Adding domain to oVirt to 3.5 issue
Hello everybody, I have upgraded my oVirt 3.4 to 3.5 version without any problem apparently. After finish the upgrade I have tried to login with any of my AD users from my Samba 4, like I used to do in oVirt 3.4 but I received authentication errors as below error: 2014-11-21 14:06:02,681 ERROR [org.ovirt.engine.extensions.aaa.builtin.kerberosldap.GSSAPIDirContextAuthenticationStrategy] (ajp--127.0.0.1-8702-3) Kerberos error: Pre-authentication information was invalid (24) 2014-11-21 14:06:02,683 ERROR [org.ovirt.engine.extensions.aaa.builtin.kerberosldap.GSSAPIDirContextAuthenticationStrategy] (ajp--127.0.0.1-8702-3) Authentication Failed. Please verify the username and password. 2014-11-21 14:06:02,685 ERROR [org.ovirt.engine.extensions.aaa.builtin.kerberosldap.DirectorySearcher] (ajp--127.0.0.1-8702-3) Failed ldap search server ldap://adserver.siee.local:389 using user juanjo@SIEE.LOCAL due to Authentication Failed. Please verify the username and password.. We should not try the next server 2014-11-21 14:06:02,688 ERROR [org.ovirt.engine.extensions.aaa.builtin.kerberosldap.LdapBrokerCommandBase] (ajp--127.0.0.1-8702-3) Failed to run command LdapGetAdUserByUserNameCommand. Domain is siee.local. User is juanjo@SIEE.LOCAL. 2014-11-21 14:06:02,690 ERROR [org.ovirt.engine.core.bll.aaa.LoginAdminUserCommand] (ajp--127.0.0.1-8702-3) Error during CanDoActionFailure.: Class: class org.ovirt.engine.core.extensions.mgr.ExtensionInvokeCommandFailedException Input: {Extkey[name=EXTENSION_INVOKE_CONTEXT;type=class org.ovirt.engine.api.extensions.ExtMap;uuid=EXTENSION_INVOKE_CONTEXT[886d2ebb-312a-49ae-9cc3-e1f849834b7d];]={Extkey[name=EXTENSION_INTERFACE_VERSION_MAX;type=class java.lang.Integer;uuid=EXTENSION_INTERFACE_VERSION_MAX[f4cff49f-2717-4901-8ee9-df362446e3e7];]=0, Extkey[name=EXTENSION_LICENSE;type=class java.lang.String;uuid=EXTENSION_LICENSE[8a61ad65-054c-4e31-9c6d-1ca4d60a4c18];]=ASL 2.0, Extkey[name=EXTENSION_HOME_URL;type=class java.lang.String;uuid=EXTENSION_HOME_URL[4ad7a2f4-f969-42d4-b399-72d192e18304];]= http://www.ovirt.org, Extkey[name=EXTENSION_LOCALE;type=class java.lang.String;uuid=EXTENSION_LOCALE[0780b112-0ce0-404a-b85e-8765d778bb29];]=en_US, Extkey[name=EXTENSION_NAME;type=class java.lang.String;uuid=EXTENSION_NAME[651381d3-f54f-4547-bf28-b0b01a103184];]=Kerberos/Ldap Authz (Built-in), Extkey[name=EXTENSION_INTERFACE_VERSION_MIN;type=class java.lang.Integer;uuid=EXTENSION_INTERFACE_VERSION_MIN[2b84fc91-305b-497b-a1d7-d961b9d2ce0b];]=0, Extkey[name=EXTENSION_CONFIGURATION;type=class java.util.Properties;uuid=EXTENSION_CONFIGURATION[2d48ab72-f0a1-4312-b4ae-5068a226b0fc];]=***, Extkey[name=EXTENSION_AUTHOR;type=class java.lang.String;uuid=EXTENSION_AUTHOR[ef242f7a-2dad-4bc5-9aad-e07018b7fbcc];]=The oVirt Project, Extkey[name=AAA_AUTHZ_QUERY_MAX_FILTER_SIZE;type=class java.lang.Integer;uuid=AAA_AUTHZ_QUERY_MAX_FILTER_SIZE[2eb1f541-0f65-44a1-a6e3-014e247595f5];]=100, Extkey[name=EXTENSION_INSTANCE_NAME;type=class java.lang.String;uuid=EXTENSION_INSTANCE_NAME[65c67ff6-aeca-4bd5-a245-8674327f011b];]=siee.local, Extkey[name=EXTENSION_BUILD_INTERFACE_VERSION;type=class java.lang.Integer;uuid=EXTENSION_BUILD_INTERFACE_VERSION[cb479e5a-4b23-46f8-aed3-56a4747a8ab7];]=0, Extkey[name=AAA_AUTHZ_CAPABILITIES;type=class java.lang.Long;uuid=AAA_AUTHZ_CAPABILITIES[6106d1fb-9291-4351-a947-b897b9540a23];]=1, Extkey[name=EXTENSION_CONFIGURATION_SENSITIVE_KEYS;type=interface java.util.Collection;uuid=EXTENSION_CONFIGURATION_SENSITIVE_KEYS[a456efa1-73ff-4204-9f9b-ebff01e35263];]=[], Extkey[name=EXTENSION_GLOBAL_CONTEXT;type=class org.ovirt.engine.api.extensions.ExtMap;uuid=EXTENSION_GLOBAL_CONTEXT[9799e72f-7af6-4cf1-bf08-297bc8903676];]=*skip*, Extkey[name=EXTENSION_VERSION;type=class java.lang.String;uuid=EXTENSION_VERSION[fe35f6a8-8239-4bdb-ab1a-af9f779ce68c];]=N/A, Extkey[name=AAA_AUTHZ_AVAILABLE_NAMESPACES;type=interface java.util.Collection;uuid=AAA_AUTHZ_AVAILABLE_NAMESPACES[6dffa34c-955f-486a-bd35-0a272b45a711];]=[*], Extkey[name=EXTENSION_MANAGER_TRACE_LOG;type=interface org.slf4j.Logger;uuid=EXTENSION_MANAGER_TRACE_LOG[863db666-3ea7-4751-9695-918a3197ad83];]=org.slf4j.impl.Slf4jLogger(org.ovirt.engine.core.extensions.mgr.ExtensionsManager.trace.Kerberos/Ldap Authz (Built-in).siee.local), Extkey[name=EXTENSION_PROVIDES;type=interface java.util.Collection;uuid=EXTENSION_PROVIDES[8cf373a6-65b5-4594-b828-0e275087de91];]=[org.ovirt.engine.api.extensions.aaa.Authz]}, Extkey[name=AAA_AUTHZ_QUERY_FLAGS;type=class java.lang.Integer;uuid=AAA_AUTHZ_QUERY_FLAGS[97d226e9-8d87-49a0-9a7f-af689320907b];]=3, Extkey[name=EXTENSION_INVOKE_COMMAND;type=class org.ovirt.engine.api.extensions.ExtUUID;uuid=EXTENSION_INVOKE_COMMAND[485778ab-bede-4f1a-b823-77b262a2f28d];]=AAA_AUTHZ_FETCH_PRINCIPAL_RECORD[5a5bf9bb-9336-4376-a823-26efe1ba26df], Extkey[name=AAA_AUTHN_AUTH_RECORD;type=class org.ovirt.engine.api.extensions.ExtMap;uuid=AAA_AUTHN_AUTH_RECORD[e9462168-b53b-44ac-9af5-f25e1697173e];]={Extkey[name=AAA_AUTHN_AUTH_RECORD_PRINCIPAL;type=class java.lang.String;uuid=AAA_AUTHN_AUTH_RECORD_PRINCIPAL[c3498f07-11fe-464c-958c-8bd7490b119a];]=juanjo}} Output: {Extkey[name=EXTENSION_INVOKE_RESULT;type=class java.lang.Integer;uuid=EXTENSION_INVOKE_RESULT[0909d91d-8bde-40fb-b6c0-099c772ddd4e];]=2, Extkey[name=AAA_AUTHZ_STATUS;type=class java.lang.Integer;uuid=AAA_AUTHZ_STATUS[566f0ba5-8329-4de1-952a-7a81e4bedd3e];]=1} at org.ovirt.engine.core.extensions.mgr.ExtensionProxy.invoke(ExtensionProxy.java:91) [extensions-manager.jar:] at org.ovirt.engine.core.extensions.mgr.ExtensionProxy.invoke(ExtensionProxy.java:109) [extensions-manager.jar:] at org.ovirt.engine.core.aaa.AuthzUtils.fetchPrincipalRecordImpl(AuthzUtils.java:51) [aaa.jar:] at org.ovirt.engine.core.aaa.AuthzUtils.fetchPrincipalRecord(AuthzUtils.java:42) [aaa.jar:] at org.ovirt.engine.core.bll.aaa.LoginBaseCommand.isUserCanBeAuthenticated(LoginBaseCommand.java:234) [bll.jar:] at org.ovirt.engine.core.bll.aaa.LoginAdminUserCommand.canDoAction(LoginAdminUserCommand.java:15) [bll.jar:] at org.ovirt.engine.core.bll.CommandBase.internalCanDoAction(CommandBase.java:744) [bll.jar:] at org.ovirt.engine.core.bll.CommandBase.executeAction(CommandBase.java:338) [bll.jar:] at org.ovirt.engine.core.bll.Backend.login(Backend.java:575) [bll.jar:] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.7.0_51] at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) [rt.jar:1.7.0_51] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [rt.jar:1.7.0_51] at java.lang.reflect.Method.invoke(Method.java:606) [rt.jar:1.7.0_51] at org.jboss.as.ee.component.ManagedReferenceMethodInterceptorFactory$ManagedReferenceMethodInterceptor.processInvocation(ManagedReferenceMethodInterceptorFactory.java:72) [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.invocation.InterceptorContext$Invocation.proceed(InterceptorContext.java:374) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.as.weld.ejb.Jsr299BindingsInterceptor.delegateInterception(Jsr299BindingsInterceptor.java:114) [jboss-as-weld-7.1.1.Final.jar:7.1.1.Final] at org.jboss.as.weld.ejb.Jsr299BindingsInterceptor.doMethodInterception(Jsr299BindingsInterceptor.java:125) [jboss-as-weld-7.1.1.Final.jar:7.1.1.Final] at org.jboss.as.weld.ejb.Jsr299BindingsInterceptor.processInvocation(Jsr299BindingsInterceptor.java:135) [jboss-as-weld-7.1.1.Final.jar:7.1.1.Final] at org.jboss.as.ee.component.interceptors.UserInterceptorFactory$1.processInvocation(UserInterceptorFactory.java:36) [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.invocation.InterceptorContext$Invocation.proceed(InterceptorContext.java:374) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.ovirt.engine.core.bll.interceptors.ThreadLocalSessionCleanerInterceptor.injectWebContextToThreadLocal(ThreadLocalSessionCleanerInterceptor.java:13) [bll.jar:] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.7.0_51] at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) [rt.jar:1.7.0_51] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [rt.jar:1.7.0_51] at java.lang.reflect.Method.invoke(Method.java:606) [rt.jar:1.7.0_51] at org.jboss.as.ee.component.ManagedReferenceLifecycleMethodInterceptorFactory$ManagedReferenceLifecycleMethodInterceptor.processInvocation(ManagedReferenceLifecycleMethodInterceptorFactory.java:123) [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.invocation.WeavedInterceptor.processInvocation(WeavedInterceptor.java:53) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.as.ee.component.interceptors.UserInterceptorFactory$1.processInvocation(UserInterceptorFactory.java:36) [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.as.weld.ejb.EjbRequestScopeActivationInterceptor.processInvocation(EjbRequestScopeActivationInterceptor.java:82) [jboss-as-weld-7.1.1.Final.jar:7.1.1.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.invocation.InitialInterceptor.processInvocation(InitialInterceptor.java:21) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.as.ee.component.interceptors.ComponentDispatcherInterceptor.processInvocation(ComponentDispatcherInterceptor.java:53) [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.as.ejb3.component.singleton.SingletonComponentInstanceAssociationInterceptor.processInvocation(SingletonComponentInstanceAssociationInterceptor.java:53) [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.as.ejb3.tx.CMTTxInterceptor.invokeInNoTx(CMTTxInterceptor.java:211) [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] at org.jboss.as.ejb3.tx.CMTTxInterceptor.supports(CMTTxInterceptor.java:363) [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] at org.jboss.as.ejb3.tx.CMTTxInterceptor.processInvocation(CMTTxInterceptor.java:194) [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.as.ejb3.component.interceptors.CurrentInvocationContextInterceptor.processInvocation(CurrentInvocationContextInterceptor.java:41) [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.as.ejb3.component.interceptors.LoggingInterceptor.processInvocation(LoggingInterceptor.java:59) [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.as.ee.component.NamespaceContextInterceptor.processInvocation(NamespaceContextInterceptor.java:50) [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.as.ee.component.TCCLInterceptor.processInvocation(TCCLInterceptor.java:45) [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.as.ee.component.ViewService$View.invoke(ViewService.java:165) [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at org.jboss.as.ee.component.ViewDescription$1.processInvocation(ViewDescription.java:173) [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.as.ee.component.ProxyInvocationHandler.invoke(ProxyInvocationHandler.java:72) [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at org.ovirt.engine.core.common.interfaces.BackendLocal$$$view7.login(Unknown Source) [common.jar:] at org.ovirt.engine.ui.frontend.server.gwt.GenericApiGWTServiceImpl.login(GenericApiGWTServiceImpl.java:183) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.7.0_51] at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) [rt.jar:1.7.0_51] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [rt.jar:1.7.0_51] at java.lang.reflect.Method.invoke(Method.java:606) [rt.jar:1.7.0_51] at com.google.gwt.rpc.server.RPC.invokeAndStreamResponse(RPC.java:196) at com.google.gwt.rpc.server.RpcServlet.processCall(RpcServlet.java:172) at com.google.gwt.rpc.server.RpcServlet.processPost(RpcServlet.java:233) at com.google.gwt.user.server.rpc.AbstractRemoteServiceServlet.doPost(AbstractRemoteServiceServlet.java:62) at javax.servlet.http.HttpServlet.service(HttpServlet.java:754) [jboss-servlet-api_3.0_spec-1.0.0.Final.jar:1.0.0.Final] at javax.servlet.http.HttpServlet.service(HttpServlet.java:847) [jboss-servlet-api_3.0_spec-1.0.0.Final.jar:1.0.0.Final] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:329) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248) at org.ovirt.engine.core.utils.servlet.HeaderFilter.doFilter(HeaderFilter.java:94) [utils.jar:] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248) at org.ovirt.engine.ui.frontend.server.gwt.GwtCachingFilter.doFilter(GwtCachingFilter.java:132) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248) at org.ovirt.engine.core.branding.BrandingFilter.doFilter(BrandingFilter.java:72) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248) at org.ovirt.engine.core.utils.servlet.LocaleFilter.doFilter(LocaleFilter.java:64) [utils.jar:] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248) at org.ovirt.engine.core.aaa.filters.SessionMgmtFilter.doFilter(SessionMgmtFilter.java:31) [aaa.jar:] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248) at org.ovirt.engine.core.aaa.filters.LoginFilter.doFilter(LoginFilter.java:73) [aaa.jar:] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248) at org.ovirt.engine.core.aaa.filters.NegotiationFilter.doFilter(NegotiationFilter.java:131) [aaa.jar:] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248) at org.ovirt.engine.core.aaa.filters.BasicAuthenticationFilter.doFilter(BasicAuthenticationFilter.java:75) [aaa.jar:] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248) at org.ovirt.engine.core.aaa.filters.SessionValidationFilter.doFilter(SessionValidationFilter.java:63) [aaa.jar:] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:275) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:161) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:489) at org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityContextAssociationValve.java:153) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:155) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) at org.jboss.web.rewrite.RewriteValve.invoke(RewriteValve.java:466) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:368) at org.apache.coyote.ajp.AjpProcessor.process(AjpProcessor.java:505) at org.apache.coyote.ajp.AjpProtocol$AjpConnectionHandler.process(AjpProtocol.java:445) at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:930) at java.lang.Thread.run(Thread.java:744) [rt.jar:1.7.0_51] I have not changed any password from any of my AD users. I have removed from my oVirt 3.5 the domain with: engine-manage-domains delete --domain=siee.local --user=Administrator And I have removed the domain without problems. But I want to add it again but I can't. I execute the bellow command, put the password of my Administrator domain and I receive the error showed bellow: engine-manage-domains add --domain=SIEE.LOCAL --provider=ad --user=Administrator Enter password: No user in Directory was found for Administrator@SIEE.LOCAL. Trying next LDAP server in list Failure while testing domain siee.local. Details: No user information was found for user The password that I use is correct because I can login with user Administrator in the domain siee.local through a Windows 7 Enterprise client. All this issue comes after my upgrade to oVirt 3.5. Does someone help me with this problem?. If more info is needed or logs, please ask me. Many thanks in advanced, Juanjo
Yes, I think we just fixed this[1]. We can fix this manually, yair, ondra what is the easiest fix? BTW: you can also checkout the new ldap provider (ovirt-engine-extension-aaa-ldap) in 3.5 which should be much more robust[1], I can help you set it up. [1] https://bugzilla.redhat.com/show_bug.cgi?id=1167211 [2] http://gerrit.ovirt.org/gitweb?p=ovirt-engine-extension-aaa-ldap.git;a=blob;... ----- Original Message -----
From: "Juan Jose" <jj197005@gmail.com> To: users@ovirt.org Sent: Monday, November 24, 2014 2:22:44 PM Subject: [ovirt-users] Adding domain to oVirt to 3.5 issue
Hello everybody,
I have upgraded my oVirt 3.4 to 3.5 version without any problem apparently.
After finish the upgrade I have tried to login with any of my AD users from my Samba 4, like I used to do in oVirt 3.4 but I received authentication errors as below error:
2014-11-21 14:06:02,681 ERROR [org.ovirt.engine.extensions.aaa.builtin.kerberosldap.GSSAPIDirContextAuthenticationStrategy] (ajp--127.0.0.1-8702-3) Kerberos error: Pre-authentication information was invalid (24) 2014-11-21 14:06:02,683 ERROR [org.ovirt.engine.extensions.aaa.builtin.kerberosldap.GSSAPIDirContextAuthenticationStrategy] (ajp--127.0.0.1-8702-3) Authentication Failed. Please verify the username and password. 2014-11-21 14:06:02,685 ERROR [org.ovirt.engine.extensions.aaa.builtin.kerberosldap.DirectorySearcher] (ajp--127.0.0.1-8702-3) Failed ldap search server ldap://adserver.siee.local:389 using user juanjo@SIEE.LOCAL due to Authentication Failed. Please verify the username and password.. We should not try the next server 2014-11-21 14:06:02,688 ERROR [org.ovirt.engine.extensions.aaa.builtin.kerberosldap.LdapBrokerCommandBase] (ajp--127.0.0.1-8702-3) Failed to run command LdapGetAdUserByUserNameCommand. Domain is siee.local. User is juanjo@SIEE.LOCAL. 2014-11-21 14:06:02,690 ERROR [org.ovirt.engine.core.bll.aaa.LoginAdminUserCommand] (ajp--127.0.0.1-8702-3) Error during CanDoActionFailure.: Class: class org.ovirt.engine.core.extensions.mgr.ExtensionInvokeCommandFailedException Input: {Extkey[name=EXTENSION_INVOKE_CONTEXT;type=class org.ovirt.engine.api.extensions.ExtMap;uuid=EXTENSION_INVOKE_CONTEXT[886d2ebb-312a-49ae-9cc3-e1f849834b7d];]={Extkey[name=EXTENSION_INTERFACE_VERSION_MAX;type=class java.lang.Integer;uuid=EXTENSION_INTERFACE_VERSION_MAX[f4cff49f-2717-4901-8ee9-df362446e3e7];]=0, Extkey[name=EXTENSION_LICENSE;type=class java.lang.String;uuid=EXTENSION_LICENSE[8a61ad65-054c-4e31-9c6d-1ca4d60a4c18];]=ASL 2.0, Extkey[name=EXTENSION_HOME_URL;type=class java.lang.String;uuid=EXTENSION_HOME_URL[4ad7a2f4-f969-42d4-b399-72d192e18304];]= http://www.ovirt.org , Extkey[name=EXTENSION_LOCALE;type=class java.lang.String;uuid=EXTENSION_LOCALE[0780b112-0ce0-404a-b85e-8765d778bb29];]=en_US, Extkey[name=EXTENSION_NAME;type=class java.lang.String;uuid=EXTENSION_NAME[651381d3-f54f-4547-bf28-b0b01a103184];]=Kerberos/Ldap Authz (Built-in), Extkey[name=EXTENSION_INTERFACE_VERSION_MIN;type=class java.lang.Integer;uuid=EXTENSION_INTERFACE_VERSION_MIN[2b84fc91-305b-497b-a1d7-d961b9d2ce0b];]=0, Extkey[name=EXTENSION_CONFIGURATION;type=class java.util.Properties;uuid=EXTENSION_CONFIGURATION[2d48ab72-f0a1-4312-b4ae-5068a226b0fc];]=***, Extkey[name=EXTENSION_AUTHOR;type=class java.lang.String;uuid=EXTENSION_AUTHOR[ef242f7a-2dad-4bc5-9aad-e07018b7fbcc];]=The oVirt Project, Extkey[name=AAA_AUTHZ_QUERY_MAX_FILTER_SIZE;type=class java.lang.Integer;uuid=AAA_AUTHZ_QUERY_MAX_FILTER_SIZE[2eb1f541-0f65-44a1-a6e3-014e247595f5];]=100, Extkey[name=EXTENSION_INSTANCE_NAME;type=class java.lang.String;uuid=EXTENSION_INSTANCE_NAME[65c67ff6-aeca-4bd5-a245-8674327f011b];]=siee.local, Extkey[name=EXTENSION_BUILD_INTERFACE_VERSION;type=class java.lang.Integer;uuid=EXTENSION_BUILD_INTERFACE_VERSION[cb479e5a-4b23-46f8-aed3-56a4747a8ab7];]=0, Extkey[name=AAA_AUTHZ_CAPABILITIES;type=class java.lang.Long;uuid=AAA_AUTHZ_CAPABILITIES[6106d1fb-9291-4351-a947-b897b9540a23];]=1, Extkey[name=EXTENSION_CONFIGURATION_SENSITIVE_KEYS;type=interface java.util.Collection;uuid=EXTENSION_CONFIGURATION_SENSITIVE_KEYS[a456efa1-73ff-4204-9f9b-ebff01e35263];]=[], Extkey[name=EXTENSION_GLOBAL_CONTEXT;type=class org.ovirt.engine.api.extensions.ExtMap;uuid=EXTENSION_GLOBAL_CONTEXT[9799e72f-7af6-4cf1-bf08-297bc8903676];]=*skip*, Extkey[name=EXTENSION_VERSION;type=class java.lang.String;uuid=EXTENSION_VERSION[fe35f6a8-8239-4bdb-ab1a-af9f779ce68c];]=N/A, Extkey[name=AAA_AUTHZ_AVAILABLE_NAMESPACES;type=interface java.util.Collection;uuid=AAA_AUTHZ_AVAILABLE_NAMESPACES[6dffa34c-955f-486a-bd35-0a272b45a711];]=[*], Extkey[name=EXTENSION_MANAGER_TRACE_LOG;type=interface org.slf4j.Logger;uuid=EXTENSION_MANAGER_TRACE_LOG[863db666-3ea7-4751-9695-918a3197ad83];]=org.slf4j.impl.Slf4jLogger(org.ovirt.engine.core.extensions.mgr.ExtensionsManager.trace.Kerberos/Ldap Authz (Built-in).siee.local), Extkey[name=EXTENSION_PROVIDES;type=interface java.util.Collection;uuid=EXTENSION_PROVIDES[8cf373a6-65b5-4594-b828-0e275087de91];]=[org.ovirt.engine.api.extensions.aaa.Authz]}, Extkey[name=AAA_AUTHZ_QUERY_FLAGS;type=class java.lang.Integer;uuid=AAA_AUTHZ_QUERY_FLAGS[97d226e9-8d87-49a0-9a7f-af689320907b];]=3, Extkey[name=EXTENSION_INVOKE_COMMAND;type=class org.ovirt.engine.api.extensions.ExtUUID;uuid=EXTENSION_INVOKE_COMMAND[485778ab-bede-4f1a-b823-77b262a2f28d];]=AAA_AUTHZ_FETCH_PRINCIPAL_RECORD[5a5bf9bb-9336-4376-a823-26efe1ba26df], Extkey[name=AAA_AUTHN_AUTH_RECORD;type=class org.ovirt.engine.api.extensions.ExtMap;uuid=AAA_AUTHN_AUTH_RECORD[e9462168-b53b-44ac-9af5-f25e1697173e];]={Extkey[name=AAA_AUTHN_AUTH_RECORD_PRINCIPAL;type=class java.lang.String;uuid=AAA_AUTHN_AUTH_RECORD_PRINCIPAL[c3498f07-11fe-464c-958c-8bd7490b119a];]=juanjo}} Output: {Extkey[name=EXTENSION_INVOKE_RESULT;type=class java.lang.Integer;uuid=EXTENSION_INVOKE_RESULT[0909d91d-8bde-40fb-b6c0-099c772ddd4e];]=2, Extkey[name=AAA_AUTHZ_STATUS;type=class java.lang.Integer;uuid=AAA_AUTHZ_STATUS[566f0ba5-8329-4de1-952a-7a81e4bedd3e];]=1}
at org.ovirt.engine.core.extensions.mgr.ExtensionProxy.invoke(ExtensionProxy.java:91) [extensions-manager.jar:] at org.ovirt.engine.core.extensions.mgr.ExtensionProxy.invoke(ExtensionProxy.java:109) [extensions-manager.jar:] at org.ovirt.engine.core.aaa.AuthzUtils.fetchPrincipalRecordImpl(AuthzUtils.java:51) [aaa.jar:] at org.ovirt.engine.core.aaa.AuthzUtils.fetchPrincipalRecord(AuthzUtils.java:42) [aaa.jar:] at org.ovirt.engine.core.bll.aaa.LoginBaseCommand.isUserCanBeAuthenticated(LoginBaseCommand.java:234) [bll.jar:] at org.ovirt.engine.core.bll.aaa.LoginAdminUserCommand.canDoAction(LoginAdminUserCommand.java:15) [bll.jar:] at org.ovirt.engine.core.bll.CommandBase.internalCanDoAction(CommandBase.java:744) [bll.jar:] at org.ovirt.engine.core.bll.CommandBase.executeAction(CommandBase.java:338) [bll.jar:] at org.ovirt.engine.core.bll.Backend.login(Backend.java:575) [bll.jar:] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.7.0_51] at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) [rt.jar:1.7.0_51] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [rt.jar:1.7.0_51] at java.lang.reflect.Method.invoke(Method.java:606) [rt.jar:1.7.0_51] at org.jboss.as.ee.component.ManagedReferenceMethodInterceptorFactory$ManagedReferenceMethodInterceptor.processInvocation(ManagedReferenceMethodInterceptorFactory.java:72) [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.invocation.InterceptorContext$Invocation.proceed(InterceptorContext.java:374) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.as.weld.ejb.Jsr299BindingsInterceptor.delegateInterception(Jsr299BindingsInterceptor.java:114) [jboss-as-weld-7.1.1.Final.jar:7.1.1.Final] at org.jboss.as.weld.ejb.Jsr299BindingsInterceptor.doMethodInterception(Jsr299BindingsInterceptor.java:125) [jboss-as-weld-7.1.1.Final.jar:7.1.1.Final] at org.jboss.as.weld.ejb.Jsr299BindingsInterceptor.processInvocation(Jsr299BindingsInterceptor.java:135) [jboss-as-weld-7.1.1.Final.jar:7.1.1.Final] at org.jboss.as.ee.component.interceptors.UserInterceptorFactory$1.processInvocation(UserInterceptorFactory.java:36) [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.invocation.InterceptorContext$Invocation.proceed(InterceptorContext.java:374) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.ovirt.engine.core.bll.interceptors.ThreadLocalSessionCleanerInterceptor.injectWebContextToThreadLocal(ThreadLocalSessionCleanerInterceptor.java:13) [bll.jar:] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.7.0_51] at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) [rt.jar:1.7.0_51] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [rt.jar:1.7.0_51] at java.lang.reflect.Method.invoke(Method.java:606) [rt.jar:1.7.0_51] at org.jboss.as.ee.component.ManagedReferenceLifecycleMethodInterceptorFactory$ManagedReferenceLifecycleMethodInterceptor.processInvocation(ManagedReferenceLifecycleMethodInterceptorFactory.java:123) [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.invocation.WeavedInterceptor.processInvocation(WeavedInterceptor.java:53) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.as.ee.component.interceptors.UserInterceptorFactory$1.processInvocation(UserInterceptorFactory.java:36) [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.as.weld.ejb.EjbRequestScopeActivationInterceptor.processInvocation(EjbRequestScopeActivationInterceptor.java:82) [jboss-as-weld-7.1.1.Final.jar:7.1.1.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.invocation.InitialInterceptor.processInvocation(InitialInterceptor.java:21) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.as.ee.component.interceptors.ComponentDispatcherInterceptor.processInvocation(ComponentDispatcherInterceptor.java:53) [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.as.ejb3.component.singleton.SingletonComponentInstanceAssociationInterceptor.processInvocation(SingletonComponentInstanceAssociationInterceptor.java:53) [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.as.ejb3.tx.CMTTxInterceptor.invokeInNoTx(CMTTxInterceptor.java:211) [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] at org.jboss.as.ejb3.tx.CMTTxInterceptor.supports(CMTTxInterceptor.java:363) [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] at org.jboss.as.ejb3.tx.CMTTxInterceptor.processInvocation(CMTTxInterceptor.java:194) [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.as.ejb3.component.interceptors.CurrentInvocationContextInterceptor.processInvocation(CurrentInvocationContextInterceptor.java:41) [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.as.ejb3.component.interceptors.LoggingInterceptor.processInvocation(LoggingInterceptor.java:59) [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.as.ee.component.NamespaceContextInterceptor.processInvocation(NamespaceContextInterceptor.java:50) [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.as.ee.component.TCCLInterceptor.processInvocation(TCCLInterceptor.java:45) [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.as.ee.component.ViewService$View.invoke(ViewService.java:165) [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at org.jboss.as.ee.component.ViewDescription$1.processInvocation(ViewDescription.java:173) [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.as.ee.component.ProxyInvocationHandler.invoke(ProxyInvocationHandler.java:72) [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at org.ovirt.engine.core.common.interfaces.BackendLocal$$$view7.login(Unknown Source) [common.jar:] at org.ovirt.engine.ui.frontend.server.gwt.GenericApiGWTServiceImpl.login(GenericApiGWTServiceImpl.java:183) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.7.0_51] at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) [rt.jar:1.7.0_51] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [rt.jar:1.7.0_51] at java.lang.reflect.Method.invoke(Method.java:606) [rt.jar:1.7.0_51] at com.google.gwt.rpc.server.RPC.invokeAndStreamResponse(RPC.java:196) at com.google.gwt.rpc.server.RpcServlet.processCall(RpcServlet.java:172) at com.google.gwt.rpc.server.RpcServlet.processPost(RpcServlet.java:233) at com.google.gwt.user.server.rpc.AbstractRemoteServiceServlet.doPost(AbstractRemoteServiceServlet.java:62) at javax.servlet.http.HttpServlet.service(HttpServlet.java:754) [jboss-servlet-api_3.0_spec-1.0.0.Final.jar:1.0.0.Final] at javax.servlet.http.HttpServlet.service(HttpServlet.java:847) [jboss-servlet-api_3.0_spec-1.0.0.Final.jar:1.0.0.Final] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:329) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248) at org.ovirt.engine.core.utils.servlet.HeaderFilter.doFilter(HeaderFilter.java:94) [utils.jar:] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248) at org.ovirt.engine.ui.frontend.server.gwt.GwtCachingFilter.doFilter(GwtCachingFilter.java:132) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248) at org.ovirt.engine.core.branding.BrandingFilter.doFilter(BrandingFilter.java:72) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248) at org.ovirt.engine.core.utils.servlet.LocaleFilter.doFilter(LocaleFilter.java:64) [utils.jar:] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248) at org.ovirt.engine.core.aaa.filters.SessionMgmtFilter.doFilter(SessionMgmtFilter.java:31) [aaa.jar:] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248) at org.ovirt.engine.core.aaa.filters.LoginFilter.doFilter(LoginFilter.java:73) [aaa.jar:] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248) at org.ovirt.engine.core.aaa.filters.NegotiationFilter.doFilter(NegotiationFilter.java:131) [aaa.jar:] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248) at org.ovirt.engine.core.aaa.filters.BasicAuthenticationFilter.doFilter(BasicAuthenticationFilter.java:75) [aaa.jar:] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248) at org.ovirt.engine.core.aaa.filters.SessionValidationFilter.doFilter(SessionValidationFilter.java:63) [aaa.jar:] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:275) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:161) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:489) at org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityContextAssociationValve.java:153) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:155) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) at org.jboss.web.rewrite.RewriteValve.invoke(RewriteValve.java:466) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:368) at org.apache.coyote.ajp.AjpProcessor.process(AjpProcessor.java:505) at org.apache.coyote.ajp.AjpProtocol$AjpConnectionHandler.process(AjpProtocol.java:445) at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:930) at java.lang.Thread.run(Thread.java:744) [rt.jar:1.7.0_51]
I have not changed any password from any of my AD users.
I have removed from my oVirt 3.5 the domain with:
engine-manage-domains delete --domain=siee.local --user=Administrator
And I have removed the domain without problems. But I want to add it again but I can't. I execute the bellow command, put the password of my Administrator domain and I receive the error showed bellow:
engine-manage-domains add --domain=SIEE.LOCAL --provider=ad --user=Administrator Enter password: No user in Directory was found for Administrator@SIEE.LOCAL. Trying next LDAP server in list Failure while testing domain siee.local. Details: No user information was found for user
The password that I use is correct because I can login with user Administrator in the domain siee.local through a Windows 7 Enterprise client. All this issue comes after my upgrade to oVirt 3.5. Does someone help me with this problem?. If more info is needed or logs, please ask me.
Many thanks in advanced,
Juanjo
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Please try to run your command with domain in lower case: engine-manage-domains add --domain=siee.local --provider=ad --user=Administrator ----- Original Message -----
From: "Alon Bar-Lev" <alonbl@redhat.com> To: "Juan Jose" <jj197005@gmail.com> Cc: users@ovirt.org, "Yair Zaslavsky" <yzaslavs@redhat.com>, "Ondra Machacek" <omachace@redhat.com> Sent: Monday, November 24, 2014 1:27:39 PM Subject: Re: [ovirt-users] Adding domain to oVirt to 3.5 issue
Yes, I think we just fixed this[1]. We can fix this manually, yair, ondra what is the easiest fix?
BTW: you can also checkout the new ldap provider (ovirt-engine-extension-aaa-ldap) in 3.5 which should be much more robust[1], I can help you set it up.
[1] https://bugzilla.redhat.com/show_bug.cgi?id=1167211 [2] http://gerrit.ovirt.org/gitweb?p=ovirt-engine-extension-aaa-ldap.git;a=blob;...
----- Original Message -----
From: "Juan Jose" <jj197005@gmail.com> To: users@ovirt.org Sent: Monday, November 24, 2014 2:22:44 PM Subject: [ovirt-users] Adding domain to oVirt to 3.5 issue
Hello everybody,
I have upgraded my oVirt 3.4 to 3.5 version without any problem apparently.
After finish the upgrade I have tried to login with any of my AD users from my Samba 4, like I used to do in oVirt 3.4 but I received authentication errors as below error:
2014-11-21 14:06:02,681 ERROR [org.ovirt.engine.extensions.aaa.builtin.kerberosldap.GSSAPIDirContextAuthenticationStrategy] (ajp--127.0.0.1-8702-3) Kerberos error: Pre-authentication information was invalid (24) 2014-11-21 14:06:02,683 ERROR [org.ovirt.engine.extensions.aaa.builtin.kerberosldap.GSSAPIDirContextAuthenticationStrategy] (ajp--127.0.0.1-8702-3) Authentication Failed. Please verify the username and password. 2014-11-21 14:06:02,685 ERROR [org.ovirt.engine.extensions.aaa.builtin.kerberosldap.DirectorySearcher] (ajp--127.0.0.1-8702-3) Failed ldap search server ldap://adserver.siee.local:389 using user juanjo@SIEE.LOCAL due to Authentication Failed. Please verify the username and password.. We should not try the next server 2014-11-21 14:06:02,688 ERROR [org.ovirt.engine.extensions.aaa.builtin.kerberosldap.LdapBrokerCommandBase] (ajp--127.0.0.1-8702-3) Failed to run command LdapGetAdUserByUserNameCommand. Domain is siee.local. User is juanjo@SIEE.LOCAL. 2014-11-21 14:06:02,690 ERROR [org.ovirt.engine.core.bll.aaa.LoginAdminUserCommand] (ajp--127.0.0.1-8702-3) Error during CanDoActionFailure.: Class: class org.ovirt.engine.core.extensions.mgr.ExtensionInvokeCommandFailedException Input: {Extkey[name=EXTENSION_INVOKE_CONTEXT;type=class org.ovirt.engine.api.extensions.ExtMap;uuid=EXTENSION_INVOKE_CONTEXT[886d2ebb-312a-49ae-9cc3-e1f849834b7d];]={Extkey[name=EXTENSION_INTERFACE_VERSION_MAX;type=class java.lang.Integer;uuid=EXTENSION_INTERFACE_VERSION_MAX[f4cff49f-2717-4901-8ee9-df362446e3e7];]=0, Extkey[name=EXTENSION_LICENSE;type=class java.lang.String;uuid=EXTENSION_LICENSE[8a61ad65-054c-4e31-9c6d-1ca4d60a4c18];]=ASL 2.0, Extkey[name=EXTENSION_HOME_URL;type=class java.lang.String;uuid=EXTENSION_HOME_URL[4ad7a2f4-f969-42d4-b399-72d192e18304];]= http://www.ovirt.org , Extkey[name=EXTENSION_LOCALE;type=class java.lang.String;uuid=EXTENSION_LOCALE[0780b112-0ce0-404a-b85e-8765d778bb29];]=en_US, Extkey[name=EXTENSION_NAME;type=class java.lang.String;uuid=EXTENSION_NAME[651381d3-f54f-4547-bf28-b0b01a103184];]=Kerberos/Ldap Authz (Built-in), Extkey[name=EXTENSION_INTERFACE_VERSION_MIN;type=class java.lang.Integer;uuid=EXTENSION_INTERFACE_VERSION_MIN[2b84fc91-305b-497b-a1d7-d961b9d2ce0b];]=0, Extkey[name=EXTENSION_CONFIGURATION;type=class java.util.Properties;uuid=EXTENSION_CONFIGURATION[2d48ab72-f0a1-4312-b4ae-5068a226b0fc];]=***, Extkey[name=EXTENSION_AUTHOR;type=class java.lang.String;uuid=EXTENSION_AUTHOR[ef242f7a-2dad-4bc5-9aad-e07018b7fbcc];]=The oVirt Project, Extkey[name=AAA_AUTHZ_QUERY_MAX_FILTER_SIZE;type=class java.lang.Integer;uuid=AAA_AUTHZ_QUERY_MAX_FILTER_SIZE[2eb1f541-0f65-44a1-a6e3-014e247595f5];]=100, Extkey[name=EXTENSION_INSTANCE_NAME;type=class java.lang.String;uuid=EXTENSION_INSTANCE_NAME[65c67ff6-aeca-4bd5-a245-8674327f011b];]=siee.local, Extkey[name=EXTENSION_BUILD_INTERFACE_VERSION;type=class java.lang.Integer;uuid=EXTENSION_BUILD_INTERFACE_VERSION[cb479e5a-4b23-46f8-aed3-56a4747a8ab7];]=0, Extkey[name=AAA_AUTHZ_CAPABILITIES;type=class java.lang.Long;uuid=AAA_AUTHZ_CAPABILITIES[6106d1fb-9291-4351-a947-b897b9540a23];]=1, Extkey[name=EXTENSION_CONFIGURATION_SENSITIVE_KEYS;type=interface java.util.Collection;uuid=EXTENSION_CONFIGURATION_SENSITIVE_KEYS[a456efa1-73ff-4204-9f9b-ebff01e35263];]=[], Extkey[name=EXTENSION_GLOBAL_CONTEXT;type=class org.ovirt.engine.api.extensions.ExtMap;uuid=EXTENSION_GLOBAL_CONTEXT[9799e72f-7af6-4cf1-bf08-297bc8903676];]=*skip*, Extkey[name=EXTENSION_VERSION;type=class java.lang.String;uuid=EXTENSION_VERSION[fe35f6a8-8239-4bdb-ab1a-af9f779ce68c];]=N/A, Extkey[name=AAA_AUTHZ_AVAILABLE_NAMESPACES;type=interface java.util.Collection;uuid=AAA_AUTHZ_AVAILABLE_NAMESPACES[6dffa34c-955f-486a-bd35-0a272b45a711];]=[*], Extkey[name=EXTENSION_MANAGER_TRACE_LOG;type=interface org.slf4j.Logger;uuid=EXTENSION_MANAGER_TRACE_LOG[863db666-3ea7-4751-9695-918a3197ad83];]=org.slf4j.impl.Slf4jLogger(org.ovirt.engine.core.extensions.mgr.ExtensionsManager.trace.Kerberos/Ldap Authz (Built-in).siee.local), Extkey[name=EXTENSION_PROVIDES;type=interface java.util.Collection;uuid=EXTENSION_PROVIDES[8cf373a6-65b5-4594-b828-0e275087de91];]=[org.ovirt.engine.api.extensions.aaa.Authz]}, Extkey[name=AAA_AUTHZ_QUERY_FLAGS;type=class java.lang.Integer;uuid=AAA_AUTHZ_QUERY_FLAGS[97d226e9-8d87-49a0-9a7f-af689320907b];]=3, Extkey[name=EXTENSION_INVOKE_COMMAND;type=class org.ovirt.engine.api.extensions.ExtUUID;uuid=EXTENSION_INVOKE_COMMAND[485778ab-bede-4f1a-b823-77b262a2f28d];]=AAA_AUTHZ_FETCH_PRINCIPAL_RECORD[5a5bf9bb-9336-4376-a823-26efe1ba26df], Extkey[name=AAA_AUTHN_AUTH_RECORD;type=class org.ovirt.engine.api.extensions.ExtMap;uuid=AAA_AUTHN_AUTH_RECORD[e9462168-b53b-44ac-9af5-f25e1697173e];]={Extkey[name=AAA_AUTHN_AUTH_RECORD_PRINCIPAL;type=class java.lang.String;uuid=AAA_AUTHN_AUTH_RECORD_PRINCIPAL[c3498f07-11fe-464c-958c-8bd7490b119a];]=juanjo}} Output: {Extkey[name=EXTENSION_INVOKE_RESULT;type=class java.lang.Integer;uuid=EXTENSION_INVOKE_RESULT[0909d91d-8bde-40fb-b6c0-099c772ddd4e];]=2, Extkey[name=AAA_AUTHZ_STATUS;type=class java.lang.Integer;uuid=AAA_AUTHZ_STATUS[566f0ba5-8329-4de1-952a-7a81e4bedd3e];]=1}
at org.ovirt.engine.core.extensions.mgr.ExtensionProxy.invoke(ExtensionProxy.java:91) [extensions-manager.jar:] at org.ovirt.engine.core.extensions.mgr.ExtensionProxy.invoke(ExtensionProxy.java:109) [extensions-manager.jar:] at org.ovirt.engine.core.aaa.AuthzUtils.fetchPrincipalRecordImpl(AuthzUtils.java:51) [aaa.jar:] at org.ovirt.engine.core.aaa.AuthzUtils.fetchPrincipalRecord(AuthzUtils.java:42) [aaa.jar:] at org.ovirt.engine.core.bll.aaa.LoginBaseCommand.isUserCanBeAuthenticated(LoginBaseCommand.java:234) [bll.jar:] at org.ovirt.engine.core.bll.aaa.LoginAdminUserCommand.canDoAction(LoginAdminUserCommand.java:15) [bll.jar:] at org.ovirt.engine.core.bll.CommandBase.internalCanDoAction(CommandBase.java:744) [bll.jar:] at org.ovirt.engine.core.bll.CommandBase.executeAction(CommandBase.java:338) [bll.jar:] at org.ovirt.engine.core.bll.Backend.login(Backend.java:575) [bll.jar:] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.7.0_51] at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) [rt.jar:1.7.0_51] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [rt.jar:1.7.0_51] at java.lang.reflect.Method.invoke(Method.java:606) [rt.jar:1.7.0_51] at org.jboss.as.ee.component.ManagedReferenceMethodInterceptorFactory$ManagedReferenceMethodInterceptor.processInvocation(ManagedReferenceMethodInterceptorFactory.java:72) [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.invocation.InterceptorContext$Invocation.proceed(InterceptorContext.java:374) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.as.weld.ejb.Jsr299BindingsInterceptor.delegateInterception(Jsr299BindingsInterceptor.java:114) [jboss-as-weld-7.1.1.Final.jar:7.1.1.Final] at org.jboss.as.weld.ejb.Jsr299BindingsInterceptor.doMethodInterception(Jsr299BindingsInterceptor.java:125) [jboss-as-weld-7.1.1.Final.jar:7.1.1.Final] at org.jboss.as.weld.ejb.Jsr299BindingsInterceptor.processInvocation(Jsr299BindingsInterceptor.java:135) [jboss-as-weld-7.1.1.Final.jar:7.1.1.Final] at org.jboss.as.ee.component.interceptors.UserInterceptorFactory$1.processInvocation(UserInterceptorFactory.java:36) [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.invocation.InterceptorContext$Invocation.proceed(InterceptorContext.java:374) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.ovirt.engine.core.bll.interceptors.ThreadLocalSessionCleanerInterceptor.injectWebContextToThreadLocal(ThreadLocalSessionCleanerInterceptor.java:13) [bll.jar:] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.7.0_51] at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) [rt.jar:1.7.0_51] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [rt.jar:1.7.0_51] at java.lang.reflect.Method.invoke(Method.java:606) [rt.jar:1.7.0_51] at org.jboss.as.ee.component.ManagedReferenceLifecycleMethodInterceptorFactory$ManagedReferenceLifecycleMethodInterceptor.processInvocation(ManagedReferenceLifecycleMethodInterceptorFactory.java:123) [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.invocation.WeavedInterceptor.processInvocation(WeavedInterceptor.java:53) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.as.ee.component.interceptors.UserInterceptorFactory$1.processInvocation(UserInterceptorFactory.java:36) [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.as.weld.ejb.EjbRequestScopeActivationInterceptor.processInvocation(EjbRequestScopeActivationInterceptor.java:82) [jboss-as-weld-7.1.1.Final.jar:7.1.1.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.invocation.InitialInterceptor.processInvocation(InitialInterceptor.java:21) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.as.ee.component.interceptors.ComponentDispatcherInterceptor.processInvocation(ComponentDispatcherInterceptor.java:53) [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.as.ejb3.component.singleton.SingletonComponentInstanceAssociationInterceptor.processInvocation(SingletonComponentInstanceAssociationInterceptor.java:53) [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.as.ejb3.tx.CMTTxInterceptor.invokeInNoTx(CMTTxInterceptor.java:211) [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] at org.jboss.as.ejb3.tx.CMTTxInterceptor.supports(CMTTxInterceptor.java:363) [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] at org.jboss.as.ejb3.tx.CMTTxInterceptor.processInvocation(CMTTxInterceptor.java:194) [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.as.ejb3.component.interceptors.CurrentInvocationContextInterceptor.processInvocation(CurrentInvocationContextInterceptor.java:41) [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.as.ejb3.component.interceptors.LoggingInterceptor.processInvocation(LoggingInterceptor.java:59) [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.as.ee.component.NamespaceContextInterceptor.processInvocation(NamespaceContextInterceptor.java:50) [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.as.ee.component.TCCLInterceptor.processInvocation(TCCLInterceptor.java:45) [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.as.ee.component.ViewService$View.invoke(ViewService.java:165) [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at org.jboss.as.ee.component.ViewDescription$1.processInvocation(ViewDescription.java:173) [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.as.ee.component.ProxyInvocationHandler.invoke(ProxyInvocationHandler.java:72) [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at org.ovirt.engine.core.common.interfaces.BackendLocal$$$view7.login(Unknown Source) [common.jar:] at org.ovirt.engine.ui.frontend.server.gwt.GenericApiGWTServiceImpl.login(GenericApiGWTServiceImpl.java:183) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.7.0_51] at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) [rt.jar:1.7.0_51] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [rt.jar:1.7.0_51] at java.lang.reflect.Method.invoke(Method.java:606) [rt.jar:1.7.0_51] at com.google.gwt.rpc.server.RPC.invokeAndStreamResponse(RPC.java:196) at com.google.gwt.rpc.server.RpcServlet.processCall(RpcServlet.java:172) at com.google.gwt.rpc.server.RpcServlet.processPost(RpcServlet.java:233) at com.google.gwt.user.server.rpc.AbstractRemoteServiceServlet.doPost(AbstractRemoteServiceServlet.java:62) at javax.servlet.http.HttpServlet.service(HttpServlet.java:754) [jboss-servlet-api_3.0_spec-1.0.0.Final.jar:1.0.0.Final] at javax.servlet.http.HttpServlet.service(HttpServlet.java:847) [jboss-servlet-api_3.0_spec-1.0.0.Final.jar:1.0.0.Final] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:329) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248) at org.ovirt.engine.core.utils.servlet.HeaderFilter.doFilter(HeaderFilter.java:94) [utils.jar:] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248) at org.ovirt.engine.ui.frontend.server.gwt.GwtCachingFilter.doFilter(GwtCachingFilter.java:132) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248) at org.ovirt.engine.core.branding.BrandingFilter.doFilter(BrandingFilter.java:72) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248) at org.ovirt.engine.core.utils.servlet.LocaleFilter.doFilter(LocaleFilter.java:64) [utils.jar:] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248) at org.ovirt.engine.core.aaa.filters.SessionMgmtFilter.doFilter(SessionMgmtFilter.java:31) [aaa.jar:] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248) at org.ovirt.engine.core.aaa.filters.LoginFilter.doFilter(LoginFilter.java:73) [aaa.jar:] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248) at org.ovirt.engine.core.aaa.filters.NegotiationFilter.doFilter(NegotiationFilter.java:131) [aaa.jar:] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248) at org.ovirt.engine.core.aaa.filters.BasicAuthenticationFilter.doFilter(BasicAuthenticationFilter.java:75) [aaa.jar:] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248) at org.ovirt.engine.core.aaa.filters.SessionValidationFilter.doFilter(SessionValidationFilter.java:63) [aaa.jar:] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:275) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:161) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:489) at org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityContextAssociationValve.java:153) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:155) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) at org.jboss.web.rewrite.RewriteValve.invoke(RewriteValve.java:466) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:368) at org.apache.coyote.ajp.AjpProcessor.process(AjpProcessor.java:505) at org.apache.coyote.ajp.AjpProtocol$AjpConnectionHandler.process(AjpProtocol.java:445) at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:930) at java.lang.Thread.run(Thread.java:744) [rt.jar:1.7.0_51]
I have not changed any password from any of my AD users.
I have removed from my oVirt 3.5 the domain with:
engine-manage-domains delete --domain=siee.local --user=Administrator
And I have removed the domain without problems. But I want to add it again but I can't. I execute the bellow command, put the password of my Administrator domain and I receive the error showed bellow:
engine-manage-domains add --domain=SIEE.LOCAL --provider=ad --user=Administrator Enter password: No user in Directory was found for Administrator@SIEE.LOCAL. Trying next LDAP server in list Failure while testing domain siee.local. Details: No user information was found for user
The password that I use is correct because I can login with user Administrator in the domain siee.local through a Windows 7 Enterprise client. All this issue comes after my upgrade to oVirt 3.5. Does someone help me with this problem?. If more info is needed or logs, please ask me.
Many thanks in advanced,
Juanjo
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
----- Original Message -----
From: "Ondra Machacek" <omachace@redhat.com> To: jj197005@gmail.com Cc: users@ovirt.org, "Yair Zaslavsky" <yzaslavs@redhat.com>, "Alon Bar-Lev" <alonbl@redhat.com> Sent: Monday, November 24, 2014 2:46:20 PM Subject: Re: [ovirt-users] Adding domain to oVirt to 3.5 issue
Please try to run your command with domain in lower case:
engine-manage-domains add --domain=siee.local --provider=ad --user=Administrator
it is already added, won't it simpler to modify the vdc_options?
----- Original Message -----
From: "Alon Bar-Lev" <alonbl@redhat.com> To: "Juan Jose" <jj197005@gmail.com> Cc: users@ovirt.org, "Yair Zaslavsky" <yzaslavs@redhat.com>, "Ondra Machacek" <omachace@redhat.com> Sent: Monday, November 24, 2014 1:27:39 PM Subject: Re: [ovirt-users] Adding domain to oVirt to 3.5 issue
Yes, I think we just fixed this[1]. We can fix this manually, yair, ondra what is the easiest fix?
BTW: you can also checkout the new ldap provider (ovirt-engine-extension-aaa-ldap) in 3.5 which should be much more robust[1], I can help you set it up.
[1] https://bugzilla.redhat.com/show_bug.cgi?id=1167211 [2] http://gerrit.ovirt.org/gitweb?p=ovirt-engine-extension-aaa-ldap.git;a=blob;...
----- Original Message -----
From: "Juan Jose" <jj197005@gmail.com> To: users@ovirt.org Sent: Monday, November 24, 2014 2:22:44 PM Subject: [ovirt-users] Adding domain to oVirt to 3.5 issue
Hello everybody,
I have upgraded my oVirt 3.4 to 3.5 version without any problem apparently.
