D"font-size:12pt;font-family:'Helvetica,Arial,sans-serif'">>>&= gt;<br> <br> &= nbsp; *Sent: *Sunday, November 4, 2012 12:18:55= AM<br> = ; *Subject: *[Users] tool engine-manage-= domains<br><br><br><br> &nb= sp; I'm trying to change t= he default domain, the<br> "internal" wi= th<br> = the following command:<br><br> &n= bsp; = engine-manage-domains -action=3Dedit<br> = -domain=3Dinternal<br><br> = Howev= er, i am getting the following message:<br> <br> &= nbsp; "Domain internal doesn't exist int the<br= p; &n= bsp; =E2=80=9CEncarada do ponto de vista da juventude,= <br> a vida<br> &n= bsp; parece um<br> &n= bsp; futuro<= br> &n= bsp; indefinidamente longo, ao passo que, na<br= passado<br> = ; deveras curto. Assim, a vida no seu in=C3=ADc= io se<br> apre= senta do<br> = mesmo modo<br> = ; &nb= sp; que as coisas quando as olhamos atrav=C3=A9s de um<br> bin=C3=B3culo= usado<br> &n= bsp; ao contr=C3=A1rio; mas, ao<br> = ; &nb= sp; seu final, ela se parece com as coisas<br> &= nbsp; tal qual<br> &= nbsp; s=C3=A3o vistas<br> &n= bsp; = quando o bin=C3=B3culo<br> = ; =C3=A9 usado de modo normal. Um homem precisa= ter<br> envel= hecido e<br> = vivido<br> &n= bsp; = bastante para perceber como a vida =C3=A9 curta=E2=80=9D.<br> <br> &= nbsp; (Poema= de Arthur Schopenhauer)<br><br><br></span></p> <p style=3D"margin-top:0px;margin-bottom:0px;margin-left:0px;margin-right:0= px;text-indent:0px"><span style=3D"font-size:12pt;font-family:'Helvetica,Ar= ial,sans-serif'"> _______________________= ____________________________</span></p> <p style=3D"margin-top:0px;margin-bottom:0px;margin-left:71px;margin-right:= 160px;text-indent:0px"><span style=3D"font-size:12pt;font-family:'Helvetica= ,Arial,sans-serif'"><br> &n= bsp; Users mailing list<br=
<span style=3D"font-size:12pt;font-family:'Helvetica,Arial,sans-serif'"> &= lt;mailto:</span><a href=3D"mailto:Users@ovirt.org" target=3D"_blank"><span=
</span><a href=3D"mailto:Users@ovirt.org" targe= t=3D"_blank"><span style=3D"font-family:'Helvetica,Arial,sans-serif';font-s= ize:12pt;text-decoration:underline;color:#0057ae">Users@ovirt.org</span></a= style=3D"font-family:'Helvetica,Arial,sans-serif';font-size:12pt;text-deco= ration:underline;color:#0057ae">Users@ovirt.org</span></a><span style=3D"fo= nt-size:12pt;font-family:'Helvetica,Arial,sans-serif'">> <mailto:</sp= an><a href=3D"mailto:Users@ovirt.org" target=3D"_blank"><span style=3D"font= -family:'Helvetica,Arial,sans-serif';font-size:12pt;text-decoration:underli= ne;color:#0057ae">Users@ovirt.org</span></a><span style=3D"font-size:12pt;f= ont-family:'Helvetica,Arial,sans-serif'"><br> </span></p> <p style=3D"margin-top:0px;margin-bottom:0px;margin-left:0px;margin-right:0= px;text-indent:0px"><span style=3D"font-size:12pt;font-family:'Helvetica,Ar= ial,sans-serif'"> <mailto:</span><a href=3D"m= ailto:Users@ovirt.org" target=3D"_blank"><span style=3D"font-family:'Helvet= ica,Arial,sans-serif';font-size:12pt;text-decoration:underline;color:#0057a= e">Users@ovirt.org</span></a><span style=3D"font-size:12pt;font-family:'Hel= vetica,Arial,sans-serif'">>> <mailto:</span><a href=3D"mailto:User= s@ovirt.org" target=3D"_blank"><span