After finish the upgrade I have tried to login with any of my AD users from my Samba 4, like I used to do in oVirt 3.4 but I received authentication errors as below error:
2014-11-21 14:06:02,681 ERROR [org.ovirt.engine.extensions.aaa.builtin.kerberosldap.GSSAPIDirContextAuthenticationStrategy] (ajp--127.0.0.1-8702-3) Kerberos error: Pre-authentication information was invalid (24) 2014-11-21 14:06:02,683 ERROR [org.ovirt.engine.extensions.aaa.builtin.kerberosldap.GSSAPIDirContextAuthenticationStrategy] (ajp--127.0.0.1-8702-3) Authentication Failed. Please verify the username and password. 2014-11-21 14:06:02,685 ERROR [org.ovirt.engine.extensions.aaa.builtin.kerberosldap.DirectorySearcher] (ajp--127.0.0.1-8702-3) Failed ldap search server ldap://adserver.siee.local:389 using user juanjo@SIEE.LOCAL due to Authentication Failed. Please verify the username and password.. We should not try the next server 2014-11-21 14:06:02,688 ERROR [org.ovirt.engine.extensions.aaa.builtin.kerberosldap.LdapBrokerCommandBase] (ajp--127.0.0.1-8702-3) Failed to run command LdapGetAdUserByUserNameCommand. Domain is siee.local. User is juanjo@SIEE.LOCAL. 2014-11-21 14:06:02,690 ERROR [org.ovirt.engine.core.bll.aaa.LoginAdminUserCommand] (ajp--127.0.0.1-8702-3) Error during CanDoActionFailure.: Class: class org.ovirt.engine.core.extensions.mgr.ExtensionInvokeCommandFailedException Input: {Extkey[name=EXTENSION_INVOKE_CONTEXT;type=class org.ovirt.engine.api.extensions.ExtMap;uuid=EXTENSION_INVOKE_CONTEXT[886d2ebb-312a-49ae-9cc3-e1f849834b7d];]={Extkey[name=EXTENSION_INTERFACE_VERSION_MAX;type=class java.lang.Integer;uuid=EXTENSION_INTERFACE_VERSION_MAX[f4cff49f-2717-4901-8ee9-df362446e3e7];]=0, Extkey[name=EXTENSION_LICENSE;type=class java.lang.String;uuid=EXTENSION_LICENSE[8a61ad65-054c-4e31-9c6d-1ca4d60a4c18];]=ASL 2.0, Extkey[name=EXTENSION_HOME_URL;type=class java.lang.String;uuid=EXTENSION_HOME_URL[4ad7a2f4-f969-42d4-b399-72d192e18304];]= http://www.ovirt.org , Extkey[name=EXTENSION_LOCALE;type=class java.lang.String;uuid=EXTENSION_LOCALE[0780b112-0ce0-404a-b85e-8765d778bb29];]=en_US, Extkey[name=EXTENSION_NAME;type=class java.lang.String;uuid=EXTENSION_NAME[651381d3-f54f-4547-bf28-b0b01a103184];]=Kerberos/Ldap Authz (Built-in), Extkey[name=EXTENSION_INTERFACE_VERSION_MIN;type=class java.lang.Integer;uuid=EXTENSION_INTERFACE_VERSION_MIN[2b84fc91-305b-497b-a1d7-d961b9d2ce0b];]=0, Extkey[name=EXTENSION_CONFIGURATION;type=class java.util.Properties;uuid=EXTENSION_CONFIGURATION[2d48ab72-f0a1-4312-b4ae-5068a226b0fc];]=***, Extkey[name=EXTENSION_AUTHOR;type=class java.lang.String;uuid=EXTENSION_AUTHOR[ef242f7a-2dad-4bc5-9aad-e07018b7fbcc];]=The oVirt Project, Extkey[name=AAA_AUTHZ_QUERY_MAX_FILTER_SIZE;type=class java.lang.Integer;uuid=AAA_AUTHZ_QUERY_MAX_FILTER_SIZE[2eb1f541-0f65-44a1-a6e3-014e247595f5];]=100, Extkey[name=EXTENSION_INSTANCE_NAME;type=class java.lang.String;uuid=EXTENSION_INSTANCE_NAME[65c67ff6-aeca-4bd5-a245-8674327f011b];]=siee.local, Extkey[name=EXTENSION_BUILD_INTERFACE_VERSION;type=class java.lang.Integer;uuid=EXTENSION_BUILD_INTERFACE_VERSION[cb479e5a-4b23-46f8-aed3-56a4747a8ab7];]=0, Extkey[name=AAA_AUTHZ_CAPABILITIES;type=class java.lang.Long;uuid=AAA_AUTHZ_CAPABILITIES[6106d1fb-9291-4351-a947-b897b9540a23];]=1, Extkey[name=EXTENSION_CONFIGURATION_SENSITIVE_KEYS;type=interface java.util.Collection;uuid=EXTENSION_CONFIGURATION_SENSITIVE_KEYS[a456efa1-73ff-4204-9f9b-ebff01e35263];]=[], Extkey[name=EXTENSION_GLOBAL_CONTEXT;type=class org.ovirt.engine.api.extensions.ExtMap;uuid=EXTENSION_GLOBAL_CONTEXT[9799e72f-7af6-4cf1-bf08-297bc8903676];]=*skip*, Extkey[name=EXTENSION_VERSION;type=class java.lang.String;uuid=EXTENSION_VERSION[fe35f6a8-8239-4bdb-ab1a-af9f779ce68c];]=N/A, Extkey[name=AAA_AUTHZ_AVAILABLE_NAMESPACES;type=interface java.util.Collection;uuid=AAA_AUTHZ_AVAILABLE_NAMESPACES[6dffa34c-955f-486a-bd35-0a272b45a711];]=[*], Extkey[name=EXTENSION_MANAGER_TRACE_LOG;type=interface org.slf4j.Logger;uuid=EXTENSION_MANAGER_TRACE_LOG[863db666-3ea7-4751-9695-918a3197ad83];]=org.slf4j.impl.Slf4jLogger(org.ovirt.engine.core.extensions.mgr.ExtensionsManager.trace.Kerberos/Ldap Authz (Built-in).siee.local), Extkey[name=EXTENSION_PROVIDES;type=interface java.util.Collection;uuid=EXTENSION_PROVIDES[8cf373a6-65b5-4594-b828-0e275087de91];]=[org.ovirt.engine.api.extensions.aaa.Authz]}, Extkey[name=AAA_AUTHZ_QUERY_FLAGS;type=class java.lang.Integer;uuid=AAA_AUTHZ_QUERY_FLAGS[97d226e9-8d87-49a0-9a7f-af689320907b];]=3, Extkey[name=EXTENSION_INVOKE_COMMAND;type=class org.ovirt.engine.api.extensions.ExtUUID;uuid=EXTENSION_INVOKE_COMMAND[485778ab-bede-4f1a-b823-77b262a2f28d];]=AAA_AUTHZ_FETCH_PRINCIPAL_RECORD[5a5bf9bb-9336-4376-a823-26efe1ba26df], Extkey[name=AAA_AUTHN_AUTH_RECORD;type=class org.ovirt.engine.api.extensions.ExtMap;uuid=AAA_AUTHN_AUTH_RECORD[e9462168-b53b-44ac-9af5-f25e1697173e];]={Extkey[name=AAA_AUTHN_AUTH_RECORD_PRINCIPAL;type=class java.lang.String;uuid=AAA_AUTHN_AUTH_RECORD_PRINCIPAL[c3498f07-11fe-464c-958c-8bd7490b119a];]=juanjo}} Output: {Extkey[name=EXTENSION_INVOKE_RESULT;type=class java.lang.Integer;uuid=EXTENSION_INVOKE_RESULT[0909d91d-8bde-40fb-b6c0-099c772ddd4e];]=2, Extkey[name=AAA_AUTHZ_STATUS;type=class java.lang.Integer;uuid=AAA_AUTHZ_STATUS[566f0ba5-8329-4de1-952a-7a81e4bedd3e];]=1}
at org.ovirt.engine.core.extensions.mgr.ExtensionProxy.invoke(ExtensionProxy.java:91) [extensions-manager.jar:] at org.ovirt.engine.core.extensions.mgr.ExtensionProxy.invoke(ExtensionProxy.java:109) [extensions-manager.jar:] at org.ovirt.engine.core.aaa.AuthzUtils.fetchPrincipalRecordImpl(AuthzUtils.java:51) [aaa.jar:] at org.ovirt.engine.core.aaa.AuthzUtils.fetchPrincipalRecord(AuthzUtils.java:42) [aaa.jar:] at org.ovirt.engine.core.bll.aaa.LoginBaseCommand.isUserCanBeAuthenticated(LoginBaseCommand.java:234) [bll.jar:] at org.ovirt.engine.core.bll.aaa.LoginAdminUserCommand.canDoAction(LoginAdminUserCommand.java:15) [bll.jar:] at org.ovirt.engine.core.bll.CommandBase.internalCanDoAction(CommandBase.java:744) [bll.jar:] at org.ovirt.engine.core.bll.CommandBase.executeAction(CommandBase.java:338) [bll.jar:] at org.ovirt.engine.core.bll.Backend.login(Backend.java:575) [bll.jar:] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.7.0_51] at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) [rt.jar:1.7.0_51] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [rt.jar:1.7.0_51] at java.lang.reflect.Method.invoke(Method.java:606) [rt.jar:1.7.0_51] at org.jboss.as.ee.component.ManagedReferenceMethodInterceptorFactory$ManagedReferenceMethodInterceptor.processInvocation(ManagedReferenceMethodInterceptorFactory.java:72) [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.invocation.InterceptorContext$Invocation.proceed(InterceptorContext.java:374) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.as.weld.ejb.Jsr299BindingsInterceptor.delegateInterception(Jsr299BindingsInterceptor.java:114) [jboss-as-weld-7.1.1.Final.jar:7.1.1.Final] at org.jboss.as.weld.ejb.Jsr299BindingsInterceptor.doMethodInterception(Jsr299BindingsInterceptor.java:125) [jboss-as-weld-7.1.1.Final.jar:7.1.1.Final] at org.jboss.as.weld.ejb.Jsr299BindingsInterceptor.processInvocation(Jsr299BindingsInterceptor.java:135) [jboss-as-weld-7.1.1.Final.jar:7.1.1.Final] at org.jboss.as.ee.component.interceptors.UserInterceptorFactory$1.processInvocation(UserInterceptorFactory.java:36) [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.invocation.InterceptorContext$Invocation.proceed(InterceptorContext.java:374) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.ovirt.engine.core.bll.interceptors.ThreadLocalSessionCleanerInterceptor.injectWebContextToThreadLocal(ThreadLocalSessionCleanerInterceptor.java:13) [bll.jar:] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.7.0_51] at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) [rt.jar:1.7.0_51] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [rt.jar:1.7.0_51] at java.lang.reflect.Method.invoke(Method.java:606) [rt.jar:1.7.0_51] at org.jboss.as.ee.component.ManagedReferenceLifecycleMethodInterceptorFactory$ManagedReferenceLifecycleMethodInterceptor.processInvocation(ManagedReferenceLifecycleMethodInterceptorFactory.java:123) [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.invocation.WeavedInterceptor.processInvocation(WeavedInterceptor.java:53) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.as.ee.component.interceptors.UserInterceptorFactory$1.processInvocation(UserInterceptorFactory.java:36) [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.as.weld.ejb.EjbRequestScopeActivationInterceptor.processInvocation(EjbRequestScopeActivationInterceptor.java:82) [jboss-as-weld-7.1.1.Final.jar:7.1.1.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.invocation.InitialInterceptor.processInvocation(InitialInterceptor.java:21) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.as.ee.component.interceptors.ComponentDispatcherInterceptor.processInvocation(ComponentDispatcherInterceptor.java:53) [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.as.ejb3.component.singleton.SingletonComponentInstanceAssociationInterceptor.processInvocation(SingletonComponentInstanceAssociationInterceptor.java:53) [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.as.ejb3.tx.CMTTxInterceptor.invokeInNoTx(CMTTxInterceptor.java:211) [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] at org.jboss.as.ejb3.tx.CMTTxInterceptor.supports(CMTTxInterceptor.java:363) [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] at org.jboss.as.ejb3.tx.CMTTxInterceptor.processInvocation(CMTTxInterceptor.java:194) [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.as.ejb3.component.interceptors.CurrentInvocationContextInterceptor.processInvocation(CurrentInvocationContextInterceptor.java:41) [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.as.ejb3.component.interceptors.LoggingInterceptor.processInvocation(LoggingInterceptor.java:59) [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.as.ee.component.NamespaceContextInterceptor.processInvocation(NamespaceContextInterceptor.java:50) [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.as.ee.component.TCCLInterceptor.processInvocation(TCCLInterceptor.java:45) [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.as.ee.component.ViewService$View.invoke(ViewService.java:165) [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at org.jboss.as.ee.component.ViewDescription$1.processInvocation(ViewDescription.java:173) [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.as.ee.component.ProxyInvocationHandler.invoke(ProxyInvocationHandler.java:72) [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at org.ovirt.engine.core.common.interfaces.BackendLocal$$$view7.login(Unknown Source) [common.jar:] at org.ovirt.engine.ui.frontend.server.gwt.GenericApiGWTServiceImpl.login(GenericApiGWTServiceImpl.java:183) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.7.0_51] at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) [rt.jar:1.7.0_51] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [rt.jar:1.7.0_51] at java.lang.reflect.Method.invoke(Method.java:606) [rt.jar:1.7.0_51] at com.google.gwt.rpc.server.RPC.invokeAndStreamResponse(RPC.java:196) at com.google.gwt.rpc.server.RpcServlet.processCall(RpcServlet.java:172) at com.google.gwt.rpc.server.RpcServlet.processPost(RpcServlet.java:233) at com.google.gwt.user.server.rpc.AbstractRemoteServiceServlet.doPost(AbstractRemoteServiceServlet.java:62) at javax.servlet.http.HttpServlet.service(HttpServlet.java:754) [jboss-servlet-api_3.0_spec-1.0.0.Final.jar:1.0.0.Final] at javax.servlet.http.HttpServlet.service(HttpServlet.java:847) [jboss-servlet-api_3.0_spec-1.0.0.Final.jar:1.0.0.Final] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:329) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248) at org.ovirt.engine.core.utils.servlet.HeaderFilter.doFilter(HeaderFilter.java:94) [utils.jar:] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248) at org.ovirt.engine.ui.frontend.server.gwt.GwtCachingFilter.doFilter(GwtCachingFilter.java:132) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248) at org.ovirt.engine.core.branding.BrandingFilter.doFilter(BrandingFilter.java:72) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248) at org.ovirt.engine.core.utils.servlet.LocaleFilter.doFilter(LocaleFilter.java:64) [utils.jar:] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248) at org.ovirt.engine.core.aaa.filters.SessionMgmtFilter.doFilter(SessionMgmtFilter.java:31) [aaa.jar:] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248) at org.ovirt.engine.core.aaa.filters.LoginFilter.doFilter(LoginFilter.java:73) [aaa.jar:] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248) at org.ovirt.engine.core.aaa.filters.NegotiationFilter.doFilter(NegotiationFilter.java:131) [aaa.jar:] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248) at org.ovirt.engine.core.aaa.filters.BasicAuthenticationFilter.doFilter(BasicAuthenticationFilter.java:75) [aaa.jar:] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248) at org.ovirt.engine.core.aaa.filters.SessionValidationFilter.doFilter(SessionValidationFilter.java:63) [aaa.jar:] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:275) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:161) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:489) at org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityContextAssociationValve.java:153) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:155) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) at org.jboss.web.rewrite.RewriteValve.invoke(RewriteValve.java:466) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:368) at org.apache.coyote.ajp.AjpProcessor.process(AjpProcessor.java:505) at org.apache.coyote.ajp.AjpProtocol$AjpConnectionHandler.process(AjpProtocol.java:445) at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:930) at java.lang.Thread.run(Thread.java:744) [rt.jar:1.7.0_51]
I have not changed any password from any of my AD users.
I have removed from my oVirt 3.5 the domain with:
engine-manage-domains delete --domain=siee.local --user=Administrator
And I have removed the domain without problems. But I want to add it again but I can't. I execute the bellow command, put the password of my Administrator domain and I receive the error showed bellow:
engine-manage-domains add --domain=SIEE.LOCAL --provider=ad --user=Administrator Enter password: No user in Directory was found for Administrator@SIEE.LOCAL. Trying next LDAP server in list Failure while testing domain siee.local. Details: No user information was found for user
The password that I use is correct because I can login with user Administrator in the domain siee.local through a Windows 7 Enterprise client. All this issue comes after my upgrade to oVirt 3.5. Does someone help me with this problem?. If more info is needed or logs, please ask me.
Many thanks in advanced,
Juanjo
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
I understood that domain can be deleted, but can't be added, so there won't be needed values to update in vdc_options. Juanjo - Can you please provide us what's the result of command: $ psql -U engine -d engine -c "select * from vdc_options where option_name='LDAPSecurityAuthentication'" If it's empty or if the domain name is upper case or lower case? If it's upper, than please lower case it. $ psql -U engine -d engine -c "update vdc_options set option_value='siee.local:GSSAPI' where option_name='LDAPSecurityAuthentication'" ----- Original Message -----
From: "Alon Bar-Lev" <alonbl@redhat.com> To: "Ondra Machacek" <omachace@redhat.com> Cc: jj197005@gmail.com, users@ovirt.org, "Yair Zaslavsky" <yzaslavs@redhat.com> Sent: Monday, November 24, 2014 1:49:11 PM Subject: Re: [ovirt-users] Adding domain to oVirt to 3.5 issue
----- Original Message -----
From: "Ondra Machacek" <omachace@redhat.com> To: jj197005@gmail.com Cc: users@ovirt.org, "Yair Zaslavsky" <yzaslavs@redhat.com>, "Alon Bar-Lev" <alonbl@redhat.com> Sent: Monday, November 24, 2014 2:46:20 PM Subject: Re: [ovirt-users] Adding domain to oVirt to 3.5 issue
Please try to run your command with domain in lower case:
engine-manage-domains add --domain=siee.local --provider=ad --user=Administrator
it is already added, won't it simpler to modify the vdc_options?
----- Original Message -----
From: "Alon Bar-Lev" <alonbl@redhat.com> To: "Juan Jose" <jj197005@gmail.com> Cc: users@ovirt.org, "Yair Zaslavsky" <yzaslavs@redhat.com>, "Ondra Machacek" <omachace@redhat.com> Sent: Monday, November 24, 2014 1:27:39 PM Subject: Re: [ovirt-users] Adding domain to oVirt to 3.5 issue
Yes, I think we just fixed this[1]. We can fix this manually, yair, ondra what is the easiest fix?
BTW: you can also checkout the new ldap provider (ovirt-engine-extension-aaa-ldap) in 3.5 which should be much more robust[1], I can help you set it up.
[1] https://bugzilla.redhat.com/show_bug.cgi?id=1167211 [2] http://gerrit.ovirt.org/gitweb?p=ovirt-engine-extension-aaa-ldap.git;a=blob;...
----- Original Message -----
From: "Juan Jose" <jj197005@gmail.com> To: users@ovirt.org Sent: Monday, November 24, 2014 2:22:44 PM Subject: [ovirt-users] Adding domain to oVirt to 3.5 issue
Hello everybody,
I have upgraded my oVirt 3.4 to 3.5 version without any problem apparently.
After finish the upgrade I have tried to login with any of my AD users from my Samba 4, like I used to do in oVirt 3.4 but I received authentication errors as below error:
2014-11-21 14:06:02,681 ERROR [org.ovirt.engine.extensions.aaa.builtin.kerberosldap.GSSAPIDirContextAuthenticationStrategy] (ajp--127.0.0.1-8702-3) Kerberos error: Pre-authentication information was invalid (24) 2014-11-21 14:06:02,683 ERROR [org.ovirt.engine.extensions.aaa.builtin.kerberosldap.GSSAPIDirContextAuthenticationStrategy] (ajp--127.0.0.1-8702-3) Authentication Failed. Please verify the username and password. 2014-11-21 14:06:02,685 ERROR [org.ovirt.engine.extensions.aaa.builtin.kerberosldap.DirectorySearcher] (ajp--127.0.0.1-8702-3) Failed ldap search server ldap://adserver.siee.local:389 using user juanjo@SIEE.LOCAL due to Authentication Failed. Please verify the username and password.. We should not try the next server 2014-11-21 14:06:02,688 ERROR [org.ovirt.engine.extensions.aaa.builtin.kerberosldap.LdapBrokerCommandBase] (ajp--127.0.0.1-8702-3) Failed to run command LdapGetAdUserByUserNameCommand. Domain is siee.local. User is juanjo@SIEE.LOCAL. 2014-11-21 14:06:02,690 ERROR [org.ovirt.engine.core.bll.aaa.LoginAdminUserCommand] (ajp--127.0.0.1-8702-3) Error during CanDoActionFailure.: Class: class org.ovirt.engine.core.extensions.mgr.ExtensionInvokeCommandFailedException Input: {Extkey[name=EXTENSION_INVOKE_CONTEXT;type=class org.ovirt.engine.api.extensions.ExtMap;uuid=EXTENSION_INVOKE_CONTEXT[886d2ebb-312a-49ae-9cc3-e1f849834b7d];]={Extkey[name=EXTENSION_INTERFACE_VERSION_MAX;type=class java.lang.Integer;uuid=EXTENSION_INTERFACE_VERSION_MAX[f4cff49f-2717-4901-8ee9-df362446e3e7];]=0, Extkey[name=EXTENSION_LICENSE;type=class java.lang.String;uuid=EXTENSION_LICENSE[8a61ad65-054c-4e31-9c6d-1ca4d60a4c18];]=ASL 2.0, Extkey[name=EXTENSION_HOME_URL;type=class java.lang.String;uuid=EXTENSION_HOME_URL[4ad7a2f4-f969-42d4-b399-72d192e18304];]= http://www.ovirt.org , Extkey[name=EXTENSION_LOCALE;type=class java.lang.String;uuid=EXTENSION_LOCALE[0780b112-0ce0-404a-b85e-8765d778bb29];]=en_US, Extkey[name=EXTENSION_NAME;type=class java.lang.String;uuid=EXTENSION_NAME[651381d3-f54f-4547-bf28-b0b01a103184];]=Kerberos/Ldap Authz (Built-in), Extkey[name=EXTENSION_INTERFACE_VERSION_MIN;type=class java.lang.Integer;uuid=EXTENSION_INTERFACE_VERSION_MIN[2b84fc91-305b-497b-a1d7-d961b9d2ce0b];]=0, Extkey[name=EXTENSION_CONFIGURATION;type=class java.util.Properties;uuid=EXTENSION_CONFIGURATION[2d48ab72-f0a1-4312-b4ae-5068a226b0fc];]=***, Extkey[name=EXTENSION_AUTHOR;type=class java.lang.String;uuid=EXTENSION_AUTHOR[ef242f7a-2dad-4bc5-9aad-e07018b7fbcc];]=The oVirt Project, Extkey[name=AAA_AUTHZ_QUERY_MAX_FILTER_SIZE;type=class java.lang.Integer;uuid=AAA_AUTHZ_QUERY_MAX_FILTER_SIZE[2eb1f541-0f65-44a1-a6e3-014e247595f5];]=100, Extkey[name=EXTENSION_INSTANCE_NAME;type=class java.lang.String;uuid=EXTENSION_INSTANCE_NAME[65c67ff6-aeca-4bd5-a245-8674327f011b];]=siee.local, Extkey[name=EXTENSION_BUILD_INTERFACE_VERSION;type=class java.lang.Integer;uuid=EXTENSION_BUILD_INTERFACE_VERSION[cb479e5a-4b23-46f8-aed3-56a4747a8ab7];]=0, Extkey[name=AAA_AUTHZ_CAPABILITIES;type=class java.lang.Long;uuid=AAA_AUTHZ_CAPABILITIES[6106d1fb-9291-4351-a947-b897b9540a23];]=1, Extkey[name=EXTENSION_CONFIGURATION_SENSITIVE_KEYS;type=interface java.util.Collection;uuid=EXTENSION_CONFIGURATION_SENSITIVE_KEYS[a456efa1-73ff-4204-9f9b-ebff01e35263];]=[], Extkey[name=EXTENSION_GLOBAL_CONTEXT;type=class org.ovirt.engine.api.extensions.ExtMap;uuid=EXTENSION_GLOBAL_CONTEXT[9799e72f-7af6-4cf1-bf08-297bc8903676];]=*skip*, Extkey[name=EXTENSION_VERSION;type=class java.lang.String;uuid=EXTENSION_VERSION[fe35f6a8-8239-4bdb-ab1a-af9f779ce68c];]=N/A, Extkey[name=AAA_AUTHZ_AVAILABLE_NAMESPACES;type=interface java.util.Collection;uuid=AAA_AUTHZ_AVAILABLE_NAMESPACES[6dffa34c-955f-486a-bd35-0a272b45a711];]=[*], Extkey[name=EXTENSION_MANAGER_TRACE_LOG;type=interface org.slf4j.Logger;uuid=EXTENSION_MANAGER_TRACE_LOG[863db666-3ea7-4751-9695-918a3197ad83];]=org.slf4j.impl.Slf4jLogger(org.ovirt.engine.core.extensions.mgr.ExtensionsManager.trace.Kerberos/Ldap Authz (Built-in).siee.local), Extkey[name=EXTENSION_PROVIDES;type=interface java.util.Collection;uuid=EXTENSION_PROVIDES[8cf373a6-65b5-4594-b828-0e275087de91];]=[org.ovirt.engine.api.extensions.aaa.Authz]}, Extkey[name=AAA_AUTHZ_QUERY_FLAGS;type=class java.lang.Integer;uuid=AAA_AUTHZ_QUERY_FLAGS[97d226e9-8d87-49a0-9a7f-af689320907b];]=3, Extkey[name=EXTENSION_INVOKE_COMMAND;type=class org.ovirt.engine.api.extensions.ExtUUID;uuid=EXTENSION_INVOKE_COMMAND[485778ab-bede-4f1a-b823-77b262a2f28d];]=AAA_AUTHZ_FETCH_PRINCIPAL_RECORD[5a5bf9bb-9336-4376-a823-26efe1ba26df], Extkey[name=AAA_AUTHN_AUTH_RECORD;type=class org.ovirt.engine.api.extensions.ExtMap;uuid=AAA_AUTHN_AUTH_RECORD[e9462168-b53b-44ac-9af5-f25e1697173e];]={Extkey[name=AAA_AUTHN_AUTH_RECORD_PRINCIPAL;type=class java.lang.String;uuid=AAA_AUTHN_AUTH_RECORD_PRINCIPAL[c3498f07-11fe-464c-958c-8bd7490b119a];]=juanjo}} Output: {Extkey[name=EXTENSION_INVOKE_RESULT;type=class java.lang.Integer;uuid=EXTENSION_INVOKE_RESULT[0909d91d-8bde-40fb-b6c0-099c772ddd4e];]=2, Extkey[name=AAA_AUTHZ_STATUS;type=class java.lang.Integer;uuid=AAA_AUTHZ_STATUS[566f0ba5-8329-4de1-952a-7a81e4bedd3e];]=1}
at org.ovirt.engine.core.extensions.mgr.ExtensionProxy.invoke(ExtensionProxy.java:91) [extensions-manager.jar:] at org.ovirt.engine.core.extensions.mgr.ExtensionProxy.invoke(ExtensionProxy.java:109) [extensions-manager.jar:] at org.ovirt.engine.core.aaa.AuthzUtils.fetchPrincipalRecordImpl(AuthzUtils.java:51) [aaa.jar:] at org.ovirt.engine.core.aaa.AuthzUtils.fetchPrincipalRecord(AuthzUtils.java:42) [aaa.jar:] at org.ovirt.engine.core.bll.aaa.LoginBaseCommand.isUserCanBeAuthenticated(LoginBaseCommand.java:234) [bll.jar:] at org.ovirt.engine.core.bll.aaa.LoginAdminUserCommand.canDoAction(LoginAdminUserCommand.java:15) [bll.jar:] at org.ovirt.engine.core.bll.CommandBase.internalCanDoAction(CommandBase.java:744) [bll.jar:] at org.ovirt.engine.core.bll.CommandBase.executeAction(CommandBase.java:338) [bll.jar:] at org.ovirt.engine.core.bll.Backend.login(Backend.java:575) [bll.jar:] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.7.0_51] at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) [rt.jar:1.7.0_51] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [rt.jar:1.7.0_51] at java.lang.reflect.Method.invoke(Method.java:606) [rt.jar:1.7.0_51] at org.jboss.as.ee.component.ManagedReferenceMethodInterceptorFactory$ManagedReferenceMethodInterceptor.processInvocation(ManagedReferenceMethodInterceptorFactory.java:72) [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.invocation.InterceptorContext$Invocation.proceed(InterceptorContext.java:374) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.as.weld.ejb.Jsr299BindingsInterceptor.delegateInterception(Jsr299BindingsInterceptor.java:114) [jboss-as-weld-7.1.1.Final.jar:7.1.1.Final] at org.jboss.as.weld.ejb.Jsr299BindingsInterceptor.doMethodInterception(Jsr299BindingsInterceptor.java:125) [jboss-as-weld-7.1.1.Final.jar:7.1.1.Final] at org.jboss.as.weld.ejb.Jsr299BindingsInterceptor.processInvocation(Jsr299BindingsInterceptor.java:135) [jboss-as-weld-7.1.1.Final.jar:7.1.1.Final] at org.jboss.as.ee.component.interceptors.UserInterceptorFactory$1.processInvocation(UserInterceptorFactory.java:36) [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.invocation.InterceptorContext$Invocation.proceed(InterceptorContext.java:374) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.ovirt.engine.core.bll.interceptors.ThreadLocalSessionCleanerInterceptor.injectWebContextToThreadLocal(ThreadLocalSessionCleanerInterceptor.java:13) [bll.jar:] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.7.0_51] at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) [rt.jar:1.7.0_51] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [rt.jar:1.7.0_51] at java.lang.reflect.Method.invoke(Method.java:606) [rt.jar:1.7.0_51] at org.jboss.as.ee.component.ManagedReferenceLifecycleMethodInterceptorFactory$ManagedReferenceLifecycleMethodInterceptor.processInvocation(ManagedReferenceLifecycleMethodInterceptorFactory.java:123) [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.invocation.WeavedInterceptor.processInvocation(WeavedInterceptor.java:53) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.as.ee.component.interceptors.UserInterceptorFactory$1.processInvocation(UserInterceptorFactory.java:36) [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.as.weld.ejb.EjbRequestScopeActivationInterceptor.processInvocation(EjbRequestScopeActivationInterceptor.java:82) [jboss-as-weld-7.1.1.Final.jar:7.1.1.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.invocation.InitialInterceptor.processInvocation(InitialInterceptor.java:21) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.as.ee.component.interceptors.ComponentDispatcherInterceptor.processInvocation(ComponentDispatcherInterceptor.java:53) [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.as.ejb3.component.singleton.SingletonComponentInstanceAssociationInterceptor.processInvocation(SingletonComponentInstanceAssociationInterceptor.java:53) [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.as.ejb3.tx.CMTTxInterceptor.invokeInNoTx(CMTTxInterceptor.java:211) [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] at org.jboss.as.ejb3.tx.CMTTxInterceptor.supports(CMTTxInterceptor.java:363) [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] at org.jboss.as.ejb3.tx.CMTTxInterceptor.processInvocation(CMTTxInterceptor.java:194) [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.as.ejb3.component.interceptors.CurrentInvocationContextInterceptor.processInvocation(CurrentInvocationContextInterceptor.java:41) [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.as.ejb3.component.interceptors.LoggingInterceptor.processInvocation(LoggingInterceptor.java:59) [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.as.ee.component.NamespaceContextInterceptor.processInvocation(NamespaceContextInterceptor.java:50) [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.as.ee.component.TCCLInterceptor.processInvocation(TCCLInterceptor.java:45) [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.as.ee.component.ViewService$View.invoke(ViewService.java:165) [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at org.jboss.as.ee.component.ViewDescription$1.processInvocation(ViewDescription.java:173) [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.as.ee.component.ProxyInvocationHandler.invoke(ProxyInvocationHandler.java:72) [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at org.ovirt.engine.core.common.interfaces.BackendLocal$$$view7.login(Unknown Source) [common.jar:] at org.ovirt.engine.ui.frontend.server.gwt.GenericApiGWTServiceImpl.login(GenericApiGWTServiceImpl.java:183) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.7.0_51] at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) [rt.jar:1.7.0_51] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [rt.jar:1.7.0_51] at java.lang.reflect.Method.invoke(Method.java:606) [rt.jar:1.7.0_51] at com.google.gwt.rpc.server.RPC.invokeAndStreamResponse(RPC.java:196) at com.google.gwt.rpc.server.RpcServlet.processCall(RpcServlet.java:172) at com.google.gwt.rpc.server.RpcServlet.processPost(RpcServlet.java:233) at com.google.gwt.user.server.rpc.AbstractRemoteServiceServlet.doPost(AbstractRemoteServiceServlet.java:62) at javax.servlet.http.HttpServlet.service(HttpServlet.java:754) [jboss-servlet-api_3.0_spec-1.0.0.Final.jar:1.0.0.Final] at javax.servlet.http.HttpServlet.service(HttpServlet.java:847) [jboss-servlet-api_3.0_spec-1.0.0.Final.jar:1.0.0.Final] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:329) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248) at org.ovirt.engine.core.utils.servlet.HeaderFilter.doFilter(HeaderFilter.java:94) [utils.jar:] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248) at org.ovirt.engine.ui.frontend.server.gwt.GwtCachingFilter.doFilter(GwtCachingFilter.java:132) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248) at org.ovirt.engine.core.branding.BrandingFilter.doFilter(BrandingFilter.java:72) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248) at org.ovirt.engine.core.utils.servlet.LocaleFilter.doFilter(LocaleFilter.java:64) [utils.jar:] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248) at org.ovirt.engine.core.aaa.filters.SessionMgmtFilter.doFilter(SessionMgmtFilter.java:31) [aaa.jar:] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248) at org.ovirt.engine.core.aaa.filters.LoginFilter.doFilter(LoginFilter.java:73) [aaa.jar:] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248) at org.ovirt.engine.core.aaa.filters.NegotiationFilter.doFilter(NegotiationFilter.java:131) [aaa.jar:] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248) at org.ovirt.engine.core.aaa.filters.BasicAuthenticationFilter.doFilter(BasicAuthenticationFilter.java:75) [aaa.jar:] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248) at org.ovirt.engine.core.aaa.filters.SessionValidationFilter.doFilter(SessionValidationFilter.java:63) [aaa.jar:] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:275) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:161) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:489) at org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityContextAssociationValve.java:153) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:155) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) at org.jboss.web.rewrite.RewriteValve.invoke(RewriteValve.java:466) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:368) at org.apache.coyote.ajp.AjpProcessor.process(AjpProcessor.java:505) at org.apache.coyote.ajp.AjpProtocol$AjpConnectionHandler.process(AjpProtocol.java:445) at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:930) at java.lang.Thread.run(Thread.java:744) [rt.jar:1.7.0_51]
I have not changed any password from any of my AD users.
I have removed from my oVirt 3.5 the domain with:
engine-manage-domains delete --domain=siee.local --user=Administrator
And I have removed the domain without problems. But I want to add it again but I can't. I execute the bellow command, put the password of my Administrator domain and I receive the error showed bellow:
engine-manage-domains add --domain=SIEE.LOCAL --provider=ad --user=Administrator Enter password: No user in Directory was found for Administrator@SIEE.LOCAL. Trying next LDAP server in list Failure while testing domain siee.local. Details: No user information was found for user
The password that I use is correct because I can login with user Administrator in the domain siee.local through a Windows 7 Enterprise client. All this issue comes after my upgrade to oVirt 3.5. Does someone help me with this problem?. If more info is needed or logs, please ask me.
Many thanks in advanced,
Juanjo
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Hello everybody, Ondra you are right, I removed the domain. I have already tried to execute the command with lower case the domain name and the result is the same engine-manage-domains add --domain=siee.local --provider=ad --user=Administrator --add-permissions Enter password: No user in Directory was found for Administrator@SIEE.LOCAL. Trying next LDAP server in list Failure while testing domain siee.local. Details: No user information was found for user the result to the command psql -U engine -d engine -c "select * from vdc_options where option_name='LDAPSecurityAuthentication'" is: psql: FATAL: Ident authentication failed for user "engine" And for second command psql -U engine -d engine -c "update vdc_options set option_value='siee.local:GSSAPI' where option_name='LDAPSecurityAuthentication'", I receive the same response: psql: FATAL: Ident authentication failed for user "engine" Is there any problem? Many thanks in advanced, Juanjo. On Mon, Nov 24, 2014 at 1:57 PM, Ondra Machacek <omachace@redhat.com> wrote:
I understood that domain can be deleted, but can't be added, so there won't be needed values to update in vdc_options.
Juanjo - Can you please provide us what's the result of command:
$ psql -U engine -d engine -c "select * from vdc_options where option_name='LDAPSecurityAuthentication'"
If it's empty or if the domain name is upper case or lower case? If it's upper, than please lower case it. $ psql -U engine -d engine -c "update vdc_options set option_value='siee.local:GSSAPI' where option_name='LDAPSecurityAuthentication'"
----- Original Message -----
From: "Alon Bar-Lev" <alonbl@redhat.com> To: "Ondra Machacek" <omachace@redhat.com> Cc: jj197005@gmail.com, users@ovirt.org, "Yair Zaslavsky" < yzaslavs@redhat.com> Sent: Monday, November 24, 2014 1:49:11 PM Subject: Re: [ovirt-users] Adding domain to oVirt to 3.5 issue
----- Original Message -----
From: "Ondra Machacek" <omachace@redhat.com> To: jj197005@gmail.com Cc: users@ovirt.org, "Yair Zaslavsky" <yzaslavs@redhat.com>, "Alon Bar-Lev" <alonbl@redhat.com> Sent: Monday, November 24, 2014 2:46:20 PM Subject: Re: [ovirt-users] Adding domain to oVirt to 3.5 issue
Please try to run your command with domain in lower case:
engine-manage-domains add --domain=siee.local --provider=ad --user=Administrator
it is already added, won't it simpler to modify the vdc_options?
----- Original Message -----
From: "Alon Bar-Lev" <alonbl@redhat.com> To: "Juan Jose" <jj197005@gmail.com> Cc: users@ovirt.org, "Yair Zaslavsky" <yzaslavs@redhat.com>, "Ondra Machacek" <omachace@redhat.com> Sent: Monday, November 24, 2014 1:27:39 PM Subject: Re: [ovirt-users] Adding domain to oVirt to 3.5 issue
Yes, I think we just fixed this[1]. We can fix this manually, yair, ondra what is the easiest fix?
BTW: you can also checkout the new ldap provider (ovirt-engine-extension-aaa-ldap) in 3.5 which should be much more robust[1], I can help you set it up.
http://gerrit.ovirt.org/gitweb?p=ovirt-engine-extension-aaa-ldap.git;a=blob;...
----- Original Message -----
From: "Juan Jose" <jj197005@gmail.com> To: users@ovirt.org Sent: Monday, November 24, 2014 2:22:44 PM Subject: [ovirt-users] Adding domain to oVirt to 3.5 issue
Hello everybody,
I have upgraded my oVirt 3.4 to 3.5 version without any problem apparently.
After finish the upgrade I have tried to login with any of my AD
users
from my Samba 4, like I used to do in oVirt 3.4 but I received authentication errors as below error:
2014-11-21 14:06:02,681 ERROR
[org.ovirt.engine.extensions.aaa.builtin.kerberosldap.GSSAPIDirContextAuthenticationStrategy]
(ajp--127.0.0.1-8702-3) Kerberos error: Pre-authentication information was invalid (24) 2014-11-21 14:06:02,683 ERROR
[org.ovirt.engine.extensions.aaa.builtin.kerberosldap.GSSAPIDirContextAuthenticationStrategy]
(ajp--127.0.0.1-8702-3) Authentication Failed. Please verify the username and password. 2014-11-21 14:06:02,685 ERROR
[org.ovirt.engine.extensions.aaa.builtin.kerberosldap.DirectorySearcher]
(ajp--127.0.0.1-8702-3) Failed ldap search server ldap://adserver.siee.local:389 using user juanjo@SIEE.LOCAL due to Authentication Failed. Please verify the username and password.. We should not try the next server 2014-11-21 14:06:02,688 ERROR
[org.ovirt.engine.extensions.aaa.builtin.kerberosldap.LdapBrokerCommandBase]
(ajp--127.0.0.1-8702-3) Failed to run command LdapGetAdUserByUserNameCommand. Domain is siee.local. User is juanjo@SIEE.LOCAL. 2014-11-21 14:06:02,690 ERROR [org.ovirt.engine.core.bll.aaa.LoginAdminUserCommand] (ajp--127.0.0.1-8702-3) Error during CanDoActionFailure.: Class: class
org.ovirt.engine.core.extensions.mgr.ExtensionInvokeCommandFailedException
Input: {Extkey[name=EXTENSION_INVOKE_CONTEXT;type=class
org.ovirt.engine.api.extensions.ExtMap;uuid=EXTENSION_INVOKE_CONTEXT[886d2ebb-312a-49ae-9cc3-e1f849834b7d];]={Extkey[name=EXTENSION_INTERFACE_VERSION_MAX;type=class
java.lang.Integer;uuid=EXTENSION_INTERFACE_VERSION_MAX[f4cff49f-2717-4901-8ee9-df362446e3e7];]=0,
Extkey[name=EXTENSION_LICENSE;type=class
java.lang.String;uuid=EXTENSION_LICENSE[8a61ad65-054c-4e31-9c6d-1ca4d60a4c18];]=ASL
2.0, Extkey[name=EXTENSION_HOME_URL;type=class
java.lang.String;uuid=EXTENSION_HOME_URL[4ad7a2f4-f969-42d4-b399-72d192e18304];]=
http://www.ovirt.org , Extkey[name=EXTENSION_LOCALE;type=class
java.lang.String;uuid=EXTENSION_LOCALE[0780b112-0ce0-404a-b85e-8765d778bb29];]=en_US,
Extkey[name=EXTENSION_NAME;type=class
java.lang.String;uuid=EXTENSION_NAME[651381d3-f54f-4547-bf28-b0b01a103184];]=Kerberos/Ldap
Authz (Built-in), Extkey[name=EXTENSION_INTERFACE_VERSION_MIN;type=class
java.lang.Integer;uuid=EXTENSION_INTERFACE_VERSION_MIN[2b84fc91-305b-497b-a1d7-d961b9d2ce0b];]=0,
Extkey[name=EXTENSION_CONFIGURATION;type=class
java.util.Properties;uuid=EXTENSION_CONFIGURATION[2d48ab72-f0a1-4312-b4ae-5068a226b0fc];]=***,
Extkey[name=EXTENSION_AUTHOR;type=class
java.lang.String;uuid=EXTENSION_AUTHOR[ef242f7a-2dad-4bc5-9aad-e07018b7fbcc];]=The
oVirt Project, Extkey[name=AAA_AUTHZ_QUERY_MAX_FILTER_SIZE;type=class
java.lang.Integer;uuid=AAA_AUTHZ_QUERY_MAX_FILTER_SIZE[2eb1f541-0f65-44a1-a6e3-014e247595f5];]=100,
Extkey[name=EXTENSION_INSTANCE_NAME;type=class
java.lang.String;uuid=EXTENSION_INSTANCE_NAME[65c67ff6-aeca-4bd5-a245-8674327f011b];]=siee.local,
Extkey[name=EXTENSION_BUILD_INTERFACE_VERSION;type=class
java.lang.Integer;uuid=EXTENSION_BUILD_INTERFACE_VERSION[cb479e5a-4b23-46f8-aed3-56a4747a8ab7];]=0,
Extkey[name=AAA_AUTHZ_CAPABILITIES;type=class
java.lang.Long;uuid=AAA_AUTHZ_CAPABILITIES[6106d1fb-9291-4351-a947-b897b9540a23];]=1,
Extkey[name=EXTENSION_CONFIGURATION_SENSITIVE_KEYS;type=interface
java.util.Collection;uuid=EXTENSION_CONFIGURATION_SENSITIVE_KEYS[a456efa1-73ff-4204-9f9b-ebff01e35263];]=[],
Extkey[name=EXTENSION_GLOBAL_CONTEXT;type=class
org.ovirt.engine.api.extensions.ExtMap;uuid=EXTENSION_GLOBAL_CONTEXT[9799e72f-7af6-4cf1-bf08-297bc8903676];]=*skip*,
Extkey[name=EXTENSION_VERSION;type=class
java.lang.String;uuid=EXTENSION_VERSION[fe35f6a8-8239-4bdb-ab1a-af9f779ce68c];]=N/A,
Extkey[name=AAA_AUTHZ_AVAILABLE_NAMESPACES;type=interface
java.util.Collection;uuid=AAA_AUTHZ_AVAILABLE_NAMESPACES[6dffa34c-955f-486a-bd35-0a272b45a711];]=[*],
Extkey[name=EXTENSION_MANAGER_TRACE_LOG;type=interface
org.slf4j.Logger;uuid=EXTENSION_MANAGER_TRACE_LOG[863db666-3ea7-4751-9695-918a3197ad83];]=org.slf4j.impl.Slf4jLogger(org.ovirt.engine.core.extensions.mgr.ExtensionsManager.trace.Kerberos/Ldap
Authz (Built-in).siee.local), Extkey[name=EXTENSION_PROVIDES;type=interface
java.util.Collection;uuid=EXTENSION_PROVIDES[8cf373a6-65b5-4594-b828-0e275087de91];]=[org.ovirt.engine.api.extensions.aaa.Authz]},
Extkey[name=AAA_AUTHZ_QUERY_FLAGS;type=class
java.lang.Integer;uuid=AAA_AUTHZ_QUERY_FLAGS[97d226e9-8d87-49a0-9a7f-af689320907b];]=3,
Extkey[name=EXTENSION_INVOKE_COMMAND;type=class
org.ovirt.engine.api.extensions.ExtUUID;uuid=EXTENSION_INVOKE_COMMAND[485778ab-bede-4f1a-b823-77b262a2f28d];]=AAA_AUTHZ_FETCH_PRINCIPAL_RECORD[5a5bf9bb-9336-4376-a823-26efe1ba26df],
Extkey[name=AAA_AUTHN_AUTH_RECORD;type=class
org.ovirt.engine.api.extensions.ExtMap;uuid=AAA_AUTHN_AUTH_RECORD[e9462168-b53b-44ac-9af5-f25e1697173e];]={Extkey[name=AAA_AUTHN_AUTH_RECORD_PRINCIPAL;type=class
java.lang.String;uuid=AAA_AUTHN_AUTH_RECORD_PRINCIPAL[c3498f07-11fe-464c-958c-8bd7490b119a];]=juanjo}}
Output: {Extkey[name=EXTENSION_INVOKE_RESULT;type=class
java.lang.Integer;uuid=EXTENSION_INVOKE_RESULT[0909d91d-8bde-40fb-b6c0-099c772ddd4e];]=2,
Extkey[name=AAA_AUTHZ_STATUS;type=class
java.lang.Integer;uuid=AAA_AUTHZ_STATUS[566f0ba5-8329-4de1-952a-7a81e4bedd3e];]=1}
at
org.ovirt.engine.core.extensions.mgr.ExtensionProxy.invoke(ExtensionProxy.java:91)
[extensions-manager.jar:] at
org.ovirt.engine.core.extensions.mgr.ExtensionProxy.invoke(ExtensionProxy.java:109)
[extensions-manager.jar:] at
org.ovirt.engine.core.aaa.AuthzUtils.fetchPrincipalRecordImpl(AuthzUtils.java:51)
[aaa.jar:] at
org.ovirt.engine.core.aaa.AuthzUtils.fetchPrincipalRecord(AuthzUtils.java:42)
[aaa.jar:] at
org.ovirt.engine.core.bll.aaa.LoginBaseCommand.isUserCanBeAuthenticated(LoginBaseCommand.java:234)
[bll.jar:] at
org.ovirt.engine.core.bll.aaa.LoginAdminUserCommand.canDoAction(LoginAdminUserCommand.java:15)
[bll.jar:] at
org.ovirt.engine.core.bll.CommandBase.internalCanDoAction(CommandBase.java:744)
[bll.jar:] at
org.ovirt.engine.core.bll.CommandBase.executeAction(CommandBase.java:338)
[bll.jar:] at org.ovirt.engine.core.bll.Backend.login(Backend.java:575) [bll.jar:] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.7.0_51] at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
[rt.jar:1.7.0_51] at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
[rt.jar:1.7.0_51] at java.lang.reflect.Method.invoke(Method.java:606) [rt.jar:1.7.0_51] at
org.jboss.as.ee.component.ManagedReferenceMethodInterceptorFactory$ManagedReferenceMethodInterceptor.processInvocation(ManagedReferenceMethodInterceptorFactory.java:72)
[jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
[jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at
org.jboss.invocation.InterceptorContext$Invocation.proceed(InterceptorContext.java:374)
[jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at
org.jboss.as.weld.ejb.Jsr299BindingsInterceptor.delegateInterception(Jsr299BindingsInterceptor.java:114)
[jboss-as-weld-7.1.1.Final.jar:7.1.1.Final] at
org.jboss.as.weld.ejb.Jsr299BindingsInterceptor.doMethodInterception(Jsr299BindingsInterceptor.java:125)
[jboss-as-weld-7.1.1.Final.jar:7.1.1.Final] at
org.jboss.as.weld.ejb.Jsr299BindingsInterceptor.processInvocation(Jsr299BindingsInterceptor.java:135)
[jboss-as-weld-7.1.1.Final.jar:7.1.1.Final] at
org.jboss.as.ee.component.interceptors.UserInterceptorFactory$1.processInvocation(UserInterceptorFactory.java:36)
[jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
[jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at
org.jboss.invocation.InterceptorContext$Invocation.proceed(InterceptorContext.java:374)
[jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at
org.ovirt.engine.core.bll.interceptors.ThreadLocalSessionCleanerInterceptor.injectWebContextToThreadLocal(ThreadLocalSessionCleanerInterceptor.java:13)
[bll.jar:] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.7.0_51] at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
[rt.jar:1.7.0_51] at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
[rt.jar:1.7.0_51] at java.lang.reflect.Method.invoke(Method.java:606) [rt.jar:1.7.0_51] at
org.jboss.as.ee.component.ManagedReferenceLifecycleMethodInterceptorFactory$ManagedReferenceLifecycleMethodInterceptor.processInvocation(ManagedReferenceLifecycleMethodInterceptorFactory.java:123)
[jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
[jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at
org.jboss.invocation.WeavedInterceptor.processInvocation(WeavedInterceptor.java:53)
[jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at
org.jboss.as.ee.component.interceptors.UserInterceptorFactory$1.processInvocation(UserInterceptorFactory.java:36)
[jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
[jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at
org.jboss.as.weld.ejb.EjbRequestScopeActivationInterceptor.processInvocation(EjbRequestScopeActivationInterceptor.java:82)
[jboss-as-weld-7.1.1.Final.jar:7.1.1.Final] at
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
[jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at
org.jboss.invocation.InitialInterceptor.processInvocation(InitialInterceptor.java:21)
[jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
[jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at
org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61)
[jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at
org.jboss.as.ee.component.interceptors.ComponentDispatcherInterceptor.processInvocation(ComponentDispatcherInterceptor.java:53)
[jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
[jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at
org.jboss.as.ejb3.component.singleton.SingletonComponentInstanceAssociationInterceptor.processInvocation(SingletonComponentInstanceAssociationInterceptor.java:53)
[jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] at
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
[jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at
org.jboss.as.ejb3.tx.CMTTxInterceptor.invokeInNoTx(CMTTxInterceptor.java:211)
[jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] at
org.jboss.as.ejb3.tx.CMTTxInterceptor.supports(CMTTxInterceptor.java:363)
[jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] at
org.jboss.as.ejb3.tx.CMTTxInterceptor.processInvocation(CMTTxInterceptor.java:194)
[jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] at
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
[jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at
org.jboss.as.ejb3.component.interceptors.CurrentInvocationContextInterceptor.processInvocation(CurrentInvocationContextInterceptor.java:41)
[jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] at
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
[jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at
org.jboss.as.ejb3.component.interceptors.LoggingInterceptor.processInvocation(LoggingInterceptor.java:59)
[jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] at
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
[jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at
org.jboss.as.ee.component.NamespaceContextInterceptor.processInvocation(NamespaceContextInterceptor.java:50)
[jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
[jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at
org.jboss.as.ee.component.TCCLInterceptor.processInvocation(TCCLInterceptor.java:45)
[jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
[jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at
org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61)
[jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at
org.jboss.as.ee.component.ViewService$View.invoke(ViewService.java:165)
[jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at
org.jboss.as.ee.component.ViewDescription$1.processInvocation(ViewDescription.java:173)
[jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
[jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at
org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61)
[jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at
org.jboss.as.ee.component.ProxyInvocationHandler.invoke(ProxyInvocationHandler.java:72)
[jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at
org.ovirt.engine.core.common.interfaces.BackendLocal$$$view7.login(Unknown
Source) [common.jar:] at
org.ovirt.engine.ui.frontend.server.gwt.GenericApiGWTServiceImpl.login(GenericApiGWTServiceImpl.java:183)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.7.0_51] at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
[rt.jar:1.7.0_51] at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
[rt.jar:1.7.0_51] at java.lang.reflect.Method.invoke(Method.java:606) [rt.jar:1.7.0_51] at com.google.gwt.rpc.server.RPC.invokeAndStreamResponse(RPC.java:196) at
com.google.gwt.rpc.server.RpcServlet.processCall(RpcServlet.java:172)
at
com.google.gwt.rpc.server.RpcServlet.processPost(RpcServlet.java:233)
at
com.google.gwt.user.server.rpc.AbstractRemoteServiceServlet.doPost(AbstractRemoteServiceServlet.java:62)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:754) [jboss-servlet-api_3.0_spec-1.0.0.Final.jar:1.0.0.Final] at javax.servlet.http.HttpServlet.service(HttpServlet.java:847) [jboss-servlet-api_3.0_spec-1.0.0.Final.jar:1.0.0.Final] at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:329)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)
at
org.ovirt.engine.core.utils.servlet.HeaderFilter.doFilter(HeaderFilter.java:94)
[utils.jar:] at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)
at
org.ovirt.engine.ui.frontend.server.gwt.GwtCachingFilter.doFilter(GwtCachingFilter.java:132)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)
at
org.ovirt.engine.core.branding.BrandingFilter.doFilter(BrandingFilter.java:72)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)
at
org.ovirt.engine.core.utils.servlet.LocaleFilter.doFilter(LocaleFilter.java:64)
[utils.jar:] at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)
at
org.ovirt.engine.core.aaa.filters.SessionMgmtFilter.doFilter(SessionMgmtFilter.java:31)
[aaa.jar:] at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)
at
org.ovirt.engine.core.aaa.filters.LoginFilter.doFilter(LoginFilter.java:73)
[aaa.jar:] at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)
at
org.ovirt.engine.core.aaa.filters.NegotiationFilter.doFilter(NegotiationFilter.java:131)
[aaa.jar:] at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)
at
org.ovirt.engine.core.aaa.filters.BasicAuthenticationFilter.doFilter(BasicAuthenticationFilter.java:75)
[aaa.jar:] at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)
at
org.ovirt.engine.core.aaa.filters.SessionValidationFilter.doFilter(SessionValidationFilter.java:63)
[aaa.jar:] at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:275)
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:161)
at
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:489)
at
org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityContextAssociationValve.java:153)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:155)
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
at org.jboss.web.rewrite.RewriteValve.invoke(RewriteValve.java:466) at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:368)
at org.apache.coyote.ajp.AjpProcessor.process(AjpProcessor.java:505) at
org.apache.coyote.ajp.AjpProtocol$AjpConnectionHandler.process(AjpProtocol.java:445)
at
org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:930)
at java.lang.Thread.run(Thread.java:744) [rt.jar:1.7.0_51]
I have not changed any password from any of my AD users.
I have removed from my oVirt 3.5 the domain with:
engine-manage-domains delete --domain=siee.local --user=Administrator
And I have removed the domain without problems. But I want to add it again but I can't. I execute the bellow command, put the password of my Administrator domain and I receive the error showed bellow:
engine-manage-domains add --domain=SIEE.LOCAL --provider=ad --user=Administrator Enter password: No user in Directory was found for Administrator@SIEE.LOCAL. Trying next LDAP server in list Failure while testing domain siee.local. Details: No user information was found for user
The password that I use is correct because I can login with user Administrator in the domain siee.local through a Windows 7 Enterprise client. All this issue comes after my upgrade to oVirt 3.5. Does someone help me with this problem?. If more info is needed or logs, please ask me.
Many thanks in advanced,
Juanjo
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Hi, can you please try different account than Administrator? ----- Original Message -----
From: "Juan Jose" <jj197005@gmail.com> To: omachace@redhat.com, alonbl@redhat.com, "Yair Zaslavsky" <yzaslavs@redhat.com>, users@ovirt.org Sent: Tuesday, November 25, 2014 11:01:13 AM Subject: Re: [ovirt-users] Adding domain to oVirt to 3.5 issue
Hello everybody,
Ondra you are right, I removed the domain. I have already tried to execute the command with lower case the domain name and the result is the same
engine-manage-domains add --domain=siee.local --provider=ad --user=Administrator --add-permissions Enter password: No user in Directory was found for Administrator@SIEE.LOCAL. Trying next LDAP server in list Failure while testing domain siee.local. Details: No user information was found for user
the result to the command psql -U engine -d engine -c "select * from vdc_options where option_name='LDAPSecurityAuthentication'" is:
psql: FATAL: Ident authentication failed for user "engine"
And for second command psql -U engine -d engine -c "update vdc_options set option_value='siee.local:GSSAPI' where option_name='LDAPSecurityAuthentication'", I receive the same response:
psql: FATAL: Ident authentication failed for user "engine"
Is there any problem?
Many thanks in advanced,
Juanjo.
On Mon, Nov 24, 2014 at 1:57 PM, Ondra Machacek <omachace@redhat.com> wrote:
I understood that domain can be deleted, but can't be added, so there won't be needed values to update in vdc_options.
Juanjo - Can you please provide us what's the result of command:
$ psql -U engine -d engine -c "select * from vdc_options where option_name='LDAPSecurityAuthentication'"
If it's empty or if the domain name is upper case or lower case? If it's upper, than please lower case it. $ psql -U engine -d engine -c "update vdc_options set option_value='siee.local:GSSAPI' where option_name='LDAPSecurityAuthentication'"
----- Original Message -----
From: "Alon Bar-Lev" <alonbl@redhat.com> To: "Ondra Machacek" <omachace@redhat.com> Cc: jj197005@gmail.com, users@ovirt.org, "Yair Zaslavsky" < yzaslavs@redhat.com> Sent: Monday, November 24, 2014 1:49:11 PM Subject: Re: [ovirt-users] Adding domain to oVirt to 3.5 issue
----- Original Message -----
From: "Ondra Machacek" <omachace@redhat.com> To: jj197005@gmail.com Cc: users@ovirt.org, "Yair Zaslavsky" <yzaslavs@redhat.com>, "Alon Bar-Lev" <alonbl@redhat.com> Sent: Monday, November 24, 2014 2:46:20 PM Subject: Re: [ovirt-users] Adding domain to oVirt to 3.5 issue
Please try to run your command with domain in lower case:
engine-manage-domains add --domain=siee.local --provider=ad --user=Administrator
it is already added, won't it simpler to modify the vdc_options?
----- Original Message -----
From: "Alon Bar-Lev" <alonbl@redhat.com> To: "Juan Jose" <jj197005@gmail.com> Cc: users@ovirt.org, "Yair Zaslavsky" <yzaslavs@redhat.com>, "Ondra Machacek" <omachace@redhat.com> Sent: Monday, November 24, 2014 1:27:39 PM Subject: Re: [ovirt-users] Adding domain to oVirt to 3.5 issue
Yes, I think we just fixed this[1]. We can fix this manually, yair, ondra what is the easiest fix?
BTW: you can also checkout the new ldap provider (ovirt-engine-extension-aaa-ldap) in 3.5 which should be much more robust[1], I can help you set it up.
http://gerrit.ovirt.org/gitweb?p=ovirt-engine-extension-aaa-ldap.git;a=blob;...
----- Original Message -----
From: "Juan Jose" <jj197005@gmail.com> To: users@ovirt.org Sent: Monday, November 24, 2014 2:22:44 PM Subject: [ovirt-users] Adding domain to oVirt to 3.5 issue
Hello everybody,
I have upgraded my oVirt 3.4 to 3.5 version without any problem apparently.
After finish the upgrade I have tried to login with any of my AD
users
from my Samba 4, like I used to do in oVirt 3.4 but I received authentication errors as below error:
2014-11-21 14:06:02,681 ERROR
[org.ovirt.engine.extensions.aaa.builtin.kerberosldap.GSSAPIDirContextAuthenticationStrategy]
(ajp--127.0.0.1-8702-3) Kerberos error: Pre-authentication information was invalid (24) 2014-11-21 14:06:02,683 ERROR
[org.ovirt.engine.extensions.aaa.builtin.kerberosldap.GSSAPIDirContextAuthenticationStrategy]
(ajp--127.0.0.1-8702-3) Authentication Failed. Please verify the username and password. 2014-11-21 14:06:02,685 ERROR
[org.ovirt.engine.extensions.aaa.builtin.kerberosldap.DirectorySearcher]
(ajp--127.0.0.1-8702-3) Failed ldap search server ldap://adserver.siee.local:389 using user juanjo@SIEE.LOCAL due to Authentication Failed. Please verify the username and password.. We should not try the next server 2014-11-21 14:06:02,688 ERROR
[org.ovirt.engine.extensions.aaa.builtin.kerberosldap.LdapBrokerCommandBase]
(ajp--127.0.0.1-8702-3) Failed to run command LdapGetAdUserByUserNameCommand. Domain is siee.local. User is juanjo@SIEE.LOCAL. 2014-11-21 14:06:02,690 ERROR [org.ovirt.engine.core.bll.aaa.LoginAdminUserCommand] (ajp--127.0.0.1-8702-3) Error during CanDoActionFailure.: Class: class
org.ovirt.engine.core.extensions.mgr.ExtensionInvokeCommandFailedException
Input: {Extkey[name=EXTENSION_INVOKE_CONTEXT;type=class
org.ovirt.engine.api.extensions.ExtMap;uuid=EXTENSION_INVOKE_CONTEXT[886d2ebb-312a-49ae-9cc3-e1f849834b7d];]={Extkey[name=EXTENSION_INTERFACE_VERSION_MAX;type=class
java.lang.Integer;uuid=EXTENSION_INTERFACE_VERSION_MAX[f4cff49f-2717-4901-8ee9-df362446e3e7];]=0,
Extkey[name=EXTENSION_LICENSE;type=class
java.lang.String;uuid=EXTENSION_LICENSE[8a61ad65-054c-4e31-9c6d-1ca4d60a4c18];]=ASL
2.0, Extkey[name=EXTENSION_HOME_URL;type=class
java.lang.String;uuid=EXTENSION_HOME_URL[4ad7a2f4-f969-42d4-b399-72d192e18304];]=
http://www.ovirt.org , Extkey[name=EXTENSION_LOCALE;type=class
java.lang.String;uuid=EXTENSION_LOCALE[0780b112-0ce0-404a-b85e-8765d778bb29];]=en_US,
Extkey[name=EXTENSION_NAME;type=class
java.lang.String;uuid=EXTENSION_NAME[651381d3-f54f-4547-bf28-b0b01a103184];]=Kerberos/Ldap
Authz (Built-in), Extkey[name=EXTENSION_INTERFACE_VERSION_MIN;type=class
java.lang.Integer;uuid=EXTENSION_INTERFACE_VERSION_MIN[2b84fc91-305b-497b-a1d7-d961b9d2ce0b];]=0,
Extkey[name=EXTENSION_CONFIGURATION;type=class
java.util.Properties;uuid=EXTENSION_CONFIGURATION[2d48ab72-f0a1-4312-b4ae-5068a226b0fc];]=***,
Extkey[name=EXTENSION_AUTHOR;type=class
java.lang.String;uuid=EXTENSION_AUTHOR[ef242f7a-2dad-4bc5-9aad-e07018b7fbcc];]=The
oVirt Project, Extkey[name=AAA_AUTHZ_QUERY_MAX_FILTER_SIZE;type=class
java.lang.Integer;uuid=AAA_AUTHZ_QUERY_MAX_FILTER_SIZE[2eb1f541-0f65-44a1-a6e3-014e247595f5];]=100,
Extkey[name=EXTENSION_INSTANCE_NAME;type=class
java.lang.String;uuid=EXTENSION_INSTANCE_NAME[65c67ff6-aeca-4bd5-a245-8674327f011b];]=siee.local,
Extkey[name=EXTENSION_BUILD_INTERFACE_VERSION;type=class
java.lang.Integer;uuid=EXTENSION_BUILD_INTERFACE_VERSION[cb479e5a-4b23-46f8-aed3-56a4747a8ab7];]=0,
Extkey[name=AAA_AUTHZ_CAPABILITIES;type=class
java.lang.Long;uuid=AAA_AUTHZ_CAPABILITIES[6106d1fb-9291-4351-a947-b897b9540a23];]=1,
Extkey[name=EXTENSION_CONFIGURATION_SENSITIVE_KEYS;type=interface
java.util.Collection;uuid=EXTENSION_CONFIGURATION_SENSITIVE_KEYS[a456efa1-73ff-4204-9f9b-ebff01e35263];]=[],
Extkey[name=EXTENSION_GLOBAL_CONTEXT;type=class
org.ovirt.engine.api.extensions.ExtMap;uuid=EXTENSION_GLOBAL_CONTEXT[9799e72f-7af6-4cf1-bf08-297bc8903676];]=*skip*,
Extkey[name=EXTENSION_VERSION;type=class
java.lang.String;uuid=EXTENSION_VERSION[fe35f6a8-8239-4bdb-ab1a-af9f779ce68c];]=N/A,
Extkey[name=AAA_AUTHZ_AVAILABLE_NAMESPACES;type=interface
java.util.Collection;uuid=AAA_AUTHZ_AVAILABLE_NAMESPACES[6dffa34c-955f-486a-bd35-0a272b45a711];]=[*],
Extkey[name=EXTENSION_MANAGER_TRACE_LOG;type=interface
org.slf4j.Logger;uuid=EXTENSION_MANAGER_TRACE_LOG[863db666-3ea7-4751-9695-918a3197ad83];]=org.slf4j.impl.Slf4jLogger(org.ovirt.engine.core.extensions.mgr.ExtensionsManager.trace.Kerberos/Ldap
Authz (Built-in).siee.local), Extkey[name=EXTENSION_PROVIDES;type=interface
java.util.Collection;uuid=EXTENSION_PROVIDES[8cf373a6-65b5-4594-b828-0e275087de91];]=[org.ovirt.engine.api.extensions.aaa.Authz]},
Extkey[name=AAA_AUTHZ_QUERY_FLAGS;type=class
java.lang.Integer;uuid=AAA_AUTHZ_QUERY_FLAGS[97d226e9-8d87-49a0-9a7f-af689320907b];]=3,
Extkey[name=EXTENSION_INVOKE_COMMAND;type=class
org.ovirt.engine.api.extensions.ExtUUID;uuid=EXTENSION_INVOKE_COMMAND[485778ab-bede-4f1a-b823-77b262a2f28d];]=AAA_AUTHZ_FETCH_PRINCIPAL_RECORD[5a5bf9bb-9336-4376-a823-26efe1ba26df],
Extkey[name=AAA_AUTHN_AUTH_RECORD;type=class
org.ovirt.engine.api.extensions.ExtMap;uuid=AAA_AUTHN_AUTH_RECORD[e9462168-b53b-44ac-9af5-f25e1697173e];]={Extkey[name=AAA_AUTHN_AUTH_RECORD_PRINCIPAL;type=class
java.lang.String;uuid=AAA_AUTHN_AUTH_RECORD_PRINCIPAL[c3498f07-11fe-464c-958c-8bd7490b119a];]=juanjo}}
Output: {Extkey[name=EXTENSION_INVOKE_RESULT;type=class
java.lang.Integer;uuid=EXTENSION_INVOKE_RESULT[0909d91d-8bde-40fb-b6c0-099c772ddd4e];]=2,
Extkey[name=AAA_AUTHZ_STATUS;type=class
java.lang.Integer;uuid=AAA_AUTHZ_STATUS[566f0ba5-8329-4de1-952a-7a81e4bedd3e];]=1}
at
org.ovirt.engine.core.extensions.mgr.ExtensionProxy.invoke(ExtensionProxy.java:91)
[extensions-manager.jar:] at
org.ovirt.engine.core.extensions.mgr.ExtensionProxy.invoke(ExtensionProxy.java:109)
[extensions-manager.jar:] at
org.ovirt.engine.core.aaa.AuthzUtils.fetchPrincipalRecordImpl(AuthzUtils.java:51)
[aaa.jar:] at
org.ovirt.engine.core.aaa.AuthzUtils.fetchPrincipalRecord(AuthzUtils.java:42)
[aaa.jar:] at
org.ovirt.engine.core.bll.aaa.LoginBaseCommand.isUserCanBeAuthenticated(LoginBaseCommand.java:234)
[bll.jar:] at
org.ovirt.engine.core.bll.aaa.LoginAdminUserCommand.canDoAction(LoginAdminUserCommand.java:15)
[bll.jar:] at
org.ovirt.engine.core.bll.CommandBase.internalCanDoAction(CommandBase.java:744)
[bll.jar:] at
org.ovirt.engine.core.bll.CommandBase.executeAction(CommandBase.java:338)
[bll.jar:] at org.ovirt.engine.core.bll.Backend.login(Backend.java:575) [bll.jar:] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.7.0_51] at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
[rt.jar:1.7.0_51] at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
[rt.jar:1.7.0_51] at java.lang.reflect.Method.invoke(Method.java:606) [rt.jar:1.7.0_51] at
org.jboss.as.ee.component.ManagedReferenceMethodInterceptorFactory$ManagedReferenceMethodInterceptor.processInvocation(ManagedReferenceMethodInterceptorFactory.java:72)
[jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
[jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at
org.jboss.invocation.InterceptorContext$Invocation.proceed(InterceptorContext.java:374)
[jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at
org.jboss.as.weld.ejb.Jsr299BindingsInterceptor.delegateInterception(Jsr299BindingsInterceptor.java:114)
[jboss-as-weld-7.1.1.Final.jar:7.1.1.Final] at
org.jboss.as.weld.ejb.Jsr299BindingsInterceptor.doMethodInterception(Jsr299BindingsInterceptor.java:125)
[jboss-as-weld-7.1.1.Final.jar:7.1.1.Final] at
org.jboss.as.weld.ejb.Jsr299BindingsInterceptor.processInvocation(Jsr299BindingsInterceptor.java:135)
[jboss-as-weld-7.1.1.Final.jar:7.1.1.Final] at
org.jboss.as.ee.component.interceptors.UserInterceptorFactory$1.processInvocation(UserInterceptorFactory.java:36)
[jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
[jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at
org.jboss.invocation.InterceptorContext$Invocation.proceed(InterceptorContext.java:374)
[jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at
org.ovirt.engine.core.bll.interceptors.ThreadLocalSessionCleanerInterceptor.injectWebContextToThreadLocal(ThreadLocalSessionCleanerInterceptor.java:13)
[bll.jar:] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.7.0_51] at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
[rt.jar:1.7.0_51] at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
[rt.jar:1.7.0_51] at java.lang.reflect.Method.invoke(Method.java:606) [rt.jar:1.7.0_51] at
org.jboss.as.ee.component.ManagedReferenceLifecycleMethodInterceptorFactory$ManagedReferenceLifecycleMethodInterceptor.processInvocation(ManagedReferenceLifecycleMethodInterceptorFactory.java:123)
[jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
[jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at
org.jboss.invocation.WeavedInterceptor.processInvocation(WeavedInterceptor.java:53)
[jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at
org.jboss.as.ee.component.interceptors.UserInterceptorFactory$1.processInvocation(UserInterceptorFactory.java:36)
[jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
[jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at
org.jboss.as.weld.ejb.EjbRequestScopeActivationInterceptor.processInvocation(EjbRequestScopeActivationInterceptor.java:82)
[jboss-as-weld-7.1.1.Final.jar:7.1.1.Final] at
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
[jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at
org.jboss.invocation.InitialInterceptor.processInvocation(InitialInterceptor.java:21)
[jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
[jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at
org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61)
[jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at
org.jboss.as.ee.component.interceptors.ComponentDispatcherInterceptor.processInvocation(ComponentDispatcherInterceptor.java:53)
[jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
[jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at
org.jboss.as.ejb3.component.singleton.SingletonComponentInstanceAssociationInterceptor.processInvocation(SingletonComponentInstanceAssociationInterceptor.java:53)
[jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] at
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
[jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at
org.jboss.as.ejb3.tx.CMTTxInterceptor.invokeInNoTx(CMTTxInterceptor.java:211)
[jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] at
org.jboss.as.ejb3.tx.CMTTxInterceptor.supports(CMTTxInterceptor.java:363)
[jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] at
org.jboss.as.ejb3.tx.CMTTxInterceptor.processInvocation(CMTTxInterceptor.java:194)
[jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] at
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
[jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at
org.jboss.as.ejb3.component.interceptors.CurrentInvocationContextInterceptor.processInvocation(CurrentInvocationContextInterceptor.java:41)
[jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] at
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
[jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at
org.jboss.as.ejb3.component.interceptors.LoggingInterceptor.processInvocation(LoggingInterceptor.java:59)
[jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] at
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
[jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at
org.jboss.as.ee.component.NamespaceContextInterceptor.processInvocation(NamespaceContextInterceptor.java:50)
[jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
[jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at
org.jboss.as.ee.component.TCCLInterceptor.processInvocation(TCCLInterceptor.java:45)
[jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
[jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at
org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61)
[jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at
org.jboss.as.ee.component.ViewService$View.invoke(ViewService.java:165)
[jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at
org.jboss.as.ee.component.ViewDescription$1.processInvocation(ViewDescription.java:173)
[jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
[jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at
org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61)
[jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at
org.jboss.as.ee.component.ProxyInvocationHandler.invoke(ProxyInvocationHandler.java:72)
[jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at
org.ovirt.engine.core.common.interfaces.BackendLocal$$$view7.login(Unknown
Source) [common.jar:] at
org.ovirt.engine.ui.frontend.server.gwt.GenericApiGWTServiceImpl.login(GenericApiGWTServiceImpl.java:183)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.7.0_51] at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
[rt.jar:1.7.0_51] at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
[rt.jar:1.7.0_51] at java.lang.reflect.Method.invoke(Method.java:606) [rt.jar:1.7.0_51] at com.google.gwt.rpc.server.RPC.invokeAndStreamResponse(RPC.java:196) at
com.google.gwt.rpc.server.RpcServlet.processCall(RpcServlet.java:172)
at
com.google.gwt.rpc.server.RpcServlet.processPost(RpcServlet.java:233)
at
com.google.gwt.user.server.rpc.AbstractRemoteServiceServlet.doPost(AbstractRemoteServiceServlet.java:62)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:754) [jboss-servlet-api_3.0_spec-1.0.0.Final.jar:1.0.0.Final] at javax.servlet.http.HttpServlet.service(HttpServlet.java:847) [jboss-servlet-api_3.0_spec-1.0.0.Final.jar:1.0.0.Final] at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:329)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)
at
org.ovirt.engine.core.utils.servlet.HeaderFilter.doFilter(HeaderFilter.java:94)
[utils.jar:] at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)
at
org.ovirt.engine.ui.frontend.server.gwt.GwtCachingFilter.doFilter(GwtCachingFilter.java:132)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)
at
org.ovirt.engine.core.branding.BrandingFilter.doFilter(BrandingFilter.java:72)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)
at
org.ovirt.engine.core.utils.servlet.LocaleFilter.doFilter(LocaleFilter.java:64)
[utils.jar:] at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)
at
org.ovirt.engine.core.aaa.filters.SessionMgmtFilter.doFilter(SessionMgmtFilter.java:31)
[aaa.jar:] at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)
at
org.ovirt.engine.core.aaa.filters.LoginFilter.doFilter(LoginFilter.java:73)
[aaa.jar:] at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)
at
org.ovirt.engine.core.aaa.filters.NegotiationFilter.doFilter(NegotiationFilter.java:131)
[aaa.jar:] at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)
at
org.ovirt.engine.core.aaa.filters.BasicAuthenticationFilter.doFilter(BasicAuthenticationFilter.java:75)
[aaa.jar:] at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)
at
org.ovirt.engine.core.aaa.filters.SessionValidationFilter.doFilter(SessionValidationFilter.java:63)
[aaa.jar:] at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:275)
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:161)
at
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:489)
at
org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityContextAssociationValve.java:153)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:155)
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
at org.jboss.web.rewrite.RewriteValve.invoke(RewriteValve.java:466) at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:368)
at org.apache.coyote.ajp.AjpProcessor.process(AjpProcessor.java:505) at
org.apache.coyote.ajp.AjpProtocol$AjpConnectionHandler.process(AjpProtocol.java:445)
at
org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:930)
at java.lang.Thread.run(Thread.java:744) [rt.jar:1.7.0_51]
I have not changed any password from any of my AD users.
I have removed from my oVirt 3.5 the domain with:
engine-manage-domains delete --domain=siee.local --user=Administrator
And I have removed the domain without problems. But I want to add it again but I can't. I execute the bellow command, put the password of my Administrator domain and I receive the error showed bellow:
engine-manage-domains add --domain=SIEE.LOCAL --provider=ad --user=Administrator Enter password: No user in Directory was found for Administrator@SIEE.LOCAL. Trying next LDAP server in list Failure while testing domain siee.local. Details: No user information was found for user
The password that I use is correct because I can login with user Administrator in the domain siee.local through a Windows 7 Enterprise client. All this issue comes after my upgrade to oVirt 3.5. Does someone help me with this problem?. If more info is needed or logs, please ask me.
Many thanks in advanced,
Juanjo
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Hello Ondra and everybody, It works with my other user: engine-manage-domains add --domain=siee.local --provider=ad --user=juanjo --add-permissions Enter password: Successfully added domain siee.local. oVirt Engine restart is required in order for the changes to take place (service ovirt-engine restart). Manage Domains completed successfully But after restarted ovirt-engine if I try to loging with "juanjo" in the administrator portal and I receive the error "General command validation failure", as you can see in the attached image. I'm showing below the engine.log lines with the error: 2014-11-25 12:54:10,680 ERROR [org.ovirt.engine.extensions.aaa.builtin.kerberosldap.GSSAPIDirContextAuthenticationStrategy] (ajp--127.0.0.1-8702-5) Kerberos error: Pre-authentication information was invalid (24) 2014-11-25 12:54:10,681 ERROR [org.ovirt.engine.extensions.aaa.builtin.kerberosldap.GSSAPIDirContextAuthenticationStrategy] (ajp--127.0.0.1-8702-5) Authentication Failed. Please verify the username and password. 2014-11-25 12:54:10,687 ERROR [org.ovirt.engine.extensions.aaa.builtin.kerberosldap.DirectorySearcher] (ajp--127.0.0.1-8702-5) Failed ldap search server ldap://adserver.siee.local:389 using user juanjo@SIEE.LOCAL due to Authentication Failed. Please verify the username and password.. We should not try the next server 2014-11-25 12:54:10,688 ERROR [org.ovirt.engine.extensions.aaa.builtin.kerberosldap.LdapBrokerCommandBase] (ajp--127.0.0.1-8702-5) Failed to run command LdapGetAdUserByUserNameCommand. Domain is siee.local. User is juanjo@SIEE.LOCAL. 2014-11-25 12:54:10,689 ERROR [org.ovirt.engine.core.bll.aaa.LoginAdminUserCommand] (ajp--127.0.0.1-8702-5) Error during CanDoActionFailure.: Class: class org.ovirt.engine.core.extensions.mgr.ExtensionInvokeCommandFailedException Input: {Extkey[name=EXTENSION_INVOKE_CONTEXT;type=class org.ovirt.engine.api.extensions.ExtMap;uuid=EXTENSION_INVOKE_CONTEXT[886d2ebb-312a-49ae-9cc3-e1f849834b7d];]={Extkey[name=EXTENSION_INTERFACE_VERSION_MAX;type=class java.lang.Integer;uuid=EXTENSION_INTERFACE_VERSION_MAX[f4cff49f-2717-4901-8ee9-df362446e3e7];]=0, Extkey[name=EXTENSION_LICENSE;type=class java.lang.String;uuid=EXTENSION_LICENSE[8a61ad65-054c-4e31-9c6d-1ca4d60a4c18];]=ASL 2.0, Extkey[name=EXTENSION_HOME_URL;type=class java.lang.String;uuid=EXTENSION_HOME_URL[4ad7a2f4-f969-42d4-b399-72d192e18304];]= http://www.ovirt.org, Extkey[name=EXTENSION_LOCALE;type=class java.lang.String;uuid=EXTENSION_LOCALE[0780b112-0ce0-404a-b85e-8765d778bb29];]=en_US, Extkey[name=EXTENSION_NAME;type=class java.lang.String;uuid=EXTENSION_NAME[651381d3-f54f-4547-bf28-b0b01a103184];]=Kerberos/Ldap Authz (Built-in), Extkey[name=EXTENSION_INTERFACE_VERSION_MIN;type=class java.lang.Integer;uuid=EXTENSION_INTERFACE_VERSION_MIN[2b84fc91-305b-497b-a1d7-d961b9d2ce0b];]=0, Extkey[name=EXTENSION_CONFIGURATION;type=class java.util.Properties;uuid=EXTENSION_CONFIGURATION[2d48ab72-f0a1-4312-b4ae-5068a226b0fc];]=***, Extkey[name=EXTENSION_AUTHOR;type=class java.lang.String;uuid=EXTENSION_AUTHOR[ef242f7a-2dad-4bc5-9aad-e07018b7fbcc];]=The oVirt Project, Extkey[name=AAA_AUTHZ_QUERY_MAX_FILTER_SIZE;type=class java.lang.Integer;uuid=AAA_AUTHZ_QUERY_MAX_FILTER_SIZE[2eb1f541-0f65-44a1-a6e3-014e247595f5];]=100, Extkey[name=EXTENSION_INSTANCE_NAME;type=class java.lang.String;uuid=EXTENSION_INSTANCE_NAME[65c67ff6-aeca-4bd5-a245-8674327f011b];]=siee.local, Extkey[name=EXTENSION_BUILD_INTERFACE_VERSION;type=class java.lang.Integer;uuid=EXTENSION_BUILD_INTERFACE_VERSION[cb479e5a-4b23-46f8-aed3-56a4747a8ab7];]=0, Extkey[name=AAA_AUTHZ_CAPABILITIES;type=class java.lang.Long;uuid=AAA_AUTHZ_CAPABILITIES[6106d1fb-9291-4351-a947-b897b9540a23];]=1, Extkey[name=EXTENSION_CONFIGURATION_SENSITIVE_KEYS;type=interface java.util.Collection;uuid=EXTENSION_CONFIGURATION_SENSITIVE_KEYS[a456efa1-73ff-4204-9f9b-ebff01e35263];]=[], Extkey[name=EXTENSION_GLOBAL_CONTEXT;type=class org.ovirt.engine.api.extensions.ExtMap;uuid=EXTENSION_GLOBAL_CONTEXT[9799e72f-7af6-4cf1-bf08-297bc8903676];]=*skip*, Extkey[name=EXTENSION_VERSION;type=class java.lang.String;uuid=EXTENSION_VERSION[fe35f6a8-8239-4bdb-ab1a-af9f779ce68c];]=N/A, Extkey[name=AAA_AUTHZ_AVAILABLE_NAMESPACES;type=interface java.util.Collection;uuid=AAA_AUTHZ_AVAILABLE_NAMESPACES[6dffa34c-955f-486a-bd35-0a272b45a711];]=[*], Extkey[name=EXTENSION_MANAGER_TRACE_LOG;type=interface org.slf4j.Logger;uuid=EXTENSION_MANAGER_TRACE_LOG[863db666-3ea7-4751-9695-918a3197ad83];]=org.slf4j.impl.Slf4jLogger(org.ovirt.engine.core.extensions.mgr.ExtensionsManager.trace.Kerberos/Ldap Authz (Built-in).siee.local), Extkey[name=EXTENSION_PROVIDES;type=interface java.util.Collection;uuid=EXTENSION_PROVIDES[8cf373a6-65b5-4594-b828-0e275087de91];]=[org.ovirt.engine.api.extensions.aaa.Authz]}, Extkey[name=AAA_AUTHZ_QUERY_FLAGS;type=class java.lang.Integer;uuid=AAA_AUTHZ_QUERY_FLAGS[97d226e9-8d87-49a0-9a7f-af689320907b];]=3, Extkey[name=EXTENSION_INVOKE_COMMAND;type=class org.ovirt.engine.api.extensions.ExtUUID;uuid=EXTENSION_INVOKE_COMMAND[485778ab-bede-4f1a-b823-77b262a2f28d];]=AAA_AUTHZ_FETCH_PRINCIPAL_RECORD[5a5bf9bb-9336-4376-a823-26efe1ba26df], Extkey[name=AAA_AUTHN_AUTH_RECORD;type=class org.ovirt.engine.api.extensions.ExtMap;uuid=AAA_AUTHN_AUTH_RECORD[e9462168-b53b-44ac-9af5-f25e1697173e];]={Extkey[name=AAA_AUTHN_AUTH_RECORD_PRINCIPAL;type=class java.lang.String;uuid=AAA_AUTHN_AUTH_RECORD_PRINCIPAL[c3498f07-11fe-464c-958c-8bd7490b119a];]=juanjo}} Output: {Extkey[name=EXTENSION_INVOKE_RESULT;type=class java.lang.Integer;uuid=EXTENSION_INVOKE_RESULT[0909d91d-8bde-40fb-b6c0-099c772ddd4e];]=2, Extkey[name=AAA_AUTHZ_STATUS;type=class java.lang.Integer;uuid=AAA_AUTHZ_STATUS[566f0ba5-8329-4de1-952a-7a81e4bedd3e];]=1} at org.ovirt.engine.core.extensions.mgr.ExtensionProxy.invoke(ExtensionProxy.java:91) [extensions-manager.jar:] at org.ovirt.engine.core.extensions.mgr.ExtensionProxy.invoke(ExtensionProxy.java:109) [extensions-manager.jar:] at org.ovirt.engine.core.aaa.AuthzUtils.fetchPrincipalRecordImpl(AuthzUtils.java:51) [aaa.jar:] at org.ovirt.engine.core.aaa.AuthzUtils.fetchPrincipalRecord(AuthzUtils.java:42) [aaa.jar:] at org.ovirt.engine.core.bll.aaa.LoginBaseCommand.isUserCanBeAuthenticated(LoginBaseCommand.java:234) [bll.jar:] at org.ovirt.engine.core.bll.aaa.LoginAdminUserCommand.canDoAction(LoginAdminUserCommand.java:15) [bll.jar:] at org.ovirt.engine.core.bll.CommandBase.internalCanDoAction(CommandBase.java:744) [bll.jar:] at org.ovirt.engine.core.bll.CommandBase.executeAction(CommandBase.java:338) [bll.jar:] at org.ovirt.engine.core.bll.Backend.login(Backend.java:575) [bll.jar:] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.7.0_51] at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) [rt.jar:1.7.0_51] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [rt.jar:1.7.0_51] at java.lang.reflect.Method.invoke(Method.java:606) [rt.jar:1.7.0_51] at org.jboss.as.ee.component.ManagedReferenceMethodInterceptorFactory$ManagedReferenceMethodInterceptor.processInvocation(ManagedReferenceMethodInterceptorFactory.java:72) [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.invocation.InterceptorContext$Invocation.proceed(InterceptorContext.java:374) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.as.weld.ejb.Jsr299BindingsInterceptor.delegateInterception(Jsr299BindingsInterceptor.java:114) [jboss-as-weld-7.1.1.Final.jar:7.1.1.Final] at org.jboss.as.weld.ejb.Jsr299BindingsInterceptor.doMethodInterception(Jsr299BindingsInterceptor.java:125) [jboss-as-weld-7.1.1.Final.jar:7.1.1.Final] at org.jboss.as.weld.ejb.Jsr299BindingsInterceptor.processInvocation(Jsr299BindingsInterceptor.java:135) [jboss-as-weld-7.1.1.Final.jar:7.1.1.Final] at org.jboss.as.ee.component.interceptors.UserInterceptorFactory$1.processInvocation(UserInterceptorFactory.java:36) [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.invocation.InterceptorContext$Invocation.proceed(InterceptorContext.java:374) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.ovirt.engine.core.bll.interceptors.ThreadLocalSessionCleanerInterceptor.injectWebContextToThreadLocal(ThreadLocalSessionCleanerInterceptor.java:13) [bll.jar:] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.7.0_51] at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) [rt.jar:1.7.0_51] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [rt.jar:1.7.0_51] at java.lang.reflect.Method.invoke(Method.java:606) [rt.jar:1.7.0_51] at org.jboss.as.ee.component.ManagedReferenceLifecycleMethodInterceptorFactory$ManagedReferenceLifecycleMethodInterceptor.processInvocation(ManagedReferenceLifecycleMethodInterceptorFactory.java:123) [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.invocation.WeavedInterceptor.processInvocation(WeavedInterceptor.java:53) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.as.ee.component.interceptors.UserInterceptorFactory$1.processInvocation(UserInterceptorFactory.java:36) [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.as.weld.ejb.EjbRequestScopeActivationInterceptor.processInvocation(EjbRequestScopeActivationInterceptor.java:82) [jboss-as-weld-7.1.1.Final.jar:7.1.1.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.invocation.InitialInterceptor.processInvocation(InitialInterceptor.java:21) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.as.ee.component.interceptors.ComponentDispatcherInterceptor.processInvocation(ComponentDispatcherInterceptor.java:53) [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.as.ejb3.component.singleton.SingletonComponentInstanceAssociationInterceptor.processInvocation(SingletonComponentInstanceAssociationInterceptor.java:53) [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.as.ejb3.tx.CMTTxInterceptor.invokeInNoTx(CMTTxInterceptor.java:211) [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] at org.jboss.as.ejb3.tx.CMTTxInterceptor.supports(CMTTxInterceptor.java:363) [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] at org.jboss.as.ejb3.tx.CMTTxInterceptor.processInvocation(CMTTxInterceptor.java:194) [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.as.ejb3.component.interceptors.CurrentInvocationContextInterceptor.processInvocation(CurrentInvocationContextInterceptor.java:41) [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.as.ejb3.component.interceptors.LoggingInterceptor.processInvocation(LoggingInterceptor.java:59) [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.as.ee.component.NamespaceContextInterceptor.processInvocation(NamespaceContextInterceptor.java:50) [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.as.ee.component.TCCLInterceptor.processInvocation(TCCLInterceptor.java:45) [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.as.ee.component.ViewService$View.invoke(ViewService.java:165) [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at org.jboss.as.ee.component.ViewDescription$1.processInvocation(ViewDescription.java:173) [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.as.ee.component.ProxyInvocationHandler.invoke(ProxyInvocationHandler.java:72) [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at org.ovirt.engine.core.common.interfaces.BackendLocal$$$view7.login(Unknown Source) [common.jar:] at org.ovirt.engine.ui.frontend.server.gwt.GenericApiGWTServiceImpl.login(GenericApiGWTServiceImpl.java:183) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.7.0_51] at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) [rt.jar:1.7.0_51] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [rt.jar:1.7.0_51] at java.lang.reflect.Method.invoke(Method.java:606) [rt.jar:1.7.0_51] at com.google.gwt.rpc.server.RPC.invokeAndStreamResponse(RPC.java:196) at com.google.gwt.rpc.server.RpcServlet.processCall(RpcServlet.java:172) at com.google.gwt.rpc.server.RpcServlet.processPost(RpcServlet.java:233) at com.google.gwt.user.server.rpc.AbstractRemoteServiceServlet.doPost(AbstractRemoteServiceServlet.java:62) at javax.servlet.http.HttpServlet.service(HttpServlet.java:754) [jboss-servlet-api_3.0_spec-1.0.0.Final.jar:1.0.0.Final] at javax.servlet.http.HttpServlet.service(HttpServlet.java:847) [jboss-servlet-api_3.0_spec-1.0.0.Final.jar:1.0.0.Final] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:329) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248) at org.ovirt.engine.core.utils.servlet.HeaderFilter.doFilter(HeaderFilter.java:94) [utils.jar:] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248) at org.ovirt.engine.ui.frontend.server.gwt.GwtCachingFilter.doFilter(GwtCachingFilter.java:132) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248) at org.ovirt.engine.core.branding.BrandingFilter.doFilter(BrandingFilter.java:72) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248) at org.ovirt.engine.core.utils.servlet.LocaleFilter.doFilter(LocaleFilter.java:64) [utils.jar:] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248) at org.ovirt.engine.core.aaa.filters.SessionMgmtFilter.doFilter(SessionMgmtFilter.java:31) [aaa.jar:] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248) at org.ovirt.engine.core.aaa.filters.LoginFilter.doFilter(LoginFilter.java:73) [aaa.jar:] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248) at org.ovirt.engine.core.aaa.filters.NegotiationFilter.doFilter(NegotiationFilter.java:131) [aaa.jar:] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248) at org.ovirt.engine.core.aaa.filters.BasicAuthenticationFilter.doFilter(BasicAuthenticationFilter.java:75) [aaa.jar:] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248) at org.ovirt.engine.core.aaa.filters.SessionValidationFilter.doFilter(SessionValidationFilter.java:63) [aaa.jar:] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:275) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:161) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:489) at org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityContextAssociationValve.java:153) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:155) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) at org.jboss.web.rewrite.RewriteValve.invoke(RewriteValve.java:466) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:368) at org.apache.coyote.ajp.AjpProcessor.process(AjpProcessor.java:505) at org.apache.coyote.ajp.AjpProtocol$AjpConnectionHandler.process(AjpProtocol.java:445) at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:930) at java.lang.Thread.run(Thread.java:744) [rt.jar:1.7.0_51] Could you help me with this problem, please? Many thanks in advanced, Juanjo. On Tue, Nov 25, 2014 at 12:24 PM, Ondra Machacek <omachace@redhat.com> wrote:
Hi,
can you please try different account than Administrator?
From: "Juan Jose" <jj197005@gmail.com> To: omachace@redhat.com, alonbl@redhat.com, "Yair Zaslavsky" < yzaslavs@redhat.com>, users@ovirt.org Sent: Tuesday, November 25, 2014 11:01:13 AM Subject: Re: [ovirt-users] Adding domain to oVirt to 3.5 issue
Hello everybody,
Ondra you are right, I removed the domain. I have already tried to execute the command with lower case the domain name and the result is the same
engine-manage-domains add --domain=siee.local --provider=ad --user=Administrator --add-permissions Enter password: No user in Directory was found for Administrator@SIEE.LOCAL. Trying next LDAP server in list Failure while testing domain siee.local. Details: No user information was found for user
the result to the command psql -U engine -d engine -c "select * from vdc_options where option_name='LDAPSecurityAuthentication'" is:
psql: FATAL: Ident authentication failed for user "engine"
And for second command psql -U engine -d engine -c "update vdc_options set option_value='siee.local:GSSAPI' where option_name='LDAPSecurityAuthentication'", I receive the same response:
psql: FATAL: Ident authentication failed for user "engine"
Is there any problem?
Many thanks in advanced,
Juanjo.
On Mon, Nov 24, 2014 at 1:57 PM, Ondra Machacek <omachace@redhat.com> wrote:
I understood that domain can be deleted, but can't be added, so there won't be needed values to update in vdc_options.
Juanjo - Can you please provide us what's the result of command:
$ psql -U engine -d engine -c "select * from vdc_options where option_name='LDAPSecurityAuthentication'"
If it's empty or if the domain name is upper case or lower case? If it's upper, than please lower case it. $ psql -U engine -d engine -c "update vdc_options set option_value='siee.local:GSSAPI' where option_name='LDAPSecurityAuthentication'"
----- Original Message -----
From: "Alon Bar-Lev" <alonbl@redhat.com> To: "Ondra Machacek" <omachace@redhat.com> Cc: jj197005@gmail.com, users@ovirt.org, "Yair Zaslavsky" < yzaslavs@redhat.com> Sent: Monday, November 24, 2014 1:49:11 PM Subject: Re: [ovirt-users] Adding domain to oVirt to 3.5 issue
----- Original Message -----
From: "Ondra Machacek" <omachace@redhat.com> To: jj197005@gmail.com Cc: users@ovirt.org, "Yair Zaslavsky" <yzaslavs@redhat.com>, "Alon Bar-Lev" <alonbl@redhat.com> Sent: Monday, November 24, 2014 2:46:20 PM Subject: Re: [ovirt-users] Adding domain to oVirt to 3.5 issue
Please try to run your command with domain in lower case:
engine-manage-domains add --domain=siee.local --provider=ad --user=Administrator
it is already added, won't it simpler to modify the vdc_options?
----- Original Message -----
From: "Alon Bar-Lev" <alonbl@redhat.com> To: "Juan Jose" <jj197005@gmail.com> Cc: users@ovirt.org, "Yair Zaslavsky" <yzaslavs@redhat.com>,
"Ondra
Machacek" <omachace@redhat.com> Sent: Monday, November 24, 2014 1:27:39 PM Subject: Re: [ovirt-users] Adding domain to oVirt to 3.5 issue
Yes, I think we just fixed this[1]. We can fix this manually, yair, ondra what is the easiest fix?
BTW: you can also checkout the new ldap provider (ovirt-engine-extension-aaa-ldap) in 3.5 which should be much more robust[1], I can help you set it up.
http://gerrit.ovirt.org/gitweb?p=ovirt-engine-extension-aaa-ldap.git;a=blob;...
----- Original Message ----- > From: "Juan Jose" <jj197005@gmail.com> > To: users@ovirt.org > Sent: Monday, November 24, 2014 2:22:44 PM > Subject: [ovirt-users] Adding domain to oVirt to 3.5 issue > > Hello everybody, > > I have upgraded my oVirt 3.4 to 3.5 version without any problem > apparently. > > After finish the upgrade I have tried to login with any of my
AD users
> from > my Samba 4, like I used to do in oVirt 3.4 but I received > authentication > errors as below error: > > 2014-11-21 14:06:02,681 ERROR >
[org.ovirt.engine.extensions.aaa.builtin.kerberosldap.GSSAPIDirContextAuthenticationStrategy]
> (ajp--127.0.0.1-8702-3) Kerberos error: Pre-authentication information > was > invalid (24) > 2014-11-21 14:06:02,683 ERROR >
[org.ovirt.engine.extensions.aaa.builtin.kerberosldap.GSSAPIDirContextAuthenticationStrategy]
> (ajp--127.0.0.1-8702-3) Authentication Failed. Please verify
> username > and password. > 2014-11-21 14:06:02,685 ERROR >
[org.ovirt.engine.extensions.aaa.builtin.kerberosldap.DirectorySearcher]
> (ajp--127.0.0.1-8702-3) Failed ldap search server > ldap://adserver.siee.local:389 using user juanjo@SIEE.LOCAL due to > Authentication Failed. Please verify the username and
> should > not try the next server > 2014-11-21 14:06:02,688 ERROR >
[org.ovirt.engine.extensions.aaa.builtin.kerberosldap.LdapBrokerCommandBase]
> (ajp--127.0.0.1-8702-3) Failed to run command > LdapGetAdUserByUserNameCommand. Domain is siee.local. User is > juanjo@SIEE.LOCAL. > 2014-11-21 14:06:02,690 ERROR > [org.ovirt.engine.core.bll.aaa.LoginAdminUserCommand] > (ajp--127.0.0.1-8702-3) Error during CanDoActionFailure.: Class: class >
org.ovirt.engine.core.extensions.mgr.ExtensionInvokeCommandFailedException
> Input: > {Extkey[name=EXTENSION_INVOKE_CONTEXT;type=class >
org.ovirt.engine.api.extensions.ExtMap;uuid=EXTENSION_INVOKE_CONTEXT[886d2ebb-312a-49ae-9cc3-e1f849834b7d];]={Extkey[name=EXTENSION_INTERFACE_VERSION_MAX;type=class
>
java.lang.Integer;uuid=EXTENSION_INTERFACE_VERSION_MAX[f4cff49f-2717-4901-8ee9-df362446e3e7];]=0,
> Extkey[name=EXTENSION_LICENSE;type=class >
java.lang.String;uuid=EXTENSION_LICENSE[8a61ad65-054c-4e31-9c6d-1ca4d60a4c18];]=ASL
> 2.0, Extkey[name=EXTENSION_HOME_URL;type=class >
java.lang.String;uuid=EXTENSION_HOME_URL[4ad7a2f4-f969-42d4-b399-72d192e18304];]=
> http://www.ovirt.org , Extkey[name=EXTENSION_LOCALE;type=class >
java.lang.String;uuid=EXTENSION_LOCALE[0780b112-0ce0-404a-b85e-8765d778bb29];]=en_US,
> Extkey[name=EXTENSION_NAME;type=class >
java.lang.String;uuid=EXTENSION_NAME[651381d3-f54f-4547-bf28-b0b01a103184];]=Kerberos/Ldap
> Authz (Built-in), > Extkey[name=EXTENSION_INTERFACE_VERSION_MIN;type=class >
java.lang.Integer;uuid=EXTENSION_INTERFACE_VERSION_MIN[2b84fc91-305b-497b-a1d7-d961b9d2ce0b];]=0,
> Extkey[name=EXTENSION_CONFIGURATION;type=class >
java.util.Properties;uuid=EXTENSION_CONFIGURATION[2d48ab72-f0a1-4312-b4ae-5068a226b0fc];]=***,
> Extkey[name=EXTENSION_AUTHOR;type=class >
java.lang.String;uuid=EXTENSION_AUTHOR[ef242f7a-2dad-4bc5-9aad-e07018b7fbcc];]=The
> oVirt Project, Extkey[name=AAA_AUTHZ_QUERY_MAX_FILTER_SIZE;type=class >
java.lang.Integer;uuid=AAA_AUTHZ_QUERY_MAX_FILTER_SIZE[2eb1f541-0f65-44a1-a6e3-014e247595f5];]=100,
> Extkey[name=EXTENSION_INSTANCE_NAME;type=class >
java.lang.String;uuid=EXTENSION_INSTANCE_NAME[65c67ff6-aeca-4bd5-a245-8674327f011b];]=siee.local,
> Extkey[name=EXTENSION_BUILD_INTERFACE_VERSION;type=class >
java.lang.Integer;uuid=EXTENSION_BUILD_INTERFACE_VERSION[cb479e5a-4b23-46f8-aed3-56a4747a8ab7];]=0,
> Extkey[name=AAA_AUTHZ_CAPABILITIES;type=class >
java.lang.Long;uuid=AAA_AUTHZ_CAPABILITIES[6106d1fb-9291-4351-a947-b897b9540a23];]=1,
> Extkey[name=EXTENSION_CONFIGURATION_SENSITIVE_KEYS;type=interface >
java.util.Collection;uuid=EXTENSION_CONFIGURATION_SENSITIVE_KEYS[a456efa1-73ff-4204-9f9b-ebff01e35263];]=[],
> Extkey[name=EXTENSION_GLOBAL_CONTEXT;type=class >
org.ovirt.engine.api.extensions.ExtMap;uuid=EXTENSION_GLOBAL_CONTEXT[9799e72f-7af6-4cf1-bf08-297bc8903676];]=*skip*,
> Extkey[name=EXTENSION_VERSION;type=class >
java.lang.String;uuid=EXTENSION_VERSION[fe35f6a8-8239-4bdb-ab1a-af9f779ce68c];]=N/A,
> Extkey[name=AAA_AUTHZ_AVAILABLE_NAMESPACES;type=interface >
java.util.Collection;uuid=AAA_AUTHZ_AVAILABLE_NAMESPACES[6dffa34c-955f-486a-bd35-0a272b45a711];]=[*],
> Extkey[name=EXTENSION_MANAGER_TRACE_LOG;type=interface >
org.slf4j.Logger;uuid=EXTENSION_MANAGER_TRACE_LOG[863db666-3ea7-4751-9695-918a3197ad83];]=org.slf4j.impl.Slf4jLogger(org.ovirt.engine.core.extensions.mgr.ExtensionsManager.trace.Kerberos/Ldap
> Authz (Built-in).siee.local), > Extkey[name=EXTENSION_PROVIDES;type=interface >
java.util.Collection;uuid=EXTENSION_PROVIDES[8cf373a6-65b5-4594-b828-0e275087de91];]=[org.ovirt.engine.api.extensions.aaa.Authz]},
> Extkey[name=AAA_AUTHZ_QUERY_FLAGS;type=class >
java.lang.Integer;uuid=AAA_AUTHZ_QUERY_FLAGS[97d226e9-8d87-49a0-9a7f-af689320907b];]=3,
> Extkey[name=EXTENSION_INVOKE_COMMAND;type=class >
org.ovirt.engine.api.extensions.ExtUUID;uuid=EXTENSION_INVOKE_COMMAND[485778ab-bede-4f1a-b823-77b262a2f28d];]=AAA_AUTHZ_FETCH_PRINCIPAL_RECORD[5a5bf9bb-9336-4376-a823-26efe1ba26df],
> Extkey[name=AAA_AUTHN_AUTH_RECORD;type=class >
org.ovirt.engine.api.extensions.ExtMap;uuid=AAA_AUTHN_AUTH_RECORD[e9462168-b53b-44ac-9af5-f25e1697173e];]={Extkey[name=AAA_AUTHN_AUTH_RECORD_PRINCIPAL;type=class
>
java.lang.String;uuid=AAA_AUTHN_AUTH_RECORD_PRINCIPAL[c3498f07-11fe-464c-958c-8bd7490b119a];]=juanjo}}
> Output: > {Extkey[name=EXTENSION_INVOKE_RESULT;type=class >
java.lang.Integer;uuid=EXTENSION_INVOKE_RESULT[0909d91d-8bde-40fb-b6c0-099c772ddd4e];]=2,
> Extkey[name=AAA_AUTHZ_STATUS;type=class >
java.lang.Integer;uuid=AAA_AUTHZ_STATUS[566f0ba5-8329-4de1-952a-7a81e4bedd3e];]=1}
> > at >
org.ovirt.engine.core.extensions.mgr.ExtensionProxy.invoke(ExtensionProxy.java:91)
> [extensions-manager.jar:] > at >
org.ovirt.engine.core.extensions.mgr.ExtensionProxy.invoke(ExtensionProxy.java:109)
> [extensions-manager.jar:] > at >
org.ovirt.engine.core.aaa.AuthzUtils.fetchPrincipalRecordImpl(AuthzUtils.java:51)
> [aaa.jar:] > at >
org.ovirt.engine.core.aaa.AuthzUtils.fetchPrincipalRecord(AuthzUtils.java:42)
> [aaa.jar:] > at >
org.ovirt.engine.core.bll.aaa.LoginBaseCommand.isUserCanBeAuthenticated(LoginBaseCommand.java:234)
> [bll.jar:] > at >
org.ovirt.engine.core.bll.aaa.LoginAdminUserCommand.canDoAction(LoginAdminUserCommand.java:15)
> [bll.jar:] > at >
org.ovirt.engine.core.bll.CommandBase.internalCanDoAction(CommandBase.java:744)
> [bll.jar:] > at >
org.ovirt.engine.core.bll.CommandBase.executeAction(CommandBase.java:338)
> [bll.jar:] > at org.ovirt.engine.core.bll.Backend.login(Backend.java:575) [bll.jar:] > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > [rt.jar:1.7.0_51] > at >
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
> [rt.jar:1.7.0_51] > at >
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> [rt.jar:1.7.0_51] > at java.lang.reflect.Method.invoke(Method.java:606) [rt.jar:1.7.0_51] > at >
org.jboss.as.ee.component.ManagedReferenceMethodInterceptorFactory$ManagedReferenceMethodInterceptor.processInvocation(ManagedReferenceMethodInterceptorFactory.java:72)
> [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] > at >
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
> [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > at >
org.jboss.invocation.InterceptorContext$Invocation.proceed(InterceptorContext.java:374)
> [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > at >
org.jboss.as.weld.ejb.Jsr299BindingsInterceptor.delegateInterception(Jsr299BindingsInterceptor.java:114)
> [jboss-as-weld-7.1.1.Final.jar:7.1.1.Final] > at >
org.jboss.as.weld.ejb.Jsr299BindingsInterceptor.doMethodInterception(Jsr299BindingsInterceptor.java:125)
> [jboss-as-weld-7.1.1.Final.jar:7.1.1.Final] > at >
org.jboss.as.weld.ejb.Jsr299BindingsInterceptor.processInvocation(Jsr299BindingsInterceptor.java:135)
> [jboss-as-weld-7.1.1.Final.jar:7.1.1.Final] > at >
org.jboss.as.ee.component.interceptors.UserInterceptorFactory$1.processInvocation(UserInterceptorFactory.java:36)
> [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] > at >
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
> [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > at >
org.jboss.invocation.InterceptorContext$Invocation.proceed(InterceptorContext.java:374)
> [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > at >
org.ovirt.engine.core.bll.interceptors.ThreadLocalSessionCleanerInterceptor.injectWebContextToThreadLocal(ThreadLocalSessionCleanerInterceptor.java:13)
> [bll.jar:] > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > [rt.jar:1.7.0_51] > at >
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
> [rt.jar:1.7.0_51] > at >
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> [rt.jar:1.7.0_51] > at java.lang.reflect.Method.invoke(Method.java:606) [rt.jar:1.7.0_51] > at >
org.jboss.as.ee.component.ManagedReferenceLifecycleMethodInterceptorFactory$ManagedReferenceLifecycleMethodInterceptor.processInvocation(ManagedReferenceLifecycleMethodInterceptorFactory.java:123)
> [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] > at >
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
> [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > at >
org.jboss.invocation.WeavedInterceptor.processInvocation(WeavedInterceptor.java:53)
> [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > at >
org.jboss.as.ee.component.interceptors.UserInterceptorFactory$1.processInvocation(UserInterceptorFactory.java:36)
> [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] > at >
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
> [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > at >
org.jboss.as.weld.ejb.EjbRequestScopeActivationInterceptor.processInvocation(EjbRequestScopeActivationInterceptor.java:82)
> [jboss-as-weld-7.1.1.Final.jar:7.1.1.Final] > at >
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
> [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > at >
org.jboss.invocation.InitialInterceptor.processInvocation(InitialInterceptor.java:21)
> [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > at >
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
> [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > at >
org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61)
> [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > at >
org.jboss.as.ee.component.interceptors.ComponentDispatcherInterceptor.processInvocation(ComponentDispatcherInterceptor.java:53)
> [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] > at >
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
> [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > at >
org.jboss.as.ejb3.component.singleton.SingletonComponentInstanceAssociationInterceptor.processInvocation(SingletonComponentInstanceAssociationInterceptor.java:53)
> [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] > at >
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
> [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > at >
org.jboss.as.ejb3.tx.CMTTxInterceptor.invokeInNoTx(CMTTxInterceptor.java:211)
> [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] > at >
org.jboss.as.ejb3.tx.CMTTxInterceptor.supports(CMTTxInterceptor.java:363)
> [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] > at >
org.jboss.as.ejb3.tx.CMTTxInterceptor.processInvocation(CMTTxInterceptor.java:194)
> [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] > at >
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
> [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > at >
org.jboss.as.ejb3.component.interceptors.CurrentInvocationContextInterceptor.processInvocation(CurrentInvocationContextInterceptor.java:41)
> [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] > at >
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
> [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > at >
org.jboss.as.ejb3.component.interceptors.LoggingInterceptor.processInvocation(LoggingInterceptor.java:59)
> [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] > at >
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
> [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > at >
org.jboss.as.ee.component.NamespaceContextInterceptor.processInvocation(NamespaceContextInterceptor.java:50)
> [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] > at >
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
> [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > at >
org.jboss.as.ee.component.TCCLInterceptor.processInvocation(TCCLInterceptor.java:45)
> [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] > at >
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
> [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > at >
org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61)
> [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > at > org.jboss.as.ee.component.ViewService$View.invoke(ViewService.java:165) > [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] > at >
org.jboss.as.ee.component.ViewDescription$1.processInvocation(ViewDescription.java:173)
> [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] > at >
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
> [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > at >
org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61)
> [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > at >
org.jboss.as.ee.component.ProxyInvocationHandler.invoke(ProxyInvocationHandler.java:72)
> [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] > at >
org.ovirt.engine.core.common.interfaces.BackendLocal$$$view7.login(Unknown
> Source) [common.jar:] > at >
org.ovirt.engine.ui.frontend.server.gwt.GenericApiGWTServiceImpl.login(GenericApiGWTServiceImpl.java:183)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > [rt.jar:1.7.0_51] > at >
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
> [rt.jar:1.7.0_51] > at >
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> [rt.jar:1.7.0_51] > at java.lang.reflect.Method.invoke(Method.java:606) [rt.jar:1.7.0_51] > at com.google.gwt.rpc.server.RPC.invokeAndStreamResponse(RPC.java:196) > at > com.google.gwt.rpc.server.RpcServlet.processCall(RpcServlet.java:172) > at > com.google.gwt.rpc.server.RpcServlet.processPost(RpcServlet.java:233) > at >
com.google.gwt.user.server.rpc.AbstractRemoteServiceServlet.doPost(AbstractRemoteServiceServlet.java:62)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:754) > [jboss-servlet-api_3.0_spec-1.0.0.Final.jar:1.0.0.Final] > at javax.servlet.http.HttpServlet.service(HttpServlet.java:847) > [jboss-servlet-api_3.0_spec-1.0.0.Final.jar:1.0.0.Final] > at >
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:329)
> at >
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)
> at >
org.ovirt.engine.core.utils.servlet.HeaderFilter.doFilter(HeaderFilter.java:94)
> [utils.jar:] > at >
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280)
> at >
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)
> at >
org.ovirt.engine.ui.frontend.server.gwt.GwtCachingFilter.doFilter(GwtCachingFilter.java:132)
> at >
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280)
> at >
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)
> at >
org.ovirt.engine.core.branding.BrandingFilter.doFilter(BrandingFilter.java:72)
> at >
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280)
> at >
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)
> at >
org.ovirt.engine.core.utils.servlet.LocaleFilter.doFilter(LocaleFilter.java:64)
> [utils.jar:] > at >
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280)
> at >
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)
> at >
org.ovirt.engine.core.aaa.filters.SessionMgmtFilter.doFilter(SessionMgmtFilter.java:31)
> [aaa.jar:] > at >
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280)
> at >
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)
> at >
org.ovirt.engine.core.aaa.filters.LoginFilter.doFilter(LoginFilter.java:73)
> [aaa.jar:] > at >
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280)
> at >
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)
> at >
org.ovirt.engine.core.aaa.filters.NegotiationFilter.doFilter(NegotiationFilter.java:131)
> [aaa.jar:] > at >
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280)
> at >
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)
> at >
org.ovirt.engine.core.aaa.filters.BasicAuthenticationFilter.doFilter(BasicAuthenticationFilter.java:75)
> [aaa.jar:] > at >
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280)
> at >
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)
> at >
org.ovirt.engine.core.aaa.filters.SessionValidationFilter.doFilter(SessionValidationFilter.java:63)
> [aaa.jar:] > at >
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280)
> at >
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)
> at >
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:275)
> at >
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:161)
> at >
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:489)
> at >
org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityContextAssociationValve.java:153)
> at >
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:155)
> at >
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
> at org.jboss.web.rewrite.RewriteValve.invoke(RewriteValve.java:466) > at >
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
> at >
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:368)
> at org.apache.coyote.ajp.AjpProcessor.process(AjpProcessor.java:505) > at >
org.apache.coyote.ajp.AjpProtocol$AjpConnectionHandler.process(AjpProtocol.java:445)
> at > org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:930) > at java.lang.Thread.run(Thread.java:744) [rt.jar:1.7.0_51] > > I have not changed any password from any of my AD users. > > I have removed from my oVirt 3.5 the domain with: > > engine-manage-domains delete --domain=siee.local --user=Administrator > > And I have removed the domain without problems. But I want to add it > again > but I can't. I execute the bellow command, put the password of my > Administrator domain and I receive the error showed bellow: > > engine-manage-domains add --domain=SIEE.LOCAL --provider=ad > --user=Administrator > Enter password: > No user in Directory was found for Administrator@SIEE.LOCAL. Trying > next > LDAP > server in list > Failure while testing domain siee.local. Details: No user information > was > found for user > > The password that I use is correct because I can login with user > Administrator in the domain siee.local through a Windows 7 Enterprise > client. All this issue comes after my upgrade to oVirt 3.5. Does > someone > help me with this problem?. If more info is needed or logs,
----- Original Message ----- the password.. We please
ask
> me. > > Many thanks in advanced, > > Juanjo > > _______________________________________________ > Users mailing list > Users@ovirt.org > http://lists.ovirt.org/mailman/listinfo/users >
2014-11-25 12:54:10,687 ERROR [org.ovirt.engine.extensions.aaa.builtin.kerberosldap.DirectorySearcher] (ajp--127.0.0.1-8702-5) Failed ldap search server ldap://adserver.siee.local:389 using user juanjo@SIEE.LOCAL due to Authentication Failed. Please verify the username and password.. We should not try the next server ----- Original Message -----
From: "Juan Jose" <jj197005@gmail.com> To: "Ondra Machacek" <omachace@redhat.com>, alonbl@redhat.com, "Yair Zaslavsky" <yzaslavs@redhat.com>, users@ovirt.org Sent: Tuesday, November 25, 2014 2:29:26 PM Subject: Re: [ovirt-users] Adding domain to oVirt to 3.5 issue
Hello Ondra and everybody,
It works with my other user:
engine-manage-domains add --domain=siee.local --provider=ad --user=juanjo --add-permissions Enter password: Successfully added domain siee.local. oVirt Engine restart is required in order for the changes to take place (service ovirt-engine restart). Manage Domains completed successfully
But after restarted ovirt-engine if I try to loging with "juanjo" in the administrator portal and I receive the error "General command validation failure", as you can see in the attached image.