style=3D"font-family:'Helvetica,Arial,= sans-serif';font-size:12pt;text-decoration:underline;color:#0057ae">Users@o= virt.org</span></a><span style=3D"font-size:12pt;font-family:'Helvetica,Ari= al,sans-serif'"><br> <mailto:</span><a href=3D"mailto:Users@ovirt= .org" target=3D"_blank"><span style=3D"font-family:'Helvetica,Arial,sans-se= rif';font-size:12pt;text-decoration:underline;color:#0057ae">Users@ovirt.or= g</span></a><span style=3D"font-size:12pt;font-family:'Helvetica,Arial,sans= -serif'">><br> <mailto:</= span><a href=3D"mailto:Users@ovirt.org" target=3D"_blank"><span style=3D"fo= nt-family:'Helvetica,Arial,sans-serif';font-size:12pt;text-decoration:under= line;color:#0057ae">Users@ovirt.org</span></a><span style=3D"font-size:12pt= ;font-family:'Helvetica,Arial,sans-serif'"> <mailto:</span><a href=3D"ma= ilto:Users@ovirt.org" target=3D"_blank"><span style=3D"font-family:'Helveti= ca,Arial,sans-serif';font-size:12pt;text-decoration:underline;color:#0057ae= ">Users@ovirt.org</span></a><span style=3D"font-size:12pt;font-family:'Helv= etica,Arial,sans-serif'">>>><br> <br> </span><a href=3D"http://lists.ovirt.org/__= __mailman/listinfo/users" target=3D"_blank"><span style=3D"font-family:'Hel= vetica,Arial,sans-serif';font-size:12pt;text-decoration:underline;color:#00= 57ae">http://lists.ovirt.org/____mailman/listinfo/users</span></a><span sty= le=3D"font-size:12pt;font-family:'Helvetica,Arial,sans-serif'"><br> <</span><a href=3D"http://lists.ovirt.org/__= mailman/listinfo/users" target=3D"_blank"><span style=3D"font-family:'Helve= tica,Arial,sans-serif';font-size:12pt;text-decoration:underline;color:#0057= ae">http://lists.ovirt.org/__mailman/listinfo/users</span></a><span style= =3D"font-size:12pt;font-family:'Helvetica,Arial,sans-serif'">></span></p=
<p style=3D"margin-top:0px;margin-bottom:0px;margin-left:71px;margin-right:= 160px;text-indent:0px"><span style=3D"font-size:12pt;font-family:'Helvetica= ,Arial,sans-serif'"><br><br> = ; <</span><a href=3D"http://lists.ovirt.org/__mailman/listi= nfo/users" target=3D"_blank"><span style=3D"font-family:'Helvetica,Arial,sa= ns-serif';font-size:12pt;text-decoration:underline;color:#0057ae">http://li= sts.ovirt.org/__mailman/listinfo/users</span></a><span style=3D"font-size:1= 2pt;font-family:'Helvetica,Arial,sans-serif'"><br> <</span><a href=3D"http://lists.ovirt.org/ma= ilman/listinfo/users" target=3D"_blank"><span style=3D"font-family:'Helveti= ca,Arial,sans-serif';font-size:12pt;text-decoration:underline;color:#0057ae= ">http://lists.ovirt.org/mailman/listinfo/users</span></a><span style=3D"fo= nt-size:12pt;font-family:'Helvetica,Arial,sans-serif'">>><br> <br><br><br><br><br> = --<br> = ; =E2=80=9CEncarada do ponto de vista da juvent= ude, a vida<br> parece um<br> = ; futuro<br> &= nbsp; indefinidamente long= o, ao passo que, na velhice,<br> ela parece<br> = ; um passado<br> &nbs= p; deveras curto. Assim, a vida n= o seu in=C3=ADcio se<br> apresenta do<br> = mesmo modo<br> = que = as coisas quando as olhamos atrav=C3=A9s de um<br> bin=C3=B3culo usado ao<br> = contr=C3=A1rio; mas= , ao<br> &nbs= p; seu final, ela se parece com as coisas tal qual<br> &= nbsp; s=C3=A3o vistas<br> &= nbsp; quando o<br> &n= bsp; bin=C3=B3culo<br> = ; =C3=A9 usado de modo normal. Um homem precisa ter<br> = envelhecido e<br> &= nbsp; vivido<br> &nbs= p; bastante para perceber como a vida =C3=A9 curta=E2= =80=9D.