I'm showing below the engine.log lines with the error:
2014-11-25 12:54:10,680 ERROR [org.ovirt.engine.extensions.aaa.builtin.kerberosldap.GSSAPIDirContextAuthenticationStrategy] (ajp--127.0.0.1-8702-5) Kerberos error: Pre-authentication information was invalid (24) 2014-11-25 12:54:10,681 ERROR [org.ovirt.engine.extensions.aaa.builtin.kerberosldap.GSSAPIDirContextAuthenticationStrategy] (ajp--127.0.0.1-8702-5) Authentication Failed. Please verify the username and password. 2014-11-25 12:54:10,687 ERROR [org.ovirt.engine.extensions.aaa.builtin.kerberosldap.DirectorySearcher] (ajp--127.0.0.1-8702-5) Failed ldap search server ldap://adserver.siee.local:389 using user juanjo@SIEE.LOCAL due to Authentication Failed. Please verify the username and password.. We should not try the next server 2014-11-25 12:54:10,688 ERROR [org.ovirt.engine.extensions.aaa.builtin.kerberosldap.LdapBrokerCommandBase] (ajp--127.0.0.1-8702-5) Failed to run command LdapGetAdUserByUserNameCommand. Domain is siee.local. User is juanjo@SIEE.LOCAL. 2014-11-25 12:54:10,689 ERROR [org.ovirt.engine.core.bll.aaa.LoginAdminUserCommand] (ajp--127.0.0.1-8702-5) Error during CanDoActionFailure.: Class: class org.ovirt.engine.core.extensions.mgr.ExtensionInvokeCommandFailedException Input: {Extkey[name=EXTENSION_INVOKE_CONTEXT;type=class org.ovirt.engine.api.extensions.ExtMap;uuid=EXTENSION_INVOKE_CONTEXT[886d2ebb-312a-49ae-9cc3-e1f849834b7d];]={Extkey[name=EXTENSION_INTERFACE_VERSION_MAX;type=class java.lang.Integer;uuid=EXTENSION_INTERFACE_VERSION_MAX[f4cff49f-2717-4901-8ee9-df362446e3e7];]=0, Extkey[name=EXTENSION_LICENSE;type=class java.lang.String;uuid=EXTENSION_LICENSE[8a61ad65-054c-4e31-9c6d-1ca4d60a4c18];]=ASL 2.0, Extkey[name=EXTENSION_HOME_URL;type=class java.lang.String;uuid=EXTENSION_HOME_URL[4ad7a2f4-f969-42d4-b399-72d192e18304];]= http://www.ovirt.org, Extkey[name=EXTENSION_LOCALE;type=class java.lang.String;uuid=EXTENSION_LOCALE[0780b112-0ce0-404a-b85e-8765d778bb29];]=en_US, Extkey[name=EXTENSION_NAME;type=class java.lang.String;uuid=EXTENSION_NAME[651381d3-f54f-4547-bf28-b0b01a103184];]=Kerberos/Ldap Authz (Built-in), Extkey[name=EXTENSION_INTERFACE_VERSION_MIN;type=class java.lang.Integer;uuid=EXTENSION_INTERFACE_VERSION_MIN[2b84fc91-305b-497b-a1d7-d961b9d2ce0b];]=0, Extkey[name=EXTENSION_CONFIGURATION;type=class java.util.Properties;uuid=EXTENSION_CONFIGURATION[2d48ab72-f0a1-4312-b4ae-5068a226b0fc];]=***, Extkey[name=EXTENSION_AUTHOR;type=class java.lang.String;uuid=EXTENSION_AUTHOR[ef242f7a-2dad-4bc5-9aad-e07018b7fbcc];]=The oVirt Project, Extkey[name=AAA_AUTHZ_QUERY_MAX_FILTER_SIZE;type=class java.lang.Integer;uuid=AAA_AUTHZ_QUERY_MAX_FILTER_SIZE[2eb1f541-0f65-44a1-a6e3-014e247595f5];]=100, Extkey[name=EXTENSION_INSTANCE_NAME;type=class java.lang.String;uuid=EXTENSION_INSTANCE_NAME[65c67ff6-aeca-4bd5-a245-8674327f011b];]=siee.local, Extkey[name=EXTENSION_BUILD_INTERFACE_VERSION;type=class java.lang.Integer;uuid=EXTENSION_BUILD_INTERFACE_VERSION[cb479e5a-4b23-46f8-aed3-56a4747a8ab7];]=0, Extkey[name=AAA_AUTHZ_CAPABILITIES;type=class java.lang.Long;uuid=AAA_AUTHZ_CAPABILITIES[6106d1fb-9291-4351-a947-b897b9540a23];]=1, Extkey[name=EXTENSION_CONFIGURATION_SENSITIVE_KEYS;type=interface java.util.Collection;uuid=EXTENSION_CONFIGURATION_SENSITIVE_KEYS[a456efa1-73ff-4204-9f9b-ebff01e35263];]=[], Extkey[name=EXTENSION_GLOBAL_CONTEXT;type=class org.ovirt.engine.api.extensions.ExtMap;uuid=EXTENSION_GLOBAL_CONTEXT[9799e72f-7af6-4cf1-bf08-297bc8903676];]=*skip*, Extkey[name=EXTENSION_VERSION;type=class java.lang.String;uuid=EXTENSION_VERSION[fe35f6a8-8239-4bdb-ab1a-af9f779ce68c];]=N/A, Extkey[name=AAA_AUTHZ_AVAILABLE_NAMESPACES;type=interface java.util.Collection;uuid=AAA_AUTHZ_AVAILABLE_NAMESPACES[6dffa34c-955f-486a-bd35-0a272b45a711];]=[*], Extkey[name=EXTENSION_MANAGER_TRACE_LOG;type=interface org.slf4j.Logger;uuid=EXTENSION_MANAGER_TRACE_LOG[863db666-3ea7-4751-9695-918a3197ad83];]=org.slf4j.impl.Slf4jLogger(org.ovirt.engine.core.extensions.mgr.ExtensionsManager.trace.Kerberos/Ldap Authz (Built-in).siee.local), Extkey[name=EXTENSION_PROVIDES;type=interface java.util.Collection;uuid=EXTENSION_PROVIDES[8cf373a6-65b5-4594-b828-0e275087de91];]=[org.ovirt.engine.api.extensions.aaa.Authz]}, Extkey[name=AAA_AUTHZ_QUERY_FLAGS;type=class java.lang.Integer;uuid=AAA_AUTHZ_QUERY_FLAGS[97d226e9-8d87-49a0-9a7f-af689320907b];]=3, Extkey[name=EXTENSION_INVOKE_COMMAND;type=class org.ovirt.engine.api.extensions.ExtUUID;uuid=EXTENSION_INVOKE_COMMAND[485778ab-bede-4f1a-b823-77b262a2f28d];]=AAA_AUTHZ_FETCH_PRINCIPAL_RECORD[5a5bf9bb-9336-4376-a823-26efe1ba26df], Extkey[name=AAA_AUTHN_AUTH_RECORD;type=class org.ovirt.engine.api.extensions.ExtMap;uuid=AAA_AUTHN_AUTH_RECORD[e9462168-b53b-44ac-9af5-f25e1697173e];]={Extkey[name=AAA_AUTHN_AUTH_RECORD_PRINCIPAL;type=class java.lang.String;uuid=AAA_AUTHN_AUTH_RECORD_PRINCIPAL[c3498f07-11fe-464c-958c-8bd7490b119a];]=juanjo}} Output: {Extkey[name=EXTENSION_INVOKE_RESULT;type=class java.lang.Integer;uuid=EXTENSION_INVOKE_RESULT[0909d91d-8bde-40fb-b6c0-099c772ddd4e];]=2, Extkey[name=AAA_AUTHZ_STATUS;type=class java.lang.Integer;uuid=AAA_AUTHZ_STATUS[566f0ba5-8329-4de1-952a-7a81e4bedd3e];]=1}
at org.ovirt.engine.core.extensions.mgr.ExtensionProxy.invoke(ExtensionProxy.java:91) [extensions-manager.jar:] at org.ovirt.engine.core.extensions.mgr.ExtensionProxy.invoke(ExtensionProxy.java:109) [extensions-manager.jar:] at org.ovirt.engine.core.aaa.AuthzUtils.fetchPrincipalRecordImpl(AuthzUtils.java:51) [aaa.jar:] at org.ovirt.engine.core.aaa.AuthzUtils.fetchPrincipalRecord(AuthzUtils.java:42) [aaa.jar:] at org.ovirt.engine.core.bll.aaa.LoginBaseCommand.isUserCanBeAuthenticated(LoginBaseCommand.java:234) [bll.jar:] at org.ovirt.engine.core.bll.aaa.LoginAdminUserCommand.canDoAction(LoginAdminUserCommand.java:15) [bll.jar:] at org.ovirt.engine.core.bll.CommandBase.internalCanDoAction(CommandBase.java:744) [bll.jar:] at org.ovirt.engine.core.bll.CommandBase.executeAction(CommandBase.java:338) [bll.jar:] at org.ovirt.engine.core.bll.Backend.login(Backend.java:575) [bll.jar:] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.7.0_51] at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) [rt.jar:1.7.0_51] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [rt.jar:1.7.0_51] at java.lang.reflect.Method.invoke(Method.java:606) [rt.jar:1.7.0_51] at org.jboss.as.ee.component.ManagedReferenceMethodInterceptorFactory$ManagedReferenceMethodInterceptor.processInvocation(ManagedReferenceMethodInterceptorFactory.java:72) [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.invocation.InterceptorContext$Invocation.proceed(InterceptorContext.java:374) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.as.weld.ejb.Jsr299BindingsInterceptor.delegateInterception(Jsr299BindingsInterceptor.java:114) [jboss-as-weld-7.1.1.Final.jar:7.1.1.Final] at org.jboss.as.weld.ejb.Jsr299BindingsInterceptor.doMethodInterception(Jsr299BindingsInterceptor.java:125) [jboss-as-weld-7.1.1.Final.jar:7.1.1.Final] at org.jboss.as.weld.ejb.Jsr299BindingsInterceptor.processInvocation(Jsr299BindingsInterceptor.java:135) [jboss-as-weld-7.1.1.Final.jar:7.1.1.Final] at org.jboss.as.ee.component.interceptors.UserInterceptorFactory$1.processInvocation(UserInterceptorFactory.java:36) [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.invocation.InterceptorContext$Invocation.proceed(InterceptorContext.java:374) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.ovirt.engine.core.bll.interceptors.ThreadLocalSessionCleanerInterceptor.injectWebContextToThreadLocal(ThreadLocalSessionCleanerInterceptor.java:13) [bll.jar:] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.7.0_51] at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) [rt.jar:1.7.0_51] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [rt.jar:1.7.0_51] at java.lang.reflect.Method.invoke(Method.java:606) [rt.jar:1.7.0_51] at org.jboss.as.ee.component.ManagedReferenceLifecycleMethodInterceptorFactory$ManagedReferenceLifecycleMethodInterceptor.processInvocation(ManagedReferenceLifecycleMethodInterceptorFactory.java:123) [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.invocation.WeavedInterceptor.processInvocation(WeavedInterceptor.java:53) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.as.ee.component.interceptors.UserInterceptorFactory$1.processInvocation(UserInterceptorFactory.java:36) [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.as.weld.ejb.EjbRequestScopeActivationInterceptor.processInvocation(EjbRequestScopeActivationInterceptor.java:82) [jboss-as-weld-7.1.1.Final.jar:7.1.1.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.invocation.InitialInterceptor.processInvocation(InitialInterceptor.java:21) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.as.ee.component.interceptors.ComponentDispatcherInterceptor.processInvocation(ComponentDispatcherInterceptor.java:53) [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.as.ejb3.component.singleton.SingletonComponentInstanceAssociationInterceptor.processInvocation(SingletonComponentInstanceAssociationInterceptor.java:53) [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.as.ejb3.tx.CMTTxInterceptor.invokeInNoTx(CMTTxInterceptor.java:211) [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] at org.jboss.as.ejb3.tx.CMTTxInterceptor.supports(CMTTxInterceptor.java:363) [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] at org.jboss.as.ejb3.tx.CMTTxInterceptor.processInvocation(CMTTxInterceptor.java:194) [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.as.ejb3.component.interceptors.CurrentInvocationContextInterceptor.processInvocation(CurrentInvocationContextInterceptor.java:41) [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.as.ejb3.component.interceptors.LoggingInterceptor.processInvocation(LoggingInterceptor.java:59) [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.as.ee.component.NamespaceContextInterceptor.processInvocation(NamespaceContextInterceptor.java:50) [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.as.ee.component.TCCLInterceptor.processInvocation(TCCLInterceptor.java:45) [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.as.ee.component.ViewService$View.invoke(ViewService.java:165) [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at org.jboss.as.ee.component.ViewDescription$1.processInvocation(ViewDescription.java:173) [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.as.ee.component.ProxyInvocationHandler.invoke(ProxyInvocationHandler.java:72) [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at org.ovirt.engine.core.common.interfaces.BackendLocal$$$view7.login(Unknown Source) [common.jar:] at org.ovirt.engine.ui.frontend.server.gwt.GenericApiGWTServiceImpl.login(GenericApiGWTServiceImpl.java:183) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.7.0_51] at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) [rt.jar:1.7.0_51] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [rt.jar:1.7.0_51] at java.lang.reflect.Method.invoke(Method.java:606) [rt.jar:1.7.0_51] at com.google.gwt.rpc.server.RPC.invokeAndStreamResponse(RPC.java:196) at com.google.gwt.rpc.server.RpcServlet.processCall(RpcServlet.java:172) at com.google.gwt.rpc.server.RpcServlet.processPost(RpcServlet.java:233) at com.google.gwt.user.server.rpc.AbstractRemoteServiceServlet.doPost(AbstractRemoteServiceServlet.java:62) at javax.servlet.http.HttpServlet.service(HttpServlet.java:754) [jboss-servlet-api_3.0_spec-1.0.0.Final.jar:1.0.0.Final] at javax.servlet.http.HttpServlet.service(HttpServlet.java:847) [jboss-servlet-api_3.0_spec-1.0.0.Final.jar:1.0.0.Final] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:329) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248) at org.ovirt.engine.core.utils.servlet.HeaderFilter.doFilter(HeaderFilter.java:94) [utils.jar:] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248) at org.ovirt.engine.ui.frontend.server.gwt.GwtCachingFilter.doFilter(GwtCachingFilter.java:132) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248) at org.ovirt.engine.core.branding.BrandingFilter.doFilter(BrandingFilter.java:72) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248) at org.ovirt.engine.core.utils.servlet.LocaleFilter.doFilter(LocaleFilter.java:64) [utils.jar:] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248) at org.ovirt.engine.core.aaa.filters.SessionMgmtFilter.doFilter(SessionMgmtFilter.java:31) [aaa.jar:] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248) at org.ovirt.engine.core.aaa.filters.LoginFilter.doFilter(LoginFilter.java:73) [aaa.jar:] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248) at org.ovirt.engine.core.aaa.filters.NegotiationFilter.doFilter(NegotiationFilter.java:131) [aaa.jar:] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248) at org.ovirt.engine.core.aaa.filters.BasicAuthenticationFilter.doFilter(BasicAuthenticationFilter.java:75) [aaa.jar:] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248) at org.ovirt.engine.core.aaa.filters.SessionValidationFilter.doFilter(SessionValidationFilter.java:63) [aaa.jar:] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:275) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:161) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:489) at org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityContextAssociationValve.java:153) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:155) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) at org.jboss.web.rewrite.RewriteValve.invoke(RewriteValve.java:466) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:368) at org.apache.coyote.ajp.AjpProcessor.process(AjpProcessor.java:505) at org.apache.coyote.ajp.AjpProtocol$AjpConnectionHandler.process(AjpProtocol.java:445) at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:930) at java.lang.Thread.run(Thread.java:744) [rt.jar:1.7.0_51]
Could you help me with this problem, please?
Many thanks in advanced,
Juanjo.
On Tue, Nov 25, 2014 at 12:24 PM, Ondra Machacek <omachace@redhat.com> wrote:
Hi,
can you please try different account than Administrator?
From: "Juan Jose" <jj197005@gmail.com> To: omachace@redhat.com, alonbl@redhat.com, "Yair Zaslavsky" < yzaslavs@redhat.com>, users@ovirt.org Sent: Tuesday, November 25, 2014 11:01:13 AM Subject: Re: [ovirt-users] Adding domain to oVirt to 3.5 issue
Hello everybody,
Ondra you are right, I removed the domain. I have already tried to execute the command with lower case the domain name and the result is the same
engine-manage-domains add --domain=siee.local --provider=ad --user=Administrator --add-permissions Enter password: No user in Directory was found for Administrator@SIEE.LOCAL. Trying next LDAP server in list Failure while testing domain siee.local. Details: No user information was found for user
the result to the command psql -U engine -d engine -c "select * from vdc_options where option_name='LDAPSecurityAuthentication'" is:
psql: FATAL: Ident authentication failed for user "engine"
And for second command psql -U engine -d engine -c "update vdc_options set option_value='siee.local:GSSAPI' where option_name='LDAPSecurityAuthentication'", I receive the same response:
psql: FATAL: Ident authentication failed for user "engine"
Is there any problem?
Many thanks in advanced,
Juanjo.
On Mon, Nov 24, 2014 at 1:57 PM, Ondra Machacek <omachace@redhat.com> wrote:
I understood that domain can be deleted, but can't be added, so there won't be needed values to update in vdc_options.
Juanjo - Can you please provide us what's the result of command:
$ psql -U engine -d engine -c "select * from vdc_options where option_name='LDAPSecurityAuthentication'"
If it's empty or if the domain name is upper case or lower case? If it's upper, than please lower case it. $ psql -U engine -d engine -c "update vdc_options set option_value='siee.local:GSSAPI' where option_name='LDAPSecurityAuthentication'"
----- Original Message -----
From: "Alon Bar-Lev" <alonbl@redhat.com> To: "Ondra Machacek" <omachace@redhat.com> Cc: jj197005@gmail.com, users@ovirt.org, "Yair Zaslavsky" < yzaslavs@redhat.com> Sent: Monday, November 24, 2014 1:49:11 PM Subject: Re: [ovirt-users] Adding domain to oVirt to 3.5 issue
----- Original Message -----
From: "Ondra Machacek" <omachace@redhat.com> To: jj197005@gmail.com Cc: users@ovirt.org, "Yair Zaslavsky" <yzaslavs@redhat.com>, "Alon Bar-Lev" <alonbl@redhat.com> Sent: Monday, November 24, 2014 2:46:20 PM Subject: Re: [ovirt-users] Adding domain to oVirt to 3.5 issue
Please try to run your command with domain in lower case:
engine-manage-domains add --domain=siee.local --provider=ad --user=Administrator
it is already added, won't it simpler to modify the vdc_options?
----- Original Message ----- > From: "Alon Bar-Lev" <alonbl@redhat.com> > To: "Juan Jose" <jj197005@gmail.com> > Cc: users@ovirt.org, "Yair Zaslavsky" <yzaslavs@redhat.com>,
"Ondra
> Machacek" <omachace@redhat.com> > Sent: Monday, November 24, 2014 1:27:39 PM > Subject: Re: [ovirt-users] Adding domain to oVirt to 3.5 issue > > > Yes, > I think we just fixed this[1]. > We can fix this manually, yair, ondra what is the easiest fix? > > BTW: you can also checkout the new ldap provider > (ovirt-engine-extension-aaa-ldap) in 3.5 which should be much more > robust[1], I can help you set it up. > > [1] https://bugzilla.redhat.com/show_bug.cgi?id=1167211 > [2] >
http://gerrit.ovirt.org/gitweb?p=ovirt-engine-extension-aaa-ldap.git;a=blob;...
> > ----- Original Message ----- > > From: "Juan Jose" <jj197005@gmail.com> > > To: users@ovirt.org > > Sent: Monday, November 24, 2014 2:22:44 PM > > Subject: [ovirt-users] Adding domain to oVirt to 3.5 issue > > > > Hello everybody, > > > > I have upgraded my oVirt 3.4 to 3.5 version without any problem > > apparently. > > > > After finish the upgrade I have tried to login with any of my AD users > > from > > my Samba 4, like I used to do in oVirt 3.4 but I received > > authentication > > errors as below error: > > > > 2014-11-21 14:06:02,681 ERROR > >
[org.ovirt.engine.extensions.aaa.builtin.kerberosldap.GSSAPIDirContextAuthenticationStrategy]
> > (ajp--127.0.0.1-8702-3) Kerberos error: Pre-authentication information > > was > > invalid (24) > > 2014-11-21 14:06:02,683 ERROR > >
[org.ovirt.engine.extensions.aaa.builtin.kerberosldap.GSSAPIDirContextAuthenticationStrategy]
> > (ajp--127.0.0.1-8702-3) Authentication Failed. Please verify
> > username > > and password. > > 2014-11-21 14:06:02,685 ERROR > >
[org.ovirt.engine.extensions.aaa.builtin.kerberosldap.DirectorySearcher]
> > (ajp--127.0.0.1-8702-3) Failed ldap search server > > ldap://adserver.siee.local:389 using user juanjo@SIEE.LOCAL due to > > Authentication Failed. Please verify the username and
> > should > > not try the next server > > 2014-11-21 14:06:02,688 ERROR > >
[org.ovirt.engine.extensions.aaa.builtin.kerberosldap.LdapBrokerCommandBase]
> > (ajp--127.0.0.1-8702-3) Failed to run command > > LdapGetAdUserByUserNameCommand. Domain is siee.local. User is > > juanjo@SIEE.LOCAL. > > 2014-11-21 14:06:02,690 ERROR > > [org.ovirt.engine.core.bll.aaa.LoginAdminUserCommand] > > (ajp--127.0.0.1-8702-3) Error during CanDoActionFailure.: Class: class > >
org.ovirt.engine.core.extensions.mgr.ExtensionInvokeCommandFailedException
> > Input: > > {Extkey[name=EXTENSION_INVOKE_CONTEXT;type=class > >
org.ovirt.engine.api.extensions.ExtMap;uuid=EXTENSION_INVOKE_CONTEXT[886d2ebb-312a-49ae-9cc3-e1f849834b7d];]={Extkey[name=EXTENSION_INTERFACE_VERSION_MAX;type=class
> >
java.lang.Integer;uuid=EXTENSION_INTERFACE_VERSION_MAX[f4cff49f-2717-4901-8ee9-df362446e3e7];]=0,
> > Extkey[name=EXTENSION_LICENSE;type=class > >
java.lang.String;uuid=EXTENSION_LICENSE[8a61ad65-054c-4e31-9c6d-1ca4d60a4c18];]=ASL
> > 2.0, Extkey[name=EXTENSION_HOME_URL;type=class > >
java.lang.String;uuid=EXTENSION_HOME_URL[4ad7a2f4-f969-42d4-b399-72d192e18304];]=
> > http://www.ovirt.org , Extkey[name=EXTENSION_LOCALE;type=class > >
java.lang.String;uuid=EXTENSION_LOCALE[0780b112-0ce0-404a-b85e-8765d778bb29];]=en_US,
> > Extkey[name=EXTENSION_NAME;type=class > >
java.lang.String;uuid=EXTENSION_NAME[651381d3-f54f-4547-bf28-b0b01a103184];]=Kerberos/Ldap
> > Authz (Built-in), > > Extkey[name=EXTENSION_INTERFACE_VERSION_MIN;type=class > >
java.lang.Integer;uuid=EXTENSION_INTERFACE_VERSION_MIN[2b84fc91-305b-497b-a1d7-d961b9d2ce0b];]=0,
> > Extkey[name=EXTENSION_CONFIGURATION;type=class > >
java.util.Properties;uuid=EXTENSION_CONFIGURATION[2d48ab72-f0a1-4312-b4ae-5068a226b0fc];]=***,
> > Extkey[name=EXTENSION_AUTHOR;type=class > >
java.lang.String;uuid=EXTENSION_AUTHOR[ef242f7a-2dad-4bc5-9aad-e07018b7fbcc];]=The
> > oVirt Project, Extkey[name=AAA_AUTHZ_QUERY_MAX_FILTER_SIZE;type=class > >
java.lang.Integer;uuid=AAA_AUTHZ_QUERY_MAX_FILTER_SIZE[2eb1f541-0f65-44a1-a6e3-014e247595f5];]=100,
> > Extkey[name=EXTENSION_INSTANCE_NAME;type=class > >
java.lang.String;uuid=EXTENSION_INSTANCE_NAME[65c67ff6-aeca-4bd5-a245-8674327f011b];]=siee.local,
> > Extkey[name=EXTENSION_BUILD_INTERFACE_VERSION;type=class > >
java.lang.Integer;uuid=EXTENSION_BUILD_INTERFACE_VERSION[cb479e5a-4b23-46f8-aed3-56a4747a8ab7];]=0,
> > Extkey[name=AAA_AUTHZ_CAPABILITIES;type=class > >
java.lang.Long;uuid=AAA_AUTHZ_CAPABILITIES[6106d1fb-9291-4351-a947-b897b9540a23];]=1,
> > Extkey[name=EXTENSION_CONFIGURATION_SENSITIVE_KEYS;type=interface > >
java.util.Collection;uuid=EXTENSION_CONFIGURATION_SENSITIVE_KEYS[a456efa1-73ff-4204-9f9b-ebff01e35263];]=[],
> > Extkey[name=EXTENSION_GLOBAL_CONTEXT;type=class > >
org.ovirt.engine.api.extensions.ExtMap;uuid=EXTENSION_GLOBAL_CONTEXT[9799e72f-7af6-4cf1-bf08-297bc8903676];]=*skip*,
> > Extkey[name=EXTENSION_VERSION;type=class > >
java.lang.String;uuid=EXTENSION_VERSION[fe35f6a8-8239-4bdb-ab1a-af9f779ce68c];]=N/A,
> > Extkey[name=AAA_AUTHZ_AVAILABLE_NAMESPACES;type=interface > >
java.util.Collection;uuid=AAA_AUTHZ_AVAILABLE_NAMESPACES[6dffa34c-955f-486a-bd35-0a272b45a711];]=[*],
> > Extkey[name=EXTENSION_MANAGER_TRACE_LOG;type=interface > >
org.slf4j.Logger;uuid=EXTENSION_MANAGER_TRACE_LOG[863db666-3ea7-4751-9695-918a3197ad83];]=org.slf4j.impl.Slf4jLogger(org.ovirt.engine.core.extensions.mgr.ExtensionsManager.trace.Kerberos/Ldap
> > Authz (Built-in).siee.local), > > Extkey[name=EXTENSION_PROVIDES;type=interface > >
java.util.Collection;uuid=EXTENSION_PROVIDES[8cf373a6-65b5-4594-b828-0e275087de91];]=[org.ovirt.engine.api.extensions.aaa.Authz]},
> > Extkey[name=AAA_AUTHZ_QUERY_FLAGS;type=class > >
java.lang.Integer;uuid=AAA_AUTHZ_QUERY_FLAGS[97d226e9-8d87-49a0-9a7f-af689320907b];]=3,
> > Extkey[name=EXTENSION_INVOKE_COMMAND;type=class > >
org.ovirt.engine.api.extensions.ExtUUID;uuid=EXTENSION_INVOKE_COMMAND[485778ab-bede-4f1a-b823-77b262a2f28d];]=AAA_AUTHZ_FETCH_PRINCIPAL_RECORD[5a5bf9bb-9336-4376-a823-26efe1ba26df],
> > Extkey[name=AAA_AUTHN_AUTH_RECORD;type=class > >
org.ovirt.engine.api.extensions.ExtMap;uuid=AAA_AUTHN_AUTH_RECORD[e9462168-b53b-44ac-9af5-f25e1697173e];]={Extkey[name=AAA_AUTHN_AUTH_RECORD_PRINCIPAL;type=class
> >
java.lang.String;uuid=AAA_AUTHN_AUTH_RECORD_PRINCIPAL[c3498f07-11fe-464c-958c-8bd7490b119a];]=juanjo}}
> > Output: > > {Extkey[name=EXTENSION_INVOKE_RESULT;type=class > >
java.lang.Integer;uuid=EXTENSION_INVOKE_RESULT[0909d91d-8bde-40fb-b6c0-099c772ddd4e];]=2,
> > Extkey[name=AAA_AUTHZ_STATUS;type=class > >
java.lang.Integer;uuid=AAA_AUTHZ_STATUS[566f0ba5-8329-4de1-952a-7a81e4bedd3e];]=1}
> > > > at > >
org.ovirt.engine.core.extensions.mgr.ExtensionProxy.invoke(ExtensionProxy.java:91)
> > [extensions-manager.jar:] > > at > >
org.ovirt.engine.core.extensions.mgr.ExtensionProxy.invoke(ExtensionProxy.java:109)
> > [extensions-manager.jar:] > > at > >
org.ovirt.engine.core.aaa.AuthzUtils.fetchPrincipalRecordImpl(AuthzUtils.java:51)
> > [aaa.jar:] > > at > >
org.ovirt.engine.core.aaa.AuthzUtils.fetchPrincipalRecord(AuthzUtils.java:42)
> > [aaa.jar:] > > at > >
org.ovirt.engine.core.bll.aaa.LoginBaseCommand.isUserCanBeAuthenticated(LoginBaseCommand.java:234)
> > [bll.jar:] > > at > >
org.ovirt.engine.core.bll.aaa.LoginAdminUserCommand.canDoAction(LoginAdminUserCommand.java:15)
> > [bll.jar:] > > at > >
org.ovirt.engine.core.bll.CommandBase.internalCanDoAction(CommandBase.java:744)
> > [bll.jar:] > > at > >
org.ovirt.engine.core.bll.CommandBase.executeAction(CommandBase.java:338)
> > [bll.jar:] > > at org.ovirt.engine.core.bll.Backend.login(Backend.java:575) [bll.jar:] > > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > > [rt.jar:1.7.0_51] > > at > >
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
> > [rt.jar:1.7.0_51] > > at > >
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> > [rt.jar:1.7.0_51] > > at java.lang.reflect.Method.invoke(Method.java:606) [rt.jar:1.7.0_51] > > at > >
org.jboss.as.ee.component.ManagedReferenceMethodInterceptorFactory$ManagedReferenceMethodInterceptor.processInvocation(ManagedReferenceMethodInterceptorFactory.java:72)
> > [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] > > at > >
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
> > [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > > at > >
org.jboss.invocation.InterceptorContext$Invocation.proceed(InterceptorContext.java:374)
> > [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > > at > >
org.jboss.as.weld.ejb.Jsr299BindingsInterceptor.delegateInterception(Jsr299BindingsInterceptor.java:114)
> > [jboss-as-weld-7.1.1.Final.jar:7.1.1.Final] > > at > >
org.jboss.as.weld.ejb.Jsr299BindingsInterceptor.doMethodInterception(Jsr299BindingsInterceptor.java:125)
> > [jboss-as-weld-7.1.1.Final.jar:7.1.1.Final] > > at > >
org.jboss.as.weld.ejb.Jsr299BindingsInterceptor.processInvocation(Jsr299BindingsInterceptor.java:135)
> > [jboss-as-weld-7.1.1.Final.jar:7.1.1.Final] > > at > >
org.jboss.as.ee.component.interceptors.UserInterceptorFactory$1.processInvocation(UserInterceptorFactory.java:36)
> > [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] > > at > >
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
> > [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > > at > >
org.jboss.invocation.InterceptorContext$Invocation.proceed(InterceptorContext.java:374)
> > [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > > at > >
org.ovirt.engine.core.bll.interceptors.ThreadLocalSessionCleanerInterceptor.injectWebContextToThreadLocal(ThreadLocalSessionCleanerInterceptor.java:13)
> > [bll.jar:] > > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > > [rt.jar:1.7.0_51] > > at > >
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
> > [rt.jar:1.7.0_51] > > at > >
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> > [rt.jar:1.7.0_51] > > at java.lang.reflect.Method.invoke(Method.java:606) [rt.jar:1.7.0_51] > > at > >
org.jboss.as.ee.component.ManagedReferenceLifecycleMethodInterceptorFactory$ManagedReferenceLifecycleMethodInterceptor.processInvocation(ManagedReferenceLifecycleMethodInterceptorFactory.java:123)
> > [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] > > at > >
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
> > [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > > at > >
org.jboss.invocation.WeavedInterceptor.processInvocation(WeavedInterceptor.java:53)
> > [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > > at > >
org.jboss.as.ee.component.interceptors.UserInterceptorFactory$1.processInvocation(UserInterceptorFactory.java:36)
> > [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] > > at > >
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
> > [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > > at > >
org.jboss.as.weld.ejb.EjbRequestScopeActivationInterceptor.processInvocation(EjbRequestScopeActivationInterceptor.java:82)
> > [jboss-as-weld-7.1.1.Final.jar:7.1.1.Final] > > at > >
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
> > [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > > at > >
org.jboss.invocation.InitialInterceptor.processInvocation(InitialInterceptor.java:21)
> > [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > > at > >
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
> > [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > > at > >
org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61)
> > [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > > at > >
org.jboss.as.ee.component.interceptors.ComponentDispatcherInterceptor.processInvocation(ComponentDispatcherInterceptor.java:53)
> > [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] > > at > >
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
> > [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > > at > >
org.jboss.as.ejb3.component.singleton.SingletonComponentInstanceAssociationInterceptor.processInvocation(SingletonComponentInstanceAssociationInterceptor.java:53)
> > [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] > > at > >
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
> > [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > > at > >
org.jboss.as.ejb3.tx.CMTTxInterceptor.invokeInNoTx(CMTTxInterceptor.java:211)
> > [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] > > at > >
org.jboss.as.ejb3.tx.CMTTxInterceptor.supports(CMTTxInterceptor.java:363)
> > [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] > > at > >
org.jboss.as.ejb3.tx.CMTTxInterceptor.processInvocation(CMTTxInterceptor.java:194)
> > [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] > > at > >
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
> > [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > > at > >
org.jboss.as.ejb3.component.interceptors.CurrentInvocationContextInterceptor.processInvocation(CurrentInvocationContextInterceptor.java:41)
> > [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] > > at > >
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
> > [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > > at > >
org.jboss.as.ejb3.component.interceptors.LoggingInterceptor.processInvocation(LoggingInterceptor.java:59)
> > [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] > > at > >
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
> > [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > > at > >
org.jboss.as.ee.component.NamespaceContextInterceptor.processInvocation(NamespaceContextInterceptor.java:50)
> > [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] > > at > >
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
> > [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > > at > >
org.jboss.as.ee.component.TCCLInterceptor.processInvocation(TCCLInterceptor.java:45)
> > [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] > > at > >
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
> > [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > > at > >
org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61)
> > [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > > at > > org.jboss.as.ee.component.ViewService$View.invoke(ViewService.java:165) > > [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] > > at > >
org.jboss.as.ee.component.ViewDescription$1.processInvocation(ViewDescription.java:173)
> > [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] > > at > >
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
> > [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > > at > >
org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61)
> > [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > > at > >
org.jboss.as.ee.component.ProxyInvocationHandler.invoke(ProxyInvocationHandler.java:72)
> > [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] > > at > >
org.ovirt.engine.core.common.interfaces.BackendLocal$$$view7.login(Unknown
> > Source) [common.jar:] > > at > >
org.ovirt.engine.ui.frontend.server.gwt.GenericApiGWTServiceImpl.login(GenericApiGWTServiceImpl.java:183)
> > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > > [rt.jar:1.7.0_51] > > at > >
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
> > [rt.jar:1.7.0_51] > > at > >
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> > [rt.jar:1.7.0_51] > > at java.lang.reflect.Method.invoke(Method.java:606) [rt.jar:1.7.0_51] > > at com.google.gwt.rpc.server.RPC.invokeAndStreamResponse(RPC.java:196) > > at > > com.google.gwt.rpc.server.RpcServlet.processCall(RpcServlet.java:172) > > at > > com.google.gwt.rpc.server.RpcServlet.processPost(RpcServlet.java:233) > > at > >
com.google.gwt.user.server.rpc.AbstractRemoteServiceServlet.doPost(AbstractRemoteServiceServlet.java:62)
> > at javax.servlet.http.HttpServlet.service(HttpServlet.java:754) > > [jboss-servlet-api_3.0_spec-1.0.0.Final.jar:1.0.0.Final] > > at javax.servlet.http.HttpServlet.service(HttpServlet.java:847) > > [jboss-servlet-api_3.0_spec-1.0.0.Final.jar:1.0.0.Final] > > at > >
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:329)
> > at > >
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)
> > at > >
org.ovirt.engine.core.utils.servlet.HeaderFilter.doFilter(HeaderFilter.java:94)
> > [utils.jar:] > > at > >
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280)
> > at > >
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)
> > at > >
org.ovirt.engine.ui.frontend.server.gwt.GwtCachingFilter.doFilter(GwtCachingFilter.java:132)
> > at > >
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280)
> > at > >
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)
> > at > >
org.ovirt.engine.core.branding.BrandingFilter.doFilter(BrandingFilter.java:72)
> > at > >
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280)
> > at > >
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)
> > at > >
org.ovirt.engine.core.utils.servlet.LocaleFilter.doFilter(LocaleFilter.java:64)
> > [utils.jar:] > > at > >
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280)
> > at > >
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)
> > at > >
org.ovirt.engine.core.aaa.filters.SessionMgmtFilter.doFilter(SessionMgmtFilter.java:31)
> > [aaa.jar:] > > at > >
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280)
> > at > >
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)
> > at > >
org.ovirt.engine.core.aaa.filters.LoginFilter.doFilter(LoginFilter.java:73)
> > [aaa.jar:] > > at > >
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280)
> > at > >
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)
> > at > >
org.ovirt.engine.core.aaa.filters.NegotiationFilter.doFilter(NegotiationFilter.java:131)
> > [aaa.jar:] > > at > >
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280)
> > at > >
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)
> > at > >
org.ovirt.engine.core.aaa.filters.BasicAuthenticationFilter.doFilter(BasicAuthenticationFilter.java:75)
> > [aaa.jar:] > > at > >
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280)
> > at > >
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)
> > at > >
org.ovirt.engine.core.aaa.filters.SessionValidationFilter.doFilter(SessionValidationFilter.java:63)
> > [aaa.jar:] > > at > >
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280)
> > at > >
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)
> > at > >
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:275)
> > at > >
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:161)
> > at > >
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:489)
> > at > >
org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityContextAssociationValve.java:153)
> > at > >
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:155)
> > at > >
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
> > at org.jboss.web.rewrite.RewriteValve.invoke(RewriteValve.java:466) > > at > >
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
> > at > >
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:368)
> > at org.apache.coyote.ajp.AjpProcessor.process(AjpProcessor.java:505) > > at > >
org.apache.coyote.ajp.AjpProtocol$AjpConnectionHandler.process(AjpProtocol.java:445)
> > at > > org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:930) > > at java.lang.Thread.run(Thread.java:744) [rt.jar:1.7.0_51] > > > > I have not changed any password from any of my AD users. > > > > I have removed from my oVirt 3.5 the domain with: > > > > engine-manage-domains delete --domain=siee.local --user=Administrator > > > > And I have removed the domain without problems. But I want to add it > > again > > but I can't. I execute the bellow command, put the password of my > > Administrator domain and I receive the error showed bellow: > > > > engine-manage-domains add --domain=SIEE.LOCAL --provider=ad > > --user=Administrator > > Enter password: > > No user in Directory was found for Administrator@SIEE.LOCAL. Trying > > next > > LDAP > > server in list > > Failure while testing domain siee.local. Details: No user information > > was > > found for user > > > > The password that I use is correct because I can login with user > > Administrator in the domain siee.local through a Windows 7 Enterprise > > client. All this issue comes after my upgrade to oVirt 3.5. Does > > someone > > help me with this problem?. If more info is needed or logs,
----- Original Message ----- the password.. We please
ask
> > me. > > > > Many thanks in advanced, > > > > Juanjo > > > > _______________________________________________ > > Users mailing list > > Users@ovirt.org > > http://lists.ovirt.org/mailman/listinfo/users > > >
Are you sure you use correct password? See[1] 0x18 - This indicates failure to obtain ticket, possibly due to the client providing the wrong password. If you are sure, then please also check AD logs. [1] - http://support.microsoft.com/kb/230476 ----- Original Message -----
From: "Alon Bar-Lev" <alonbl@redhat.com> To: "Juan Jose" <jj197005@gmail.com> Cc: "Ondra Machacek" <omachace@redhat.com>, "Yair Zaslavsky" <yzaslavs@redhat.com>, users@ovirt.org Sent: Tuesday, November 25, 2014 1:49:20 PM Subject: Re: [ovirt-users] Adding domain to oVirt to 3.5 issue
2014-11-25 12:54:10,687 ERROR [org.ovirt.engine.extensions.aaa.builtin.kerberosldap.DirectorySearcher] (ajp--127.0.0.1-8702-5) Failed ldap search server ldap://adserver.siee.local:389 using user juanjo@SIEE.LOCAL due to Authentication Failed. Please verify the username and password.. We should not try the next server
----- Original Message -----
From: "Juan Jose" <jj197005@gmail.com> To: "Ondra Machacek" <omachace@redhat.com>, alonbl@redhat.com, "Yair Zaslavsky" <yzaslavs@redhat.com>, users@ovirt.org Sent: Tuesday, November 25, 2014 2:29:26 PM Subject: Re: [ovirt-users] Adding domain to oVirt to 3.5 issue
Hello Ondra and everybody,
It works with my other user:
engine-manage-domains add --domain=siee.local --provider=ad --user=juanjo --add-permissions Enter password: Successfully added domain siee.local. oVirt Engine restart is required in order for the changes to take place (service ovirt-engine restart). Manage Domains completed successfully
But after restarted ovirt-engine if I try to loging with "juanjo" in the administrator portal and I receive the error "General command validation failure", as you can see in the attached image.
I'm showing below the engine.log lines with the error:
2014-11-25 12:54:10,680 ERROR [org.ovirt.engine.extensions.aaa.builtin.kerberosldap.GSSAPIDirContextAuthenticationStrategy] (ajp--127.0.0.1-8702-5) Kerberos error: Pre-authentication information was invalid (24) 2014-11-25 12:54:10,681 ERROR [org.ovirt.engine.extensions.aaa.builtin.kerberosldap.GSSAPIDirContextAuthenticationStrategy] (ajp--127.0.0.1-8702-5) Authentication Failed. Please verify the username and password. 2014-11-25 12:54:10,687 ERROR [org.ovirt.engine.extensions.aaa.builtin.kerberosldap.DirectorySearcher] (ajp--127.0.0.1-8702-5) Failed ldap search server ldap://adserver.siee.local:389 using user juanjo@SIEE.LOCAL due to Authentication Failed. Please verify the username and password.. We should not try the next server 2014-11-25 12:54:10,688 ERROR [org.ovirt.engine.extensions.aaa.builtin.kerberosldap.LdapBrokerCommandBase] (ajp--127.0.0.1-8702-5) Failed to run command LdapGetAdUserByUserNameCommand. Domain is siee.local. User is juanjo@SIEE.LOCAL. 2014-11-25 12:54:10,689 ERROR [org.ovirt.engine.core.bll.aaa.LoginAdminUserCommand] (ajp--127.0.0.1-8702-5) Error during CanDoActionFailure.: Class: class org.ovirt.engine.core.extensions.mgr.ExtensionInvokeCommandFailedException Input: {Extkey[name=EXTENSION_INVOKE_CONTEXT;type=class org.ovirt.engine.api.extensions.ExtMap;uuid=EXTENSION_INVOKE_CONTEXT[886d2ebb-312a-49ae-9cc3-e1f849834b7d];]={Extkey[name=EXTENSION_INTERFACE_VERSION_MAX;type=class java.lang.Integer;uuid=EXTENSION_INTERFACE_VERSION_MAX[f4cff49f-2717-4901-8ee9-df362446e3e7];]=0, Extkey[name=EXTENSION_LICENSE;type=class java.lang.String;uuid=EXTENSION_LICENSE[8a61ad65-054c-4e31-9c6d-1ca4d60a4c18];]=ASL 2.0, Extkey[name=EXTENSION_HOME_URL;type=class java.lang.String;uuid=EXTENSION_HOME_URL[4ad7a2f4-f969-42d4-b399-72d192e18304];]= http://www.ovirt.org, Extkey[name=EXTENSION_LOCALE;type=class java.lang.String;uuid=EXTENSION_LOCALE[0780b112-0ce0-404a-b85e-8765d778bb29];]=en_US, Extkey[name=EXTENSION_NAME;type=class java.lang.String;uuid=EXTENSION_NAME[651381d3-f54f-4547-bf28-b0b01a103184];]=Kerberos/Ldap Authz (Built-in), Extkey[name=EXTENSION_INTERFACE_VERSION_MIN;type=class java.lang.Integer;uuid=EXTENSION_INTERFACE_VERSION_MIN[2b84fc91-305b-497b-a1d7-d961b9d2ce0b];]=0, Extkey[name=EXTENSION_CONFIGURATION;type=class java.util.Properties;uuid=EXTENSION_CONFIGURATION[2d48ab72-f0a1-4312-b4ae-5068a226b0fc];]=***, Extkey[name=EXTENSION_AUTHOR;type=class java.lang.String;uuid=EXTENSION_AUTHOR[ef242f7a-2dad-4bc5-9aad-e07018b7fbcc];]=The oVirt Project, Extkey[name=AAA_AUTHZ_QUERY_MAX_FILTER_SIZE;type=class java.lang.Integer;uuid=AAA_AUTHZ_QUERY_MAX_FILTER_SIZE[2eb1f541-0f65-44a1-a6e3-014e247595f5];]=100, Extkey[name=EXTENSION_INSTANCE_NAME;type=class java.lang.String;uuid=EXTENSION_INSTANCE_NAME[65c67ff6-aeca-4bd5-a245-8674327f011b];]=siee.local, Extkey[name=EXTENSION_BUILD_INTERFACE_VERSION;type=class java.lang.Integer;uuid=EXTENSION_BUILD_INTERFACE_VERSION[cb479e5a-4b23-46f8-aed3-56a4747a8ab7];]=0, Extkey[name=AAA_AUTHZ_CAPABILITIES;type=class java.lang.Long;uuid=AAA_AUTHZ_CAPABILITIES[6106d1fb-9291-4351-a947-b897b9540a23];]=1, Extkey[name=EXTENSION_CONFIGURATION_SENSITIVE_KEYS;type=interface java.util.Collection;uuid=EXTENSION_CONFIGURATION_SENSITIVE_KEYS[a456efa1-73ff-4204-9f9b-ebff01e35263];]=[], Extkey[name=EXTENSION_GLOBAL_CONTEXT;type=class org.ovirt.engine.api.extensions.ExtMap;uuid=EXTENSION_GLOBAL_CONTEXT[9799e72f-7af6-4cf1-bf08-297bc8903676];]=*skip*, Extkey[name=EXTENSION_VERSION;type=class java.lang.String;uuid=EXTENSION_VERSION[fe35f6a8-8239-4bdb-ab1a-af9f779ce68c];]=N/A, Extkey[name=AAA_AUTHZ_AVAILABLE_NAMESPACES;type=interface java.util.Collection;uuid=AAA_AUTHZ_AVAILABLE_NAMESPACES[6dffa34c-955f-486a-bd35-0a272b45a711];]=[*], Extkey[name=EXTENSION_MANAGER_TRACE_LOG;type=interface org.slf4j.Logger;uuid=EXTENSION_MANAGER_TRACE_LOG[863db666-3ea7-4751-9695-918a3197ad83];]=org.slf4j.impl.Slf4jLogger(org.ovirt.engine.core.extensions.mgr.ExtensionsManager.trace.Kerberos/Ldap Authz (Built-in).siee.local), Extkey[name=EXTENSION_PROVIDES;type=interface java.util.Collection;uuid=EXTENSION_PROVIDES[8cf373a6-65b5-4594-b828-0e275087de91];]=[org.ovirt.engine.api.extensions.aaa.Authz]}, Extkey[name=AAA_AUTHZ_QUERY_FLAGS;type=class java.lang.Integer;uuid=AAA_AUTHZ_QUERY_FLAGS[97d226e9-8d87-49a0-9a7f-af689320907b];]=3, Extkey[name=EXTENSION_INVOKE_COMMAND;type=class org.ovirt.engine.api.extensions.ExtUUID;uuid=EXTENSION_INVOKE_COMMAND[485778ab-bede-4f1a-b823-77b262a2f28d];]=AAA_AUTHZ_FETCH_PRINCIPAL_RECORD[5a5bf9bb-9336-4376-a823-26efe1ba26df], Extkey[name=AAA_AUTHN_AUTH_RECORD;type=class org.ovirt.engine.api.extensions.ExtMap;uuid=AAA_AUTHN_AUTH_RECORD[e9462168-b53b-44ac-9af5-f25e1697173e];]={Extkey[name=AAA_AUTHN_AUTH_RECORD_PRINCIPAL;type=class java.lang.String;uuid=AAA_AUTHN_AUTH_RECORD_PRINCIPAL[c3498f07-11fe-464c-958c-8bd7490b119a];]=juanjo}} Output: {Extkey[name=EXTENSION_INVOKE_RESULT;type=class java.lang.Integer;uuid=EXTENSION_INVOKE_RESULT[0909d91d-8bde-40fb-b6c0-099c772ddd4e];]=2, Extkey[name=AAA_AUTHZ_STATUS;type=class java.lang.Integer;uuid=AAA_AUTHZ_STATUS[566f0ba5-8329-4de1-952a-7a81e4bedd3e];]=1}
at org.ovirt.engine.core.extensions.mgr.ExtensionProxy.invoke(ExtensionProxy.java:91) [extensions-manager.jar:] at org.ovirt.engine.core.extensions.mgr.ExtensionProxy.invoke(ExtensionProxy.java:109) [extensions-manager.jar:] at org.ovirt.engine.core.aaa.AuthzUtils.fetchPrincipalRecordImpl(AuthzUtils.java:51) [aaa.jar:] at org.ovirt.engine.core.aaa.AuthzUtils.fetchPrincipalRecord(AuthzUtils.java:42) [aaa.jar:] at org.ovirt.engine.core.bll.aaa.LoginBaseCommand.isUserCanBeAuthenticated(LoginBaseCommand.java:234) [bll.jar:] at org.ovirt.engine.core.bll.aaa.LoginAdminUserCommand.canDoAction(LoginAdminUserCommand.java:15) [bll.jar:] at org.ovirt.engine.core.bll.CommandBase.internalCanDoAction(CommandBase.java:744) [bll.jar:] at org.ovirt.engine.core.bll.CommandBase.executeAction(CommandBase.java:338) [bll.jar:] at org.ovirt.engine.core.bll.Backend.login(Backend.java:575) [bll.jar:] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.7.0_51] at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) [rt.jar:1.7.0_51] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [rt.jar:1.7.0_51] at java.lang.reflect.Method.invoke(Method.java:606) [rt.jar:1.7.0_51] at org.jboss.as.ee.component.ManagedReferenceMethodInterceptorFactory$ManagedReferenceMethodInterceptor.processInvocation(ManagedReferenceMethodInterceptorFactory.java:72) [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.invocation.InterceptorContext$Invocation.proceed(InterceptorContext.java:374) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.as.weld.ejb.Jsr299BindingsInterceptor.delegateInterception(Jsr299BindingsInterceptor.java:114) [jboss-as-weld-7.1.1.Final.jar:7.1.1.Final] at org.jboss.as.weld.ejb.Jsr299BindingsInterceptor.doMethodInterception(Jsr299BindingsInterceptor.java:125) [jboss-as-weld-7.1.1.Final.jar:7.1.1.Final] at org.jboss.as.weld.ejb.Jsr299BindingsInterceptor.processInvocation(Jsr299BindingsInterceptor.java:135) [jboss-as-weld-7.1.1.Final.jar:7.1.1.Final] at org.jboss.as.ee.component.interceptors.UserInterceptorFactory$1.processInvocation(UserInterceptorFactory.java:36) [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.invocation.InterceptorContext$Invocation.proceed(InterceptorContext.java:374) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.ovirt.engine.core.bll.interceptors.ThreadLocalSessionCleanerInterceptor.injectWebContextToThreadLocal(ThreadLocalSessionCleanerInterceptor.java:13) [bll.jar:] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.7.0_51] at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) [rt.jar:1.7.0_51] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [rt.jar:1.7.0_51] at java.lang.reflect.Method.invoke(Method.java:606) [rt.jar:1.7.0_51] at org.jboss.as.ee.component.ManagedReferenceLifecycleMethodInterceptorFactory$ManagedReferenceLifecycleMethodInterceptor.processInvocation(ManagedReferenceLifecycleMethodInterceptorFactory.java:123) [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.invocation.WeavedInterceptor.processInvocation(WeavedInterceptor.java:53) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.as.ee.component.interceptors.UserInterceptorFactory$1.processInvocation(UserInterceptorFactory.java:36) [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.as.weld.ejb.EjbRequestScopeActivationInterceptor.processInvocation(EjbRequestScopeActivationInterceptor.java:82) [jboss-as-weld-7.1.1.Final.jar:7.1.1.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.invocation.InitialInterceptor.processInvocation(InitialInterceptor.java:21) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.as.ee.component.interceptors.ComponentDispatcherInterceptor.processInvocation(ComponentDispatcherInterceptor.java:53) [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.as.ejb3.component.singleton.SingletonComponentInstanceAssociationInterceptor.processInvocation(SingletonComponentInstanceAssociationInterceptor.java:53) [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.as.ejb3.tx.CMTTxInterceptor.invokeInNoTx(CMTTxInterceptor.java:211) [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] at org.jboss.as.ejb3.tx.CMTTxInterceptor.supports(CMTTxInterceptor.java:363) [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] at org.jboss.as.ejb3.tx.CMTTxInterceptor.processInvocation(CMTTxInterceptor.java:194) [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.as.ejb3.component.interceptors.CurrentInvocationContextInterceptor.processInvocation(CurrentInvocationContextInterceptor.java:41) [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.as.ejb3.component.interceptors.LoggingInterceptor.processInvocation(LoggingInterceptor.java:59) [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.as.ee.component.NamespaceContextInterceptor.processInvocation(NamespaceContextInterceptor.java:50) [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.as.ee.component.TCCLInterceptor.processInvocation(TCCLInterceptor.java:45) [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.as.ee.component.ViewService$View.invoke(ViewService.java:165) [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at org.jboss.as.ee.component.ViewDescription$1.processInvocation(ViewDescription.java:173) [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.as.ee.component.ProxyInvocationHandler.invoke(ProxyInvocationHandler.java:72) [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at org.ovirt.engine.core.common.interfaces.BackendLocal$$$view7.login(Unknown Source) [common.jar:] at org.ovirt.engine.ui.frontend.server.gwt.GenericApiGWTServiceImpl.login(GenericApiGWTServiceImpl.java:183) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.7.0_51] at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) [rt.jar:1.7.0_51] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [rt.jar:1.7.0_51] at java.lang.reflect.Method.invoke(Method.java:606) [rt.jar:1.7.0_51] at com.google.gwt.rpc.server.RPC.invokeAndStreamResponse(RPC.java:196) at com.google.gwt.rpc.server.RpcServlet.processCall(RpcServlet.java:172) at com.google.gwt.rpc.server.RpcServlet.processPost(RpcServlet.java:233) at com.google.gwt.user.server.rpc.AbstractRemoteServiceServlet.doPost(AbstractRemoteServiceServlet.java:62) at javax.servlet.http.HttpServlet.service(HttpServlet.java:754) [jboss-servlet-api_3.0_spec-1.0.0.Final.jar:1.0.0.Final] at javax.servlet.http.HttpServlet.service(HttpServlet.java:847) [jboss-servlet-api_3.0_spec-1.0.0.Final.jar:1.0.0.Final] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:329) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248) at org.ovirt.engine.core.utils.servlet.HeaderFilter.doFilter(HeaderFilter.java:94) [utils.jar:] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248) at org.ovirt.engine.ui.frontend.server.gwt.GwtCachingFilter.doFilter(GwtCachingFilter.java:132) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248) at org.ovirt.engine.core.branding.BrandingFilter.doFilter(BrandingFilter.java:72) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248) at org.ovirt.engine.core.utils.servlet.LocaleFilter.doFilter(LocaleFilter.java:64) [utils.jar:] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248) at org.ovirt.engine.core.aaa.filters.SessionMgmtFilter.doFilter(SessionMgmtFilter.java:31) [aaa.jar:] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248) at org.ovirt.engine.core.aaa.filters.LoginFilter.doFilter(LoginFilter.java:73) [aaa.jar:] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248) at org.ovirt.engine.core.aaa.filters.NegotiationFilter.doFilter(NegotiationFilter.java:131) [aaa.jar:] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248) at org.ovirt.engine.core.aaa.filters.BasicAuthenticationFilter.doFilter(BasicAuthenticationFilter.java:75) [aaa.jar:] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248) at org.ovirt.engine.core.aaa.filters.SessionValidationFilter.doFilter(SessionValidationFilter.java:63) [aaa.jar:] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:275) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:161) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:489) at org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityContextAssociationValve.java:153) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:155) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) at org.jboss.web.rewrite.RewriteValve.invoke(RewriteValve.java:466) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:368) at org.apache.coyote.ajp.AjpProcessor.process(AjpProcessor.java:505) at org.apache.coyote.ajp.AjpProtocol$AjpConnectionHandler.process(AjpProtocol.java:445) at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:930) at java.lang.Thread.run(Thread.java:744) [rt.jar:1.7.0_51]
Could you help me with this problem, please?
Many thanks in advanced,
Juanjo.
On Tue, Nov 25, 2014 at 12:24 PM, Ondra Machacek <omachace@redhat.com> wrote:
Hi,
can you please try different account than Administrator?
From: "Juan Jose" <jj197005@gmail.com> To: omachace@redhat.com, alonbl@redhat.com, "Yair Zaslavsky" < yzaslavs@redhat.com>, users@ovirt.org Sent: Tuesday, November 25, 2014 11:01:13 AM Subject: Re: [ovirt-users] Adding domain to oVirt to 3.5 issue
Hello everybody,
Ondra you are right, I removed the domain. I have already tried to execute the command with lower case the domain name and the result is the same
engine-manage-domains add --domain=siee.local --provider=ad --user=Administrator --add-permissions Enter password: No user in Directory was found for Administrator@SIEE.LOCAL. Trying next LDAP server in list Failure while testing domain siee.local. Details: No user information was found for user
the result to the command psql -U engine -d engine -c "select * from vdc_options where option_name='LDAPSecurityAuthentication'" is:
psql: FATAL: Ident authentication failed for user "engine"
And for second command psql -U engine -d engine -c "update vdc_options set option_value='siee.local:GSSAPI' where option_name='LDAPSecurityAuthentication'", I receive the same response:
psql: FATAL: Ident authentication failed for user "engine"
Is there any problem?
Many thanks in advanced,
Juanjo.
On Mon, Nov 24, 2014 at 1:57 PM, Ondra Machacek <omachace@redhat.com> wrote:
I understood that domain can be deleted, but can't be added, so there won't be needed values to update in vdc_options.
Juanjo - Can you please provide us what's the result of command:
$ psql -U engine -d engine -c "select * from vdc_options where option_name='LDAPSecurityAuthentication'"
If it's empty or if the domain name is upper case or lower case? If it's upper, than please lower case it. $ psql -U engine -d engine -c "update vdc_options set option_value='siee.local:GSSAPI' where option_name='LDAPSecurityAuthentication'"
----- Original Message -----
From: "Alon Bar-Lev" <alonbl@redhat.com> To: "Ondra Machacek" <omachace@redhat.com> Cc: jj197005@gmail.com, users@ovirt.org, "Yair Zaslavsky" < yzaslavs@redhat.com> Sent: Monday, November 24, 2014 1:49:11 PM Subject: Re: [ovirt-users] Adding domain to oVirt to 3.5 issue
----- Original Message ----- > From: "Ondra Machacek" <omachace@redhat.com> > To: jj197005@gmail.com > Cc: users@ovirt.org, "Yair Zaslavsky" <yzaslavs@redhat.com>, > "Alon Bar-Lev" > <alonbl@redhat.com> > Sent: Monday, November 24, 2014 2:46:20 PM > Subject: Re: [ovirt-users] Adding domain to oVirt to 3.5 issue > > Please try to run your command with domain in lower case: > > engine-manage-domains add --domain=siee.local --provider=ad > --user=Administrator
it is already added, won't it simpler to modify the vdc_options?
> > > ----- Original Message ----- > > From: "Alon Bar-Lev" <alonbl@redhat.com> > > To: "Juan Jose" <jj197005@gmail.com> > > Cc: users@ovirt.org, "Yair Zaslavsky" <yzaslavs@redhat.com>, "Ondra > > Machacek" <omachace@redhat.com> > > Sent: Monday, November 24, 2014 1:27:39 PM > > Subject: Re: [ovirt-users] Adding domain to oVirt to 3.5 issue > > > > > > Yes, > > I think we just fixed this[1]. > > We can fix this manually, yair, ondra what is the easiest fix? > > > > BTW: you can also checkout the new ldap provider > > (ovirt-engine-extension-aaa-ldap) in 3.5 which should be much more > > robust[1], I can help you set it up. > > > > [1] https://bugzilla.redhat.com/show_bug.cgi?id=1167211 > > [2] > >
http://gerrit.ovirt.org/gitweb?p=ovirt-engine-extension-aaa-ldap.git;a=blob;...
> > > > ----- Original Message ----- > > > From: "Juan Jose" <jj197005@gmail.com> > > > To: users@ovirt.org > > > Sent: Monday, November 24, 2014 2:22:44 PM > > > Subject: [ovirt-users] Adding domain to oVirt to 3.5 issue > > > > > > Hello everybody, > > > > > > I have upgraded my oVirt 3.4 to 3.5 version without any > > > problem > > > apparently. > > > > > > After finish the upgrade I have tried to login with any of my AD users > > > from > > > my Samba 4, like I used to do in oVirt 3.4 but I received > > > authentication > > > errors as below error: > > > > > > 2014-11-21 14:06:02,681 ERROR > > >
[org.ovirt.engine.extensions.aaa.builtin.kerberosldap.GSSAPIDirContextAuthenticationStrategy]
> > > (ajp--127.0.0.1-8702-3) Kerberos error: Pre-authentication information > > > was > > > invalid (24) > > > 2014-11-21 14:06:02,683 ERROR > > >
[org.ovirt.engine.extensions.aaa.builtin.kerberosldap.GSSAPIDirContextAuthenticationStrategy]
> > > (ajp--127.0.0.1-8702-3) Authentication Failed. Please verify
> > > username > > > and password. > > > 2014-11-21 14:06:02,685 ERROR > > >
[org.ovirt.engine.extensions.aaa.builtin.kerberosldap.DirectorySearcher]
> > > (ajp--127.0.0.1-8702-3) Failed ldap search server > > > ldap://adserver.siee.local:389 using user juanjo@SIEE.LOCAL due to > > > Authentication Failed. Please verify the username and
> > > should > > > not try the next server > > > 2014-11-21 14:06:02,688 ERROR > > >
[org.ovirt.engine.extensions.aaa.builtin.kerberosldap.LdapBrokerCommandBase]
> > > (ajp--127.0.0.1-8702-3) Failed to run command > > > LdapGetAdUserByUserNameCommand. Domain is siee.local. User is > > > juanjo@SIEE.LOCAL. > > > 2014-11-21 14:06:02,690 ERROR > > > [org.ovirt.engine.core.bll.aaa.LoginAdminUserCommand] > > > (ajp--127.0.0.1-8702-3) Error during CanDoActionFailure.: Class: class > > >
org.ovirt.engine.core.extensions.mgr.ExtensionInvokeCommandFailedException
> > > Input: > > > {Extkey[name=EXTENSION_INVOKE_CONTEXT;type=class > > >
org.ovirt.engine.api.extensions.ExtMap;uuid=EXTENSION_INVOKE_CONTEXT[886d2ebb-312a-49ae-9cc3-e1f849834b7d];]={Extkey[name=EXTENSION_INTERFACE_VERSION_MAX;type=class
> > >
java.lang.Integer;uuid=EXTENSION_INTERFACE_VERSION_MAX[f4cff49f-2717-4901-8ee9-df362446e3e7];]=0,
> > > Extkey[name=EXTENSION_LICENSE;type=class > > >
java.lang.String;uuid=EXTENSION_LICENSE[8a61ad65-054c-4e31-9c6d-1ca4d60a4c18];]=ASL
> > > 2.0, Extkey[name=EXTENSION_HOME_URL;type=class > > >
java.lang.String;uuid=EXTENSION_HOME_URL[4ad7a2f4-f969-42d4-b399-72d192e18304];]=
> > > http://www.ovirt.org , > > > Extkey[name=EXTENSION_LOCALE;type=class > > >
java.lang.String;uuid=EXTENSION_LOCALE[0780b112-0ce0-404a-b85e-8765d778bb29];]=en_US,
> > > Extkey[name=EXTENSION_NAME;type=class > > >
java.lang.String;uuid=EXTENSION_NAME[651381d3-f54f-4547-bf28-b0b01a103184];]=Kerberos/Ldap
> > > Authz (Built-in), > > > Extkey[name=EXTENSION_INTERFACE_VERSION_MIN;type=class > > >
java.lang.Integer;uuid=EXTENSION_INTERFACE_VERSION_MIN[2b84fc91-305b-497b-a1d7-d961b9d2ce0b];]=0,
> > > Extkey[name=EXTENSION_CONFIGURATION;type=class > > >
java.util.Properties;uuid=EXTENSION_CONFIGURATION[2d48ab72-f0a1-4312-b4ae-5068a226b0fc];]=***,
> > > Extkey[name=EXTENSION_AUTHOR;type=class > > >
java.lang.String;uuid=EXTENSION_AUTHOR[ef242f7a-2dad-4bc5-9aad-e07018b7fbcc];]=The
> > > oVirt Project, Extkey[name=AAA_AUTHZ_QUERY_MAX_FILTER_SIZE;type=class > > >
java.lang.Integer;uuid=AAA_AUTHZ_QUERY_MAX_FILTER_SIZE[2eb1f541-0f65-44a1-a6e3-014e247595f5];]=100,
> > > Extkey[name=EXTENSION_INSTANCE_NAME;type=class > > >
java.lang.String;uuid=EXTENSION_INSTANCE_NAME[65c67ff6-aeca-4bd5-a245-8674327f011b];]=siee.local,
> > > Extkey[name=EXTENSION_BUILD_INTERFACE_VERSION;type=class > > >
java.lang.Integer;uuid=EXTENSION_BUILD_INTERFACE_VERSION[cb479e5a-4b23-46f8-aed3-56a4747a8ab7];]=0,
> > > Extkey[name=AAA_AUTHZ_CAPABILITIES;type=class > > >
java.lang.Long;uuid=AAA_AUTHZ_CAPABILITIES[6106d1fb-9291-4351-a947-b897b9540a23];]=1,
> > > Extkey[name=EXTENSION_CONFIGURATION_SENSITIVE_KEYS;type=interface > > >
java.util.Collection;uuid=EXTENSION_CONFIGURATION_SENSITIVE_KEYS[a456efa1-73ff-4204-9f9b-ebff01e35263];]=[],
> > > Extkey[name=EXTENSION_GLOBAL_CONTEXT;type=class > > >
org.ovirt.engine.api.extensions.ExtMap;uuid=EXTENSION_GLOBAL_CONTEXT[9799e72f-7af6-4cf1-bf08-297bc8903676];]=*skip*,
> > > Extkey[name=EXTENSION_VERSION;type=class > > >
java.lang.String;uuid=EXTENSION_VERSION[fe35f6a8-8239-4bdb-ab1a-af9f779ce68c];]=N/A,
> > > Extkey[name=AAA_AUTHZ_AVAILABLE_NAMESPACES;type=interface > > >
java.util.Collection;uuid=AAA_AUTHZ_AVAILABLE_NAMESPACES[6dffa34c-955f-486a-bd35-0a272b45a711];]=[*],
> > > Extkey[name=EXTENSION_MANAGER_TRACE_LOG;type=interface > > >
org.slf4j.Logger;uuid=EXTENSION_MANAGER_TRACE_LOG[863db666-3ea7-4751-9695-918a3197ad83];]=org.slf4j.impl.Slf4jLogger(org.ovirt.engine.core.extensions.mgr.ExtensionsManager.trace.Kerberos/Ldap
> > > Authz (Built-in).siee.local), > > > Extkey[name=EXTENSION_PROVIDES;type=interface > > >
java.util.Collection;uuid=EXTENSION_PROVIDES[8cf373a6-65b5-4594-b828-0e275087de91];]=[org.ovirt.engine.api.extensions.aaa.Authz]},
> > > Extkey[name=AAA_AUTHZ_QUERY_FLAGS;type=class > > >
java.lang.Integer;uuid=AAA_AUTHZ_QUERY_FLAGS[97d226e9-8d87-49a0-9a7f-af689320907b];]=3,
> > > Extkey[name=EXTENSION_INVOKE_COMMAND;type=class > > >
org.ovirt.engine.api.extensions.ExtUUID;uuid=EXTENSION_INVOKE_COMMAND[485778ab-bede-4f1a-b823-77b262a2f28d];]=AAA_AUTHZ_FETCH_PRINCIPAL_RECORD[5a5bf9bb-9336-4376-a823-26efe1ba26df],
> > > Extkey[name=AAA_AUTHN_AUTH_RECORD;type=class > > >
org.ovirt.engine.api.extensions.ExtMap;uuid=AAA_AUTHN_AUTH_RECORD[e9462168-b53b-44ac-9af5-f25e1697173e];]={Extkey[name=AAA_AUTHN_AUTH_RECORD_PRINCIPAL;type=class
> > >
java.lang.String;uuid=AAA_AUTHN_AUTH_RECORD_PRINCIPAL[c3498f07-11fe-464c-958c-8bd7490b119a];]=juanjo}}
> > > Output: > > > {Extkey[name=EXTENSION_INVOKE_RESULT;type=class > > >
java.lang.Integer;uuid=EXTENSION_INVOKE_RESULT[0909d91d-8bde-40fb-b6c0-099c772ddd4e];]=2,
> > > Extkey[name=AAA_AUTHZ_STATUS;type=class > > >
java.lang.Integer;uuid=AAA_AUTHZ_STATUS[566f0ba5-8329-4de1-952a-7a81e4bedd3e];]=1}
> > > > > > at > > >
org.ovirt.engine.core.extensions.mgr.ExtensionProxy.invoke(ExtensionProxy.java:91)
> > > [extensions-manager.jar:] > > > at > > >
org.ovirt.engine.core.extensions.mgr.ExtensionProxy.invoke(ExtensionProxy.java:109)
> > > [extensions-manager.jar:] > > > at > > >
org.ovirt.engine.core.aaa.AuthzUtils.fetchPrincipalRecordImpl(AuthzUtils.java:51)
> > > [aaa.jar:] > > > at > > >
org.ovirt.engine.core.aaa.AuthzUtils.fetchPrincipalRecord(AuthzUtils.java:42)
> > > [aaa.jar:] > > > at > > >
org.ovirt.engine.core.bll.aaa.LoginBaseCommand.isUserCanBeAuthenticated(LoginBaseCommand.java:234)
> > > [bll.jar:] > > > at > > >
org.ovirt.engine.core.bll.aaa.LoginAdminUserCommand.canDoAction(LoginAdminUserCommand.java:15)
> > > [bll.jar:] > > > at > > >
org.ovirt.engine.core.bll.CommandBase.internalCanDoAction(CommandBase.java:744)
> > > [bll.jar:] > > > at > > >
org.ovirt.engine.core.bll.CommandBase.executeAction(CommandBase.java:338)
> > > [bll.jar:] > > > at org.ovirt.engine.core.bll.Backend.login(Backend.java:575) [bll.jar:] > > > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native > > > Method) > > > [rt.jar:1.7.0_51] > > > at > > >
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
> > > [rt.jar:1.7.0_51] > > > at > > >
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> > > [rt.jar:1.7.0_51] > > > at java.lang.reflect.Method.invoke(Method.java:606) [rt.jar:1.7.0_51] > > > at > > >
org.jboss.as.ee.component.ManagedReferenceMethodInterceptorFactory$ManagedReferenceMethodInterceptor.processInvocation(ManagedReferenceMethodInterceptorFactory.java:72)
> > > [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] > > > at > > >
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
> > > [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > > > at > > >
org.jboss.invocation.InterceptorContext$Invocation.proceed(InterceptorContext.java:374)
> > > [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > > > at > > >
org.jboss.as.weld.ejb.Jsr299BindingsInterceptor.delegateInterception(Jsr299BindingsInterceptor.java:114)
> > > [jboss-as-weld-7.1.1.Final.jar:7.1.1.Final] > > > at > > >
org.jboss.as.weld.ejb.Jsr299BindingsInterceptor.doMethodInterception(Jsr299BindingsInterceptor.java:125)
> > > [jboss-as-weld-7.1.1.Final.jar:7.1.1.Final] > > > at > > >
org.jboss.as.weld.ejb.Jsr299BindingsInterceptor.processInvocation(Jsr299BindingsInterceptor.java:135)
> > > [jboss-as-weld-7.1.1.Final.jar:7.1.1.Final] > > > at > > >
org.jboss.as.ee.component.interceptors.UserInterceptorFactory$1.processInvocation(UserInterceptorFactory.java:36)
> > > [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] > > > at > > >
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
> > > [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > > > at > > >
org.jboss.invocation.InterceptorContext$Invocation.proceed(InterceptorContext.java:374)
> > > [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > > > at > > >
org.ovirt.engine.core.bll.interceptors.ThreadLocalSessionCleanerInterceptor.injectWebContextToThreadLocal(ThreadLocalSessionCleanerInterceptor.java:13)
> > > [bll.jar:] > > > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native > > > Method) > > > [rt.jar:1.7.0_51] > > > at > > >
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
> > > [rt.jar:1.7.0_51] > > > at > > >
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> > > [rt.jar:1.7.0_51] > > > at java.lang.reflect.Method.invoke(Method.java:606) [rt.jar:1.7.0_51] > > > at > > >
org.jboss.as.ee.component.ManagedReferenceLifecycleMethodInterceptorFactory$ManagedReferenceLifecycleMethodInterceptor.processInvocation(ManagedReferenceLifecycleMethodInterceptorFactory.java:123)
> > > [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] > > > at > > >
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
> > > [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > > > at > > >
org.jboss.invocation.WeavedInterceptor.processInvocation(WeavedInterceptor.java:53)
> > > [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > > > at > > >
org.jboss.as.ee.component.interceptors.UserInterceptorFactory$1.processInvocation(UserInterceptorFactory.java:36)
> > > [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] > > > at > > >
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
> > > [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > > > at > > >
org.jboss.as.weld.ejb.EjbRequestScopeActivationInterceptor.processInvocation(EjbRequestScopeActivationInterceptor.java:82)
> > > [jboss-as-weld-7.1.1.Final.jar:7.1.1.Final] > > > at > > >
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
> > > [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > > > at > > >
org.jboss.invocation.InitialInterceptor.processInvocation(InitialInterceptor.java:21)
> > > [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > > > at > > >
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
> > > [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > > > at > > >
org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61)
> > > [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > > > at > > >
org.jboss.as.ee.component.interceptors.ComponentDispatcherInterceptor.processInvocation(ComponentDispatcherInterceptor.java:53)
> > > [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] > > > at > > >
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
> > > [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > > > at > > >
org.jboss.as.ejb3.component.singleton.SingletonComponentInstanceAssociationInterceptor.processInvocation(SingletonComponentInstanceAssociationInterceptor.java:53)
> > > [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] > > > at > > >
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
> > > [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > > > at > > >
org.jboss.as.ejb3.tx.CMTTxInterceptor.invokeInNoTx(CMTTxInterceptor.java:211)
> > > [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] > > > at > > >
org.jboss.as.ejb3.tx.CMTTxInterceptor.supports(CMTTxInterceptor.java:363)
> > > [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] > > > at > > >
org.jboss.as.ejb3.tx.CMTTxInterceptor.processInvocation(CMTTxInterceptor.java:194)
> > > [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] > > > at > > >
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
> > > [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > > > at > > >
org.jboss.as.ejb3.component.interceptors.CurrentInvocationContextInterceptor.processInvocation(CurrentInvocationContextInterceptor.java:41)
> > > [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] > > > at > > >
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
> > > [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > > > at > > >
org.jboss.as.ejb3.component.interceptors.LoggingInterceptor.processInvocation(LoggingInterceptor.java:59)
> > > [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] > > > at > > >
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
> > > [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > > > at > > >
org.jboss.as.ee.component.NamespaceContextInterceptor.processInvocation(NamespaceContextInterceptor.java:50)
> > > [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] > > > at > > >
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
> > > [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > > > at > > >
org.jboss.as.ee.component.TCCLInterceptor.processInvocation(TCCLInterceptor.java:45)
> > > [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] > > > at > > >
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
> > > [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > > > at > > >
org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61)
> > > [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > > > at > > > org.jboss.as.ee.component.ViewService$View.invoke(ViewService.java:165) > > > [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] > > > at > > >
org.jboss.as.ee.component.ViewDescription$1.processInvocation(ViewDescription.java:173)
> > > [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] > > > at > > >
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
> > > [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > > > at > > >
org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61)
> > > [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > > > at > > >
org.jboss.as.ee.component.ProxyInvocationHandler.invoke(ProxyInvocationHandler.java:72)
> > > [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] > > > at > > >
org.ovirt.engine.core.common.interfaces.BackendLocal$$$view7.login(Unknown
> > > Source) [common.jar:] > > > at > > >
org.ovirt.engine.ui.frontend.server.gwt.GenericApiGWTServiceImpl.login(GenericApiGWTServiceImpl.java:183)
> > > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native > > > Method) > > > [rt.jar:1.7.0_51] > > > at > > >
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
> > > [rt.jar:1.7.0_51] > > > at > > >
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> > > [rt.jar:1.7.0_51] > > > at java.lang.reflect.Method.invoke(Method.java:606) [rt.jar:1.7.0_51] > > > at com.google.gwt.rpc.server.RPC.invokeAndStreamResponse(RPC.java:196) > > > at > > > com.google.gwt.rpc.server.RpcServlet.processCall(RpcServlet.java:172) > > > at > > > com.google.gwt.rpc.server.RpcServlet.processPost(RpcServlet.java:233) > > > at > > >
com.google.gwt.user.server.rpc.AbstractRemoteServiceServlet.doPost(AbstractRemoteServiceServlet.java:62)
> > > at > > > javax.servlet.http.HttpServlet.service(HttpServlet.java:754) > > > [jboss-servlet-api_3.0_spec-1.0.0.Final.jar:1.0.0.Final] > > > at > > > javax.servlet.http.HttpServlet.service(HttpServlet.java:847) > > > [jboss-servlet-api_3.0_spec-1.0.0.Final.jar:1.0.0.Final] > > > at > > >
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:329)
> > > at > > >
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)
> > > at > > >
org.ovirt.engine.core.utils.servlet.HeaderFilter.doFilter(HeaderFilter.java:94)
> > > [utils.jar:] > > > at > > >
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280)
> > > at > > >
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)
> > > at > > >
org.ovirt.engine.ui.frontend.server.gwt.GwtCachingFilter.doFilter(GwtCachingFilter.java:132)
> > > at > > >
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280)
> > > at > > >
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)
> > > at > > >
org.ovirt.engine.core.branding.BrandingFilter.doFilter(BrandingFilter.java:72)
> > > at > > >
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280)
> > > at > > >
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)
> > > at > > >
org.ovirt.engine.core.utils.servlet.LocaleFilter.doFilter(LocaleFilter.java:64)
> > > [utils.jar:] > > > at > > >
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280)
> > > at > > >
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)
> > > at > > >
org.ovirt.engine.core.aaa.filters.SessionMgmtFilter.doFilter(SessionMgmtFilter.java:31)
> > > [aaa.jar:] > > > at > > >
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280)
> > > at > > >
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)
> > > at > > >
org.ovirt.engine.core.aaa.filters.LoginFilter.doFilter(LoginFilter.java:73)
> > > [aaa.jar:] > > > at > > >
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280)
> > > at > > >
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)
> > > at > > >
org.ovirt.engine.core.aaa.filters.NegotiationFilter.doFilter(NegotiationFilter.java:131)
> > > [aaa.jar:] > > > at > > >
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280)
> > > at > > >
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)
> > > at > > >
org.ovirt.engine.core.aaa.filters.BasicAuthenticationFilter.doFilter(BasicAuthenticationFilter.java:75)
> > > [aaa.jar:] > > > at > > >
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280)
> > > at > > >
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)
> > > at > > >
org.ovirt.engine.core.aaa.filters.SessionValidationFilter.doFilter(SessionValidationFilter.java:63)
> > > [aaa.jar:] > > > at > > >
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280)
> > > at > > >
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)
> > > at > > >
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:275)
> > > at > > >
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:161)
> > > at > > >
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:489)
> > > at > > >
org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityContextAssociationValve.java:153)
> > > at > > >
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:155)
> > > at > > >
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
> > > at org.jboss.web.rewrite.RewriteValve.invoke(RewriteValve.java:466) > > > at > > >
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
> > > at > > >
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:368)
> > > at org.apache.coyote.ajp.AjpProcessor.process(AjpProcessor.java:505) > > > at > > >
org.apache.coyote.ajp.AjpProtocol$AjpConnectionHandler.process(AjpProtocol.java:445)
> > > at > > > org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:930) > > > at java.lang.Thread.run(Thread.java:744) [rt.jar:1.7.0_51] > > > > > > I have not changed any password from any of my AD users. > > > > > > I have removed from my oVirt 3.5 the domain with: > > > > > > engine-manage-domains delete --domain=siee.local --user=Administrator > > > > > > And I have removed the domain without problems. But I want to add it > > > again > > > but I can't. I execute the bellow command, put the password > > > of my > > > Administrator domain and I receive the error showed bellow: > > > > > > engine-manage-domains add --domain=SIEE.LOCAL --provider=ad > > > --user=Administrator > > > Enter password: > > > No user in Directory was found for Administrator@SIEE.LOCAL. Trying > > > next > > > LDAP > > > server in list > > > Failure while testing domain siee.local. Details: No user information > > > was > > > found for user > > > > > > The password that I use is correct because I can login with user > > > Administrator in the domain siee.local through a Windows 7 Enterprise > > > client. All this issue comes after my upgrade to oVirt 3.5. Does > > > someone > > > help me with this problem?. If more info is needed or logs,
----- Original Message ----- the password.. We please
ask
> > > me. > > > > > > Many thanks in advanced, > > > > > > Juanjo > > > > > > _______________________________________________ > > > Users mailing list > > > Users@ovirt.org > > > http://lists.ovirt.org/mailman/listinfo/users > > > > > >
Also, can you please try to search within this domain, not only login to it? Does it fail or works good? (in webadmin go to users tab and click add, select your domain and search for users). ----- Original Message -----
From: "Alon Bar-Lev" <alonbl@redhat.com> To: "Juan Jose" <jj197005@gmail.com> Cc: "Ondra Machacek" <omachace@redhat.com>, "Yair Zaslavsky" <yzaslavs@redhat.com>, users@ovirt.org Sent: Tuesday, November 25, 2014 1:49:20 PM Subject: Re: [ovirt-users] Adding domain to oVirt to 3.5 issue
2014-11-25 12:54:10,687 ERROR [org.ovirt.engine.extensions.aaa.builtin.kerberosldap.DirectorySearcher] (ajp--127.0.0.1-8702-5) Failed ldap search server ldap://adserver.siee.local:389 using user juanjo@SIEE.LOCAL due to Authentication Failed. Please verify the username and password.. We should not try the next server
----- Original Message -----
From: "Juan Jose" <jj197005@gmail.com> To: "Ondra Machacek" <omachace@redhat.com>, alonbl@redhat.com, "Yair Zaslavsky" <yzaslavs@redhat.com>, users@ovirt.org Sent: Tuesday, November 25, 2014 2:29:26 PM Subject: Re: [ovirt-users] Adding domain to oVirt to 3.5 issue
Hello Ondra and everybody,
It works with my other user:
engine-manage-domains add --domain=siee.local --provider=ad --user=juanjo --add-permissions Enter password: Successfully added domain siee.local. oVirt Engine restart is required in order for the changes to take place (service ovirt-engine restart). Manage Domains completed successfully
But after restarted ovirt-engine if I try to loging with "juanjo" in the administrator portal and I receive the error "General command validation failure", as you can see in the attached image.
I'm showing below the engine.log lines with the error:
2014-11-25 12:54:10,680 ERROR [org.ovirt.engine.extensions.aaa.builtin.kerberosldap.GSSAPIDirContextAuthenticationStrategy] (ajp--127.0.0.1-8702-5) Kerberos error: Pre-authentication information was invalid (24) 2014-11-25 12:54:10,681 ERROR [org.ovirt.engine.extensions.aaa.builtin.kerberosldap.GSSAPIDirContextAuthenticationStrategy] (ajp--127.0.0.1-8702-5) Authentication Failed. Please verify the username and password. 2014-11-25 12:54:10,687 ERROR [org.ovirt.engine.extensions.aaa.builtin.kerberosldap.DirectorySearcher] (ajp--127.0.0.1-8702-5) Failed ldap search server ldap://adserver.siee.local:389 using user juanjo@SIEE.LOCAL due to Authentication Failed. Please verify the username and password.. We should not try the next server 2014-11-25 12:54:10,688 ERROR [org.ovirt.engine.extensions.aaa.builtin.kerberosldap.LdapBrokerCommandBase] (ajp--127.0.0.1-8702-5) Failed to run command LdapGetAdUserByUserNameCommand. Domain is siee.local. User is juanjo@SIEE.LOCAL. 2014-11-25 12:54:10,689 ERROR [org.ovirt.engine.core.bll.aaa.LoginAdminUserCommand] (ajp--127.0.0.1-8702-5) Error during CanDoActionFailure.: Class: class org.ovirt.engine.core.extensions.mgr.ExtensionInvokeCommandFailedException Input: {Extkey[name=EXTENSION_INVOKE_CONTEXT;type=class org.ovirt.engine.api.extensions.ExtMap;uuid=EXTENSION_INVOKE_CONTEXT[886d2ebb-312a-49ae-9cc3-e1f849834b7d];]={Extkey[name=EXTENSION_INTERFACE_VERSION_MAX;type=class java.lang.Integer;uuid=EXTENSION_INTERFACE_VERSION_MAX[f4cff49f-2717-4901-8ee9-df362446e3e7];]=0, Extkey[name=EXTENSION_LICENSE;type=class java.lang.String;uuid=EXTENSION_LICENSE[8a61ad65-054c-4e31-9c6d-1ca4d60a4c18];]=ASL 2.0, Extkey[name=EXTENSION_HOME_URL;type=class java.lang.String;uuid=EXTENSION_HOME_URL[4ad7a2f4-f969-42d4-b399-72d192e18304];]= http://www.ovirt.org, Extkey[name=EXTENSION_LOCALE;type=class java.lang.String;uuid=EXTENSION_LOCALE[0780b112-0ce0-404a-b85e-8765d778bb29];]=en_US, Extkey[name=EXTENSION_NAME;type=class java.lang.String;uuid=EXTENSION_NAME[651381d3-f54f-4547-bf28-b0b01a103184];]=Kerberos/Ldap Authz (Built-in), Extkey[name=EXTENSION_INTERFACE_VERSION_MIN;type=class java.lang.Integer;uuid=EXTENSION_INTERFACE_VERSION_MIN[2b84fc91-305b-497b-a1d7-d961b9d2ce0b];]=0, Extkey[name=EXTENSION_CONFIGURATION;type=class java.util.Properties;uuid=EXTENSION_CONFIGURATION[2d48ab72-f0a1-4312-b4ae-5068a226b0fc];]=***, Extkey[name=EXTENSION_AUTHOR;type=class java.lang.String;uuid=EXTENSION_AUTHOR[ef242f7a-2dad-4bc5-9aad-e07018b7fbcc];]=The oVirt Project, Extkey[name=AAA_AUTHZ_QUERY_MAX_FILTER_SIZE;type=class java.lang.Integer;uuid=AAA_AUTHZ_QUERY_MAX_FILTER_SIZE[2eb1f541-0f65-44a1-a6e3-014e247595f5];]=100, Extkey[name=EXTENSION_INSTANCE_NAME;type=class java.lang.String;uuid=EXTENSION_INSTANCE_NAME[65c67ff6-aeca-4bd5-a245-8674327f011b];]=siee.local, Extkey[name=EXTENSION_BUILD_INTERFACE_VERSION;type=class java.lang.Integer;uuid=EXTENSION_BUILD_INTERFACE_VERSION[cb479e5a-4b23-46f8-aed3-56a4747a8ab7];]=0, Extkey[name=AAA_AUTHZ_CAPABILITIES;type=class java.lang.Long;uuid=AAA_AUTHZ_CAPABILITIES[6106d1fb-9291-4351-a947-b897b9540a23];]=1, Extkey[name=EXTENSION_CONFIGURATION_SENSITIVE_KEYS;type=interface java.util.Collection;uuid=EXTENSION_CONFIGURATION_SENSITIVE_KEYS[a456efa1-73ff-4204-9f9b-ebff01e35263];]=[], Extkey[name=EXTENSION_GLOBAL_CONTEXT;type=class org.ovirt.engine.api.extensions.ExtMap;uuid=EXTENSION_GLOBAL_CONTEXT[9799e72f-7af6-4cf1-bf08-297bc8903676];]=*skip*, Extkey[name=EXTENSION_VERSION;type=class java.lang.String;uuid=EXTENSION_VERSION[fe35f6a8-8239-4bdb-ab1a-af9f779ce68c];]=N/A, Extkey[name=AAA_AUTHZ_AVAILABLE_NAMESPACES;type=interface java.util.Collection;uuid=AAA_AUTHZ_AVAILABLE_NAMESPACES[6dffa34c-955f-486a-bd35-0a272b45a711];]=[*], Extkey[name=EXTENSION_MANAGER_TRACE_LOG;type=interface org.slf4j.Logger;uuid=EXTENSION_MANAGER_TRACE_LOG[863db666-3ea7-4751-9695-918a3197ad83];]=org.slf4j.impl.Slf4jLogger(org.ovirt.engine.core.extensions.mgr.ExtensionsManager.trace.Kerberos/Ldap Authz (Built-in).siee.local), Extkey[name=EXTENSION_PROVIDES;type=interface java.util.Collection;uuid=EXTENSION_PROVIDES[8cf373a6-65b5-4594-b828-0e275087de91];]=[org.ovirt.engine.api.extensions.aaa.Authz]}, Extkey[name=AAA_AUTHZ_QUERY_FLAGS;type=class java.lang.Integer;uuid=AAA_AUTHZ_QUERY_FLAGS[97d226e9-8d87-49a0-9a7f-af689320907b];]=3, Extkey[name=EXTENSION_INVOKE_COMMAND;type=class org.ovirt.engine.api.extensions.ExtUUID;uuid=EXTENSION_INVOKE_COMMAND[485778ab-bede-4f1a-b823-77b262a2f28d];]=AAA_AUTHZ_FETCH_PRINCIPAL_RECORD[5a5bf9bb-9336-4376-a823-26efe1ba26df], Extkey[name=AAA_AUTHN_AUTH_RECORD;type=class org.ovirt.engine.api.extensions.ExtMap;uuid=AAA_AUTHN_AUTH_RECORD[e9462168-b53b-44ac-9af5-f25e1697173e];]={Extkey[name=AAA_AUTHN_AUTH_RECORD_PRINCIPAL;type=class java.lang.String;uuid=AAA_AUTHN_AUTH_RECORD_PRINCIPAL[c3498f07-11fe-464c-958c-8bd7490b119a];]=juanjo}} Output: {Extkey[name=EXTENSION_INVOKE_RESULT;type=class java.lang.Integer;uuid=EXTENSION_INVOKE_RESULT[0909d91d-8bde-40fb-b6c0-099c772ddd4e];]=2, Extkey[name=AAA_AUTHZ_STATUS;type=class java.lang.Integer;uuid=AAA_AUTHZ_STATUS[566f0ba5-8329-4de1-952a-7a81e4bedd3e];]=1}
at org.ovirt.engine.core.extensions.mgr.ExtensionProxy.invoke(ExtensionProxy.java:91) [extensions-manager.jar:] at org.ovirt.engine.core.extensions.mgr.ExtensionProxy.invoke(ExtensionProxy.java:109) [extensions-manager.jar:] at org.ovirt.engine.core.aaa.AuthzUtils.fetchPrincipalRecordImpl(AuthzUtils.java:51) [aaa.jar:] at org.ovirt.engine.core.aaa.AuthzUtils.fetchPrincipalRecord(AuthzUtils.java:42) [aaa.jar:] at org.ovirt.engine.core.bll.aaa.LoginBaseCommand.isUserCanBeAuthenticated(LoginBaseCommand.java:234) [bll.jar:] at org.ovirt.engine.core.bll.aaa.LoginAdminUserCommand.canDoAction(LoginAdminUserCommand.java:15) [bll.jar:] at org.ovirt.engine.core.bll.CommandBase.internalCanDoAction(CommandBase.java:744) [bll.jar:] at org.ovirt.engine.core.bll.CommandBase.executeAction(CommandBase.java:338) [bll.jar:] at org.ovirt.engine.core.bll.Backend.login(Backend.java:575) [bll.jar:] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.7.0_51] at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) [rt.jar:1.7.0_51] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [rt.jar:1.7.0_51] at java.lang.reflect.Method.invoke(Method.java:606) [rt.jar:1.7.0_51] at org.jboss.as.ee.component.ManagedReferenceMethodInterceptorFactory$ManagedReferenceMethodInterceptor.processInvocation(ManagedReferenceMethodInterceptorFactory.java:72) [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.invocation.InterceptorContext$Invocation.proceed(InterceptorContext.java:374) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.as.weld.ejb.Jsr299BindingsInterceptor.delegateInterception(Jsr299BindingsInterceptor.java:114) [jboss-as-weld-7.1.1.Final.jar:7.1.1.Final] at org.jboss.as.weld.ejb.Jsr299BindingsInterceptor.doMethodInterception(Jsr299BindingsInterceptor.java:125) [jboss-as-weld-7.1.1.Final.jar:7.1.1.Final] at org.jboss.as.weld.ejb.Jsr299BindingsInterceptor.processInvocation(Jsr299BindingsInterceptor.java:135) [jboss-as-weld-7.1.1.Final.jar:7.1.1.Final] at org.jboss.as.ee.component.interceptors.UserInterceptorFactory$1.processInvocation(UserInterceptorFactory.java:36) [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.invocation.InterceptorContext$Invocation.proceed(InterceptorContext.java:374) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.ovirt.engine.core.bll.interceptors.ThreadLocalSessionCleanerInterceptor.injectWebContextToThreadLocal(ThreadLocalSessionCleanerInterceptor.java:13) [bll.jar:] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.7.0_51] at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) [rt.jar:1.7.0_51] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [rt.jar:1.7.0_51] at java.lang.reflect.Method.invoke(Method.java:606) [rt.jar:1.7.0_51] at org.jboss.as.ee.component.ManagedReferenceLifecycleMethodInterceptorFactory$ManagedReferenceLifecycleMethodInterceptor.processInvocation(ManagedReferenceLifecycleMethodInterceptorFactory.java:123) [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.invocation.WeavedInterceptor.processInvocation(WeavedInterceptor.java:53) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.as.ee.component.interceptors.UserInterceptorFactory$1.processInvocation(UserInterceptorFactory.java:36) [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.as.weld.ejb.EjbRequestScopeActivationInterceptor.processInvocation(EjbRequestScopeActivationInterceptor.java:82) [jboss-as-weld-7.1.1.Final.jar:7.1.1.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.invocation.InitialInterceptor.processInvocation(InitialInterceptor.java:21) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.as.ee.component.interceptors.ComponentDispatcherInterceptor.processInvocation(ComponentDispatcherInterceptor.java:53) [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.as.ejb3.component.singleton.SingletonComponentInstanceAssociationInterceptor.processInvocation(SingletonComponentInstanceAssociationInterceptor.java:53) [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.as.ejb3.tx.CMTTxInterceptor.invokeInNoTx(CMTTxInterceptor.java:211) [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] at org.jboss.as.ejb3.tx.CMTTxInterceptor.supports(CMTTxInterceptor.java:363) [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] at org.jboss.as.ejb3.tx.CMTTxInterceptor.processInvocation(CMTTxInterceptor.java:194) [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.as.ejb3.component.interceptors.CurrentInvocationContextInterceptor.processInvocation(CurrentInvocationContextInterceptor.java:41) [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.as.ejb3.component.interceptors.LoggingInterceptor.processInvocation(LoggingInterceptor.java:59) [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.as.ee.component.NamespaceContextInterceptor.processInvocation(NamespaceContextInterceptor.java:50) [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.as.ee.component.TCCLInterceptor.processInvocation(TCCLInterceptor.java:45) [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.as.ee.component.ViewService$View.invoke(ViewService.java:165) [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at org.jboss.as.ee.component.ViewDescription$1.processInvocation(ViewDescription.java:173) [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.as.ee.component.ProxyInvocationHandler.invoke(ProxyInvocationHandler.java:72) [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at org.ovirt.engine.core.common.interfaces.BackendLocal$$$view7.login(Unknown Source) [common.jar:] at org.ovirt.engine.ui.frontend.server.gwt.GenericApiGWTServiceImpl.login(GenericApiGWTServiceImpl.java:183) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.7.0_51] at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) [rt.jar:1.7.0_51] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [rt.jar:1.7.0_51] at java.lang.reflect.Method.invoke(Method.java:606) [rt.jar:1.7.0_51] at com.google.gwt.rpc.server.RPC.invokeAndStreamResponse(RPC.java:196) at com.google.gwt.rpc.server.RpcServlet.processCall(RpcServlet.java:172) at com.google.gwt.rpc.server.RpcServlet.processPost(RpcServlet.java:233) at com.google.gwt.user.server.rpc.AbstractRemoteServiceServlet.doPost(AbstractRemoteServiceServlet.java:62) at javax.servlet.http.HttpServlet.service(HttpServlet.java:754) [jboss-servlet-api_3.0_spec-1.0.0.Final.jar:1.0.0.Final] at javax.servlet.http.HttpServlet.service(HttpServlet.java:847) [jboss-servlet-api_3.0_spec-1.0.0.Final.jar:1.0.0.Final] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:329) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248) at org.ovirt.engine.core.utils.servlet.HeaderFilter.doFilter(HeaderFilter.java:94) [utils.jar:] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248) at org.ovirt.engine.ui.frontend.server.gwt.GwtCachingFilter.doFilter(GwtCachingFilter.java:132) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248) at org.ovirt.engine.core.branding.BrandingFilter.doFilter(BrandingFilter.java:72) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248) at org.ovirt.engine.core.utils.servlet.LocaleFilter.doFilter(LocaleFilter.java:64) [utils.jar:] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248) at org.ovirt.engine.core.aaa.filters.SessionMgmtFilter.doFilter(SessionMgmtFilter.java:31) [aaa.jar:] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248) at org.ovirt.engine.core.aaa.filters.LoginFilter.doFilter(LoginFilter.java:73) [aaa.jar:] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248) at org.ovirt.engine.core.aaa.filters.NegotiationFilter.doFilter(NegotiationFilter.java:131) [aaa.jar:] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248) at org.ovirt.engine.core.aaa.filters.BasicAuthenticationFilter.doFilter(BasicAuthenticationFilter.java:75) [aaa.jar:] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248) at org.ovirt.engine.core.aaa.filters.SessionValidationFilter.doFilter(SessionValidationFilter.java:63) [aaa.jar:] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:275) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:161) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:489) at org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityContextAssociationValve.java:153) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:155) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) at org.jboss.web.rewrite.RewriteValve.invoke(RewriteValve.java:466) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:368) at org.apache.coyote.ajp.AjpProcessor.process(AjpProcessor.java:505) at org.apache.coyote.ajp.AjpProtocol$AjpConnectionHandler.process(AjpProtocol.java:445) at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:930) at java.lang.Thread.run(Thread.java:744) [rt.jar:1.7.0_51]
Could you help me with this problem, please?
Many thanks in advanced,
Juanjo.
On Tue, Nov 25, 2014 at 12:24 PM, Ondra Machacek <omachace@redhat.com> wrote:
Hi,
can you please try different account than Administrator?
From: "Juan Jose" <jj197005@gmail.com> To: omachace@redhat.com, alonbl@redhat.com, "Yair Zaslavsky" < yzaslavs@redhat.com>, users@ovirt.org Sent: Tuesday, November 25, 2014 11:01:13 AM Subject: Re: [ovirt-users] Adding domain to oVirt to 3.5 issue
Hello everybody,
Ondra you are right, I removed the domain. I have already tried to execute the command with lower case the domain name and the result is the same
engine-manage-domains add --domain=siee.local --provider=ad --user=Administrator --add-permissions Enter password: No user in Directory was found for Administrator@SIEE.LOCAL. Trying next LDAP server in list Failure while testing domain siee.local. Details: No user information was found for user
the result to the command psql -U engine -d engine -c "select * from vdc_options where option_name='LDAPSecurityAuthentication'" is:
psql: FATAL: Ident authentication failed for user "engine"
And for second command psql -U engine -d engine -c "update vdc_options set option_value='siee.local:GSSAPI' where option_name='LDAPSecurityAuthentication'", I receive the same response:
psql: FATAL: Ident authentication failed for user "engine"
Is there any problem?
Many thanks in advanced,
Juanjo.
On Mon, Nov 24, 2014 at 1:57 PM, Ondra Machacek <omachace@redhat.com> wrote:
I understood that domain can be deleted, but can't be added, so there won't be needed values to update in vdc_options.
Juanjo - Can you please provide us what's the result of command:
$ psql -U engine -d engine -c "select * from vdc_options where option_name='LDAPSecurityAuthentication'"
If it's empty or if the domain name is upper case or lower case? If it's upper, than please lower case it. $ psql -U engine -d engine -c "update vdc_options set option_value='siee.local:GSSAPI' where option_name='LDAPSecurityAuthentication'"
----- Original Message -----
From: "Alon Bar-Lev" <alonbl@redhat.com> To: "Ondra Machacek" <omachace@redhat.com> Cc: jj197005@gmail.com, users@ovirt.org, "Yair Zaslavsky" < yzaslavs@redhat.com> Sent: Monday, November 24, 2014 1:49:11 PM Subject: Re: [ovirt-users] Adding domain to oVirt to 3.5 issue
----- Original Message ----- > From: "Ondra Machacek" <omachace@redhat.com> > To: jj197005@gmail.com > Cc: users@ovirt.org, "Yair Zaslavsky" <yzaslavs@redhat.com>, > "Alon Bar-Lev" > <alonbl@redhat.com> > Sent: Monday, November 24, 2014 2:46:20 PM > Subject: Re: [ovirt-users] Adding domain to oVirt to 3.5 issue > > Please try to run your command with domain in lower case: > > engine-manage-domains add --domain=siee.local --provider=ad > --user=Administrator
it is already added, won't it simpler to modify the vdc_options?
> > > ----- Original Message ----- > > From: "Alon Bar-Lev" <alonbl@redhat.com> > > To: "Juan Jose" <jj197005@gmail.com> > > Cc: users@ovirt.org, "Yair Zaslavsky" <yzaslavs@redhat.com>, "Ondra > > Machacek" <omachace@redhat.com> > > Sent: Monday, November 24, 2014 1:27:39 PM > > Subject: Re: [ovirt-users] Adding domain to oVirt to 3.5 issue > > > > > > Yes, > > I think we just fixed this[1]. > > We can fix this manually, yair, ondra what is the easiest fix? > > > > BTW: you can also checkout the new ldap provider > > (ovirt-engine-extension-aaa-ldap) in 3.5 which should be much more > > robust[1], I can help you set it up. > > > > [1] https://bugzilla.redhat.com/show_bug.cgi?id=1167211 > > [2] > >
http://gerrit.ovirt.org/gitweb?p=ovirt-engine-extension-aaa-ldap.git;a=blob;...
> > > > ----- Original Message ----- > > > From: "Juan Jose" <jj197005@gmail.com> > > > To: users@ovirt.org > > > Sent: Monday, November 24, 2014 2:22:44 PM > > > Subject: [ovirt-users] Adding domain to oVirt to 3.5 issue > > > > > > Hello everybody, > > > > > > I have upgraded my oVirt 3.4 to 3.5 version without any > > > problem > > > apparently. > > > > > > After finish the upgrade I have tried to login with any of my AD users > > > from > > > my Samba 4, like I used to do in oVirt 3.4 but I received > > > authentication > > > errors as below error: > > > > > > 2014-11-21 14:06:02,681 ERROR > > >
[org.ovirt.engine.extensions.aaa.builtin.kerberosldap.GSSAPIDirContextAuthenticationStrategy]
> > > (ajp--127.0.0.1-8702-3) Kerberos error: Pre-authentication information > > > was > > > invalid (24) > > > 2014-11-21 14:06:02,683 ERROR > > >
[org.ovirt.engine.extensions.aaa.builtin.kerberosldap.GSSAPIDirContextAuthenticationStrategy]
> > > (ajp--127.0.0.1-8702-3) Authentication Failed. Please verify
> > > username > > > and password. > > > 2014-11-21 14:06:02,685 ERROR > > >
[org.ovirt.engine.extensions.aaa.builtin.kerberosldap.DirectorySearcher]
> > > (ajp--127.0.0.1-8702-3) Failed ldap search server > > > ldap://adserver.siee.local:389 using user juanjo@SIEE.LOCAL due to > > > Authentication Failed. Please verify the username and
> > > should > > > not try the next server > > > 2014-11-21 14:06:02,688 ERROR > > >
[org.ovirt.engine.extensions.aaa.builtin.kerberosldap.LdapBrokerCommandBase]
> > > (ajp--127.0.0.1-8702-3) Failed to run command > > > LdapGetAdUserByUserNameCommand. Domain is siee.local. User is > > > juanjo@SIEE.LOCAL. > > > 2014-11-21 14:06:02,690 ERROR > > > [org.ovirt.engine.core.bll.aaa.LoginAdminUserCommand] > > > (ajp--127.0.0.1-8702-3) Error during CanDoActionFailure.: Class: class > > >
org.ovirt.engine.core.extensions.mgr.ExtensionInvokeCommandFailedException
> > > Input: > > > {Extkey[name=EXTENSION_INVOKE_CONTEXT;type=class > > >
org.ovirt.engine.api.extensions.ExtMap;uuid=EXTENSION_INVOKE_CONTEXT[886d2ebb-312a-49ae-9cc3-e1f849834b7d];]={Extkey[name=EXTENSION_INTERFACE_VERSION_MAX;type=class
> > >
java.lang.Integer;uuid=EXTENSION_INTERFACE_VERSION_MAX[f4cff49f-2717-4901-8ee9-df362446e3e7];]=0,
> > > Extkey[name=EXTENSION_LICENSE;type=class > > >
java.lang.String;uuid=EXTENSION_LICENSE[8a61ad65-054c-4e31-9c6d-1ca4d60a4c18];]=ASL
> > > 2.0, Extkey[name=EXTENSION_HOME_URL;type=class > > >
java.lang.String;uuid=EXTENSION_HOME_URL[4ad7a2f4-f969-42d4-b399-72d192e18304];]=
> > > http://www.ovirt.org , > > > Extkey[name=EXTENSION_LOCALE;type=class > > >
java.lang.String;uuid=EXTENSION_LOCALE[0780b112-0ce0-404a-b85e-8765d778bb29];]=en_US,
> > > Extkey[name=EXTENSION_NAME;type=class > > >
java.lang.String;uuid=EXTENSION_NAME[651381d3-f54f-4547-bf28-b0b01a103184];]=Kerberos/Ldap
> > > Authz (Built-in), > > > Extkey[name=EXTENSION_INTERFACE_VERSION_MIN;type=class > > >
java.lang.Integer;uuid=EXTENSION_INTERFACE_VERSION_MIN[2b84fc91-305b-497b-a1d7-d961b9d2ce0b];]=0,
> > > Extkey[name=EXTENSION_CONFIGURATION;type=class > > >
java.util.Properties;uuid=EXTENSION_CONFIGURATION[2d48ab72-f0a1-4312-b4ae-5068a226b0fc];]=***,
> > > Extkey[name=EXTENSION_AUTHOR;type=class > > >
java.lang.String;uuid=EXTENSION_AUTHOR[ef242f7a-2dad-4bc5-9aad-e07018b7fbcc];]=The
> > > oVirt Project, Extkey[name=AAA_AUTHZ_QUERY_MAX_FILTER_SIZE;type=class > > >
java.lang.Integer;uuid=AAA_AUTHZ_QUERY_MAX_FILTER_SIZE[2eb1f541-0f65-44a1-a6e3-014e247595f5];]=100,
> > > Extkey[name=EXTENSION_INSTANCE_NAME;type=class > > >
java.lang.String;uuid=EXTENSION_INSTANCE_NAME[65c67ff6-aeca-4bd5-a245-8674327f011b];]=siee.local,
> > > Extkey[name=EXTENSION_BUILD_INTERFACE_VERSION;type=class > > >
java.lang.Integer;uuid=EXTENSION_BUILD_INTERFACE_VERSION[cb479e5a-4b23-46f8-aed3-56a4747a8ab7];]=0,
> > > Extkey[name=AAA_AUTHZ_CAPABILITIES;type=class > > >
java.lang.Long;uuid=AAA_AUTHZ_CAPABILITIES[6106d1fb-9291-4351-a947-b897b9540a23];]=1,
> > > Extkey[name=EXTENSION_CONFIGURATION_SENSITIVE_KEYS;type=interface > > >
java.util.Collection;uuid=EXTENSION_CONFIGURATION_SENSITIVE_KEYS[a456efa1-73ff-4204-9f9b-ebff01e35263];]=[],
> > > Extkey[name=EXTENSION_GLOBAL_CONTEXT;type=class > > >
org.ovirt.engine.api.extensions.ExtMap;uuid=EXTENSION_GLOBAL_CONTEXT[9799e72f-7af6-4cf1-bf08-297bc8903676];]=*skip*,
> > > Extkey[name=EXTENSION_VERSION;type=class > > >
java.lang.String;uuid=EXTENSION_VERSION[fe35f6a8-8239-4bdb-ab1a-af9f779ce68c];]=N/A,
> > > Extkey[name=AAA_AUTHZ_AVAILABLE_NAMESPACES;type=interface > > >
java.util.Collection;uuid=AAA_AUTHZ_AVAILABLE_NAMESPACES[6dffa34c-955f-486a-bd35-0a272b45a711];]=[*],
> > > Extkey[name=EXTENSION_MANAGER_TRACE_LOG;type=interface > > >
org.slf4j.Logger;uuid=EXTENSION_MANAGER_TRACE_LOG[863db666-3ea7-4751-9695-918a3197ad83];]=org.slf4j.impl.Slf4jLogger(org.ovirt.engine.core.extensions.mgr.ExtensionsManager.trace.Kerberos/Ldap
> > > Authz (Built-in).siee.local), > > > Extkey[name=EXTENSION_PROVIDES;type=interface > > >
java.util.Collection;uuid=EXTENSION_PROVIDES[8cf373a6-65b5-4594-b828-0e275087de91];]=[org.ovirt.engine.api.extensions.aaa.Authz]},
> > > Extkey[name=AAA_AUTHZ_QUERY_FLAGS;type=class > > >
java.lang.Integer;uuid=AAA_AUTHZ_QUERY_FLAGS[97d226e9-8d87-49a0-9a7f-af689320907b];]=3,
> > > Extkey[name=EXTENSION_INVOKE_COMMAND;type=class > > >
org.ovirt.engine.api.extensions.ExtUUID;uuid=EXTENSION_INVOKE_COMMAND[485778ab-bede-4f1a-b823-77b262a2f28d];]=AAA_AUTHZ_FETCH_PRINCIPAL_RECORD[5a5bf9bb-9336-4376-a823-26efe1ba26df],
> > > Extkey[name=AAA_AUTHN_AUTH_RECORD;type=class > > >
org.ovirt.engine.api.extensions.ExtMap;uuid=AAA_AUTHN_AUTH_RECORD[e9462168-b53b-44ac-9af5-f25e1697173e];]={Extkey[name=AAA_AUTHN_AUTH_RECORD_PRINCIPAL;type=class
> > >
java.lang.String;uuid=AAA_AUTHN_AUTH_RECORD_PRINCIPAL[c3498f07-11fe-464c-958c-8bd7490b119a];]=juanjo}}
> > > Output: > > > {Extkey[name=EXTENSION_INVOKE_RESULT;type=class > > >
java.lang.Integer;uuid=EXTENSION_INVOKE_RESULT[0909d91d-8bde-40fb-b6c0-099c772ddd4e];]=2,
> > > Extkey[name=AAA_AUTHZ_STATUS;type=class > > >
java.lang.Integer;uuid=AAA_AUTHZ_STATUS[566f0ba5-8329-4de1-952a-7a81e4bedd3e];]=1}
> > > > > > at > > >
org.ovirt.engine.core.extensions.mgr.ExtensionProxy.invoke(ExtensionProxy.java:91)
> > > [extensions-manager.jar:] > > > at > > >
org.ovirt.engine.core.extensions.mgr.ExtensionProxy.invoke(ExtensionProxy.java:109)
> > > [extensions-manager.jar:] > > > at > > >
org.ovirt.engine.core.aaa.AuthzUtils.fetchPrincipalRecordImpl(AuthzUtils.java:51)
> > > [aaa.jar:] > > > at > > >
org.ovirt.engine.core.aaa.AuthzUtils.fetchPrincipalRecord(AuthzUtils.java:42)
> > > [aaa.jar:] > > > at > > >
org.ovirt.engine.core.bll.aaa.LoginBaseCommand.isUserCanBeAuthenticated(LoginBaseCommand.java:234)
> > > [bll.jar:] > > > at > > >
org.ovirt.engine.core.bll.aaa.LoginAdminUserCommand.canDoAction(LoginAdminUserCommand.java:15)
> > > [bll.jar:] > > > at > > >
org.ovirt.engine.core.bll.CommandBase.internalCanDoAction(CommandBase.java:744)
> > > [bll.jar:] > > > at > > >
org.ovirt.engine.core.bll.CommandBase.executeAction(CommandBase.java:338)
> > > [bll.jar:] > > > at org.ovirt.engine.core.bll.Backend.login(Backend.java:575) [bll.jar:] > > > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native > > > Method) > > > [rt.jar:1.7.0_51] > > > at > > >
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
> > > [rt.jar:1.7.0_51] > > > at > > >
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> > > [rt.jar:1.7.0_51] > > > at java.lang.reflect.Method.invoke(Method.java:606) [rt.jar:1.7.0_51] > > > at > > >
org.jboss.as.ee.component.ManagedReferenceMethodInterceptorFactory$ManagedReferenceMethodInterceptor.processInvocation(ManagedReferenceMethodInterceptorFactory.java:72)
> > > [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] > > > at > > >
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
> > > [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > > > at > > >
org.jboss.invocation.InterceptorContext$Invocation.proceed(InterceptorContext.java:374)
> > > [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > > > at > > >
org.jboss.as.weld.ejb.Jsr299BindingsInterceptor.delegateInterception(Jsr299BindingsInterceptor.java:114)
> > > [jboss-as-weld-7.1.1.Final.jar:7.1.1.Final] > > > at > > >
org.jboss.as.weld.ejb.Jsr299BindingsInterceptor.doMethodInterception(Jsr299BindingsInterceptor.java:125)
> > > [jboss-as-weld-7.1.1.Final.jar:7.1.1.Final] > > > at > > >
org.jboss.as.weld.ejb.Jsr299BindingsInterceptor.processInvocation(Jsr299BindingsInterceptor.java:135)
> > > [jboss-as-weld-7.1.1.Final.jar:7.1.1.Final] > > > at > > >
org.jboss.as.ee.component.interceptors.UserInterceptorFactory$1.processInvocation(UserInterceptorFactory.java:36)
> > > [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] > > > at > > >
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
> > > [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > > > at > > >
org.jboss.invocation.InterceptorContext$Invocation.proceed(InterceptorContext.java:374)
> > > [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > > > at > > >
org.ovirt.engine.core.bll.interceptors.ThreadLocalSessionCleanerInterceptor.injectWebContextToThreadLocal(ThreadLocalSessionCleanerInterceptor.java:13)
> > > [bll.jar:] > > > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native > > > Method) > > > [rt.jar:1.7.0_51] > > > at > > >
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
> > > [rt.jar:1.7.0_51] > > > at > > >
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> > > [rt.jar:1.7.0_51] > > > at java.lang.reflect.Method.invoke(Method.java:606) [rt.jar:1.7.0_51] > > > at > > >
org.jboss.as.ee.component.ManagedReferenceLifecycleMethodInterceptorFactory$ManagedReferenceLifecycleMethodInterceptor.processInvocation(ManagedReferenceLifecycleMethodInterceptorFactory.java:123)
> > > [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] > > > at > > >
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
> > > [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > > > at > > >
org.jboss.invocation.WeavedInterceptor.processInvocation(WeavedInterceptor.java:53)
> > > [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > > > at > > >
org.jboss.as.ee.component.interceptors.UserInterceptorFactory$1.processInvocation(UserInterceptorFactory.java:36)
> > > [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] > > > at > > >
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
> > > [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > > > at > > >
org.jboss.as.weld.ejb.EjbRequestScopeActivationInterceptor.processInvocation(EjbRequestScopeActivationInterceptor.java:82)
> > > [jboss-as-weld-7.1.1.Final.jar:7.1.1.Final] > > > at > > >
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
> > > [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > > > at > > >
org.jboss.invocation.InitialInterceptor.processInvocation(InitialInterceptor.java:21)
> > > [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > > > at > > >
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
> > > [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > > > at > > >
org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61)
> > > [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > > > at > > >
org.jboss.as.ee.component.interceptors.ComponentDispatcherInterceptor.processInvocation(ComponentDispatcherInterceptor.java:53)
> > > [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] > > > at > > >
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
> > > [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > > > at > > >
org.jboss.as.ejb3.component.singleton.SingletonComponentInstanceAssociationInterceptor.processInvocation(SingletonComponentInstanceAssociationInterceptor.java:53)
> > > [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] > > > at > > >
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
> > > [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > > > at > > >
org.jboss.as.ejb3.tx.CMTTxInterceptor.invokeInNoTx(CMTTxInterceptor.java:211)
> > > [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] > > > at > > >
org.jboss.as.ejb3.tx.CMTTxInterceptor.supports(CMTTxInterceptor.java:363)
> > > [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] > > > at > > >
org.jboss.as.ejb3.tx.CMTTxInterceptor.processInvocation(CMTTxInterceptor.java:194)
> > > [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] > > > at > > >
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
> > > [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > > > at > > >
org.jboss.as.ejb3.component.interceptors.CurrentInvocationContextInterceptor.processInvocation(CurrentInvocationContextInterceptor.java:41)
> > > [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] > > > at > > >
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
> > > [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > > > at > > >
org.jboss.as.ejb3.component.interceptors.LoggingInterceptor.processInvocation(LoggingInterceptor.java:59)
> > > [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] > > > at > > >
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
> > > [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > > > at > > >
org.jboss.as.ee.component.NamespaceContextInterceptor.processInvocation(NamespaceContextInterceptor.java:50)
> > > [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] > > > at > > >
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
> > > [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > > > at > > >
org.jboss.as.ee.component.TCCLInterceptor.processInvocation(TCCLInterceptor.java:45)
> > > [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] > > > at > > >
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
> > > [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > > > at > > >
org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61)
> > > [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > > > at > > > org.jboss.as.ee.component.ViewService$View.invoke(ViewService.java:165) > > > [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] > > > at > > >
org.jboss.as.ee.component.ViewDescription$1.processInvocation(ViewDescription.java:173)
> > > [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] > > > at > > >
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
> > > [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > > > at > > >
org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61)
> > > [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > > > at > > >
org.jboss.as.ee.component.ProxyInvocationHandler.invoke(ProxyInvocationHandler.java:72)
> > > [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] > > > at > > >
org.ovirt.engine.core.common.interfaces.BackendLocal$$$view7.login(Unknown
> > > Source) [common.jar:] > > > at > > >
org.ovirt.engine.ui.frontend.server.gwt.GenericApiGWTServiceImpl.login(GenericApiGWTServiceImpl.java:183)
> > > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native > > > Method) > > > [rt.jar:1.7.0_51] > > > at > > >
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
> > > [rt.jar:1.7.0_51] > > > at > > >
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> > > [rt.jar:1.7.0_51] > > > at java.lang.reflect.Method.invoke(Method.java:606) [rt.jar:1.7.0_51] > > > at com.google.gwt.rpc.server.RPC.invokeAndStreamResponse(RPC.java:196) > > > at > > > com.google.gwt.rpc.server.RpcServlet.processCall(RpcServlet.java:172) > > > at > > > com.google.gwt.rpc.server.RpcServlet.processPost(RpcServlet.java:233) > > > at > > >
com.google.gwt.user.server.rpc.AbstractRemoteServiceServlet.doPost(AbstractRemoteServiceServlet.java:62)
> > > at > > > javax.servlet.http.HttpServlet.service(HttpServlet.java:754) > > > [jboss-servlet-api_3.0_spec-1.0.0.Final.jar:1.0.0.Final] > > > at > > > javax.servlet.http.HttpServlet.service(HttpServlet.java:847) > > > [jboss-servlet-api_3.0_spec-1.0.0.Final.jar:1.0.0.Final] > > > at > > >
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:329)
> > > at > > >
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)
> > > at > > >
org.ovirt.engine.core.utils.servlet.HeaderFilter.doFilter(HeaderFilter.java:94)
> > > [utils.jar:] > > > at > > >
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280)
> > > at > > >
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)
> > > at > > >
org.ovirt.engine.ui.frontend.server.gwt.GwtCachingFilter.doFilter(GwtCachingFilter.java:132)
> > > at > > >
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280)
> > > at > > >
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)
> > > at > > >
org.ovirt.engine.core.branding.BrandingFilter.doFilter(BrandingFilter.java:72)
> > > at > > >
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280)
> > > at > > >
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)
> > > at > > >
org.ovirt.engine.core.utils.servlet.LocaleFilter.doFilter(LocaleFilter.java:64)
> > > [utils.jar:] > > > at > > >
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280)
> > > at > > >
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)
> > > at > > >
org.ovirt.engine.core.aaa.filters.SessionMgmtFilter.doFilter(SessionMgmtFilter.java:31)
> > > [aaa.jar:] > > > at > > >
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280)
> > > at > > >
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)
> > > at > > >
org.ovirt.engine.core.aaa.filters.LoginFilter.doFilter(LoginFilter.java:73)
> > > [aaa.jar:] > > > at > > >
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280)
> > > at > > >
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)
> > > at > > >
org.ovirt.engine.core.aaa.filters.NegotiationFilter.doFilter(NegotiationFilter.java:131)
> > > [aaa.jar:] > > > at > > >
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280)
> > > at > > >
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)
> > > at > > >
org.ovirt.engine.core.aaa.filters.BasicAuthenticationFilter.doFilter(BasicAuthenticationFilter.java:75)
> > > [aaa.jar:] > > > at > > >
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280)
> > > at > > >
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)
> > > at > > >
org.ovirt.engine.core.aaa.filters.SessionValidationFilter.doFilter(SessionValidationFilter.java:63)
> > > [aaa.jar:] > > > at > > >
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280)
> > > at > > >
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)
> > > at > > >
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:275)
> > > at > > >
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:161)
> > > at > > >
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:489)
> > > at > > >
org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityContextAssociationValve.java:153)
> > > at > > >
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:155)
> > > at > > >
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
> > > at org.jboss.web.rewrite.RewriteValve.invoke(RewriteValve.java:466) > > > at > > >
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
> > > at > > >
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:368)
> > > at org.apache.coyote.ajp.AjpProcessor.process(AjpProcessor.java:505) > > > at > > >
org.apache.coyote.ajp.AjpProtocol$AjpConnectionHandler.process(AjpProtocol.java:445)
> > > at > > > org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:930) > > > at java.lang.Thread.run(Thread.java:744) [rt.jar:1.7.0_51] > > > > > > I have not changed any password from any of my AD users. > > > > > > I have removed from my oVirt 3.5 the domain with: > > > > > > engine-manage-domains delete --domain=siee.local --user=Administrator > > > > > > And I have removed the domain without problems. But I want to add it > > > again > > > but I can't. I execute the bellow command, put the password > > > of my > > > Administrator domain and I receive the error showed bellow: > > > > > > engine-manage-domains add --domain=SIEE.LOCAL --provider=ad > > > --user=Administrator > > > Enter password: > > > No user in Directory was found for Administrator@SIEE.LOCAL. Trying > > > next > > > LDAP > > > server in list > > > Failure while testing domain siee.local. Details: No user information > > > was > > > found for user > > > > > > The password that I use is correct because I can login with user > > > Administrator in the domain siee.local through a Windows 7 Enterprise > > > client. All this issue comes after my upgrade to oVirt 3.5. Does > > > someone > > > help me with this problem?. If more info is needed or logs,
----- Original Message ----- the password.. We please
ask
> > > me. > > > > > > Many thanks in advanced, > > > > > > Juanjo > > > > > > _______________________________________________ > > > Users mailing list > > > Users@ovirt.org > > > http://lists.ovirt.org/mailman/listinfo/users > > > > > >
Hello again, Yes the password is correct, I can login in a Windows machine to my domain siee.local with the user Juanjo. Moreover I have chanbged this user password to simpler one and the result is the same. I have logged in administration portal with internal admin user and I try to navigate through the domain to find user to assign some user in a VM but nothing is showed as you can see in the attached screen image and any error is faced in administration portal, but the /var/log/ovirt-engine/engine.log show this: 2014-11-25 17:02:05,355 ERROR [org.ovirt.engine.extensions.aaa.builtin.kerberosldap.GSSAPIDirContextAuthenticationStrategy] (ajp--127.0.0.1-8702-5) Kerberos error: Pre-authentication information was invalid (24) 2014-11-25 17:02:05,356 ERROR [org.ovirt.engine.extensions.aaa.builtin.kerberosldap.GSSAPIDirContextAuthenticationStrategy] (ajp--127.0.0.1-8702-5) Authentication Failed. Please verify the username and password. 2014-11-25 17:02:05,357 ERROR [org.ovirt.engine.extensions.aaa.builtin.kerberosldap.DirectorySearcher] (ajp--127.0.0.1-8702-5) Failed ldap search server ldap://adserver.siee.local:389 using user juanjo@SIEE.LOCAL due to Authentication Failed. Please verify the username and password.. We should not try the next server 2014-11-25 17:02:05,359 ERROR [org.ovirt.engine.extensions.aaa.builtin.kerberosldap.LdapBrokerCommandBase] (ajp--127.0.0.1-8702-5) Failed to run command LdapSearchUserByQueryCommand. Domain is siee.local. User is juanjo@SIEE.LOCAL. 2014-11-25 17:02:05,402 ERROR [org.ovirt.engine.extensions.aaa.builtin.kerberosldap.GSSAPIDirContextAuthenticationStrategy] (ajp--127.0.0.1-8702-5) Kerberos error: Pre-authentication information was invalid (24) 2014-11-25 17:02:05,404 ERROR [org.ovirt.engine.extensions.aaa.builtin.kerberosldap.GSSAPIDirContextAuthenticationStrategy] (ajp--127.0.0.1-8702-5) Authentication Failed. Please verify the username and password. 2014-11-25 17:02:05,406 ERROR [org.ovirt.engine.extensions.aaa.builtin.kerberosldap.DirectorySearcher] (ajp--127.0.0.1-8702-5) Failed ldap search server ldap://adserver.siee.local:389 using user juanjo@SIEE.LOCAL due to Authentication Failed. Please verify the username and password.. We should not try the next server 2014-11-25 17:02:05,408 ERROR [org.ovirt.engine.extensions.aaa.builtin.kerberosldap.LdapBrokerCommandBase] (ajp--127.0.0.1-8702-5) Failed to run command LdapSearchGroupsByQueryCommand. Domain is siee.local. User is juanjo@SIEE.LOCAL. every time I click "Go" button. Moreover I haven't changed anything from my Samba4 AD and it is working handling my siee.local domain. This error is showed since oVirt 3.5 upgrade. Many thanks in advance, Juanjo. On Tue, Nov 25, 2014 at 2:29 PM, Ondra Machacek <omachace@redhat.com> wrote:
Also, can you please try to search within this domain, not only login to it? Does it fail or works good?