<br><br> &nbs= p; (Poema de Arthur Schope= nhauer)<br> <br><br><br><br> &nb= sp;--<br> =E2= =80=9CEncarada do ponto de vista da juventude, a vida parece<br> &nbs= p; um futuro<br> &nb= sp; indefinidamente longo, ao passo que, na velhice, ela<br>&n= bsp; parece um<br> passado<br>&n= bsp; deveras curto. = Assim, a vida no seu in=C3=ADcio se apresenta<br> = ; do mesmo<br> = ;modo<br> que = as coisas quando as olhamos atrav=C3=A9s de um bin=C3=B3culo<br> usado ao<br> = contr=C3=A1rio; mas, ao<br> = seu final, ela se parece com as co= isas tal qual s=C3=A3o<br> vistas quando o= <br> bin=C3=B3= culo<br> =C3= =A9 usado de modo normal. Um homem precisa ter<br> envelhecido e vivido<br> &n= bsp; bastante para perceber como a vida = =C3=A9 curta=E2=80=9D.<br><br> &nb= sp; (Poema de Arthur Schop= enhauer)<br><br><br><br><br> --<br> = =E2=80=9CEncarada do ponto de vista da juventude, a vida par= ece um futuro<br> indefinidamente longo, ao passo que, na velhice= , ela parece um<br> passado<br> &nb= sp; deveras curto. Assim, a vida no seu in=C3=ADcio se apresenta do = mesmo<br> modo<br> qu= e as coisas quando as olhamos atrav=C3=A9s de um bin=C3=B3culo usado ao<br> contr=C3=A1rio; mas, ao<br> = seu final, ela se parece com as coisas tal qual s=C3=A3o vist= as quando o<br> bin=C3=B3culo<br> &= nbsp; =C3=A9 usado de modo normal. Um homem precisa ter envelhecido = e vivido<br> bastante para perceber como a vida = =C3=A9 curta=E2=80=9D.<br> <br> (P= oema de Arthur Schopenhauer)<br><br><br><br><br>--<br>=E2=80=9CEncarada do = ponto de vista da juventude, a vida parece um futuro<br>indefinidamente lon= go, ao passo que, na velhice, ela parece um passado<br> deveras curto. Assim, a vida no seu in=C3=ADcio se apresenta do mesmo modo<= br>que as coisas quando as olhamos atrav=C3=A9s de um bin=C3=B3culo usado a= o<br>contr=C3=A1rio; mas, ao<br>seu final, ela se parece com as coisas &nbs= p;tal qual s=C3=A3o vistas quando o<br> bin=C3=B3culo<br>=C3=A9 usado de modo normal. Um homem precisa ter envelhec= ido e vivido<br>bastante para perceber como a vida =C3=A9 curta=E2=80=9D.<b= r><br> (Poema de Arthur Schopenhauer)<br>= <br><br></span></p> <p style=3D"margin-top:0px;margin-bottom:0px;margin-left:71px;margin-right:= 160px;text-indent:0px"><span style=3D"font-size:12pt;font-family:'Helvetica= ,Arial,sans-serif'">_______________________________________________<br> Users mailing list<br></span><a href=3D"mailto:Users@ovirt.org" target=3D"_= blank"><span style=3D"font-family:'Helvetica,Arial,sans-serif';font-size:12= pt;text-decoration:underline;color:#0057ae">Users@ovirt.org</span></a><span= style=3D"font-size:12pt;font-family:'Helvetica,Arial,sans-serif'"><br> </span></p> <p style=3D"margin-top:0px;margin-bottom:0px;margin-left:0px;margin-right:0= px;text-indent:0px"><a href=3D"http://lists.ovirt.org/mailman/listinfo/user= s" target=3D"_blank"><span