(in webadmin go to users tab and click add, select your domain and search for users).
From: "Alon Bar-Lev" <alonbl@redhat.com> To: "Juan Jose" <jj197005@gmail.com> Cc: "Ondra Machacek" <omachace@redhat.com>, "Yair Zaslavsky" < yzaslavs@redhat.com>, users@ovirt.org Sent: Tuesday, November 25, 2014 1:49:20 PM Subject: Re: [ovirt-users] Adding domain to oVirt to 3.5 issue
2014-11-25 12:54:10,687 ERROR [org.ovirt.engine.extensions.aaa.builtin.kerberosldap.DirectorySearcher] (ajp--127.0.0.1-8702-5) Failed ldap search server ldap://adserver.siee.local:389 using user juanjo@SIEE.LOCAL due to Authentication Failed. Please verify the username and password.. We should not try the next server
----- Original Message -----
From: "Juan Jose" <jj197005@gmail.com> To: "Ondra Machacek" <omachace@redhat.com>, alonbl@redhat.com, "Yair Zaslavsky" <yzaslavs@redhat.com>, users@ovirt.org Sent: Tuesday, November 25, 2014 2:29:26 PM Subject: Re: [ovirt-users] Adding domain to oVirt to 3.5 issue
Hello Ondra and everybody,
It works with my other user:
engine-manage-domains add --domain=siee.local --provider=ad --user=juanjo --add-permissions Enter password: Successfully added domain siee.local. oVirt Engine restart is required in order for the changes to take place (service ovirt-engine restart). Manage Domains completed successfully
But after restarted ovirt-engine if I try to loging with "juanjo" in
administrator portal and I receive the error "General command validation failure", as you can see in the attached image.
I'm showing below the engine.log lines with the error:
2014-11-25 12:54:10,680 ERROR
[org.ovirt.engine.extensions.aaa.builtin.kerberosldap.GSSAPIDirContextAuthenticationStrategy]
(ajp--127.0.0.1-8702-5) Kerberos error: Pre-authentication information was invalid (24) 2014-11-25 12:54:10,681 ERROR
[org.ovirt.engine.extensions.aaa.builtin.kerberosldap.GSSAPIDirContextAuthenticationStrategy]
(ajp--127.0.0.1-8702-5) Authentication Failed. Please verify the username and password. 2014-11-25 12:54:10,687 ERROR
[org.ovirt.engine.extensions.aaa.builtin.kerberosldap.DirectorySearcher]
(ajp--127.0.0.1-8702-5) Failed ldap search server ldap://adserver.siee.local:389 using user juanjo@SIEE.LOCAL due to Authentication Failed. Please verify the username and password.. We should not try the next server 2014-11-25 12:54:10,688 ERROR
[org.ovirt.engine.extensions.aaa.builtin.kerberosldap.LdapBrokerCommandBase]
(ajp--127.0.0.1-8702-5) Failed to run command LdapGetAdUserByUserNameCommand. Domain is siee.local. User is juanjo@SIEE.LOCAL. 2014-11-25 12:54:10,689 ERROR [org.ovirt.engine.core.bll.aaa.LoginAdminUserCommand] (ajp--127.0.0.1-8702-5) Error during CanDoActionFailure.: Class: class
org.ovirt.engine.core.extensions.mgr.ExtensionInvokeCommandFailedException
Input: {Extkey[name=EXTENSION_INVOKE_CONTEXT;type=class
org.ovirt.engine.api.extensions.ExtMap;uuid=EXTENSION_INVOKE_CONTEXT[886d2ebb-312a-49ae-9cc3-e1f849834b7d];]={Extkey[name=EXTENSION_INTERFACE_VERSION_MAX;type=class
java.lang.Integer;uuid=EXTENSION_INTERFACE_VERSION_MAX[f4cff49f-2717-4901-8ee9-df362446e3e7];]=0,
Extkey[name=EXTENSION_LICENSE;type=class
java.lang.String;uuid=EXTENSION_LICENSE[8a61ad65-054c-4e31-9c6d-1ca4d60a4c18];]=ASL
2.0, Extkey[name=EXTENSION_HOME_URL;type=class
java.lang.String;uuid=EXTENSION_HOME_URL[4ad7a2f4-f969-42d4-b399-72d192e18304];]=
http://www.ovirt.org, Extkey[name=EXTENSION_LOCALE;type=class
java.lang.String;uuid=EXTENSION_LOCALE[0780b112-0ce0-404a-b85e-8765d778bb29];]=en_US,
Extkey[name=EXTENSION_NAME;type=class
java.lang.String;uuid=EXTENSION_NAME[651381d3-f54f-4547-bf28-b0b01a103184];]=Kerberos/Ldap
Authz (Built-in), Extkey[name=EXTENSION_INTERFACE_VERSION_MIN;type=class
java.lang.Integer;uuid=EXTENSION_INTERFACE_VERSION_MIN[2b84fc91-305b-497b-a1d7-d961b9d2ce0b];]=0,
Extkey[name=EXTENSION_CONFIGURATION;type=class
java.util.Properties;uuid=EXTENSION_CONFIGURATION[2d48ab72-f0a1-4312-b4ae-5068a226b0fc];]=***,
Extkey[name=EXTENSION_AUTHOR;type=class
java.lang.String;uuid=EXTENSION_AUTHOR[ef242f7a-2dad-4bc5-9aad-e07018b7fbcc];]=The
oVirt Project, Extkey[name=AAA_AUTHZ_QUERY_MAX_FILTER_SIZE;type=class
java.lang.Integer;uuid=AAA_AUTHZ_QUERY_MAX_FILTER_SIZE[2eb1f541-0f65-44a1-a6e3-014e247595f5];]=100,
Extkey[name=EXTENSION_INSTANCE_NAME;type=class
java.lang.String;uuid=EXTENSION_INSTANCE_NAME[65c67ff6-aeca-4bd5-a245-8674327f011b];]=siee.local,
Extkey[name=EXTENSION_BUILD_INTERFACE_VERSION;type=class
java.lang.Integer;uuid=EXTENSION_BUILD_INTERFACE_VERSION[cb479e5a-4b23-46f8-aed3-56a4747a8ab7];]=0,
Extkey[name=AAA_AUTHZ_CAPABILITIES;type=class
java.lang.Long;uuid=AAA_AUTHZ_CAPABILITIES[6106d1fb-9291-4351-a947-b897b9540a23];]=1,
Extkey[name=EXTENSION_CONFIGURATION_SENSITIVE_KEYS;type=interface
java.util.Collection;uuid=EXTENSION_CONFIGURATION_SENSITIVE_KEYS[a456efa1-73ff-4204-9f9b-ebff01e35263];]=[],
Extkey[name=EXTENSION_GLOBAL_CONTEXT;type=class
org.ovirt.engine.api.extensions.ExtMap;uuid=EXTENSION_GLOBAL_CONTEXT[9799e72f-7af6-4cf1-bf08-297bc8903676];]=*skip*,
Extkey[name=EXTENSION_VERSION;type=class
java.lang.String;uuid=EXTENSION_VERSION[fe35f6a8-8239-4bdb-ab1a-af9f779ce68c];]=N/A,
Extkey[name=AAA_AUTHZ_AVAILABLE_NAMESPACES;type=interface
java.util.Collection;uuid=AAA_AUTHZ_AVAILABLE_NAMESPACES[6dffa34c-955f-486a-bd35-0a272b45a711];]=[*],
Extkey[name=EXTENSION_MANAGER_TRACE_LOG;type=interface
org.slf4j.Logger;uuid=EXTENSION_MANAGER_TRACE_LOG[863db666-3ea7-4751-9695-918a3197ad83];]=org.slf4j.impl.Slf4jLogger(org.ovirt.engine.core.extensions.mgr.ExtensionsManager.trace.Kerberos/Ldap
Authz (Built-in).siee.local), Extkey[name=EXTENSION_PROVIDES;type=interface
java.util.Collection;uuid=EXTENSION_PROVIDES[8cf373a6-65b5-4594-b828-0e275087de91];]=[org.ovirt.engine.api.extensions.aaa.Authz]},
Extkey[name=AAA_AUTHZ_QUERY_FLAGS;type=class
java.lang.Integer;uuid=AAA_AUTHZ_QUERY_FLAGS[97d226e9-8d87-49a0-9a7f-af689320907b];]=3,
Extkey[name=EXTENSION_INVOKE_COMMAND;type=class
org.ovirt.engine.api.extensions.ExtUUID;uuid=EXTENSION_INVOKE_COMMAND[485778ab-bede-4f1a-b823-77b262a2f28d];]=AAA_AUTHZ_FETCH_PRINCIPAL_RECORD[5a5bf9bb-9336-4376-a823-26efe1ba26df],
Extkey[name=AAA_AUTHN_AUTH_RECORD;type=class
org.ovirt.engine.api.extensions.ExtMap;uuid=AAA_AUTHN_AUTH_RECORD[e9462168-b53b-44ac-9af5-f25e1697173e];]={Extkey[name=AAA_AUTHN_AUTH_RECORD_PRINCIPAL;type=class
java.lang.String;uuid=AAA_AUTHN_AUTH_RECORD_PRINCIPAL[c3498f07-11fe-464c-958c-8bd7490b119a];]=juanjo}}
Output: {Extkey[name=EXTENSION_INVOKE_RESULT;type=class
java.lang.Integer;uuid=EXTENSION_INVOKE_RESULT[0909d91d-8bde-40fb-b6c0-099c772ddd4e];]=2,
Extkey[name=AAA_AUTHZ_STATUS;type=class
java.lang.Integer;uuid=AAA_AUTHZ_STATUS[566f0ba5-8329-4de1-952a-7a81e4bedd3e];]=1}
at
org.ovirt.engine.core.extensions.mgr.ExtensionProxy.invoke(ExtensionProxy.java:91)
[extensions-manager.jar:] at
org.ovirt.engine.core.extensions.mgr.ExtensionProxy.invoke(ExtensionProxy.java:109)
[extensions-manager.jar:] at
org.ovirt.engine.core.aaa.AuthzUtils.fetchPrincipalRecordImpl(AuthzUtils.java:51)
[aaa.jar:] at
org.ovirt.engine.core.aaa.AuthzUtils.fetchPrincipalRecord(AuthzUtils.java:42)
[aaa.jar:] at
org.ovirt.engine.core.bll.aaa.LoginBaseCommand.isUserCanBeAuthenticated(LoginBaseCommand.java:234)
[bll.jar:] at
org.ovirt.engine.core.bll.aaa.LoginAdminUserCommand.canDoAction(LoginAdminUserCommand.java:15)
[bll.jar:] at
org.ovirt.engine.core.bll.CommandBase.internalCanDoAction(CommandBase.java:744)
[bll.jar:] at
org.ovirt.engine.core.bll.CommandBase.executeAction(CommandBase.java:338)
[bll.jar:] at org.ovirt.engine.core.bll.Backend.login(Backend.java:575) [bll.jar:] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.7.0_51] at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
[rt.jar:1.7.0_51] at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
[rt.jar:1.7.0_51] at java.lang.reflect.Method.invoke(Method.java:606) [rt.jar:1.7.0_51] at
org.jboss.as.ee.component.ManagedReferenceMethodInterceptorFactory$ManagedReferenceMethodInterceptor.processInvocation(ManagedReferenceMethodInterceptorFactory.java:72)
[jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
[jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at
org.jboss.invocation.InterceptorContext$Invocation.proceed(InterceptorContext.java:374)
[jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at
org.jboss.as.weld.ejb.Jsr299BindingsInterceptor.delegateInterception(Jsr299BindingsInterceptor.java:114)
[jboss-as-weld-7.1.1.Final.jar:7.1.1.Final] at
org.jboss.as.weld.ejb.Jsr299BindingsInterceptor.doMethodInterception(Jsr299BindingsInterceptor.java:125)
[jboss-as-weld-7.1.1.Final.jar:7.1.1.Final] at
org.jboss.as.weld.ejb.Jsr299BindingsInterceptor.processInvocation(Jsr299BindingsInterceptor.java:135)
[jboss-as-weld-7.1.1.Final.jar:7.1.1.Final] at
org.jboss.as.ee.component.interceptors.UserInterceptorFactory$1.processInvocation(UserInterceptorFactory.java:36)
[jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
[jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at
org.jboss.invocation.InterceptorContext$Invocation.proceed(InterceptorContext.java:374)
[jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at
org.ovirt.engine.core.bll.interceptors.ThreadLocalSessionCleanerInterceptor.injectWebContextToThreadLocal(ThreadLocalSessionCleanerInterceptor.java:13)
[bll.jar:] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.7.0_51] at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
[rt.jar:1.7.0_51] at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
[rt.jar:1.7.0_51] at java.lang.reflect.Method.invoke(Method.java:606) [rt.jar:1.7.0_51] at
org.jboss.as.ee.component.ManagedReferenceLifecycleMethodInterceptorFactory$ManagedReferenceLifecycleMethodInterceptor.processInvocation(ManagedReferenceLifecycleMethodInterceptorFactory.java:123)
[jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
[jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at
org.jboss.invocation.WeavedInterceptor.processInvocation(WeavedInterceptor.java:53)
[jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at
org.jboss.as.ee.component.interceptors.UserInterceptorFactory$1.processInvocation(UserInterceptorFactory.java:36)
[jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
[jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at
org.jboss.as.weld.ejb.EjbRequestScopeActivationInterceptor.processInvocation(EjbRequestScopeActivationInterceptor.java:82)
[jboss-as-weld-7.1.1.Final.jar:7.1.1.Final] at
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
[jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at
org.jboss.invocation.InitialInterceptor.processInvocation(InitialInterceptor.java:21)
[jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
[jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at
org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61)
[jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at
org.jboss.as.ee.component.interceptors.ComponentDispatcherInterceptor.processInvocation(ComponentDispatcherInterceptor.java:53)
[jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
[jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at
org.jboss.as.ejb3.component.singleton.SingletonComponentInstanceAssociationInterceptor.processInvocation(SingletonComponentInstanceAssociationInterceptor.java:53)
[jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] at
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
[jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at
org.jboss.as.ejb3.tx.CMTTxInterceptor.invokeInNoTx(CMTTxInterceptor.java:211)
[jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] at
org.jboss.as.ejb3.tx.CMTTxInterceptor.supports(CMTTxInterceptor.java:363)
[jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] at
org.jboss.as.ejb3.tx.CMTTxInterceptor.processInvocation(CMTTxInterceptor.java:194)
[jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] at
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
[jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at
org.jboss.as.ejb3.component.interceptors.CurrentInvocationContextInterceptor.processInvocation(CurrentInvocationContextInterceptor.java:41)
[jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] at
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
[jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at
org.jboss.as.ejb3.component.interceptors.LoggingInterceptor.processInvocation(LoggingInterceptor.java:59)
[jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] at
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
[jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at
org.jboss.as.ee.component.NamespaceContextInterceptor.processInvocation(NamespaceContextInterceptor.java:50)
[jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
[jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at
org.jboss.as.ee.component.TCCLInterceptor.processInvocation(TCCLInterceptor.java:45)
[jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
[jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at
org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61)
[jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.as.ee.component.ViewService$View.invoke(ViewService.java:165) [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at
org.jboss.as.ee.component.ViewDescription$1.processInvocation(ViewDescription.java:173)
[jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
[jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at
org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61)
[jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at
org.jboss.as.ee.component.ProxyInvocationHandler.invoke(ProxyInvocationHandler.java:72)
[jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at
org.ovirt.engine.core.common.interfaces.BackendLocal$$$view7.login(Unknown
Source) [common.jar:] at
org.ovirt.engine.ui.frontend.server.gwt.GenericApiGWTServiceImpl.login(GenericApiGWTServiceImpl.java:183)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.7.0_51] at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
[rt.jar:1.7.0_51] at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
[rt.jar:1.7.0_51] at java.lang.reflect.Method.invoke(Method.java:606) [rt.jar:1.7.0_51] at com.google.gwt.rpc.server.RPC.invokeAndStreamResponse(RPC.java:196) at
com.google.gwt.rpc.server.RpcServlet.processCall(RpcServlet.java:172)
at
com.google.gwt.rpc.server.RpcServlet.processPost(RpcServlet.java:233)
at
com.google.gwt.user.server.rpc.AbstractRemoteServiceServlet.doPost(AbstractRemoteServiceServlet.java:62)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:754) [jboss-servlet-api_3.0_spec-1.0.0.Final.jar:1.0.0.Final] at javax.servlet.http.HttpServlet.service(HttpServlet.java:847) [jboss-servlet-api_3.0_spec-1.0.0.Final.jar:1.0.0.Final] at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:329)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)
at
org.ovirt.engine.core.utils.servlet.HeaderFilter.doFilter(HeaderFilter.java:94)
[utils.jar:] at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)
at
org.ovirt.engine.ui.frontend.server.gwt.GwtCachingFilter.doFilter(GwtCachingFilter.java:132)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)
at
org.ovirt.engine.core.branding.BrandingFilter.doFilter(BrandingFilter.java:72)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)
at
org.ovirt.engine.core.utils.servlet.LocaleFilter.doFilter(LocaleFilter.java:64)
[utils.jar:] at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)
at
org.ovirt.engine.core.aaa.filters.SessionMgmtFilter.doFilter(SessionMgmtFilter.java:31)
[aaa.jar:] at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)
at
org.ovirt.engine.core.aaa.filters.LoginFilter.doFilter(LoginFilter.java:73)
[aaa.jar:] at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)
at
org.ovirt.engine.core.aaa.filters.NegotiationFilter.doFilter(NegotiationFilter.java:131)
[aaa.jar:] at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)
at
org.ovirt.engine.core.aaa.filters.BasicAuthenticationFilter.doFilter(BasicAuthenticationFilter.java:75)
[aaa.jar:] at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)
at
org.ovirt.engine.core.aaa.filters.SessionValidationFilter.doFilter(SessionValidationFilter.java:63)
[aaa.jar:] at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:275)
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:161)
at
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:489)
at
org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityContextAssociationValve.java:153)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:155)
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
at org.jboss.web.rewrite.RewriteValve.invoke(RewriteValve.java:466) at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:368)
at
org.apache.coyote.ajp.AjpProcessor.process(AjpProcessor.java:505)
at
org.apache.coyote.ajp.AjpProtocol$AjpConnectionHandler.process(AjpProtocol.java:445)
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:930) at java.lang.Thread.run(Thread.java:744) [rt.jar:1.7.0_51]
Could you help me with this problem, please?
Many thanks in advanced,
Juanjo.
On Tue, Nov 25, 2014 at 12:24 PM, Ondra Machacek <omachace@redhat.com> wrote:
Hi,
can you please try different account than Administrator?
----- Original Message -----
From: "Juan Jose" <jj197005@gmail.com> To: omachace@redhat.com, alonbl@redhat.com, "Yair Zaslavsky" < yzaslavs@redhat.com>, users@ovirt.org Sent: Tuesday, November 25, 2014 11:01:13 AM Subject: Re: [ovirt-users] Adding domain to oVirt to 3.5 issue
Hello everybody,
Ondra you are right, I removed the domain. I have already tried to execute the command with lower case the domain name and the result is the
same
engine-manage-domains add --domain=siee.local --provider=ad --user=Administrator --add-permissions Enter password: No user in Directory was found for Administrator@SIEE.LOCAL.
Trying
next LDAP server in list Failure while testing domain siee.local. Details: No user information was found for user
the result to the command psql -U engine -d engine -c "select * from vdc_options where option_name='LDAPSecurityAuthentication'" is:
psql: FATAL: Ident authentication failed for user "engine"
And for second command psql -U engine -d engine -c "update vdc_options set option_value='siee.local:GSSAPI' where option_name='LDAPSecurityAuthentication'", I receive the same response:
psql: FATAL: Ident authentication failed for user "engine"
Is there any problem?
Many thanks in advanced,
Juanjo.
On Mon, Nov 24, 2014 at 1:57 PM, Ondra Machacek < omachace@redhat.com> wrote:
I understood that domain can be deleted, but can't be added, so there won't be needed values to update in vdc_options.
Juanjo - Can you please provide us what's the result of command:
$ psql -U engine -d engine -c "select * from vdc_options where option_name='LDAPSecurityAuthentication'"
If it's empty or if the domain name is upper case or lower case? If it's upper, than please lower case it. $ psql -U engine -d engine -c "update vdc_options set option_value='siee.local:GSSAPI' where option_name='LDAPSecurityAuthentication'"
----- Original Message ----- > From: "Alon Bar-Lev" <alonbl@redhat.com> > To: "Ondra Machacek" <omachace@redhat.com> > Cc: jj197005@gmail.com, users@ovirt.org, "Yair Zaslavsky" < yzaslavs@redhat.com> > Sent: Monday, November 24, 2014 1:49:11 PM > Subject: Re: [ovirt-users] Adding domain to oVirt to 3.5 issue > > > > ----- Original Message ----- > > From: "Ondra Machacek" <omachace@redhat.com> > > To: jj197005@gmail.com > > Cc: users@ovirt.org, "Yair Zaslavsky" <yzaslavs@redhat.com>, > > "Alon Bar-Lev" > > <alonbl@redhat.com> > > Sent: Monday, November 24, 2014 2:46:20 PM > > Subject: Re: [ovirt-users] Adding domain to oVirt to 3.5 issue > > > > Please try to run your command with domain in lower case: > > > > engine-manage-domains add --domain=siee.local --provider=ad > > --user=Administrator > > it is already added, won't it simpler to modify the vdc_options? > > > > > > > ----- Original Message ----- > > > From: "Alon Bar-Lev" <alonbl@redhat.com> > > > To: "Juan Jose" <jj197005@gmail.com> > > > Cc: users@ovirt.org, "Yair Zaslavsky" <yzaslavs@redhat.com , "Ondra > > > Machacek" <omachace@redhat.com> > > > Sent: Monday, November 24, 2014 1:27:39 PM > > > Subject: Re: [ovirt-users] Adding domain to oVirt to 3.5 issue > > > > > > > > > Yes, > > > I think we just fixed this[1]. > > > We can fix this manually, yair, ondra what is the easiest fix? > > > > > > BTW: you can also checkout the new ldap provider > > > (ovirt-engine-extension-aaa-ldap) in 3.5 which should be much more > > > robust[1], I can help you set it up. > > > > > > [1] https://bugzilla.redhat.com/show_bug.cgi?id=1167211 > > > [2] > > >
http://gerrit.ovirt.org/gitweb?p=ovirt-engine-extension-aaa-ldap.git;a=blob;...
> > > > > > ----- Original Message ----- > > > > From: "Juan Jose" <jj197005@gmail.com> > > > > To: users@ovirt.org > > > > Sent: Monday, November 24, 2014 2:22:44 PM > > > > Subject: [ovirt-users] Adding domain to oVirt to 3.5 issue > > > > > > > > Hello everybody, > > > > > > > > I have upgraded my oVirt 3.4 to 3.5 version without any > > > > problem > > > > apparently. > > > > > > > > After finish the upgrade I have tried to login with any of my AD users > > > > from > > > > my Samba 4, like I used to do in oVirt 3.4 but I received > > > > authentication > > > > errors as below error: > > > > > > > > 2014-11-21 14:06:02,681 ERROR > > > >
[org.ovirt.engine.extensions.aaa.builtin.kerberosldap.GSSAPIDirContextAuthenticationStrategy]
> > > > (ajp--127.0.0.1-8702-3) Kerberos error: Pre-authentication information > > > > was > > > > invalid (24) > > > > 2014-11-21 14:06:02,683 ERROR > > > >
[org.ovirt.engine.extensions.aaa.builtin.kerberosldap.GSSAPIDirContextAuthenticationStrategy]
> > > > (ajp--127.0.0.1-8702-3) Authentication Failed. Please verify the > > > > username > > > > and password. > > > > 2014-11-21 14:06:02,685 ERROR > > > >
[org.ovirt.engine.extensions.aaa.builtin.kerberosldap.DirectorySearcher]
> > > > (ajp--127.0.0.1-8702-3) Failed ldap search server > > > > ldap://adserver.siee.local:389 using user juanjo@SIEE.LOCAL due to > > > > Authentication Failed. Please verify the username and password.. We > > > > should > > > > not try the next server > > > > 2014-11-21 14:06:02,688 ERROR > > > >
[org.ovirt.engine.extensions.aaa.builtin.kerberosldap.LdapBrokerCommandBase]
> > > > (ajp--127.0.0.1-8702-3) Failed to run command > > > > LdapGetAdUserByUserNameCommand. Domain is siee.local. User is > > > > juanjo@SIEE.LOCAL. > > > > 2014-11-21 14:06:02,690 ERROR > > > > [org.ovirt.engine.core.bll.aaa.LoginAdminUserCommand] > > > > (ajp--127.0.0.1-8702-3) Error during CanDoActionFailure.: Class: class > > > >
org.ovirt.engine.core.extensions.mgr.ExtensionInvokeCommandFailedException
> > > > Input: > > > > {Extkey[name=EXTENSION_INVOKE_CONTEXT;type=class > > > >
org.ovirt.engine.api.extensions.ExtMap;uuid=EXTENSION_INVOKE_CONTEXT[886d2ebb-312a-49ae-9cc3-e1f849834b7d];]={Extkey[name=EXTENSION_INTERFACE_VERSION_MAX;type=class
> > > >
java.lang.Integer;uuid=EXTENSION_INTERFACE_VERSION_MAX[f4cff49f-2717-4901-8ee9-df362446e3e7];]=0,
> > > > Extkey[name=EXTENSION_LICENSE;type=class > > > >
java.lang.String;uuid=EXTENSION_LICENSE[8a61ad65-054c-4e31-9c6d-1ca4d60a4c18];]=ASL
> > > > 2.0, Extkey[name=EXTENSION_HOME_URL;type=class > > > >
java.lang.String;uuid=EXTENSION_HOME_URL[4ad7a2f4-f969-42d4-b399-72d192e18304];]=
> > > > http://www.ovirt.org , > > > > Extkey[name=EXTENSION_LOCALE;type=class > > > >
java.lang.String;uuid=EXTENSION_LOCALE[0780b112-0ce0-404a-b85e-8765d778bb29];]=en_US,
> > > > Extkey[name=EXTENSION_NAME;type=class > > > >
java.lang.String;uuid=EXTENSION_NAME[651381d3-f54f-4547-bf28-b0b01a103184];]=Kerberos/Ldap
> > > > Authz (Built-in), > > > > Extkey[name=EXTENSION_INTERFACE_VERSION_MIN;type=class > > > >
java.lang.Integer;uuid=EXTENSION_INTERFACE_VERSION_MIN[2b84fc91-305b-497b-a1d7-d961b9d2ce0b];]=0,
> > > > Extkey[name=EXTENSION_CONFIGURATION;type=class > > > >
java.util.Properties;uuid=EXTENSION_CONFIGURATION[2d48ab72-f0a1-4312-b4ae-5068a226b0fc];]=***,
> > > > Extkey[name=EXTENSION_AUTHOR;type=class > > > >
java.lang.String;uuid=EXTENSION_AUTHOR[ef242f7a-2dad-4bc5-9aad-e07018b7fbcc];]=The
> > > > oVirt Project, Extkey[name=AAA_AUTHZ_QUERY_MAX_FILTER_SIZE;type=class > > > >
java.lang.Integer;uuid=AAA_AUTHZ_QUERY_MAX_FILTER_SIZE[2eb1f541-0f65-44a1-a6e3-014e247595f5];]=100,
> > > > Extkey[name=EXTENSION_INSTANCE_NAME;type=class > > > >
java.lang.String;uuid=EXTENSION_INSTANCE_NAME[65c67ff6-aeca-4bd5-a245-8674327f011b];]=siee.local,
> > > > Extkey[name=EXTENSION_BUILD_INTERFACE_VERSION;type=class > > > >
java.lang.Integer;uuid=EXTENSION_BUILD_INTERFACE_VERSION[cb479e5a-4b23-46f8-aed3-56a4747a8ab7];]=0,
> > > > Extkey[name=AAA_AUTHZ_CAPABILITIES;type=class > > > >
java.lang.Long;uuid=AAA_AUTHZ_CAPABILITIES[6106d1fb-9291-4351-a947-b897b9540a23];]=1,
> > > > Extkey[name=EXTENSION_CONFIGURATION_SENSITIVE_KEYS;type=interface > > > >
java.util.Collection;uuid=EXTENSION_CONFIGURATION_SENSITIVE_KEYS[a456efa1-73ff-4204-9f9b-ebff01e35263];]=[],
> > > > Extkey[name=EXTENSION_GLOBAL_CONTEXT;type=class > > > >
org.ovirt.engine.api.extensions.ExtMap;uuid=EXTENSION_GLOBAL_CONTEXT[9799e72f-7af6-4cf1-bf08-297bc8903676];]=*skip*,
> > > > Extkey[name=EXTENSION_VERSION;type=class > > > >
java.lang.String;uuid=EXTENSION_VERSION[fe35f6a8-8239-4bdb-ab1a-af9f779ce68c];]=N/A,
> > > > Extkey[name=AAA_AUTHZ_AVAILABLE_NAMESPACES;type=interface > > > >
java.util.Collection;uuid=AAA_AUTHZ_AVAILABLE_NAMESPACES[6dffa34c-955f-486a-bd35-0a272b45a711];]=[*],
> > > > Extkey[name=EXTENSION_MANAGER_TRACE_LOG;type=interface > > > >
org.slf4j.Logger;uuid=EXTENSION_MANAGER_TRACE_LOG[863db666-3ea7-4751-9695-918a3197ad83];]=org.slf4j.impl.Slf4jLogger(org.ovirt.engine.core.extensions.mgr.ExtensionsManager.trace.Kerberos/Ldap
> > > > Authz (Built-in).siee.local), > > > > Extkey[name=EXTENSION_PROVIDES;type=interface > > > >
java.util.Collection;uuid=EXTENSION_PROVIDES[8cf373a6-65b5-4594-b828-0e275087de91];]=[org.ovirt.engine.api.extensions.aaa.Authz]},
> > > > Extkey[name=AAA_AUTHZ_QUERY_FLAGS;type=class > > > >
java.lang.Integer;uuid=AAA_AUTHZ_QUERY_FLAGS[97d226e9-8d87-49a0-9a7f-af689320907b];]=3,
> > > > Extkey[name=EXTENSION_INVOKE_COMMAND;type=class > > > >
org.ovirt.engine.api.extensions.ExtUUID;uuid=EXTENSION_INVOKE_COMMAND[485778ab-bede-4f1a-b823-77b262a2f28d];]=AAA_AUTHZ_FETCH_PRINCIPAL_RECORD[5a5bf9bb-9336-4376-a823-26efe1ba26df],
> > > > Extkey[name=AAA_AUTHN_AUTH_RECORD;type=class > > > >
org.ovirt.engine.api.extensions.ExtMap;uuid=AAA_AUTHN_AUTH_RECORD[e9462168-b53b-44ac-9af5-f25e1697173e];]={Extkey[name=AAA_AUTHN_AUTH_RECORD_PRINCIPAL;type=class
> > > >
java.lang.String;uuid=AAA_AUTHN_AUTH_RECORD_PRINCIPAL[c3498f07-11fe-464c-958c-8bd7490b119a];]=juanjo}}
> > > > Output: > > > > {Extkey[name=EXTENSION_INVOKE_RESULT;type=class > > > >
java.lang.Integer;uuid=EXTENSION_INVOKE_RESULT[0909d91d-8bde-40fb-b6c0-099c772ddd4e];]=2,
> > > > Extkey[name=AAA_AUTHZ_STATUS;type=class > > > >
java.lang.Integer;uuid=AAA_AUTHZ_STATUS[566f0ba5-8329-4de1-952a-7a81e4bedd3e];]=1}
> > > > > > > > at > > > >
org.ovirt.engine.core.extensions.mgr.ExtensionProxy.invoke(ExtensionProxy.java:91)
> > > > [extensions-manager.jar:] > > > > at > > > >
org.ovirt.engine.core.extensions.mgr.ExtensionProxy.invoke(ExtensionProxy.java:109)
> > > > [extensions-manager.jar:] > > > > at > > > >
org.ovirt.engine.core.aaa.AuthzUtils.fetchPrincipalRecordImpl(AuthzUtils.java:51)
> > > > [aaa.jar:] > > > > at > > > >
org.ovirt.engine.core.aaa.AuthzUtils.fetchPrincipalRecord(AuthzUtils.java:42)
> > > > [aaa.jar:] > > > > at > > > >
org.ovirt.engine.core.bll.aaa.LoginBaseCommand.isUserCanBeAuthenticated(LoginBaseCommand.java:234)
> > > > [bll.jar:] > > > > at > > > >
org.ovirt.engine.core.bll.aaa.LoginAdminUserCommand.canDoAction(LoginAdminUserCommand.java:15)
> > > > [bll.jar:] > > > > at > > > >
org.ovirt.engine.core.bll.CommandBase.internalCanDoAction(CommandBase.java:744)
> > > > [bll.jar:] > > > > at > > > >
org.ovirt.engine.core.bll.CommandBase.executeAction(CommandBase.java:338)
> > > > [bll.jar:] > > > > at org.ovirt.engine.core.bll.Backend.login(Backend.java:575) [bll.jar:] > > > > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native > > > > Method) > > > > [rt.jar:1.7.0_51] > > > > at > > > >
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
> > > > [rt.jar:1.7.0_51] > > > > at > > > >
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> > > > [rt.jar:1.7.0_51] > > > > at java.lang.reflect.Method.invoke(Method.java:606) [rt.jar:1.7.0_51] > > > > at > > > >
org.jboss.as.ee.component.ManagedReferenceMethodInterceptorFactory$ManagedReferenceMethodInterceptor.processInvocation(ManagedReferenceMethodInterceptorFactory.java:72)
> > > > [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] > > > > at > > > >
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
> > > > [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > > > > at > > > >
org.jboss.invocation.InterceptorContext$Invocation.proceed(InterceptorContext.java:374)
> > > > [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > > > > at > > > >
org.jboss.as.weld.ejb.Jsr299BindingsInterceptor.delegateInterception(Jsr299BindingsInterceptor.java:114)
> > > > [jboss-as-weld-7.1.1.Final.jar:7.1.1.Final] > > > > at > > > >
org.jboss.as.weld.ejb.Jsr299BindingsInterceptor.doMethodInterception(Jsr299BindingsInterceptor.java:125)
> > > > [jboss-as-weld-7.1.1.Final.jar:7.1.1.Final] > > > > at > > > >
org.jboss.as.weld.ejb.Jsr299BindingsInterceptor.processInvocation(Jsr299BindingsInterceptor.java:135)
> > > > [jboss-as-weld-7.1.1.Final.jar:7.1.1.Final] > > > > at > > > >
org.jboss.as.ee.component.interceptors.UserInterceptorFactory$1.processInvocation(UserInterceptorFactory.java:36)
> > > > [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] > > > > at > > > >
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
> > > > [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > > > > at > > > >
org.jboss.invocation.InterceptorContext$Invocation.proceed(InterceptorContext.java:374)
> > > > [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > > > > at > > > >
org.ovirt.engine.core.bll.interceptors.ThreadLocalSessionCleanerInterceptor.injectWebContextToThreadLocal(ThreadLocalSessionCleanerInterceptor.java:13)
> > > > [bll.jar:] > > > > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native > > > > Method) > > > > [rt.jar:1.7.0_51] > > > > at > > > >
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
> > > > [rt.jar:1.7.0_51] > > > > at > > > >
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> > > > [rt.jar:1.7.0_51] > > > > at java.lang.reflect.Method.invoke(Method.java:606) [rt.jar:1.7.0_51] > > > > at > > > >
org.jboss.as.ee.component.ManagedReferenceLifecycleMethodInterceptorFactory$ManagedReferenceLifecycleMethodInterceptor.processInvocation(ManagedReferenceLifecycleMethodInterceptorFactory.java:123)
> > > > [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] > > > > at > > > >
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
> > > > [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > > > > at > > > >
org.jboss.invocation.WeavedInterceptor.processInvocation(WeavedInterceptor.java:53)
> > > > [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > > > > at > > > >
org.jboss.as.ee.component.interceptors.UserInterceptorFactory$1.processInvocation(UserInterceptorFactory.java:36)
> > > > [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] > > > > at > > > >
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
> > > > [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > > > > at > > > >
org.jboss.as.weld.ejb.EjbRequestScopeActivationInterceptor.processInvocation(EjbRequestScopeActivationInterceptor.java:82)
> > > > [jboss-as-weld-7.1.1.Final.jar:7.1.1.Final] > > > > at > > > >
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
> > > > [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > > > > at > > > >
org.jboss.invocation.InitialInterceptor.processInvocation(InitialInterceptor.java:21)
> > > > [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > > > > at > > > >
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
> > > > [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > > > > at > > > >
org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61)
> > > > [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > > > > at > > > >
org.jboss.as.ee.component.interceptors.ComponentDispatcherInterceptor.processInvocation(ComponentDispatcherInterceptor.java:53)
> > > > [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] > > > > at > > > >
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
> > > > [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > > > > at > > > >
org.jboss.as.ejb3.component.singleton.SingletonComponentInstanceAssociationInterceptor.processInvocation(SingletonComponentInstanceAssociationInterceptor.java:53)
> > > > [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] > > > > at > > > >
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
> > > > [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > > > > at > > > >
org.jboss.as.ejb3.tx.CMTTxInterceptor.invokeInNoTx(CMTTxInterceptor.java:211)
> > > > [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] > > > > at > > > >
org.jboss.as.ejb3.tx.CMTTxInterceptor.supports(CMTTxInterceptor.java:363)
> > > > [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] > > > > at > > > >
org.jboss.as.ejb3.tx.CMTTxInterceptor.processInvocation(CMTTxInterceptor.java:194)
> > > > [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] > > > > at > > > >
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
> > > > [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > > > > at > > > >
org.jboss.as.ejb3.component.interceptors.CurrentInvocationContextInterceptor.processInvocation(CurrentInvocationContextInterceptor.java:41)
> > > > [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] > > > > at > > > >
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
> > > > [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > > > > at > > > >
org.jboss.as.ejb3.component.interceptors.LoggingInterceptor.processInvocation(LoggingInterceptor.java:59)
> > > > [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] > > > > at > > > >
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
> > > > [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > > > > at > > > >
org.jboss.as.ee.component.NamespaceContextInterceptor.processInvocation(NamespaceContextInterceptor.java:50)
> > > > [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] > > > > at > > > >
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
> > > > [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > > > > at > > > >
org.jboss.as.ee.component.TCCLInterceptor.processInvocation(TCCLInterceptor.java:45)
> > > > [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] > > > > at > > > >
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
> > > > [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > > > > at > > > >
org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61)
> > > > [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > > > > at > > > >
org.jboss.as.ee.component.ViewService$View.invoke(ViewService.java:165)
> > > > [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] > > > > at > > > >
org.jboss.as.ee.component.ViewDescription$1.processInvocation(ViewDescription.java:173)
> > > > [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] > > > > at > > > >
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
> > > > [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > > > > at > > > >
org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61)
> > > > [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > > > > at > > > >
org.jboss.as.ee.component.ProxyInvocationHandler.invoke(ProxyInvocationHandler.java:72)
> > > > [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] > > > > at > > > >
org.ovirt.engine.core.common.interfaces.BackendLocal$$$view7.login(Unknown
> > > > Source) [common.jar:] > > > > at > > > >
org.ovirt.engine.ui.frontend.server.gwt.GenericApiGWTServiceImpl.login(GenericApiGWTServiceImpl.java:183)
> > > > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native > > > > Method) > > > > [rt.jar:1.7.0_51] > > > > at > > > >
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
> > > > [rt.jar:1.7.0_51] > > > > at > > > >
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> > > > [rt.jar:1.7.0_51] > > > > at java.lang.reflect.Method.invoke(Method.java:606) [rt.jar:1.7.0_51] > > > > at
com.google.gwt.rpc.server.RPC.invokeAndStreamResponse(RPC.java:196)
> > > > at > > > >
com.google.gwt.rpc.server.RpcServlet.processCall(RpcServlet.java:172)
> > > > at > > > >
com.google.gwt.rpc.server.RpcServlet.processPost(RpcServlet.java:233)
> > > > at > > > >
com.google.gwt.user.server.rpc.AbstractRemoteServiceServlet.doPost(AbstractRemoteServiceServlet.java:62)
> > > > at > > > > javax.servlet.http.HttpServlet.service(HttpServlet.java:754) > > > > [jboss-servlet-api_3.0_spec-1.0.0.Final.jar:1.0.0.Final] > > > > at > > > > javax.servlet.http.HttpServlet.service(HttpServlet.java:847) > > > > [jboss-servlet-api_3.0_spec-1.0.0.Final.jar:1.0.0.Final] > > > > at > > > >
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:329)
> > > > at > > > >
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)
> > > > at > > > >
org.ovirt.engine.core.utils.servlet.HeaderFilter.doFilter(HeaderFilter.java:94)
> > > > [utils.jar:] > > > > at > > > >
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280)
> > > > at > > > >
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)
> > > > at > > > >
org.ovirt.engine.ui.frontend.server.gwt.GwtCachingFilter.doFilter(GwtCachingFilter.java:132)
> > > > at > > > >
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280)
> > > > at > > > >
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)
> > > > at > > > >
org.ovirt.engine.core.branding.BrandingFilter.doFilter(BrandingFilter.java:72)
> > > > at > > > >
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280)
> > > > at > > > >
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)
> > > > at > > > >
org.ovirt.engine.core.utils.servlet.LocaleFilter.doFilter(LocaleFilter.java:64)
> > > > [utils.jar:] > > > > at > > > >
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280)
> > > > at > > > >
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)
> > > > at > > > >
org.ovirt.engine.core.aaa.filters.SessionMgmtFilter.doFilter(SessionMgmtFilter.java:31)
> > > > [aaa.jar:] > > > > at > > > >
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280)
> > > > at > > > >
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)
> > > > at > > > >
org.ovirt.engine.core.aaa.filters.LoginFilter.doFilter(LoginFilter.java:73)
> > > > [aaa.jar:] > > > > at > > > >
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280)
> > > > at > > > >
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)
> > > > at > > > >
org.ovirt.engine.core.aaa.filters.NegotiationFilter.doFilter(NegotiationFilter.java:131)
> > > > [aaa.jar:] > > > > at > > > >
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280)
> > > > at > > > >
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)
> > > > at > > > >
org.ovirt.engine.core.aaa.filters.BasicAuthenticationFilter.doFilter(BasicAuthenticationFilter.java:75)
> > > > [aaa.jar:] > > > > at > > > >
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280)
> > > > at > > > >
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)
> > > > at > > > >
org.ovirt.engine.core.aaa.filters.SessionValidationFilter.doFilter(SessionValidationFilter.java:63)
> > > > [aaa.jar:] > > > > at > > > >
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280)
> > > > at > > > >
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)
> > > > at > > > >
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:275)
> > > > at > > > >
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:161)
> > > > at > > > >
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:489)
> > > > at > > > >
org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityContextAssociationValve.java:153)
> > > > at > > > >
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:155)
> > > > at > > > >
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
> > > > at org.jboss.web.rewrite.RewriteValve.invoke(RewriteValve.java:466) > > > > at > > > >
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
> > > > at > > > >
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:368)
> > > > at org.apache.coyote.ajp.AjpProcessor.process(AjpProcessor.java:505) > > > > at > > > >
org.apache.coyote.ajp.AjpProtocol$AjpConnectionHandler.process(AjpProtocol.java:445)
> > > > at > > > >
org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:930)
> > > > at java.lang.Thread.run(Thread.java:744) [rt.jar:1.7.0_51] > > > > > > > > I have not changed any password from any of my AD users. > > > > > > > > I have removed from my oVirt 3.5 the domain with: > > > > > > > > engine-manage-domains delete --domain=siee.local --user=Administrator > > > > > > > > And I have removed the domain without problems. But I want to add it > > > > again > > > > but I can't. I execute the bellow command, put the
----- Original Message ----- the password
> > > > of my > > > > Administrator domain and I receive the error showed bellow: > > > > > > > > engine-manage-domains add --domain=SIEE.LOCAL --provider=ad > > > > --user=Administrator > > > > Enter password: > > > > No user in Directory was found for Administrator@SIEE.LOCAL. Trying > > > > next > > > > LDAP > > > > server in list > > > > Failure while testing domain siee.local. Details: No user information > > > > was > > > > found for user > > > > > > > > The password that I use is correct because I can login with user > > > > Administrator in the domain siee.local through a Windows 7 Enterprise > > > > client. All this issue comes after my upgrade to oVirt 3.5. Does > > > > someone > > > > help me with this problem?. If more info is needed or logs, please ask > > > > me. > > > > > > > > Many thanks in advanced, > > > > > > > > Juanjo > > > > > > > > _______________________________________________ > > > > Users mailing list > > > > Users@ovirt.org > > > > http://lists.ovirt.org/mailman/listinfo/users > > > > > > > > > >
Hello Juan, Do you want to give a chance to the new provider? In this provider I can help? Package is ovirt-engine-extension-aaa-ldap. Documentation is available here[1]. The chances to make it work are higher, and this is the future of LDAP support. Alon [1] http://gerrit.ovirt.org/gitweb?p=ovirt-engine-extension-aaa-ldap.git;a=blob;...
Hello Alon, I have tried to find this package: yum list ovirt-engine-extension-aaa-ldap or yum list "ovirt-engine-extension-* and always I receive: Error: No matching Packages to list Is it possible that I need some special repository? Many thanks again, Juanjo. On Tue, Nov 25, 2014 at 6:32 PM, Alon Bar-Lev <alonbl@redhat.com> wrote:
Hello Juan,
Do you want to give a chance to the new provider? In this provider I can help?
Package is ovirt-engine-extension-aaa-ldap. Documentation is available here[1].
The chances to make it work are higher, and this is the future of LDAP support.
Alon
[1] http://gerrit.ovirt.org/gitweb?p=ovirt-engine-extension-aaa-ldap.git;a=blob;...
Hello Alon and everybody, Check in my ovirt-engine machine for ovirt-engine-aaa-ldap package and it is not available: yum list "ovirt-engine*" Loaded plugins: fastestmirror, refresh-packagekit, security, versionlock Loading mirror speeds from cached hostfile * base: ftp.udl.es * epel: mirror.uv.es * extras: ftp.udl.es * ovirt-3.5: ftp.nluug.nl * ovirt-3.5-epel: mirror.uv.es * ovirt-3.5-jpackage-6.0-generic: mirror.ibcp.fr * ovirt-epel: mirror.uv.es * ovirt-jpackage-6.0-generic: mirror.ibcp.fr * updates: ftp.udl.es Installed Packages ovirt-engine.noarch 3.5.0.1-1.el6 @ovirt-3.5 ovirt-engine-backend.noarch 3.5.0.1-1.el6 @ovirt-3.5 ovirt-engine-cli.noarch 3.3.0.6-1.el6 @ovirt-3.3.3 ovirt-engine-dbscripts.noarch 3.5.0.1-1.el6 @ovirt-3.5 ovirt-engine-extensions-api-impl.noarch 3.5.0.1-1.el6 @ovirt-3.5 ovirt-engine-jboss-as.x86_64 7.1.1-1.el6 @ovirt-3.5 ovirt-engine-lib.noarch 3.5.0.1-1.el6 @ovirt-3.5 ovirt-engine-restapi.noarch 3.5.0.1-1.el6 @ovirt-3.5 ovirt-engine-sdk-python.noarch 3.5.0.8-1.el6 @ovirt-3.5 ovirt-engine-setup.noarch 3.5.0.1-1.el6 @ovirt-3.5 ovirt-engine-setup-base.noarch 3.5.0.1-1.el6 @ovirt-3.5 ovirt-engine-setup-plugin-ovirt-engine.noarch 3.5.0.1-1.el6 @ovirt-3.5 ovirt-engine-setup-plugin-ovirt-engine-common.noarch 3.5.0.1-1.el6 @ovirt-3.5 ovirt-engine-setup-plugin-websocket-proxy.noarch 3.5.0.1-1.el6 @ovirt-3.5 ovirt-engine-tools.noarch 3.5.0.1-1.el6 @ovirt-3.5 ovirt-engine-userportal.noarch 3.5.0.1-1.el6 @ovirt-3.5 ovirt-engine-webadmin-portal.noarch 3.5.0.1-1.el6 @ovirt-3.5 ovirt-engine-websocket-proxy.noarch 3.5.0.1-1.el6 @ovirt-3.5 Available Packages ovirt-engine-cli.noarch 3.5.0.5-1.el6 ovirt-3.5 ovirt-engine-dwh.noarch 3.5.0-1.el6 ovirt-3.5 ovirt-engine-dwh-setup.noarch 3.5.0-1.el6 ovirt-3.5 ovirt-engine-extensions-api-impl-javadoc.noarch 3.5.0.1-1.el6 ovirt-3.5 ovirt-engine-reports.noarch 3.5.1-0.1.el6 ovirt-3.5 ovirt-engine-reports-setup.noarch 3.5.1-0.1.el6 ovirt-3.5 ovirt-engine-sdk-java.noarch 3.5.0.5-1.el6 ovirt-3.5 ovirt-engine-sdk-java-javadoc.noarch 3.5.0.5-1.el6 ovirt-3.5 ovirt-engine-setup-plugin-allinone.noarch How can I get this package? Many thanks in advanced, Juanjo. On Tue, Nov 25, 2014 at 6:32 PM, Alon Bar-Lev <alonbl@redhat.com> wrote:
Hello Juan,
Do you want to give a chance to the new provider? In this provider I can help?
Package is ovirt-engine-extension-aaa-ldap. Documentation is available here[1].
The chances to make it work are higher, and this is the future of LDAP support.
Alon
[1] http://gerrit.ovirt.org/gitweb?p=ovirt-engine-extension-aaa-ldap.git;a=blob;...
----- Original Message -----
From: "Juan Jose" <jj197005@gmail.com> To: "Alon Bar-Lev" <alonbl@redhat.com> Cc: "Ondra Machacek" <omachace@redhat.com>, "Yair Zaslavsky" <yzaslavs@redhat.com>, users@ovirt.org Sent: Wednesday, November 26, 2014 3:04:14 PM Subject: Re: [ovirt-users] Adding domain to oVirt to 3.5 issue
Hello Alon and everybody,
Check in my ovirt-engine machine for ovirt-engine-aaa-ldap package and it is not available:
yum list "ovirt-engine*" Loaded plugins: fastestmirror, refresh-packagekit, security, versionlock Loading mirror speeds from cached hostfile * base: ftp.udl.es * epel: mirror.uv.es * extras: ftp.udl.es * ovirt-3.5: ftp.nluug.nl * ovirt-3.5-epel: mirror.uv.es * ovirt-3.5-jpackage-6.0-generic: mirror.ibcp.fr * ovirt-epel: mirror.uv.es * ovirt-jpackage-6.0-generic: mirror.ibcp.fr * updates: ftp.udl.es Installed Packages ovirt-engine.noarch 3.5.0.1-1.el6 @ovirt-3.5 ovirt-engine-backend.noarch 3.5.0.1-1.el6 @ovirt-3.5 ovirt-engine-cli.noarch 3.3.0.6-1.el6 @ovirt-3.3.3 ovirt-engine-dbscripts.noarch 3.5.0.1-1.el6 @ovirt-3.5 ovirt-engine-extensions-api-impl.noarch 3.5.0.1-1.el6 @ovirt-3.5 ovirt-engine-jboss-as.x86_64 7.1.1-1.el6 @ovirt-3.5 ovirt-engine-lib.noarch 3.5.0.1-1.el6 @ovirt-3.5 ovirt-engine-restapi.noarch 3.5.0.1-1.el6 @ovirt-3.5 ovirt-engine-sdk-python.noarch 3.5.0.8-1.el6 @ovirt-3.5 ovirt-engine-setup.noarch 3.5.0.1-1.el6 @ovirt-3.5 ovirt-engine-setup-base.noarch 3.5.0.1-1.el6 @ovirt-3.5 ovirt-engine-setup-plugin-ovirt-engine.noarch 3.5.0.1-1.el6 @ovirt-3.5 ovirt-engine-setup-plugin-ovirt-engine-common.noarch 3.5.0.1-1.el6 @ovirt-3.5 ovirt-engine-setup-plugin-websocket-proxy.noarch 3.5.0.1-1.el6 @ovirt-3.5 ovirt-engine-tools.noarch 3.5.0.1-1.el6 @ovirt-3.5 ovirt-engine-userportal.noarch 3.5.0.1-1.el6 @ovirt-3.5 ovirt-engine-webadmin-portal.noarch 3.5.0.1-1.el6 @ovirt-3.5 ovirt-engine-websocket-proxy.noarch 3.5.0.1-1.el6 @ovirt-3.5 Available Packages ovirt-engine-cli.noarch 3.5.0.5-1.el6 ovirt-3.5 ovirt-engine-dwh.noarch 3.5.0-1.el6 ovirt-3.5 ovirt-engine-dwh-setup.noarch 3.5.0-1.el6 ovirt-3.5 ovirt-engine-extensions-api-impl-javadoc.noarch 3.5.0.1-1.el6 ovirt-3.5 ovirt-engine-reports.noarch 3.5.1-0.1.el6 ovirt-3.5 ovirt-engine-reports-setup.noarch 3.5.1-0.1.el6 ovirt-3.5 ovirt-engine-sdk-java.noarch 3.5.0.5-1.el6 ovirt-3.5 ovirt-engine-sdk-java-javadoc.noarch 3.5.0.5-1.el6 ovirt-3.5 ovirt-engine-setup-plugin-allinone.noarch
How can I get this package?
Thanks for trying! Package is available at ovirt-3.5-snapshot[1]. [1] http://resources.ovirt.org/pub/ovirt-3.5-snapshot/
Hello everybody, I will try this package shortly, but I would like to know why I can't use my AD as I was doing in ovirt 3.4 before upgrade to ovirt 3.5. I have executed kinit without problems after some modification in my /etc/krb5.conf file, as I said in before mail but the error with portal persists. Any suggestion? Many thanks in advanced, Juanjo. On Wed, Nov 26, 2014 at 3:19 PM, Alon Bar-Lev <alonbl@redhat.com> wrote:
----- Original Message -----
From: "Juan Jose" <jj197005@gmail.com> To: "Alon Bar-Lev" <alonbl@redhat.com> Cc: "Ondra Machacek" <omachace@redhat.com>, "Yair Zaslavsky" < yzaslavs@redhat.com>, users@ovirt.org Sent: Wednesday, November 26, 2014 3:04:14 PM Subject: Re: [ovirt-users] Adding domain to oVirt to 3.5 issue
Hello Alon and everybody,
Check in my ovirt-engine machine for ovirt-engine-aaa-ldap package and it is not available:
yum list "ovirt-engine*" Loaded plugins: fastestmirror, refresh-packagekit, security, versionlock Loading mirror speeds from cached hostfile * base: ftp.udl.es * epel: mirror.uv.es * extras: ftp.udl.es * ovirt-3.5: ftp.nluug.nl * ovirt-3.5-epel: mirror.uv.es * ovirt-3.5-jpackage-6.0-generic: mirror.ibcp.fr * ovirt-epel: mirror.uv.es * ovirt-jpackage-6.0-generic: mirror.ibcp.fr * updates: ftp.udl.es Installed Packages ovirt-engine.noarch 3.5.0.1-1.el6 @ovirt-3.5 ovirt-engine-backend.noarch 3.5.0.1-1.el6 @ovirt-3.5 ovirt-engine-cli.noarch 3.3.0.6-1.el6 @ovirt-3.3.3 ovirt-engine-dbscripts.noarch 3.5.0.1-1.el6 @ovirt-3.5 ovirt-engine-extensions-api-impl.noarch 3.5.0.1-1.el6 @ovirt-3.5 ovirt-engine-jboss-as.x86_64 7.1.1-1.el6 @ovirt-3.5 ovirt-engine-lib.noarch 3.5.0.1-1.el6 @ovirt-3.5 ovirt-engine-restapi.noarch 3.5.0.1-1.el6 @ovirt-3.5 ovirt-engine-sdk-python.noarch 3.5.0.8-1.el6 @ovirt-3.5 ovirt-engine-setup.noarch 3.5.0.1-1.el6 @ovirt-3.5 ovirt-engine-setup-base.noarch 3.5.0.1-1.el6 @ovirt-3.5 ovirt-engine-setup-plugin-ovirt-engine.noarch 3.5.0.1-1.el6 @ovirt-3.5 ovirt-engine-setup-plugin-ovirt-engine-common.noarch 3.5.0.1-1.el6 @ovirt-3.5 ovirt-engine-setup-plugin-websocket-proxy.noarch 3.5.0.1-1.el6 @ovirt-3.5 ovirt-engine-tools.noarch 3.5.0.1-1.el6 @ovirt-3.5 ovirt-engine-userportal.noarch 3.5.0.1-1.el6 @ovirt-3.5 ovirt-engine-webadmin-portal.noarch 3.5.0.1-1.el6 @ovirt-3.5 ovirt-engine-websocket-proxy.noarch 3.5.0.1-1.el6 @ovirt-3.5 Available Packages ovirt-engine-cli.noarch 3.5.0.5-1.el6 ovirt-3.5 ovirt-engine-dwh.noarch 3.5.0-1.el6 ovirt-3.5 ovirt-engine-dwh-setup.noarch 3.5.0-1.el6 ovirt-3.5 ovirt-engine-extensions-api-impl-javadoc.noarch 3.5.0.1-1.el6 ovirt-3.5 ovirt-engine-reports.noarch 3.5.1-0.1.el6 ovirt-3.5 ovirt-engine-reports-setup.noarch 3.5.1-0.1.el6 ovirt-3.5 ovirt-engine-sdk-java.noarch 3.5.0.5-1.el6 ovirt-3.5 ovirt-engine-sdk-java-javadoc.noarch 3.5.0.5-1.el6 ovirt-3.5 ovirt-engine-setup-plugin-allinone.noarch
How can I get this package?
Thanks for trying!
Package is available at ovirt-3.5-snapshot[1].
----- Original Message -----
From: "Juan Jose" <jj197005@gmail.com> To: "Alon Bar-Lev" <alonbl@redhat.com> Cc: "Ondra Machacek" <omachace@redhat.com>, "Yair Zaslavsky" <yzaslavs@redhat.com>, users@ovirt.org Sent: Friday, November 28, 2014 2:03:30 PM Subject: Re: [ovirt-users] Adding domain to oVirt to 3.5 issue
Hello everybody,
I will try this package shortly, but I would like to know why I can't use my AD as I was doing in ovirt 3.4 before upgrade to ovirt 3.5. I have executed kinit without problems after some modification in my /etc/krb5.conf file, as I said in before mail but the error with portal persists. Any suggestion?
I leave this for yair/oved to determine. You difficulties is the main reason why we wrote a new implementation. The current one is too complex, has almost no customization and very difficult for problem determination.
Many thanks in advanced,
Juanjo.
On Wed, Nov 26, 2014 at 3:19 PM, Alon Bar-Lev <alonbl@redhat.com> wrote:
----- Original Message -----
From: "Juan Jose" <jj197005@gmail.com> To: "Alon Bar-Lev" <alonbl@redhat.com> Cc: "Ondra Machacek" <omachace@redhat.com>, "Yair Zaslavsky" < yzaslavs@redhat.com>, users@ovirt.org Sent: Wednesday, November 26, 2014 3:04:14 PM Subject: Re: [ovirt-users] Adding domain to oVirt to 3.5 issue
Hello Alon and everybody,
Check in my ovirt-engine machine for ovirt-engine-aaa-ldap package and it is not available:
yum list "ovirt-engine*" Loaded plugins: fastestmirror, refresh-packagekit, security, versionlock Loading mirror speeds from cached hostfile * base: ftp.udl.es * epel: mirror.uv.es * extras: ftp.udl.es * ovirt-3.5: ftp.nluug.nl * ovirt-3.5-epel: mirror.uv.es * ovirt-3.5-jpackage-6.0-generic: mirror.ibcp.fr * ovirt-epel: mirror.uv.es * ovirt-jpackage-6.0-generic: mirror.ibcp.fr * updates: ftp.udl.es Installed Packages ovirt-engine.noarch 3.5.0.1-1.el6 @ovirt-3.5 ovirt-engine-backend.noarch 3.5.0.1-1.el6 @ovirt-3.5 ovirt-engine-cli.noarch 3.3.0.6-1.el6 @ovirt-3.3.3 ovirt-engine-dbscripts.noarch 3.5.0.1-1.el6 @ovirt-3.5 ovirt-engine-extensions-api-impl.noarch 3.5.0.1-1.el6 @ovirt-3.5 ovirt-engine-jboss-as.x86_64 7.1.1-1.el6 @ovirt-3.5 ovirt-engine-lib.noarch 3.5.0.1-1.el6 @ovirt-3.5 ovirt-engine-restapi.noarch 3.5.0.1-1.el6 @ovirt-3.5 ovirt-engine-sdk-python.noarch 3.5.0.8-1.el6 @ovirt-3.5 ovirt-engine-setup.noarch 3.5.0.1-1.el6 @ovirt-3.5 ovirt-engine-setup-base.noarch 3.5.0.1-1.el6 @ovirt-3.5 ovirt-engine-setup-plugin-ovirt-engine.noarch 3.5.0.1-1.el6 @ovirt-3.5 ovirt-engine-setup-plugin-ovirt-engine-common.noarch 3.5.0.1-1.el6 @ovirt-3.5 ovirt-engine-setup-plugin-websocket-proxy.noarch 3.5.0.1-1.el6 @ovirt-3.5 ovirt-engine-tools.noarch 3.5.0.1-1.el6 @ovirt-3.5 ovirt-engine-userportal.noarch 3.5.0.1-1.el6 @ovirt-3.5 ovirt-engine-webadmin-portal.noarch 3.5.0.1-1.el6 @ovirt-3.5 ovirt-engine-websocket-proxy.noarch 3.5.0.1-1.el6 @ovirt-3.5 Available Packages ovirt-engine-cli.noarch 3.5.0.5-1.el6 ovirt-3.5 ovirt-engine-dwh.noarch 3.5.0-1.el6 ovirt-3.5 ovirt-engine-dwh-setup.noarch 3.5.0-1.el6 ovirt-3.5 ovirt-engine-extensions-api-impl-javadoc.noarch 3.5.0.1-1.el6 ovirt-3.5 ovirt-engine-reports.noarch 3.5.1-0.1.el6 ovirt-3.5 ovirt-engine-reports-setup.noarch 3.5.1-0.1.el6 ovirt-3.5 ovirt-engine-sdk-java.noarch 3.5.0.5-1.el6 ovirt-3.5 ovirt-engine-sdk-java-javadoc.noarch 3.5.0.5-1.el6 ovirt-3.5 ovirt-engine-setup-plugin-allinone.noarch
How can I get this package?
Thanks for trying!
Package is available at ovirt-3.5-snapshot[1].
Hi, can you please take a look into windows AD logs, what's the message when you try to login in ovirt? Or can you please use tcpdump and see what's sent when you do login? Also would you please tell what's your AD version, I'll try to reproduce. Thanks, Ondra ----- Original Message -----
From: "Juan Jose" <jj197005@gmail.com> To: "Alon Bar-Lev" <alonbl@redhat.com> Cc: "Ondra Machacek" <omachace@redhat.com>, "Yair Zaslavsky" <yzaslavs@redhat.com>, users@ovirt.org Sent: Friday, November 28, 2014 1:03:30 PM Subject: Re: [ovirt-users] Adding domain to oVirt to 3.5 issue
Hello everybody,
I will try this package shortly, but I would like to know why I can't use my AD as I was doing in ovirt 3.4 before upgrade to ovirt 3.5. I have executed kinit without problems after some modification in my /etc/krb5.conf file, as I said in before mail but the error with portal persists. Any suggestion?
Many thanks in advanced,
Juanjo.
On Wed, Nov 26, 2014 at 3:19 PM, Alon Bar-Lev <alonbl@redhat.com> wrote:
----- Original Message -----
From: "Juan Jose" <jj197005@gmail.com> To: "Alon Bar-Lev" <alonbl@redhat.com> Cc: "Ondra Machacek" <omachace@redhat.com>, "Yair Zaslavsky" < yzaslavs@redhat.com>, users@ovirt.org Sent: Wednesday, November 26, 2014 3:04:14 PM Subject: Re: [ovirt-users] Adding domain to oVirt to 3.5 issue
Hello Alon and everybody,
Check in my ovirt-engine machine for ovirt-engine-aaa-ldap package and it is not available:
yum list "ovirt-engine*" Loaded plugins: fastestmirror, refresh-packagekit, security, versionlock Loading mirror speeds from cached hostfile * base: ftp.udl.es * epel: mirror.uv.es * extras: ftp.udl.es * ovirt-3.5: ftp.nluug.nl * ovirt-3.5-epel: mirror.uv.es * ovirt-3.5-jpackage-6.0-generic: mirror.ibcp.fr * ovirt-epel: mirror.uv.es * ovirt-jpackage-6.0-generic: mirror.ibcp.fr * updates: ftp.udl.es Installed Packages ovirt-engine.noarch 3.5.0.1-1.el6 @ovirt-3.5 ovirt-engine-backend.noarch 3.5.0.1-1.el6 @ovirt-3.5 ovirt-engine-cli.noarch 3.3.0.6-1.el6 @ovirt-3.3.3 ovirt-engine-dbscripts.noarch 3.5.0.1-1.el6 @ovirt-3.5 ovirt-engine-extensions-api-impl.noarch 3.5.0.1-1.el6 @ovirt-3.5 ovirt-engine-jboss-as.x86_64 7.1.1-1.el6 @ovirt-3.5 ovirt-engine-lib.noarch 3.5.0.1-1.el6 @ovirt-3.5 ovirt-engine-restapi.noarch 3.5.0.1-1.el6 @ovirt-3.5 ovirt-engine-sdk-python.noarch 3.5.0.8-1.el6 @ovirt-3.5 ovirt-engine-setup.noarch 3.5.0.1-1.el6 @ovirt-3.5 ovirt-engine-setup-base.noarch 3.5.0.1-1.el6 @ovirt-3.5 ovirt-engine-setup-plugin-ovirt-engine.noarch 3.5.0.1-1.el6 @ovirt-3.5 ovirt-engine-setup-plugin-ovirt-engine-common.noarch 3.5.0.1-1.el6 @ovirt-3.5 ovirt-engine-setup-plugin-websocket-proxy.noarch 3.5.0.1-1.el6 @ovirt-3.5 ovirt-engine-tools.noarch 3.5.0.1-1.el6 @ovirt-3.5 ovirt-engine-userportal.noarch 3.5.0.1-1.el6 @ovirt-3.5 ovirt-engine-webadmin-portal.noarch 3.5.0.1-1.el6 @ovirt-3.5 ovirt-engine-websocket-proxy.noarch 3.5.0.1-1.el6 @ovirt-3.5 Available Packages ovirt-engine-cli.noarch 3.5.0.5-1.el6 ovirt-3.5 ovirt-engine-dwh.noarch 3.5.0-1.el6 ovirt-3.5 ovirt-engine-dwh-setup.noarch 3.5.0-1.el6 ovirt-3.5 ovirt-engine-extensions-api-impl-javadoc.noarch 3.5.0.1-1.el6 ovirt-3.5 ovirt-engine-reports.noarch 3.5.1-0.1.el6 ovirt-3.5 ovirt-engine-reports-setup.noarch 3.5.1-0.1.el6 ovirt-3.5 ovirt-engine-sdk-java.noarch 3.5.0.5-1.el6 ovirt-3.5 ovirt-engine-sdk-java-javadoc.noarch 3.5.0.5-1.el6 ovirt-3.5 ovirt-engine-setup-plugin-allinone.noarch
How can I get this package?
Thanks for trying!
Package is available at ovirt-3.5-snapshot[1].
Hello Alon and everybody, I have installed package ovirt-engine-extension-aaa-ldap and configure my files as the documentation says. The files are: /etc/ovirt-engine/extensions.d/siee.local-authn.properties: ovirt.engine.extension.name = siee.local-authn ovirt.engine.extension.bindings.method = jbossmodule ovirt.engine.extension.binding.jbossmodule.module = org.ovirt.engine-extensions.aaa.ldap ovirt.engine.extension.binding.jbossmodule.class = org.ovirt.engineextensions.aaa.ldap.AuthnExtension ovirt.engine.extension.provides = org.ovirt.engine.api.extensions.aaa.Authn ovirt.engine.aaa.authn.profile.name = siee.local ovirt.engine.aaa.authn.authz.plugin = siee.local-authz config.profile.file.1 = aaa/siee.local.properties /etc/ovirt-engine/extensions.d/siee.local-authz.properties: ovirt.engine.extension.name = siee.local-authz ovirt.engine.extension.bindings.method = jbossmodule ovirt.engine.extension.binding.jbossmodule.module = org.ovirt.engine-extensions.aaa.ldap ovirt.engine.extension.binding.jbossmodule.class = org.ovirt.engineextensions.aaa.ldap.AuthzExtension ovirt.engine.extension.provides = org.ovirt.engine.api.extensions.aaa.Authz config.profile.file.1 = aaa/siee.local.properties /etc/ovirt-engine/extensions.d/aaa/siee.local.properties: include = <ad.properties> # # Active directory domain name. # vars.domain = siee.local # # Search user and its password. # vars.user = juanjo@${global:vars.domain} vars.password = xxxxxxxx # # Optional DNS servers, if enterprise # DNS server cannot resolve the domain srvrecord. # #vars.dns = dns://dc1.${global:vars.domain} dns://dc2.${global:vars.domain} pool.default.serverset.type = srvrecord pool.default.serverset.srvrecord.domain = ${global:vars.domain} pool.default.auth.simple.bindDN = ${global:vars.user} pool.default.auth.simple.password = ${global:vars.password} # Uncomment if using custom DNS #pool.default.serverset.srvrecord.jndi-properties.java.naming.provider.url = ${global:vars.dns} #pool.default.socketfactory.resolver.uRL = ${global:vars.dns} # Create keystore, import certificate chain and uncomment # if using ssl/tls. #pool.default.ssl.startTLS = true #pool.default.ssl.truststore.file = ${local:_basedir}/${global:vars.domain}.jks #pool.default.ssl.truststore.password = changeit And after this configuration I restart ovirt-engine service. When I try to login in administrator portal I can see the error "The user name or password is incorrect.". In /var/log/ovirt-engine/engine.log I have the errors: 2014-12-02 14:02:21,983 ERROR [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] (ajp--127.0.0.1-8702-8) Correlation ID: null, Call Stack: null, Custom Event ID: -1, Message: User juanjo cannot login, please verify the username and password. 2014-12-02 14:02:21,991 ERROR [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] (ajp--127.0.0.1-8702-8) Correlation ID: null, Call Stack: null, Custom Event ID: -1, Message: User juanjo failed to log in. I'm using correct user and password becuase I can login in a Windows client machine which is inside siee.local domain with this user and its correct password. What do you think it could be the problem? If you need more information or I have to configure any other parameters, please tell me. Many thanks in advanced, Juanjo. On Wed, Nov 26, 2014 at 3:19 PM, Alon Bar-Lev <alonbl@redhat.com> wrote:
----- Original Message -----
From: "Juan Jose" <jj197005@gmail.com> To: "Alon Bar-Lev" <alonbl@redhat.com> Cc: "Ondra Machacek" <omachace@redhat.com>, "Yair Zaslavsky" < yzaslavs@redhat.com>, users@ovirt.org Sent: Wednesday, November 26, 2014 3:04:14 PM Subject: Re: [ovirt-users] Adding domain to oVirt to 3.5 issue
Hello Alon and everybody,
Check in my ovirt-engine machine for ovirt-engine-aaa-ldap package and it is not available:
yum list "ovirt-engine*" Loaded plugins: fastestmirror, refresh-packagekit, security, versionlock Loading mirror speeds from cached hostfile * base: ftp.udl.es * epel: mirror.uv.es * extras: ftp.udl.es * ovirt-3.5: ftp.nluug.nl * ovirt-3.5-epel: mirror.uv.es * ovirt-3.5-jpackage-6.0-generic: mirror.ibcp.fr * ovirt-epel: mirror.uv.es * ovirt-jpackage-6.0-generic: mirror.ibcp.fr * updates: ftp.udl.es Installed Packages ovirt-engine.noarch 3.5.0.1-1.el6 @ovirt-3.5 ovirt-engine-backend.noarch 3.5.0.1-1.el6 @ovirt-3.5 ovirt-engine-cli.noarch 3.3.0.6-1.el6 @ovirt-3.3.3 ovirt-engine-dbscripts.noarch 3.5.0.1-1.el6 @ovirt-3.5 ovirt-engine-extensions-api-impl.noarch 3.5.0.1-1.el6 @ovirt-3.5 ovirt-engine-jboss-as.x86_64 7.1.1-1.el6 @ovirt-3.5 ovirt-engine-lib.noarch 3.5.0.1-1.el6 @ovirt-3.5 ovirt-engine-restapi.noarch 3.5.0.1-1.el6 @ovirt-3.5 ovirt-engine-sdk-python.noarch 3.5.0.8-1.el6 @ovirt-3.5 ovirt-engine-setup.noarch 3.5.0.1-1.el6 @ovirt-3.5 ovirt-engine-setup-base.noarch 3.5.0.1-1.el6 @ovirt-3.5 ovirt-engine-setup-plugin-ovirt-engine.noarch 3.5.0.1-1.el6 @ovirt-3.5 ovirt-engine-setup-plugin-ovirt-engine-common.noarch 3.5.0.1-1.el6 @ovirt-3.5 ovirt-engine-setup-plugin-websocket-proxy.noarch 3.5.0.1-1.el6 @ovirt-3.5 ovirt-engine-tools.noarch 3.5.0.1-1.el6 @ovirt-3.5 ovirt-engine-userportal.noarch 3.5.0.1-1.el6 @ovirt-3.5 ovirt-engine-webadmin-portal.noarch 3.5.0.1-1.el6 @ovirt-3.5 ovirt-engine-websocket-proxy.noarch 3.5.0.1-1.el6 @ovirt-3.5 Available Packages ovirt-engine-cli.noarch 3.5.0.5-1.el6 ovirt-3.5 ovirt-engine-dwh.noarch 3.5.0-1.el6 ovirt-3.5 ovirt-engine-dwh-setup.noarch 3.5.0-1.el6 ovirt-3.5 ovirt-engine-extensions-api-impl-javadoc.noarch 3.5.0.1-1.el6 ovirt-3.5 ovirt-engine-reports.noarch 3.5.1-0.1.el6 ovirt-3.5 ovirt-engine-reports-setup.noarch 3.5.1-0.1.el6 ovirt-3.5 ovirt-engine-sdk-java.noarch 3.5.0.5-1.el6 ovirt-3.5 ovirt-engine-sdk-java-javadoc.noarch 3.5.0.5-1.el6 ovirt-3.5 ovirt-engine-setup-plugin-allinone.noarch
How can I get this package?
Thanks for trying!
Package is available at ovirt-3.5-snapshot[1].
----- Original Message -----
From: "Juan Jose" <jj197005@gmail.com> To: "Alon Bar-Lev" <alonbl@redhat.com> Cc: "Ondra Machacek" <omachace@redhat.com>, "Yair Zaslavsky" <yzaslavs@redhat.com>, users@ovirt.org Sent: Tuesday, December 2, 2014 3:48:54 PM Subject: Re: [ovirt-users] Adding domain to oVirt to 3.5 issue
Hello Alon and everybody,
I have installed package ovirt-engine-extension-aaa-ldap and configure my files as the documentation says. The files are:
/etc/ovirt-engine/extensions.d/siee.local-authn.properties:
ovirt.engine.extension.name = siee.local-authn ovirt.engine.extension.bindings.method = jbossmodule ovirt.engine.extension.binding.jbossmodule.module = org.ovirt.engine-extensions.aaa.ldap ovirt.engine.extension.binding.jbossmodule.class = org.ovirt.engineextensions.aaa.ldap.AuthnExtension ovirt.engine.extension.provides = org.ovirt.engine.api.extensions.aaa.Authn ovirt.engine.aaa.authn.profile.name = siee.local ovirt.engine.aaa.authn.authz.plugin = siee.local-authz config.profile.file.1 = aaa/siee.local.properties
please use absolute file name for 3.5.0 relative will be available in 3.5.1
/etc/ovirt-engine/extensions.d/siee.local-authz.properties:
ovirt.engine.extension.name = siee.local-authz ovirt.engine.extension.bindings.method = jbossmodule ovirt.engine.extension.binding.jbossmodule.module = org.ovirt.engine-extensions.aaa.ldap ovirt.engine.extension.binding.jbossmodule.class = org.ovirt.engineextensions.aaa.ldap.AuthzExtension ovirt.engine.extension.provides = org.ovirt.engine.api.extensions.aaa.Authz config.profile.file.1 = aaa/siee.local.properties
please use absolute file name for 3.5.0 relative will be available in 3.5.1
/etc/ovirt-engine/extensions.d/aaa/siee.local.properties:
include = <ad.properties>
# # Active directory domain name. # vars.domain = siee.local
# # Search user and its password. # vars.user = juanjo@${global:vars.domain} vars.password = xxxxxxxx
this should be dedicate user for search not your private user.
# # Optional DNS servers, if enterprise # DNS server cannot resolve the domain srvrecord. # #vars.dns = dns://dc1.${global:vars.domain} dns://dc2.${global:vars.domain}
pool.default.serverset.type = srvrecord pool.default.serverset.srvrecord.domain = ${global:vars.domain} pool.default.auth.simple.bindDN = ${global:vars.user} pool.default.auth.simple.password = ${global:vars.password}
# Uncomment if using custom DNS #pool.default.serverset.srvrecord.jndi-properties.java.naming.provider.url = ${global:vars.dns} #pool.default.socketfactory.resolver.uRL = ${global:vars.dns}
# Create keystore, import certificate chain and uncomment # if using ssl/tls. #pool.default.ssl.startTLS = true #pool.default.ssl.truststore.file = ${local:_basedir}/${global:vars.domain}.jks #pool.default.ssl.truststore.password = changeit
And after this configuration I restart ovirt-engine service. When I try to login in administrator portal I can see the error "The user name or password is incorrect.". In /var/log/ovirt-engine/engine.log I have the errors:
2014-12-02 14:02:21,983 ERROR [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] (ajp--127.0.0.1-8702-8) Correlation ID: null, Call Stack: null, Custom Event ID: -1, Message: User juanjo cannot login, please verify the username and password. 2014-12-02 14:02:21,991 ERROR [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] (ajp--127.0.0.1-8702-8) Correlation ID: null, Call Stack: null, Custom Event ID: -1, Message: User juanjo failed to log in.
I'm using correct user and password becuase I can login in a Windows client machine which is inside siee.local domain with this user and its correct password.
What do you think it could be the problem?
If you need more information or I have to configure any other parameters, please tell me.
please attach full engine.log, more correctly, stop engine, remove engine.log start engine, try to login and send log. please make sure you select the "siee.local" domain in dropdown of login screen. when I get the engine.log I will be able to understand who to progress. thanks!
Many thanks in advanced,
Juanjo.
On Wed, Nov 26, 2014 at 3:19 PM, Alon Bar-Lev <alonbl@redhat.com> wrote:
----- Original Message -----
From: "Juan Jose" <jj197005@gmail.com> To: "Alon Bar-Lev" <alonbl@redhat.com> Cc: "Ondra Machacek" <omachace@redhat.com>, "Yair Zaslavsky" < yzaslavs@redhat.com>, users@ovirt.org Sent: Wednesday, November 26, 2014 3:04:14 PM Subject: Re: [ovirt-users] Adding domain to oVirt to 3.5 issue
Hello Alon and everybody,
Check in my ovirt-engine machine for ovirt-engine-aaa-ldap package and it is not available:
yum list "ovirt-engine*" Loaded plugins: fastestmirror, refresh-packagekit, security, versionlock Loading mirror speeds from cached hostfile * base: ftp.udl.es * epel: mirror.uv.es * extras: ftp.udl.es * ovirt-3.5: ftp.nluug.nl * ovirt-3.5-epel: mirror.uv.es * ovirt-3.5-jpackage-6.0-generic: mirror.ibcp.fr * ovirt-epel: mirror.uv.es * ovirt-jpackage-6.0-generic: mirror.ibcp.fr * updates: ftp.udl.es Installed Packages ovirt-engine.noarch 3.5.0.1-1.el6 @ovirt-3.5 ovirt-engine-backend.noarch 3.5.0.1-1.el6 @ovirt-3.5 ovirt-engine-cli.noarch 3.3.0.6-1.el6 @ovirt-3.3.3 ovirt-engine-dbscripts.noarch 3.5.0.1-1.el6 @ovirt-3.5 ovirt-engine-extensions-api-impl.noarch 3.5.0.1-1.el6 @ovirt-3.5 ovirt-engine-jboss-as.x86_64 7.1.1-1.el6 @ovirt-3.5 ovirt-engine-lib.noarch 3.5.0.1-1.el6 @ovirt-3.5 ovirt-engine-restapi.noarch 3.5.0.1-1.el6 @ovirt-3.5 ovirt-engine-sdk-python.noarch 3.5.0.8-1.el6 @ovirt-3.5 ovirt-engine-setup.noarch 3.5.0.1-1.el6 @ovirt-3.5 ovirt-engine-setup-base.noarch 3.5.0.1-1.el6 @ovirt-3.5 ovirt-engine-setup-plugin-ovirt-engine.noarch 3.5.0.1-1.el6 @ovirt-3.5 ovirt-engine-setup-plugin-ovirt-engine-common.noarch 3.5.0.1-1.el6 @ovirt-3.5 ovirt-engine-setup-plugin-websocket-proxy.noarch 3.5.0.1-1.el6 @ovirt-3.5 ovirt-engine-tools.noarch 3.5.0.1-1.el6 @ovirt-3.5 ovirt-engine-userportal.noarch 3.5.0.1-1.el6 @ovirt-3.5 ovirt-engine-webadmin-portal.noarch 3.5.0.1-1.el6 @ovirt-3.5 ovirt-engine-websocket-proxy.noarch 3.5.0.1-1.el6 @ovirt-3.5 Available Packages ovirt-engine-cli.noarch 3.5.0.5-1.el6 ovirt-3.5 ovirt-engine-dwh.noarch 3.5.0-1.el6 ovirt-3.5 ovirt-engine-dwh-setup.noarch 3.5.0-1.el6 ovirt-3.5 ovirt-engine-extensions-api-impl-javadoc.noarch 3.5.0.1-1.el6 ovirt-3.5 ovirt-engine-reports.noarch 3.5.1-0.1.el6 ovirt-3.5 ovirt-engine-reports-setup.noarch 3.5.1-0.1.el6 ovirt-3.5 ovirt-engine-sdk-java.noarch 3.5.0.5-1.el6 ovirt-3.5 ovirt-engine-sdk-java-javadoc.noarch 3.5.0.5-1.el6 ovirt-3.5 ovirt-engine-setup-plugin-allinone.noarch
How can I get this package?
Thanks for trying!
Package is available at ovirt-3.5-snapshot[1].
Hello Alon, I have done what you have said. My new configuration files are: /etc/ovirt-engine/extensions.d/siee-local-authn.properties: ovirt.engine.extension.name = siee-local-authn ovirt.engine.extension.bindings.method = jbossmodule ovirt.engine.extension.binding.jbossmodule.module = org.ovirt.engine-extensions.aaa.ldap ovirt.engine.extension.binding.jbossmodule.class = org.ovirt.engineextensions.aaa.ldap.AuthnExtension ovirt.engine.extension.provides = org.ovirt.engine.api.extensions.aaa.Authn ovirt.engine.aaa.authn.profile.name = siee ovirt.engine.aaa.authn.authz.plugin = siee-local-authz config.profile.file.1 = aaa/siee.properties /etc/ovirt-engine/extensions.d/siee-local-authz.properties: ovirt.engine.extension.name = siee-local-authz ovirt.engine.extension.bindings.method = jbossmodule ovirt.engine.extension.binding.jbossmodule.module = org.ovirt.engine-extensions.aaa.ldap ovirt.engine.extension.binding.jbossmodule.class = org.ovirt.engineextensions.aaa.ldap.AuthzExtension ovirt.engine.extension.provides = org.ovirt.engine.api.extensions.aaa.Authz config.profile.file.1 = aaa/siee.properties /etc/ovirt-engine/extensions.d/aaa/siee.properties: include = <ad.properties> # # Active directory domain name. # vars.domain = siee.local # # Search user and its password. # vars.user = searcher@${global:vars.domain} vars.password = xxxxxxx # # Optional DNS servers, if enterprise # DNS server cannot resolve the domain srvrecord. # #vars.dns = dns://dc1.${global:vars.domain} dns://dc2.${global:vars.domain} pool.default.serverset.type = srvrecord pool.default.serverset.srvrecord.domain = ${global:vars.domain} pool.default.auth.simple.bindDN = ${global:vars.user} pool.default.auth.simple.password = ${global:vars.password} # Uncomment if using custom DNS #pool.default.serverset.srvrecord.jndi-properties.java.naming.provider.url = ${global:vars.dns} #pool.default.socketfactory.resolver.uRL = ${global:vars.dns} # Create keystore, import certificate chain and uncomment # if using ssl/tls. #pool.default.ssl.startTLS = true #pool.default.ssl.truststore.file = ${local:_basedir}/${global:vars.domain}.jks #pool.default.ssl.truststore.password = changeit After reconfigure my files with ovirt-engine stopped I have started ovirt-engine and I have tried to log in. The error persist, "General command validation failure." and after that I have stopped ovirt-engine again. I attach my engine.log file. Many thanks again, Juanjo. On Tue, Dec 2, 2014 at 3:46 PM, Alon Bar-Lev <alonbl@redhat.com> wrote:
----- Original Message -----
From: "Juan Jose" <jj197005@gmail.com> To: "Alon Bar-Lev" <alonbl@redhat.com> Cc: "Ondra Machacek" <omachace@redhat.com>, "Yair Zaslavsky" < yzaslavs@redhat.com>, users@ovirt.org Sent: Tuesday, December 2, 2014 3:48:54 PM Subject: Re: [ovirt-users] Adding domain to oVirt to 3.5 issue
Hello Alon and everybody,
I have installed package ovirt-engine-extension-aaa-ldap and configure my files as the documentation says. The files are:
/etc/ovirt-engine/extensions.d/siee.local-authn.properties:
ovirt.engine.extension.name = siee.local-authn ovirt.engine.extension.bindings.method = jbossmodule ovirt.engine.extension.binding.jbossmodule.module = org.ovirt.engine-extensions.aaa.ldap ovirt.engine.extension.binding.jbossmodule.class = org.ovirt.engineextensions.aaa.ldap.AuthnExtension ovirt.engine.extension.provides = org.ovirt.engine.api.extensions.aaa.Authn ovirt.engine.aaa.authn.profile.name = siee.local ovirt.engine.aaa.authn.authz.plugin = siee.local-authz config.profile.file.1 = aaa/siee.local.properties
please use absolute file name for 3.5.0 relative will be available in 3.5.1
/etc/ovirt-engine/extensions.d/siee.local-authz.properties:
ovirt.engine.extension.name = siee.local-authz ovirt.engine.extension.bindings.method = jbossmodule ovirt.engine.extension.binding.jbossmodule.module = org.ovirt.engine-extensions.aaa.ldap ovirt.engine.extension.binding.jbossmodule.class = org.ovirt.engineextensions.aaa.ldap.AuthzExtension ovirt.engine.extension.provides =
org.ovirt.engine.api.extensions.aaa.Authz
config.profile.file.1 = aaa/siee.local.properties
please use absolute file name for 3.5.0 relative will be available in 3.5.1
/etc/ovirt-engine/extensions.d/aaa/siee.local.properties:
include = <ad.properties>
# # Active directory domain name. # vars.domain = siee.local
# # Search user and its password. # vars.user = juanjo@${global:vars.domain} vars.password = xxxxxxxx
this should be dedicate user for search not your private user.
# # Optional DNS servers, if enterprise # DNS server cannot resolve the domain srvrecord. # #vars.dns = dns://dc1.${global:vars.domain}
dns://dc2.${global:vars.domain}
pool.default.serverset.type = srvrecord pool.default.serverset.srvrecord.domain = ${global:vars.domain} pool.default.auth.simple.bindDN = ${global:vars.user} pool.default.auth.simple.password = ${global:vars.password}
# Uncomment if using custom DNS
#pool.default.serverset.srvrecord.jndi-properties.java.naming.provider.url
= ${global:vars.dns} #pool.default.socketfactory.resolver.uRL = ${global:vars.dns}
# Create keystore, import certificate chain and uncomment # if using ssl/tls. #pool.default.ssl.startTLS = true #pool.default.ssl.truststore.file = ${local:_basedir}/${global:vars.domain}.jks #pool.default.ssl.truststore.password = changeit
And after this configuration I restart ovirt-engine service. When I try to login in administrator portal I can see the error "The user name or password is incorrect.". In /var/log/ovirt-engine/engine.log I have the errors:
2014-12-02 14:02:21,983 ERROR [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] (ajp--127.0.0.1-8702-8) Correlation ID: null, Call Stack: null, Custom Event ID: -1, Message: User juanjo cannot login, please verify the username and password. 2014-12-02 14:02:21,991 ERROR [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] (ajp--127.0.0.1-8702-8) Correlation ID: null, Call Stack: null, Custom Event ID: -1, Message: User juanjo failed to log in.
I'm using correct user and password becuase I can login in a Windows client machine which is inside siee.local domain with this user and its correct password.
What do you think it could be the problem?
If you need more information or I have to configure any other parameters, please tell me.
please attach full engine.log, more correctly, stop engine, remove engine.log start engine, try to login and send log. please make sure you select the "siee.local" domain in dropdown of login screen.
when I get the engine.log I will be able to understand who to progress.
thanks!
Many thanks in advanced,
Juanjo.
On Wed, Nov 26, 2014 at 3:19 PM, Alon Bar-Lev <alonbl@redhat.com> wrote:
----- Original Message -----
From: "Juan Jose" <jj197005@gmail.com> To: "Alon Bar-Lev" <alonbl@redhat.com> Cc: "Ondra Machacek" <omachace@redhat.com>, "Yair Zaslavsky" < yzaslavs@redhat.com>, users@ovirt.org Sent: Wednesday, November 26, 2014 3:04:14 PM Subject: Re: [ovirt-users] Adding domain to oVirt to 3.5 issue
Hello Alon and everybody,
Check in my ovirt-engine machine for ovirt-engine-aaa-ldap package
and it
is not available:
yum list "ovirt-engine*" Loaded plugins: fastestmirror, refresh-packagekit, security, versionlock Loading mirror speeds from cached hostfile * base: ftp.udl.es * epel: mirror.uv.es * extras: ftp.udl.es * ovirt-3.5: ftp.nluug.nl * ovirt-3.5-epel: mirror.uv.es * ovirt-3.5-jpackage-6.0-generic: mirror.ibcp.fr * ovirt-epel: mirror.uv.es * ovirt-jpackage-6.0-generic: mirror.ibcp.fr * updates: ftp.udl.es Installed Packages ovirt-engine.noarch 3.5.0.1-1.el6 @ovirt-3.5 ovirt-engine-backend.noarch 3.5.0.1-1.el6 @ovirt-3.5 ovirt-engine-cli.noarch 3.3.0.6-1.el6 @ovirt-3.3.3 ovirt-engine-dbscripts.noarch 3.5.0.1-1.el6 @ovirt-3.5 ovirt-engine-extensions-api-impl.noarch 3.5.0.1-1.el6 @ovirt-3.5 ovirt-engine-jboss-as.x86_64 7.1.1-1.el6 @ovirt-3.5 ovirt-engine-lib.noarch 3.5.0.1-1.el6 @ovirt-3.5 ovirt-engine-restapi.noarch 3.5.0.1-1.el6 @ovirt-3.5 ovirt-engine-sdk-python.noarch 3.5.0.8-1.el6 @ovirt-3.5 ovirt-engine-setup.noarch 3.5.0.1-1.el6 @ovirt-3.5 ovirt-engine-setup-base.noarch 3.5.0.1-1.el6 @ovirt-3.5 ovirt-engine-setup-plugin-ovirt-engine.noarch 3.5.0.1-1.el6 @ovirt-3.5 ovirt-engine-setup-plugin-ovirt-engine-common.noarch 3.5.0.1-1.el6 @ovirt-3.5 ovirt-engine-setup-plugin-websocket-proxy.noarch 3.5.0.1-1.el6 @ovirt-3.5 ovirt-engine-tools.noarch 3.5.0.1-1.el6 @ovirt-3.5 ovirt-engine-userportal.noarch 3.5.0.1-1.el6 @ovirt-3.5 ovirt-engine-webadmin-portal.noarch 3.5.0.1-1.el6 @ovirt-3.5 ovirt-engine-websocket-proxy.noarch 3.5.0.1-1.el6 @ovirt-3.5 Available Packages ovirt-engine-cli.noarch 3.5.0.5-1.el6 ovirt-3.5 ovirt-engine-dwh.noarch 3.5.0-1.el6 ovirt-3.5 ovirt-engine-dwh-setup.noarch 3.5.0-1.el6 ovirt-3.5 ovirt-engine-extensions-api-impl-javadoc.noarch 3.5.0.1-1.el6 ovirt-3.5 ovirt-engine-reports.noarch 3.5.1-0.1.el6 ovirt-3.5 ovirt-engine-reports-setup.noarch 3.5.1-0.1.el6 ovirt-3.5 ovirt-engine-sdk-java.noarch 3.5.0.5-1.el6 ovirt-3.5 ovirt-engine-sdk-java-javadoc.noarch 3.5.0.5-1.el6 ovirt-3.5 ovirt-engine-setup-plugin-allinone.noarch
How can I get this package?
Thanks for trying!
Package is available at ovirt-3.5-snapshot[1].
Hi! You have the following errors: 2014-12-05 09:32:31,778 INFO [org.ovirt.engine.core.extensions.mgr.ExtensionsManager] (MSC service thread 1-5) Loading extension 'siee-local-authn' 2014-12-05 09:32:31,819 ERROR [org.ovirt.engine.core.utils.extensionsmgr.EngineExtensionsManager] (MSC service thread 1-5) Could not load extension based on configuration file '/etc/ovirt-engine/extensions.d/siee-local-authn.properties'. Please check the configuration file is valid. Exception message is: Error loading extension 'siee-local-authn': /aaa/siee.properties (No such file or directory) 2014-12-05 09:32:31,823 INFO [org.ovirt.engine.core.extensions.mgr.ExtensionsManager] (MSC service thread 1-5) Loading extension 'siee-local-authz' 2014-12-05 09:32:31,824 ERROR [org.ovirt.engine.core.utils.extensionsmgr.EngineExtensionsManager] (MSC service thread 1-5) Could not load extension based on configuration file '/etc/ovirt-engine/extensions.d/siee-local-authz.properties'. Please check the configuration file is valid. Exception message is: Error loading extension 'siee-local-authz': /aaa/siee.properties (No such file or directory) Per my last message, you should provide absolute file names if you use 3.5.0. Please see inline comments bellow. Also, you are trying to authenticate with the legacy provider: 2014-12-05 09:33:04,871 ERROR [org.ovirt.engine.extensions.aaa.builtin.kerberosldap.DirectorySearcher] (ajp--127.0.0.1-8702-5) Failed ldap search server ldap://adserver.siee.local:389 using user juanjo@SIEE.LOCAL due to Authentication Failed. Please verify the username and password.. We should not try the next server Can you please use engine-manage-domains to remove the legacy (old) domain, so we reduce confusion? Thanks! ----- Original Message -----
From: "Juan Jose" <jj197005@gmail.com> To: "Alon Bar-Lev" <alonbl@redhat.com> Cc: "Ondra Machacek" <omachace@redhat.com>, "Yair Zaslavsky" <yzaslavs@redhat.com>, users@ovirt.org Sent: Friday, December 5, 2014 10:43:01 AM Subject: Re: [ovirt-users] Adding domain to oVirt to 3.5 issue
Hello Alon,
I have done what you have said. My new configuration files are:
/etc/ovirt-engine/extensions.d/siee-local-authn.properties:
ovirt.engine.extension.name = siee-local-authn ovirt.engine.extension.bindings.method = jbossmodule ovirt.engine.extension.binding.jbossmodule.module = org.ovirt.engine-extensions.aaa.ldap ovirt.engine.extension.binding.jbossmodule.class = org.ovirt.engineextensions.aaa.ldap.AuthnExtension ovirt.engine.extension.provides = org.ovirt.engine.api.extensions.aaa.Authn ovirt.engine.aaa.authn.profile.name = siee ovirt.engine.aaa.authn.authz.plugin = siee-local-authz config.profile.file.1 = aaa/siee.properties
should be: /etc/ovirt-engine/extensions.d/aaa/siee.properties in 3.5.0 or can be ../aaa/siee.properties in 3.5.1.
/etc/ovirt-engine/extensions.d/siee-local-authz.properties:
ovirt.engine.extension.name = siee-local-authz ovirt.engine.extension.bindings.method = jbossmodule ovirt.engine.extension.binding.jbossmodule.module = org.ovirt.engine-extensions.aaa.ldap ovirt.engine.extension.binding.jbossmodule.class = org.ovirt.engineextensions.aaa.ldap.AuthzExtension ovirt.engine.extension.provides = org.ovirt.engine.api.extensions.aaa.Authz config.profile.file.1 = aaa/siee.properties
should be: /etc/ovirt-engine/extensions.d/aaa/siee.properties in 3.5.0 or can be ../aaa/siee.properties in 3.5.1.
/etc/ovirt-engine/extensions.d/aaa/siee.properties:
include = <ad.properties>
# # Active directory domain name. # vars.domain = siee.local
# # Search user and its password. # vars.user = searcher@${global:vars.domain} vars.password = xxxxxxx
# # Optional DNS servers, if enterprise # DNS server cannot resolve the domain srvrecord. # #vars.dns = dns://dc1.${global:vars.domain} dns://dc2.${global:vars.domain}
pool.default.serverset.type = srvrecord pool.default.serverset.srvrecord.domain = ${global:vars.domain} pool.default.auth.simple.bindDN = ${global:vars.user} pool.default.auth.simple.password = ${global:vars.password}
# Uncomment if using custom DNS #pool.default.serverset.srvrecord.jndi-properties.java.naming.provider.url = ${global:vars.dns} #pool.default.socketfactory.resolver.uRL = ${global:vars.dns}
# Create keystore, import certificate chain and uncomment # if using ssl/tls. #pool.default.ssl.startTLS = true #pool.default.ssl.truststore.file = ${local:_basedir}/${global:vars.domain}.jks #pool.default.ssl.truststore.password = changeit
After reconfigure my files with ovirt-engine stopped I have started ovirt-engine and I have tried to log in. The error persist, "General command validation failure." and after that I have stopped ovirt-engine again. I attach my engine.log file.
Many thanks again,
Juanjo.
On Tue, Dec 2, 2014 at 3:46 PM, Alon Bar-Lev <alonbl@redhat.com> wrote:
----- Original Message -----
From: "Juan Jose" <jj197005@gmail.com> To: "Alon Bar-Lev" <alonbl@redhat.com> Cc: "Ondra Machacek" <omachace@redhat.com>, "Yair Zaslavsky" < yzaslavs@redhat.com>, users@ovirt.org Sent: Tuesday, December 2, 2014 3:48:54 PM Subject: Re: [ovirt-users] Adding domain to oVirt to 3.5 issue
Hello Alon and everybody,
I have installed package ovirt-engine-extension-aaa-ldap and configure my files as the documentation says. The files are:
/etc/ovirt-engine/extensions.d/siee.local-authn.properties:
ovirt.engine.extension.name = siee.local-authn ovirt.engine.extension.bindings.method = jbossmodule ovirt.engine.extension.binding.jbossmodule.module = org.ovirt.engine-extensions.aaa.ldap ovirt.engine.extension.binding.jbossmodule.class = org.ovirt.engineextensions.aaa.ldap.AuthnExtension ovirt.engine.extension.provides = org.ovirt.engine.api.extensions.aaa.Authn ovirt.engine.aaa.authn.profile.name = siee.local ovirt.engine.aaa.authn.authz.plugin = siee.local-authz config.profile.file.1 = aaa/siee.local.properties
please use absolute file name for 3.5.0 relative will be available in 3.5.1
/etc/ovirt-engine/extensions.d/siee.local-authz.properties:
ovirt.engine.extension.name = siee.local-authz ovirt.engine.extension.bindings.method = jbossmodule ovirt.engine.extension.binding.jbossmodule.module = org.ovirt.engine-extensions.aaa.ldap ovirt.engine.extension.binding.jbossmodule.class = org.ovirt.engineextensions.aaa.ldap.AuthzExtension ovirt.engine.extension.provides =
org.ovirt.engine.api.extensions.aaa.Authz
config.profile.file.1 = aaa/siee.local.properties
please use absolute file name for 3.5.0 relative will be available in 3.5.1
/etc/ovirt-engine/extensions.d/aaa/siee.local.properties:
include = <ad.properties>
# # Active directory domain name. # vars.domain = siee.local
# # Search user and its password. # vars.user = juanjo@${global:vars.domain} vars.password = xxxxxxxx
this should be dedicate user for search not your private user.
# # Optional DNS servers, if enterprise # DNS server cannot resolve the domain srvrecord. # #vars.dns = dns://dc1.${global:vars.domain}
dns://dc2.${global:vars.domain}
pool.default.serverset.type = srvrecord pool.default.serverset.srvrecord.domain = ${global:vars.domain} pool.default.auth.simple.bindDN = ${global:vars.user} pool.default.auth.simple.password = ${global:vars.password}
# Uncomment if using custom DNS
#pool.default.serverset.srvrecord.jndi-properties.java.naming.provider.url
= ${global:vars.dns} #pool.default.socketfactory.resolver.uRL = ${global:vars.dns}
# Create keystore, import certificate chain and uncomment # if using ssl/tls. #pool.default.ssl.startTLS = true #pool.default.ssl.truststore.file = ${local:_basedir}/${global:vars.domain}.jks #pool.default.ssl.truststore.password = changeit
And after this configuration I restart ovirt-engine service. When I try to login in administrator portal I can see the error "The user name or password is incorrect.". In /var/log/ovirt-engine/engine.log I have the errors:
2014-12-02 14:02:21,983 ERROR [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] (ajp--127.0.0.1-8702-8) Correlation ID: null, Call Stack: null, Custom Event ID: -1, Message: User juanjo cannot login, please verify the username and password. 2014-12-02 14:02:21,991 ERROR [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] (ajp--127.0.0.1-8702-8) Correlation ID: null, Call Stack: null, Custom Event ID: -1, Message: User juanjo failed to log in.
I'm using correct user and password becuase I can login in a Windows client machine which is inside siee.local domain with this user and its correct password.
What do you think it could be the problem?
If you need more information or I have to configure any other parameters, please tell me.
please attach full engine.log, more correctly, stop engine, remove engine.log start engine, try to login and send log. please make sure you select the "siee.local" domain in dropdown of login screen.
when I get the engine.log I will be able to understand who to progress.
thanks!
Many thanks in advanced,
Juanjo.