style=3D"font-family:'Helvetica,Arial,sans-serif= ';font-size:12pt;text-decoration:underline;color:#0057ae">http://lists.ovir= t.org/mailman/listinfo/users</span></a><span style=3D"font-size:12pt;font-f= amily:'Helvetica,Arial,sans-serif'"><br> <br></span></p> <p style=3D"margin-top:0px;margin-bottom:0px;margin-left:0px;margin-right:0= px;text-indent:0px"><span style=3D"font-size:12pt;font-family:'Helvetica,Ar= ial,sans-serif'"><br>there are three issues with installing freeipa on same= machine as ovirt:<br> 1. the mod_ssl, which is solvable, but requires some work on our side.<br>2= . we faced some upgrade issues around this use case, though non are relevan= t right now iirc.<br>3. freeipa will override the default apache homepage r= edirection ovirt placed.<br> <br>have you considered running freeipa in a guest? you can still use admin= @internal for issues with that guest if needed.<br></span></p> <p style=3D"margin-top:0px;margin-bottom:0px;margin-left:0px;margin-right:0= px;text-indent:0px"><span style=3D"font-size:12pt;font-family:'Helvetica,Ar= ial,sans-serif'"><br><br></span></p> <p style=3D"margin-top:0px;margin-bottom:0px;margin-left:63px;margin-right:= 160px;text-indent:0px"><span style=3D"font-size:12pt;font-family:'Helvetica= ,Arial,sans-serif'"><br></span></p> <p style=3D"margin-top:0px;margin-bottom:0px;margin-left:0px;margin-right:0= px;text-indent:0px"><span style=3D"font-size:12pt;font-family:'Helvetica,Ar= ial,sans-serif'">-- <br>=E2=80=9CEncarada do ponto de vista da juventude, a= vida parece um futuro<br> indefinidamente longo, ao passo que, na velhice, ela parece um passado <br>= deveras curto. Assim, a vida no seu in=C3=ADcio se apresenta do mesmo modo<= br>que as coisas quando as olhamos atrav=C3=A9s de um bin=C3=B3culo usado a= o contr=C3=A1rio; mas, ao <br> seu final, ela se parece com as coisas tal qual s=C3=A3o vistas quand= o o bin=C3=B3culo<br>=C3=A9 usado de modo normal. Um homem precisa ter enve= lhecido e vivido<br>bastante para perceber como a vida =C3=A9 curta=E2=80= =9D. <br><br> (Poema de Arthu= r Schopenhauer)<br> </span></p> <p style=3D"margin-top:0px;margin-bottom:0px;margin-left:0px;margin-right:0= px;text-indent:0px"><span style=3D"font-size:12pt;font-family:'times new ro= man,new york,times,serif'"><br></span></p> <p style=3D"margin-top:0px;margin-bottom:0px;margin-left:0px;margin-right:0= px;text-indent:0px"><span style=3D"font-size:12pt;font-family:'Helvetica,Ar= ial,sans-serif'"><br><br></span></p> <p style=3D"margin-top:0px;margin-bottom:0px;margin-left:54px;margin-right:= 120px;text-indent:0px"><span style=3D"font-size:12pt;font-family:'Helvetica= ,Arial,sans-serif'"><br></span></p> <p style=3D"margin-top:0px;margin-bottom:0px;margin-left:0px;margin-right:0= px;text-indent:0px"><span style=3D"font-size:12pt;font-family:'Helvetica,Ar= ial,sans-serif'">-- <br>=E2=80=9CEncarada do ponto de vista da juventude, a= vida parece um futuro<br> indefinidamente longo, ao passo que, na velhice, ela parece um passado <br>= deveras curto. Assim, a vida no seu in=C3=ADcio se apresenta do mesmo modo<= br>que as coisas quando as olhamos atrav=C3=A9s de um bin=C3=B3culo usado a= o contr=C3=A1rio; mas, ao <br> seu final, ela se parece com as coisas tal qual s=C3=A3o vistas quand= o o bin=C3=B3culo<br>=C3=A9 usado de modo normal. Um homem precisa ter enve= lhecido e vivido<br>bastante para perceber como a vida =C3=A9 curta=E2=80= =9D. <br><br> (Poema de Arthu= r Schopenhauer)<br> </span></p> <p style=3D"margin-top:0px;margin-bottom:0px;margin-left:0px;margin-right:0= px;text-indent:0px"><span style=3D"font-size:12pt;font-family:'times new ro= man,new york,times,serif'"><br></span></p> <p style=3D"margin-top:0px;margin-bottom:0px;margin-left:0px;margin-right:0= px;text-indent:0px"><span style=3D"font-size:12pt;font-family:'Helvetica,Ar= ial,sans-serif'"><br><br></span></p> <p style=3D"margin-top:0px;margin-bottom:0px;margin-left:45px;margin-right:= 80px;text-indent:0px"><span style=3D"font-size:12pt;font-family:'Helvetica,= Arial,sans-serif'"><br></span></p> <p style=3D"margin-top:0px;margin-bottom:0px;margin-left:0px;margin-right:0= px;text-indent:0px"><span style=3D"font-size:12pt;font-family:'Helvetica,Ar= ial,sans-serif'">-- <br>=E2=80=9CEncarada do ponto de vista da juventude, a= vida parece um futuro<br> indefinidamente longo, ao passo que, na velhice, ela parece um passado <br>= deveras curto. Assim, a vida no seu in=C3=ADcio se apresenta do mesmo modo<= br>que as coisas quando as olhamos atrav=C3=A9s de um bin=C3=B3culo usado a= o contr=C3=A1rio; mas, ao <br> seu final, ela se parece com as coisas tal qual s=C3=A3o vistas quand= o o bin=C3=B3culo<br>=C3=A9 usado de modo normal. Um homem precisa ter enve= lhecido e vivido<br>bastante para perceber como a vida =C3=A9 curta=E2=80= =9D. <br><br> (Poema de Arthu= r Schopenhauer)<br> </span></p> <p style=3D"margin-top:0px;margin-bottom:0px;margin-left:0px;margin-right:0= px;text-indent:0px"><span style=3D"font-size:12pt;font-family:'times new ro= man,new york,times,serif'"><br></span></p> <p style=3D"margin-top:0px;margin-bottom:0px;margin-left:0px;margin-right:0= px;text-indent:0px"><br><br></p></div></div></div></blockquote></div><br><b= r clear=3D"all"><div><br></div>-- <br>=E2=80=9CEncarada do ponto de vista d= a juventude, a vida parece um futuro<br> indefinidamente longo, ao passo que, na velhice, ela parece um passado <br>= deveras curto. Assim, a vida no seu in=C3=ADcio se apresenta do mesmo modo<= br>que as coisas quando as olhamos atrav=C3=A9s de um bin=C3=B3culo usado a= o contr=C3=A1rio; mas, ao <br> seu final, ela se parece com as coisas tal qual s=C3=A3o vistas quand= o o bin=C3=B3culo<br>=C3=A9 usado de modo normal. Um homem precisa ter enve= lhecido e vivido<br>bastante para perceber como a vida =C3=A9 curta=E2=80= =9D. <br><br> (Poema de Arthu= r Schopenhauer)<br> </div> </blockquote><br></div></body></html> ------=_Part_48948452_769510213.1355828748015--
On Tue, 18 Dec 2012 08:39:35 -0200 victor nunes <victor.rebli@gmail.com> wrote:
In fact, I just created the user in FreeIPA, added and gave permission for the user in oVirt, and tried to login with it.
I was testing SSO with IPA and it worked for me. On client I just did `ipa-client-install' with respective parameters. Although I was testing it on RHEL6. jbelka
participants (5)
-
Itamar Heim -
Jiri Belka -
pstehlik -
victor nunes -
Yair Zaslavsky