On Wed, Nov 26, 2014 at 3:19 PM, Alon Bar-Lev <alonbl@redhat.com> wrote:
----- Original Message -----
From: "Juan Jose" <jj197005@gmail.com> To: "Alon Bar-Lev" <alonbl@redhat.com> Cc: "Ondra Machacek" <omachace@redhat.com>, "Yair Zaslavsky" < yzaslavs@redhat.com>, users@ovirt.org Sent: Wednesday, November 26, 2014 3:04:14 PM Subject: Re: [ovirt-users] Adding domain to oVirt to 3.5 issue
Hello Alon and everybody,
Check in my ovirt-engine machine for ovirt-engine-aaa-ldap package
and it
is not available:
yum list "ovirt-engine*" Loaded plugins: fastestmirror, refresh-packagekit, security, versionlock Loading mirror speeds from cached hostfile * base: ftp.udl.es * epel: mirror.uv.es * extras: ftp.udl.es * ovirt-3.5: ftp.nluug.nl * ovirt-3.5-epel: mirror.uv.es * ovirt-3.5-jpackage-6.0-generic: mirror.ibcp.fr * ovirt-epel: mirror.uv.es * ovirt-jpackage-6.0-generic: mirror.ibcp.fr * updates: ftp.udl.es Installed Packages ovirt-engine.noarch 3.5.0.1-1.el6 @ovirt-3.5 ovirt-engine-backend.noarch 3.5.0.1-1.el6 @ovirt-3.5 ovirt-engine-cli.noarch 3.3.0.6-1.el6 @ovirt-3.3.3 ovirt-engine-dbscripts.noarch 3.5.0.1-1.el6 @ovirt-3.5 ovirt-engine-extensions-api-impl.noarch 3.5.0.1-1.el6 @ovirt-3.5 ovirt-engine-jboss-as.x86_64 7.1.1-1.el6 @ovirt-3.5 ovirt-engine-lib.noarch 3.5.0.1-1.el6 @ovirt-3.5 ovirt-engine-restapi.noarch 3.5.0.1-1.el6 @ovirt-3.5 ovirt-engine-sdk-python.noarch 3.5.0.8-1.el6 @ovirt-3.5 ovirt-engine-setup.noarch 3.5.0.1-1.el6 @ovirt-3.5 ovirt-engine-setup-base.noarch 3.5.0.1-1.el6 @ovirt-3.5 ovirt-engine-setup-plugin-ovirt-engine.noarch 3.5.0.1-1.el6 @ovirt-3.5 ovirt-engine-setup-plugin-ovirt-engine-common.noarch 3.5.0.1-1.el6 @ovirt-3.5 ovirt-engine-setup-plugin-websocket-proxy.noarch 3.5.0.1-1.el6 @ovirt-3.5 ovirt-engine-tools.noarch 3.5.0.1-1.el6 @ovirt-3.5 ovirt-engine-userportal.noarch 3.5.0.1-1.el6 @ovirt-3.5 ovirt-engine-webadmin-portal.noarch 3.5.0.1-1.el6 @ovirt-3.5 ovirt-engine-websocket-proxy.noarch 3.5.0.1-1.el6 @ovirt-3.5 Available Packages ovirt-engine-cli.noarch 3.5.0.5-1.el6 ovirt-3.5 ovirt-engine-dwh.noarch 3.5.0-1.el6 ovirt-3.5 ovirt-engine-dwh-setup.noarch 3.5.0-1.el6 ovirt-3.5 ovirt-engine-extensions-api-impl-javadoc.noarch 3.5.0.1-1.el6 ovirt-3.5 ovirt-engine-reports.noarch 3.5.1-0.1.el6 ovirt-3.5 ovirt-engine-reports-setup.noarch 3.5.1-0.1.el6 ovirt-3.5 ovirt-engine-sdk-java.noarch 3.5.0.5-1.el6 ovirt-3.5 ovirt-engine-sdk-java-javadoc.noarch 3.5.0.5-1.el6 ovirt-3.5 ovirt-engine-setup-plugin-allinone.noarch
How can I get this package?
Thanks for trying!
Package is available at ovirt-3.5-snapshot[1].
Hello Alon, I have deleted Legacy domain with engine-manage-domain, and I have changed configuration to absolute file name as you can see: /etc/ovirt-engine/extensions.d/siee-local-authn.properties: ovirt.engine.extension.name = siee-local-authn ovirt.engine.extension.bindings.method = jbossmodule ovirt.engine.extension.binding.jbossmodule.module = org.ovirt.engine-extensions.aaa.ldap ovirt.engine.extension.binding.jbossmodule.class = org.ovirt.engineextensions.aaa.ldap.AuthnExtension ovirt.engine.extension.provides = org.ovirt.engine.api.extensions.aaa.Authn ovirt.engine.aaa.authn.profile.name = siee ovirt.engine.aaa.authn.authz.plugin = siee-local-authz config.profile.file.1 = /etc/ovirt-engine/extensions.d/aaa/siee.properties /etc/ovirt-engine/extensions.d/siee-local-authz.properties: ovirt.engine.extension.name = siee-local-authz ovirt.engine.extension.bindings.method = jbossmodule ovirt.engine.extension.binding.jbossmodule.module = org.ovirt.engine-extensions.aaa.ldap ovirt.engine.extension.binding.jbossmodule.class = org.ovirt.engineextensions.aaa.ldap.AuthzExtension ovirt.engine.extension.provides = org.ovirt.engine.api.extensions.aaa.Authz config.profile.file.1 = /etc/ovirt-engine/extensions.d/aaa/siee.properties I had configured relative file name because the example /usr/share/ovirt-engine-extension-aaa-ldap/examples/ad/extensions.d/domain1-authz.properties has a relative file name. I have done the same: delete engine.log, restart ovirt-engine and try log in and the same error is showed, "General command validation failure." Attach engine.log file. Thanks, Juanjo. On Fri, Dec 5, 2014 at 9:52 AM, Alon Bar-Lev <alonbl@redhat.com> wrote:
Hi!
You have the following errors:
2014-12-05 09:32:31,778 INFO [org.ovirt.engine.core.extensions.mgr.ExtensionsManager] (MSC service thread 1-5) Loading extension 'siee-local-authn' 2014-12-05 09:32:31,819 ERROR [org.ovirt.engine.core.utils.extensionsmgr.EngineExtensionsManager] (MSC service thread 1-5) Could not load extension based on configuration file '/etc/ovirt-engine/extensions.d/siee-local-authn.properties'. Please check the configuration file is valid. Exception message is: Error loading extension 'siee-local-authn': /aaa/siee.properties (No such file or directory) 2014-12-05 09:32:31,823 INFO [org.ovirt.engine.core.extensions.mgr.ExtensionsManager] (MSC service thread 1-5) Loading extension 'siee-local-authz' 2014-12-05 09:32:31,824 ERROR [org.ovirt.engine.core.utils.extensionsmgr.EngineExtensionsManager] (MSC service thread 1-5) Could not load extension based on configuration file '/etc/ovirt-engine/extensions.d/siee-local-authz.properties'. Please check the configuration file is valid. Exception message is: Error loading extension 'siee-local-authz': /aaa/siee.properties (No such file or directory)
Per my last message, you should provide absolute file names if you use 3.5.0. Please see inline comments bellow.
Also, you are trying to authenticate with the legacy provider:
2014-12-05 09:33:04,871 ERROR [org.ovirt.engine.extensions.aaa.builtin.kerberosldap.DirectorySearcher] (ajp--127.0.0.1-8702-5) Failed ldap search server ldap://adserver.siee.local:389 using user juanjo@SIEE.LOCAL due to Authentication Failed. Please verify the username and password.. We should not try the next server
Can you please use engine-manage-domains to remove the legacy (old) domain, so we reduce confusion?
Thanks!
----- Original Message -----
From: "Juan Jose" <jj197005@gmail.com> To: "Alon Bar-Lev" <alonbl@redhat.com> Cc: "Ondra Machacek" <omachace@redhat.com>, "Yair Zaslavsky" < yzaslavs@redhat.com>, users@ovirt.org Sent: Friday, December 5, 2014 10:43:01 AM Subject: Re: [ovirt-users] Adding domain to oVirt to 3.5 issue
Hello Alon,
I have done what you have said. My new configuration files are:
/etc/ovirt-engine/extensions.d/siee-local-authn.properties:
ovirt.engine.extension.name = siee-local-authn ovirt.engine.extension.bindings.method = jbossmodule ovirt.engine.extension.binding.jbossmodule.module = org.ovirt.engine-extensions.aaa.ldap ovirt.engine.extension.binding.jbossmodule.class = org.ovirt.engineextensions.aaa.ldap.AuthnExtension ovirt.engine.extension.provides = org.ovirt.engine.api.extensions.aaa.Authn ovirt.engine.aaa.authn.profile.name = siee ovirt.engine.aaa.authn.authz.plugin = siee-local-authz config.profile.file.1 = aaa/siee.properties
should be: /etc/ovirt-engine/extensions.d/aaa/siee.properties in 3.5.0 or can be ../aaa/siee.properties in 3.5.1.
/etc/ovirt-engine/extensions.d/siee-local-authz.properties:
ovirt.engine.extension.name = siee-local-authz ovirt.engine.extension.bindings.method = jbossmodule ovirt.engine.extension.binding.jbossmodule.module = org.ovirt.engine-extensions.aaa.ldap ovirt.engine.extension.binding.jbossmodule.class = org.ovirt.engineextensions.aaa.ldap.AuthzExtension ovirt.engine.extension.provides =
org.ovirt.engine.api.extensions.aaa.Authz
config.profile.file.1 = aaa/siee.properties
should be: /etc/ovirt-engine/extensions.d/aaa/siee.properties in 3.5.0 or can be ../aaa/siee.properties in 3.5.1.
/etc/ovirt-engine/extensions.d/aaa/siee.properties:
include = <ad.properties>
# # Active directory domain name. # vars.domain = siee.local
# # Search user and its password. # vars.user = searcher@${global:vars.domain} vars.password = xxxxxxx
# # Optional DNS servers, if enterprise # DNS server cannot resolve the domain srvrecord. # #vars.dns = dns://dc1.${global:vars.domain}
dns://dc2.${global:vars.domain}
pool.default.serverset.type = srvrecord pool.default.serverset.srvrecord.domain = ${global:vars.domain} pool.default.auth.simple.bindDN = ${global:vars.user} pool.default.auth.simple.password = ${global:vars.password}
# Uncomment if using custom DNS
= ${global:vars.dns} #pool.default.socketfactory.resolver.uRL = ${global:vars.dns}
# Create keystore, import certificate chain and uncomment # if using ssl/tls. #pool.default.ssl.startTLS = true #pool.default.ssl.truststore.file = ${local:_basedir}/${global:vars.domain}.jks #pool.default.ssl.truststore.password = changeit
After reconfigure my files with ovirt-engine stopped I have started ovirt-engine and I have tried to log in. The error persist, "General command validation failure." and after that I have stopped ovirt-engine again. I attach my engine.log file.
Many thanks again,
Juanjo.
On Tue, Dec 2, 2014 at 3:46 PM, Alon Bar-Lev <alonbl@redhat.com> wrote:
----- Original Message -----
From: "Juan Jose" <jj197005@gmail.com> To: "Alon Bar-Lev" <alonbl@redhat.com> Cc: "Ondra Machacek" <omachace@redhat.com>, "Yair Zaslavsky" < yzaslavs@redhat.com>, users@ovirt.org Sent: Tuesday, December 2, 2014 3:48:54 PM Subject: Re: [ovirt-users] Adding domain to oVirt to 3.5 issue
Hello Alon and everybody,
I have installed package ovirt-engine-extension-aaa-ldap and
configure my
files as the documentation says. The files are:
/etc/ovirt-engine/extensions.d/siee.local-authn.properties:
ovirt.engine.extension.name = siee.local-authn ovirt.engine.extension.bindings.method = jbossmodule ovirt.engine.extension.binding.jbossmodule.module = org.ovirt.engine-extensions.aaa.ldap ovirt.engine.extension.binding.jbossmodule.class = org.ovirt.engineextensions.aaa.ldap.AuthnExtension ovirt.engine.extension.provides = org.ovirt.engine.api.extensions.aaa.Authn ovirt.engine.aaa.authn.profile.name = siee.local ovirt.engine.aaa.authn.authz.plugin = siee.local-authz config.profile.file.1 = aaa/siee.local.properties
please use absolute file name for 3.5.0 relative will be available in 3.5.1
/etc/ovirt-engine/extensions.d/siee.local-authz.properties:
ovirt.engine.extension.name = siee.local-authz ovirt.engine.extension.bindings.method = jbossmodule ovirt.engine.extension.binding.jbossmodule.module = org.ovirt.engine-extensions.aaa.ldap ovirt.engine.extension.binding.jbossmodule.class = org.ovirt.engineextensions.aaa.ldap.AuthzExtension ovirt.engine.extension.provides =
org.ovirt.engine.api.extensions.aaa.Authz
config.profile.file.1 = aaa/siee.local.properties
please use absolute file name for 3.5.0 relative will be available in 3.5.1
/etc/ovirt-engine/extensions.d/aaa/siee.local.properties:
include = <ad.properties>
# # Active directory domain name. # vars.domain = siee.local
# # Search user and its password. # vars.user = juanjo@${global:vars.domain} vars.password = xxxxxxxx
this should be dedicate user for search not your private user.
# # Optional DNS servers, if enterprise # DNS server cannot resolve the domain srvrecord. # #vars.dns = dns://dc1.${global:vars.domain}
dns://dc2.${global:vars.domain}
pool.default.serverset.type = srvrecord pool.default.serverset.srvrecord.domain = ${global:vars.domain} pool.default.auth.simple.bindDN = ${global:vars.user} pool.default.auth.simple.password = ${global:vars.password}
# Uncomment if using custom DNS
#pool.default.serverset.srvrecord.jndi-properties.java.naming.provider.url
= ${global:vars.dns} #pool.default.socketfactory.resolver.uRL = ${global:vars.dns}
# Create keystore, import certificate chain and uncomment # if using ssl/tls. #pool.default.ssl.startTLS = true #pool.default.ssl.truststore.file = ${local:_basedir}/${global:vars.domain}.jks #pool.default.ssl.truststore.password = changeit
And after this configuration I restart ovirt-engine service. When I
to
login in administrator portal I can see the error "The user name or password is incorrect.". In /var/log/ovirt-engine/engine.log I have
errors:
2014-12-02 14:02:21,983 ERROR
[org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector]
(ajp--127.0.0.1-8702-8) Correlation ID: null, Call Stack: null, Custom Event ID: -1, Message: User juanjo cannot login, please verify the username and password. 2014-12-02 14:02:21,991 ERROR
[org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector]
(ajp--127.0.0.1-8702-8) Correlation ID: null, Call Stack: null, Custom Event ID: -1, Message: User juanjo failed to log in.
I'm using correct user and password becuase I can login in a Windows client machine which is inside siee.local domain with this user and its correct password.
What do you think it could be the problem?
If you need more information or I have to configure any other
please tell me.
please attach full engine.log, more correctly, stop engine, remove engine.log start engine, try to login and send log. please make sure you select the "siee.local" domain in dropdown of login screen.
when I get the engine.log I will be able to understand who to progress.
thanks!
Many thanks in advanced,
Juanjo.
On Wed, Nov 26, 2014 at 3:19 PM, Alon Bar-Lev <alonbl@redhat.com>
wrote:
----- Original Message -----
From: "Juan Jose" <jj197005@gmail.com> To: "Alon Bar-Lev" <alonbl@redhat.com> Cc: "Ondra Machacek" <omachace@redhat.com>, "Yair Zaslavsky" < yzaslavs@redhat.com>, users@ovirt.org Sent: Wednesday, November 26, 2014 3:04:14 PM Subject: Re: [ovirt-users] Adding domain to oVirt to 3.5 issue
Hello Alon and everybody,
Check in my ovirt-engine machine for ovirt-engine-aaa-ldap
#pool.default.serverset.srvrecord.jndi-properties.java.naming.provider.url try the parameters, package
and it
is not available:
yum list "ovirt-engine*" Loaded plugins: fastestmirror, refresh-packagekit, security, versionlock Loading mirror speeds from cached hostfile * base: ftp.udl.es * epel: mirror.uv.es * extras: ftp.udl.es * ovirt-3.5: ftp.nluug.nl * ovirt-3.5-epel: mirror.uv.es * ovirt-3.5-jpackage-6.0-generic: mirror.ibcp.fr * ovirt-epel: mirror.uv.es * ovirt-jpackage-6.0-generic: mirror.ibcp.fr * updates: ftp.udl.es Installed Packages ovirt-engine.noarch 3.5.0.1-1.el6 @ovirt-3.5 ovirt-engine-backend.noarch 3.5.0.1-1.el6 @ovirt-3.5 ovirt-engine-cli.noarch 3.3.0.6-1.el6 @ovirt-3.3.3 ovirt-engine-dbscripts.noarch 3.5.0.1-1.el6 @ovirt-3.5 ovirt-engine-extensions-api-impl.noarch 3.5.0.1-1.el6 @ovirt-3.5 ovirt-engine-jboss-as.x86_64 7.1.1-1.el6 @ovirt-3.5 ovirt-engine-lib.noarch 3.5.0.1-1.el6 @ovirt-3.5 ovirt-engine-restapi.noarch 3.5.0.1-1.el6 @ovirt-3.5 ovirt-engine-sdk-python.noarch 3.5.0.8-1.el6 @ovirt-3.5 ovirt-engine-setup.noarch 3.5.0.1-1.el6 @ovirt-3.5 ovirt-engine-setup-base.noarch 3.5.0.1-1.el6 @ovirt-3.5 ovirt-engine-setup-plugin-ovirt-engine.noarch 3.5.0.1-1.el6 @ovirt-3.5 ovirt-engine-setup-plugin-ovirt-engine-common.noarch 3.5.0.1-1.el6 @ovirt-3.5 ovirt-engine-setup-plugin-websocket-proxy.noarch 3.5.0.1-1.el6 @ovirt-3.5 ovirt-engine-tools.noarch 3.5.0.1-1.el6 @ovirt-3.5 ovirt-engine-userportal.noarch 3.5.0.1-1.el6 @ovirt-3.5 ovirt-engine-webadmin-portal.noarch 3.5.0.1-1.el6 @ovirt-3.5 ovirt-engine-websocket-proxy.noarch 3.5.0.1-1.el6 @ovirt-3.5 Available Packages ovirt-engine-cli.noarch 3.5.0.5-1.el6 ovirt-3.5 ovirt-engine-dwh.noarch 3.5.0-1.el6 ovirt-3.5 ovirt-engine-dwh-setup.noarch 3.5.0-1.el6 ovirt-3.5 ovirt-engine-extensions-api-impl-javadoc.noarch 3.5.0.1-1.el6 ovirt-3.5 ovirt-engine-reports.noarch 3.5.1-0.1.el6 ovirt-3.5 ovirt-engine-reports-setup.noarch 3.5.1-0.1.el6 ovirt-3.5 ovirt-engine-sdk-java.noarch 3.5.0.5-1.el6 ovirt-3.5 ovirt-engine-sdk-java-javadoc.noarch 3.5.0.5-1.el6 ovirt-3.5 ovirt-engine-setup-plugin-allinone.noarch
How can I get this package?
Thanks for trying!
Package is available at ovirt-3.5-snapshot[1].
We will also need log of the generic ldap extensin, can you please provide it? Thanks! ----- Original Message -----
From: "Juan Jose" <jj197005@gmail.com> To: "Alon Bar-Lev" <alonbl@redhat.com> Cc: "Ondra Machacek" <omachace@redhat.com>, "Yair Zaslavsky" <yzaslavs@redhat.com>, users@ovirt.org Sent: Friday, December 5, 2014 1:10:06 PM Subject: Re: [ovirt-users] Adding domain to oVirt to 3.5 issue
Hello Alon,
I have deleted Legacy domain with engine-manage-domain, and I have changed configuration to absolute file name as you can see:
/etc/ovirt-engine/extensions.d/siee-local-authn.properties:
ovirt.engine.extension.name = siee-local-authn ovirt.engine.extension.bindings.method = jbossmodule ovirt.engine.extension.binding.jbossmodule.module = org.ovirt.engine-extensions.aaa.ldap ovirt.engine.extension.binding.jbossmodule.class = org.ovirt.engineextensions.aaa.ldap.AuthnExtension ovirt.engine.extension.provides = org.ovirt.engine.api.extensions.aaa.Authn ovirt.engine.aaa.authn.profile.name = siee ovirt.engine.aaa.authn.authz.plugin = siee-local-authz config.profile.file.1 = /etc/ovirt-engine/extensions.d/aaa/siee.properties
/etc/ovirt-engine/extensions.d/siee-local-authz.properties:
ovirt.engine.extension.name = siee-local-authz ovirt.engine.extension.bindings.method = jbossmodule ovirt.engine.extension.binding.jbossmodule.module = org.ovirt.engine-extensions.aaa.ldap ovirt.engine.extension.binding.jbossmodule.class = org.ovirt.engineextensions.aaa.ldap.AuthzExtension ovirt.engine.extension.provides = org.ovirt.engine.api.extensions.aaa.Authz config.profile.file.1 = /etc/ovirt-engine/extensions.d/aaa/siee.properties
I had configured relative file name because the example /usr/share/ovirt-engine-extension-aaa-ldap/examples/ad/extensions.d/domain1-authz.properties has a relative file name.
I have done the same: delete engine.log, restart ovirt-engine and try log in and the same error is showed, "General command validation failure."
Attach engine.log file.
Thanks,
Juanjo.
On Fri, Dec 5, 2014 at 9:52 AM, Alon Bar-Lev <alonbl@redhat.com> wrote:
Hi!
You have the following errors:
2014-12-05 09:32:31,778 INFO [org.ovirt.engine.core.extensions.mgr.ExtensionsManager] (MSC service thread 1-5) Loading extension 'siee-local-authn' 2014-12-05 09:32:31,819 ERROR [org.ovirt.engine.core.utils.extensionsmgr.EngineExtensionsManager] (MSC service thread 1-5) Could not load extension based on configuration file '/etc/ovirt-engine/extensions.d/siee-local-authn.properties'. Please check the configuration file is valid. Exception message is: Error loading extension 'siee-local-authn': /aaa/siee.properties (No such file or directory) 2014-12-05 09:32:31,823 INFO [org.ovirt.engine.core.extensions.mgr.ExtensionsManager] (MSC service thread 1-5) Loading extension 'siee-local-authz' 2014-12-05 09:32:31,824 ERROR [org.ovirt.engine.core.utils.extensionsmgr.EngineExtensionsManager] (MSC service thread 1-5) Could not load extension based on configuration file '/etc/ovirt-engine/extensions.d/siee-local-authz.properties'. Please check the configuration file is valid. Exception message is: Error loading extension 'siee-local-authz': /aaa/siee.properties (No such file or directory)
Per my last message, you should provide absolute file names if you use 3.5.0. Please see inline comments bellow.
Also, you are trying to authenticate with the legacy provider:
2014-12-05 09:33:04,871 ERROR [org.ovirt.engine.extensions.aaa.builtin.kerberosldap.DirectorySearcher] (ajp--127.0.0.1-8702-5) Failed ldap search server ldap://adserver.siee.local:389 using user juanjo@SIEE.LOCAL due to Authentication Failed. Please verify the username and password.. We should not try the next server
Can you please use engine-manage-domains to remove the legacy (old) domain, so we reduce confusion?
Thanks!
----- Original Message -----
From: "Juan Jose" <jj197005@gmail.com> To: "Alon Bar-Lev" <alonbl@redhat.com> Cc: "Ondra Machacek" <omachace@redhat.com>, "Yair Zaslavsky" < yzaslavs@redhat.com>, users@ovirt.org Sent: Friday, December 5, 2014 10:43:01 AM Subject: Re: [ovirt-users] Adding domain to oVirt to 3.5 issue
Hello Alon,
I have done what you have said. My new configuration files are:
/etc/ovirt-engine/extensions.d/siee-local-authn.properties:
ovirt.engine.extension.name = siee-local-authn ovirt.engine.extension.bindings.method = jbossmodule ovirt.engine.extension.binding.jbossmodule.module = org.ovirt.engine-extensions.aaa.ldap ovirt.engine.extension.binding.jbossmodule.class = org.ovirt.engineextensions.aaa.ldap.AuthnExtension ovirt.engine.extension.provides = org.ovirt.engine.api.extensions.aaa.Authn ovirt.engine.aaa.authn.profile.name = siee ovirt.engine.aaa.authn.authz.plugin = siee-local-authz config.profile.file.1 = aaa/siee.properties
should be: /etc/ovirt-engine/extensions.d/aaa/siee.properties in 3.5.0 or can be ../aaa/siee.properties in 3.5.1.
/etc/ovirt-engine/extensions.d/siee-local-authz.properties:
ovirt.engine.extension.name = siee-local-authz ovirt.engine.extension.bindings.method = jbossmodule ovirt.engine.extension.binding.jbossmodule.module = org.ovirt.engine-extensions.aaa.ldap ovirt.engine.extension.binding.jbossmodule.class = org.ovirt.engineextensions.aaa.ldap.AuthzExtension ovirt.engine.extension.provides =
org.ovirt.engine.api.extensions.aaa.Authz
config.profile.file.1 = aaa/siee.properties
should be: /etc/ovirt-engine/extensions.d/aaa/siee.properties in 3.5.0 or can be ../aaa/siee.properties in 3.5.1.
/etc/ovirt-engine/extensions.d/aaa/siee.properties:
include = <ad.properties>
# # Active directory domain name. # vars.domain = siee.local
# # Search user and its password. # vars.user = searcher@${global:vars.domain} vars.password = xxxxxxx
# # Optional DNS servers, if enterprise # DNS server cannot resolve the domain srvrecord. # #vars.dns = dns://dc1.${global:vars.domain}
dns://dc2.${global:vars.domain}
pool.default.serverset.type = srvrecord pool.default.serverset.srvrecord.domain = ${global:vars.domain} pool.default.auth.simple.bindDN = ${global:vars.user} pool.default.auth.simple.password = ${global:vars.password}
# Uncomment if using custom DNS
= ${global:vars.dns} #pool.default.socketfactory.resolver.uRL = ${global:vars.dns}
# Create keystore, import certificate chain and uncomment # if using ssl/tls. #pool.default.ssl.startTLS = true #pool.default.ssl.truststore.file = ${local:_basedir}/${global:vars.domain}.jks #pool.default.ssl.truststore.password = changeit
After reconfigure my files with ovirt-engine stopped I have started ovirt-engine and I have tried to log in. The error persist, "General command validation failure." and after that I have stopped ovirt-engine again. I attach my engine.log file.
Many thanks again,
Juanjo.
On Tue, Dec 2, 2014 at 3:46 PM, Alon Bar-Lev <alonbl@redhat.com> wrote:
----- Original Message -----
From: "Juan Jose" <jj197005@gmail.com> To: "Alon Bar-Lev" <alonbl@redhat.com> Cc: "Ondra Machacek" <omachace@redhat.com>, "Yair Zaslavsky" < yzaslavs@redhat.com>, users@ovirt.org Sent: Tuesday, December 2, 2014 3:48:54 PM Subject: Re: [ovirt-users] Adding domain to oVirt to 3.5 issue
Hello Alon and everybody,
I have installed package ovirt-engine-extension-aaa-ldap and
configure my
files as the documentation says. The files are:
/etc/ovirt-engine/extensions.d/siee.local-authn.properties:
ovirt.engine.extension.name = siee.local-authn ovirt.engine.extension.bindings.method = jbossmodule ovirt.engine.extension.binding.jbossmodule.module = org.ovirt.engine-extensions.aaa.ldap ovirt.engine.extension.binding.jbossmodule.class = org.ovirt.engineextensions.aaa.ldap.AuthnExtension ovirt.engine.extension.provides = org.ovirt.engine.api.extensions.aaa.Authn ovirt.engine.aaa.authn.profile.name = siee.local ovirt.engine.aaa.authn.authz.plugin = siee.local-authz config.profile.file.1 = aaa/siee.local.properties
please use absolute file name for 3.5.0 relative will be available in 3.5.1
/etc/ovirt-engine/extensions.d/siee.local-authz.properties:
ovirt.engine.extension.name = siee.local-authz ovirt.engine.extension.bindings.method = jbossmodule ovirt.engine.extension.binding.jbossmodule.module = org.ovirt.engine-extensions.aaa.ldap ovirt.engine.extension.binding.jbossmodule.class = org.ovirt.engineextensions.aaa.ldap.AuthzExtension ovirt.engine.extension.provides =
org.ovirt.engine.api.extensions.aaa.Authz
config.profile.file.1 = aaa/siee.local.properties
please use absolute file name for 3.5.0 relative will be available in 3.5.1
/etc/ovirt-engine/extensions.d/aaa/siee.local.properties:
include = <ad.properties>
# # Active directory domain name. # vars.domain = siee.local
# # Search user and its password. # vars.user = juanjo@${global:vars.domain} vars.password = xxxxxxxx
this should be dedicate user for search not your private user.
# # Optional DNS servers, if enterprise # DNS server cannot resolve the domain srvrecord. # #vars.dns = dns://dc1.${global:vars.domain}
dns://dc2.${global:vars.domain}
pool.default.serverset.type = srvrecord pool.default.serverset.srvrecord.domain = ${global:vars.domain} pool.default.auth.simple.bindDN = ${global:vars.user} pool.default.auth.simple.password = ${global:vars.password}
# Uncomment if using custom DNS
#pool.default.serverset.srvrecord.jndi-properties.java.naming.provider.url
= ${global:vars.dns} #pool.default.socketfactory.resolver.uRL = ${global:vars.dns}
# Create keystore, import certificate chain and uncomment # if using ssl/tls. #pool.default.ssl.startTLS = true #pool.default.ssl.truststore.file = ${local:_basedir}/${global:vars.domain}.jks #pool.default.ssl.truststore.password = changeit
And after this configuration I restart ovirt-engine service. When I
to
login in administrator portal I can see the error "The user name or password is incorrect.". In /var/log/ovirt-engine/engine.log I have
errors:
2014-12-02 14:02:21,983 ERROR
[org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector]
(ajp--127.0.0.1-8702-8) Correlation ID: null, Call Stack: null, Custom Event ID: -1, Message: User juanjo cannot login, please verify the username and password. 2014-12-02 14:02:21,991 ERROR
[org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector]
(ajp--127.0.0.1-8702-8) Correlation ID: null, Call Stack: null, Custom Event ID: -1, Message: User juanjo failed to log in.
I'm using correct user and password becuase I can login in a Windows client machine which is inside siee.local domain with this user and its correct password.
What do you think it could be the problem?
If you need more information or I have to configure any other
please tell me.
please attach full engine.log, more correctly, stop engine, remove engine.log start engine, try to login and send log. please make sure you select the "siee.local" domain in dropdown of login screen.
when I get the engine.log I will be able to understand who to progress.
thanks!
Many thanks in advanced,
Juanjo.
On Wed, Nov 26, 2014 at 3:19 PM, Alon Bar-Lev <alonbl@redhat.com>
wrote:
----- Original Message ----- > From: "Juan Jose" <jj197005@gmail.com> > To: "Alon Bar-Lev" <alonbl@redhat.com> > Cc: "Ondra Machacek" <omachace@redhat.com>, "Yair Zaslavsky" < yzaslavs@redhat.com>, users@ovirt.org > Sent: Wednesday, November 26, 2014 3:04:14 PM > Subject: Re: [ovirt-users] Adding domain to oVirt to 3.5 issue > > Hello Alon and everybody, > > Check in my ovirt-engine machine for ovirt-engine-aaa-ldap
#pool.default.serverset.srvrecord.jndi-properties.java.naming.provider.url try the parameters, package
and it
> is not available: > > yum list "ovirt-engine*" > Loaded plugins: fastestmirror, refresh-packagekit, security, versionlock > Loading mirror speeds from cached hostfile > * base: ftp.udl.es > * epel: mirror.uv.es > * extras: ftp.udl.es > * ovirt-3.5: ftp.nluug.nl > * ovirt-3.5-epel: mirror.uv.es > * ovirt-3.5-jpackage-6.0-generic: mirror.ibcp.fr > * ovirt-epel: mirror.uv.es > * ovirt-jpackage-6.0-generic: mirror.ibcp.fr > * updates: ftp.udl.es > Installed Packages > ovirt-engine.noarch > 3.5.0.1-1.el6 @ovirt-3.5 > ovirt-engine-backend.noarch > 3.5.0.1-1.el6 @ovirt-3.5 > ovirt-engine-cli.noarch > 3.3.0.6-1.el6 @ovirt-3.3.3 > ovirt-engine-dbscripts.noarch > 3.5.0.1-1.el6 @ovirt-3.5 > ovirt-engine-extensions-api-impl.noarch > 3.5.0.1-1.el6 @ovirt-3.5 > ovirt-engine-jboss-as.x86_64 > 7.1.1-1.el6 @ovirt-3.5 > ovirt-engine-lib.noarch > 3.5.0.1-1.el6 @ovirt-3.5 > ovirt-engine-restapi.noarch > 3.5.0.1-1.el6 @ovirt-3.5 > ovirt-engine-sdk-python.noarch > 3.5.0.8-1.el6 @ovirt-3.5 > ovirt-engine-setup.noarch > 3.5.0.1-1.el6 @ovirt-3.5 > ovirt-engine-setup-base.noarch > 3.5.0.1-1.el6 @ovirt-3.5 > ovirt-engine-setup-plugin-ovirt-engine.noarch > 3.5.0.1-1.el6 @ovirt-3.5 > ovirt-engine-setup-plugin-ovirt-engine-common.noarch > 3.5.0.1-1.el6 @ovirt-3.5 > ovirt-engine-setup-plugin-websocket-proxy.noarch > 3.5.0.1-1.el6 @ovirt-3.5 > ovirt-engine-tools.noarch > 3.5.0.1-1.el6 @ovirt-3.5 > ovirt-engine-userportal.noarch > 3.5.0.1-1.el6 @ovirt-3.5 > ovirt-engine-webadmin-portal.noarch > 3.5.0.1-1.el6 @ovirt-3.5 > ovirt-engine-websocket-proxy.noarch > 3.5.0.1-1.el6 @ovirt-3.5 > Available Packages > ovirt-engine-cli.noarch > 3.5.0.5-1.el6 ovirt-3.5 > ovirt-engine-dwh.noarch > 3.5.0-1.el6 ovirt-3.5 > ovirt-engine-dwh-setup.noarch > 3.5.0-1.el6 ovirt-3.5 > ovirt-engine-extensions-api-impl-javadoc.noarch > 3.5.0.1-1.el6 ovirt-3.5 > ovirt-engine-reports.noarch > 3.5.1-0.1.el6 ovirt-3.5 > ovirt-engine-reports-setup.noarch > 3.5.1-0.1.el6 ovirt-3.5 > ovirt-engine-sdk-java.noarch > 3.5.0.5-1.el6 ovirt-3.5 > ovirt-engine-sdk-java-javadoc.noarch > 3.5.0.5-1.el6 ovirt-3.5 > ovirt-engine-setup-plugin-allinone.noarch > > How can I get this package?
Thanks for trying!
Package is available at ovirt-3.5-snapshot[1].
Hi! I tested the configuration and it worked properly. ----- Original Message -----
From: "Juan Jose" <jj197005@gmail.com> To: "Alon Bar-Lev" <alonbl@redhat.com> Cc: "Ondra Machacek" <omachace@redhat.com>, "Yair Zaslavsky" <yzaslavs@redhat.com>, users@ovirt.org Sent: Friday, December 5, 2014 1:10:06 PM Subject: Re: [ovirt-users] Adding domain to oVirt to 3.5 issue
Hello Alon,
I have deleted Legacy domain with engine-manage-domain, and I have changed configuration to absolute file name as you can see:
/etc/ovirt-engine/extensions.d/siee-local-authn.properties:
ovirt.engine.extension.name = siee-local-authn ovirt.engine.extension.bindings.method = jbossmodule ovirt.engine.extension.binding.jbossmodule.module = org.ovirt.engine-extensions.aaa.ldap ovirt.engine.extension.binding.jbossmodule.class = org.ovirt.engineextensions.aaa.ldap.AuthnExtension ovirt.engine.extension.provides = org.ovirt.engine.api.extensions.aaa.Authn ovirt.engine.aaa.authn.profile.name = siee ovirt.engine.aaa.authn.authz.plugin = siee-local-authz config.profile.file.1 = /etc/ovirt-engine/extensions.d/aaa/siee.properties
Please move this file to /etc/ovirt-engine/aaa/siee.properties, it should not reside within the extensions.d
/etc/ovirt-engine/extensions.d/siee-local-authz.properties:
ovirt.engine.extension.name = siee-local-authz ovirt.engine.extension.bindings.method = jbossmodule ovirt.engine.extension.binding.jbossmodule.module = org.ovirt.engine-extensions.aaa.ldap ovirt.engine.extension.binding.jbossmodule.class = org.ovirt.engineextensions.aaa.ldap.AuthzExtension ovirt.engine.extension.provides = org.ovirt.engine.api.extensions.aaa.Authz config.profile.file.1 = /etc/ovirt-engine/extensions.d/aaa/siee.properties
Same.
I had configured relative file name because the example /usr/share/ovirt-engine-extension-aaa-ldap/examples/ad/extensions.d/domain1-authz.properties has a relative file name.
Yes, as I wrote, this relative is coming int 3.5.1.
I have done the same: delete engine.log, restart ovirt-engine and try log in and the same error is showed, "General command validation failure."
Please first refer the startup errors, there is no much sense to try login if startup fails... :) In your case: 2014-12-05 11:25:05,575 ERROR [org.ovirt.engineextensions.aaa.ldap.AuthzExtension] (MSC service thread 1-2) [ovirt-engine-extension-aaa-ldap.authz::siee-local-authz] Cannot initialize LDAP framework, deferring initialization. Error: null Which is as if something missing. I took your configuration as-is and it does work, in the exception of moving /etc/ovirt-engine/extensions.d/aaa to /etc/ovirt-engine/aaa as it should be, please perform this change and modify the file locations within extension properties file. I need to figure out what is happening, so from README[1], please follow the following instructions and restart engine so we get more verbose logs. Update: /usr/share/ovirt-engine/services/ovirt-engine/ovirt-engine.xml.in Make sure handle level name is ALL for ENGINE, if not set like I am unsure if in 3.5.0 this was the case: --- <file-handler name="ENGINE" autoflush="true"> <level name="ALL"/> --- Add the following before the <root-logger> line: --- <logger category="org.ovirt.engineextensions.aaa.ldap"> <level name="ALL"/> </logger> --- Restart the engine and send the engine.log, this way I can see what happening during initialization. Thanks for checking it out, hopefully something trivial is missing, Alon [1] http://gerrit.ovirt.org/gitweb?p=ovirt-engine-extension-aaa-ldap.git;a=blob;...
--Alternative_=_Boundary_=_1416959010 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Did you recently update Cyrus SASL?<br><br><span style=3D"font-family:Prelu= de, Verdana, san-serif;"><br><br></span><span id=3D"signature"><div style= =3D"font-family: arial, sans-serif; font-size: 12px;color: #999999;">-- Sen= t from my HP Pre3</div><br></span><span style=3D"color:navy; font-family:Pr= elude, Verdana, san-serif; "><hr align=3D"left" style=3D"width:75%">On Nov = 25, 2014 11:09 AM, Juan Jose <jj197005@gmail.com> wrote: <br><br></sp= an><div dir=3D"ltr"><div><div><div><div><div>Hello again,<br><br></div>Yes = the password is correct, I can login in a Windows machine to my domain siee= =2Elocal with the user Juanjo. Moreover I have chanbged this user password = to simpler one and the result is the same.<br><br></div>I have logged in ad= ministration portal with internal admin user and I try to navigate through = the domain to find user to assign some user in a VM but nothing is showed a= s you can see in the attached screen=C2=A0 image and any error is faced in = administration portal, but the /var/log/ovirt-engine/engine.log show this:<= br><br>2014-11-25 17:02:05,355 ERROR [org.ovirt.engine.extensions.aaa.built= in.kerberosldap.GSSAPIDirContextAuthenticationStrategy] (ajp--127.0.0.1-870= 2-5) Kerberos error: Pre-authentication information was invalid (24)<br>201= 4-11-25 17:02:05,356 ERROR [org.ovirt.engine.extensions.aaa.builtin.kerbero= sldap.GSSAPIDirContextAuthenticationStrategy] (ajp--127.0.0.1-8702-5) Authe= ntication Failed. Please verify the username and password.<br>2014-11-25 17= :02:05,357 ERROR [org.ovirt.engine.extensions.aaa.builtin.kerberosldap.Dire= ctorySearcher] (ajp--127.0.0.1-8702-5) Failed ldap search server ldap://ads= erver.siee.local:389 using user juanjo@SIEE.LOCAL due to Authentication Fai= led. Please verify the username and password.. We should not try the next s= erver<br>2014-11-25 17:02:05,359 ERROR [org.ovirt.engine.extensions.aaa.bui= ltin.kerberosldap.LdapBrokerCommandBase] (ajp--127.0.0.1-8702-5) Failed to = run command LdapSearchUserByQueryCommand. Domain is siee.local. User is jua= njo@SIEE.LOCAL.<br>2014-11-25 17:02:05,402 ERROR [org.ovirt.engine.extensio= ns.aaa.builtin.kerberosldap.GSSAPIDirContextAuthenticationStrategy] (ajp--1= 27.0.0.1-8702-5) Kerberos error: Pre-authentication information was invalid= (24)<br>2014-11-25 17:02:05,404 ERROR [org.ovirt.engine.extensions.aaa.bui= ltin.kerberosldap.GSSAPIDirContextAuthenticationStrategy] (ajp--127.0.0.1-8= 702-5) Authentication Failed. Please verify the username and password.<br>2= 014-11-25 17:02:05,406 ERROR [org.ovirt.engine.extensions.aaa.builtin.kerbe= rosldap.DirectorySearcher] (ajp--127.0.0.1-8702-5) Failed ldap search serve= r ldap://adserver.siee.local:389 using user juanjo@SIEE.LOCAL due to Authen= tication Failed. Please verify the username and password.. We should not tr= y the next server<br>2014-11-25 17:02:05,408 ERROR [org.ovirt.engine.extens= ions.aaa.builtin.kerberosldap.LdapBrokerCommandBase] (ajp--127.0.0.1-8702-5= ) Failed to run command LdapSearchGroupsByQueryCommand. Domain is siee.loca= l. User is juanjo@SIEE.LOCAL.<br><br></div>every time I click "Go"= ; button. Moreover I haven't changed anything from my Samba4 AD and it = is working handling my siee.local domain. This error is showed since oVirt = 3.5 upgrade.<br><br></div>Many thanks in advance,<br><br></div>Juanjo.<br><= div><div><br><br></div></div></div><div class=3D"gmail_extra"><br><div clas= s=3D"gmail_quote">On Tue, Nov 25, 2014 at 2:29 PM, Ondra Machacek <span dir= =3D"ltr"><<a href=3D"mailto:omachace@redhat.com" target=3D"_blank">omach= ace@redhat.com</a>></span> wrote:<br><blockquote class=3D"gmail_quote" s= tyle=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Also= , can you please try to search within this domain,<br> not only login to it? Does it fail or works good?<br> <br> (in webadmin go to users tab and click add,<br> =C2=A0select your domain and search for users).<br> <span class=3D"im HOEnZb"><br> ----- Original Message -----<br> > From: "Alon Bar-Lev" <<a href=3D"mailto:alonbl@redhat.com= ">alonbl@redhat.com</a>><br> > To: "Juan Jose" <<a href=3D"mailto:jj197005@gmail.com">jj= 197005@gmail.com</a>><br> </span><div class=3D"HOEnZb"><div class=3D"h5">> Cc: "Ondra Machace= k" <<a href=3D"mailto:omachace@redhat.com">omachace@redhat.com</a>&= gt;, "Yair Zaslavsky" <<a href=3D"mailto:yzaslavs@redhat.com">= yzaslavs@redhat.com</a>>, <a href=3D"mailto:users@ovirt.org">users@ovirt= =2Eorg</a><br> > Sent: Tuesday, November 25, 2014 1:49:20 PM<br> > Subject: Re: [ovirt-users] Adding domain to oVirt to 3.5 issue<br> ><br> > 2014-11-25 12:54:10,687 ERROR<br> > [org.ovirt.engine.extensions.aaa.builtin.kerberosldap.DirectorySearche= r]<br> > (ajp--127.0.0.1-8702-5) Failed ldap search server<br> > ldap://adserver.siee.local:389 using user juanjo@SIEE.LOCAL due to<br> > Authentication Failed. Please verify the username and password.. We sh= ould<br> > not try the next server<br> ><br> ><br> > ----- Original Message -----<br> > > From: "Juan Jose" <<a href=3D"mailto:jj197005@gmail.= com">jj197005@gmail.com</a>><br> > > To: "Ondra Machacek" <<a href=3D"mailto:omachace@red= hat.com">omachace@redhat.com</a>>, <a href=3D"mailto:alonbl@redhat.com">= alonbl@redhat.com</a>, "Yair<br> > > Zaslavsky" <<a href=3D"mailto:yzaslavs@redhat.com">yzasla= vs@redhat.com</a>>,<br> > > <a href=3D"mailto:users@ovirt.org">users@ovirt.org</a><br> > > Sent: Tuesday, November 25, 2014 2:29:26 PM<br> > > Subject: Re: [ovirt-users] Adding domain to oVirt to 3.5 issue<br=
> ><br> > > Hello Ondra and everybody,<br> > ><br> > > It works with my other user:<br> > ><br> > > engine-manage-domains add --domain=3Dsiee.local --provider=3Dad -= -user=3Djuanjo<br> > > --add-permissions<br> > > Enter password:<br> > > Successfully added domain siee.local. oVirt Engine restart is req= uired in<br> > > order for the changes to take place (service ovirt-engine restart= ).<br> > > Manage Domains completed successfully<br> > ><br> > > But after restarted ovirt-engine if I try to loging with "ju= anjo" in the<br> > > administrator portal and I receive the error "General comman= d validation<br> > > failure", as you can see in the attached image.<br> > ><br> > > I'm showing below the engine.log lines with the error:<br> > ><br> > > 2014-11-25 12:54:10,680 ERROR<br> > > [org.ovirt.engine.extensions.aaa.builtin.kerberosldap.GSSAPIDirCo= ntextAuthenticationStrategy]<br> > > (ajp--127.0.0.1-8702-5) Kerberos error: Pre-authentication inform= ation was<br> > > invalid (24)<br> > > 2014-11-25 12:54:10,681 ERROR<br> > > [org.ovirt.engine.extensions.aaa.builtin.kerberosldap.GSSAPIDirCo= ntextAuthenticationStrategy]<br> > > (ajp--127.0.0.1-8702-5) Authentication Failed. Please verify the = username<br> > > and password.<br> > > 2014-11-25 12:54:10,687 ERROR<br> > > [org.ovirt.engine.extensions.aaa.builtin.kerberosldap.DirectorySe= archer]<br> > > (ajp--127.0.0.1-8702-5) Failed ldap search server<br> > > ldap://adserver.siee.local:389 using user juanjo@SIEE.LOCAL due t= o<br> > > Authentication Failed. Please verify the username and password.. = We should<br> > > not try the next server<br> > > 2014-11-25 12:54:10,688 ERROR<br> > > [org.ovirt.engine.extensions.aaa.builtin.kerberosldap.LdapBrokerC= ommandBase]<br> > > (ajp--127.0.0.1-8702-5) Failed to run command<br> > > LdapGetAdUserByUserNameCommand. Domain is siee.local. User is<br> > > juanjo@SIEE.LOCAL.<br> > > 2014-11-25 12:54:10,689 ERROR<br> > > [org.ovirt.engine.core.bll.aaa.LoginAdminUserCommand]<br> > > (ajp--127.0.0.1-8702-5) Error during CanDoActionFailure.: Class: = class<br> > > org.ovirt.engine.core.extensions.mgr.ExtensionInvokeCommandFailed= Exception<br> > > Input:<br> > > {Extkey[name=3DEXTENSION_INVOKE_CONTEXT;type=3Dclass<br> > > org.ovirt.engine.api.extensions.ExtMap;uuid=3DEXTENSION_INVOKE_CO= NTEXT[886d2ebb-312a-49ae-9cc3-e1f849834b7d];]=3D{Extkey[name=3DEXTENSION_IN= TERFACE_VERSION_MAX;type=3Dclass<br> > > java.lang.Integer;uuid=3DEXTENSION_INTERFACE_VERSION_MAX[f4cff49f= -2717-4901-8ee9-df362446e3e7];]=3D0,<br> > > Extkey[name=3DEXTENSION_LICENSE;type=3Dclass<br> > > java.lang.String;uuid=3DEXTENSION_LICENSE[8a61ad65-054c-4e31-9c6d= -1ca4d60a4c18];]=3DASL<br> > > 2.0, Extkey[name=3DEXTENSION_HOME_URL;type=3Dclass<br> > > java.lang.String;uuid=3DEXTENSION_HOME_URL[4ad7a2f4-f969-42d4-b39= 9-72d192e18304];]=3D<br> > > <a href=3D"http://www.ovirt.org" target=3D"_blank">http://www.ovi= rt.org</a>, Extkey[name=3DEXTENSION_LOCALE;type=3Dclass<br> > > java.lang.String;uuid=3DEXTENSION_LOCALE[0780b112-0ce0-404a-b85e-= 8765d778bb29];]=3Den_US,<br> > > Extkey[name=3DEXTENSION_NAME;type=3Dclass<br> > > java.lang.String;uuid=3DEXTENSION_NAME[651381d3-f54f-4547-bf28-b0= b01a103184];]=3DKerberos/Ldap<br> > > Authz (Built-in), Extkey[name=3DEXTENSION_INTERFACE_VERSION_MIN;t= ype=3Dclass<br> > > java.lang.Integer;uuid=3DEXTENSION_INTERFACE_VERSION_MIN[2b84fc91= -305b-497b-a1d7-d961b9d2ce0b];]=3D0,<br> > > Extkey[name=3DEXTENSION_CONFIGURATION;type=3Dclass<br> > > java.util.Properties;uuid=3DEXTENSION_CONFIGURATION[2d48ab72-f0a1= -4312-b4ae-5068a226b0fc];]=3D***,<br> > > Extkey[name=3DEXTENSION_AUTHOR;type=3Dclass<br> > > java.lang.String;uuid=3DEXTENSION_AUTHOR[ef242f7a-2dad-4bc5-9aad-= e07018b7fbcc];]=3DThe<br> > > oVirt Project, Extkey[name=3DAAA_AUTHZ_QUERY_MAX_FILTER_SIZE;type= =3Dclass<br> > > java.lang.Integer;uuid=3DAAA_AUTHZ_QUERY_MAX_FILTER_SIZE[2eb1f541= -0f65-44a1-a6e3-014e247595f5];]=3D100,<br> > > Extkey[name=3DEXTENSION_INSTANCE_NAME;type=3Dclass<br> > > java.lang.String;uuid=3DEXTENSION_INSTANCE_NAME[65c67ff6-aeca-4bd= 5-a245-8674327f011b];]=3Dsiee.local,<br> > > Extkey[name=3DEXTENSION_BUILD_INTERFACE_VERSION;type=3Dclass<br> > > java.lang.Integer;uuid=3DEXTENSION_BUILD_INTERFACE_VERSION[cb479e= 5a-4b23-46f8-aed3-56a4747a8ab7];]=3D0,<br> > > Extkey[name=3DAAA_AUTHZ_CAPABILITIES;type=3Dclass<br> > > java.lang.Long;uuid=3DAAA_AUTHZ_CAPABILITIES[6106d1fb-9291-4351-a= 947-b897b9540a23];]=3D1,<br> > > Extkey[name=3DEXTENSION_CONFIGURATION_SENSITIVE_KEYS;type=3Dinter= face<br> > > java.util.Collection;uuid=3DEXTENSION_CONFIGURATION_SENSITIVE_KEY= S[a456efa1-73ff-4204-9f9b-ebff01e35263];]=3D[],<br> > > Extkey[name=3DEXTENSION_GLOBAL_CONTEXT;type=3Dclass<br> > > org.ovirt.engine.api.extensions.ExtMap;uuid=3DEXTENSION_GLOBAL_CO= NTEXT[9799e72f-7af6-4cf1-bf08-297bc8903676];]=3D*skip*,<br> > > Extkey[name=3DEXTENSION_VERSION;type=3Dclass<br> > > java.lang.String;uuid=3DEXTENSION_VERSION[fe35f6a8-8239-4bdb-ab1a= -af9f779ce68c];]=3DN/A,<br> > > Extkey[name=3DAAA_AUTHZ_AVAILABLE_NAMESPACES;type=3Dinterface<br> > > java.util.Collection;uuid=3DAAA_AUTHZ_AVAILABLE_NAMESPACES[6dffa3= 4c-955f-486a-bd35-0a272b45a711];]=3D[*],<br> > > Extkey[name=3DEXTENSION_MANAGER_TRACE_LOG;type=3Dinterface<br> > > org.slf4j.Logger;uuid=3DEXTENSION_MANAGER_TRACE_LOG[863db666-3ea7= -4751-9695-918a3197ad83];]=3Dorg.slf4j.impl.Slf4jLogger(org.ovirt.engine.co= re.extensions.mgr.ExtensionsManager.trace.Kerberos/Ldap<br> > > Authz (Built-in).siee.local), Extkey[name=3DEXTENSION_PROVIDES;ty= pe=3Dinterface<br> > > java.util.Collection;uuid=3DEXTENSION_PROVIDES[8cf373a6-65b5-4594= -b828-0e275087de91];]=3D[org.ovirt.engine.api.extensions.aaa.Authz]},<br> > > Extkey[name=3DAAA_AUTHZ_QUERY_FLAGS;type=3Dclass<br> > > java.lang.Integer;uuid=3DAAA_AUTHZ_QUERY_FLAGS[97d226e9-8d87-49a0= -9a7f-af689320907b];]=3D3,<br> > > Extkey[name=3DEXTENSION_INVOKE_COMMAND;type=3Dclass<br> > > org.ovirt.engine.api.extensions.ExtUUID;uuid=3DEXTENSION_INVOKE_C= OMMAND[485778ab-bede-4f1a-b823-77b262a2f28d];]=3DAAA_AUTHZ_FETCH_PRINCIPAL_= RECORD[5a5bf9bb-9336-4376-a823-26efe1ba26df],<br> > > Extkey[name=3DAAA_AUTHN_AUTH_RECORD;type=3Dclass<br> > > org.ovirt.engine.api.extensions.ExtMap;uuid=3DAAA_AUTHN_AUTH_RECO= RD[e9462168-b53b-44ac-9af5-f25e1697173e];]=3D{Extkey[name=3DAAA_AUTHN_AUTH_= RECORD_PRINCIPAL;type=3Dclass<br> > > java.lang.String;uuid=3DAAA_AUTHN_AUTH_RECORD_PRINCIPAL[c3498f07-= 11fe-464c-958c-8bd7490b119a];]=3Djuanjo}}<br> > > Output:<br> > > {Extkey[name=3DEXTENSION_INVOKE_RESULT;type=3Dclass<br> > > java.lang.Integer;uuid=3DEXTENSION_INVOKE_RESULT[0909d91d-8bde-40= fb-b6c0-099c772ddd4e];]=3D2,<br> > > Extkey[name=3DAAA_AUTHZ_STATUS;type=3Dclass<br> > > java.lang.Integer;uuid=3DAAA_AUTHZ_STATUS[566f0ba5-8329-4de1-952a= -7a81e4bedd3e];]=3D1}<br> > ><br> > >=C2=A0 =C2=A0 =C2=A0at<br> > > org.ovirt.engine.core.extensions.mgr.ExtensionProxy.invoke(Extens= ionProxy.java:91)<br> > > [extensions-manager.jar:]<br> > >=C2=A0 =C2=A0 =C2=A0at<br> > > org.ovirt.engine.core.extensions.mgr.ExtensionProxy.invoke(Extens= ionProxy.java:109)<br> > > [extensions-manager.jar:]<br> > >=C2=A0 =C2=A0 =C2=A0at<br> > > org.ovirt.engine.core.aaa.AuthzUtils.fetchPrincipalRecordImpl(Aut= hzUtils.java:51)<br> > > [aaa.jar:]<br> > >=C2=A0 =C2=A0 =C2=A0at<br> > > org.ovirt.engine.core.aaa.AuthzUtils.fetchPrincipalRecord(AuthzUt= ils.java:42)<br> > > [aaa.jar:]<br> > >=C2=A0 =C2=A0 =C2=A0at<br> > > org.ovirt.engine.core.bll.aaa.LoginBaseCommand.isUserCanBeAuthent= icated(LoginBaseCommand.java:234)<br> > > [bll.jar:]<br> > >=C2=A0 =C2=A0 =C2=A0at<br> > > org.ovirt.engine.core.bll.aaa.LoginAdminUserCommand.canDoAction(L= oginAdminUserCommand.java:15)<br> > > [bll.jar:]<br> > >=C2=A0 =C2=A0 =C2=A0at<br> > > org.ovirt.engine.core.bll.CommandBase.internalCanDoAction(Command= Base.java:744)<br> > > [bll.jar:]<br> > >=C2=A0 =C2=A0 =C2=A0at<br> > > org.ovirt.engine.core.bll.CommandBase.executeAction(CommandBase.j= ava:338)<br> > > [bll.jar:]<br> > >=C2=A0 =C2=A0 =C2=A0at org.ovirt.engine.core.bll.Backend.login(Bac= kend.java:575) [bll.jar:]<br> > >=C2=A0 =C2=A0 =C2=A0at sun.reflect.NativeMethodAccessorImpl.invoke= 0(Native Method)<br> > > [rt.jar:1.7.0_51]<br> > >=C2=A0 =C2=A0 =C2=A0at<br> > > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorI= mpl.java:57)<br> > > [rt.jar:1.7.0_51]<br> > >=C2=A0 =C2=A0 =C2=A0at<br> > > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodA= ccessorImpl.java:43)<br> > > [rt.jar:1.7.0_51]<br> > >=C2=A0 =C2=A0 =C2=A0at java.lang.reflect.Method.invoke(Method.java= :606) [rt.jar:1.7.0_51]<br> > >=C2=A0 =C2=A0 =C2=A0at<br> > > org.jboss.as.ee.component.ManagedReferenceMethodInterceptorFactor= y$ManagedReferenceMethodInterceptor.processInvocation(ManagedReferenceMetho= dInterceptorFactory.java:72)<br> > > [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final]<br> > >=C2=A0 =C2=A0 =C2=A0at<br> > > org.jboss.invocation.InterceptorContext.proceed(InterceptorContex= t.java:288)<br> > > [jboss-invocation-1.1.1.Final.jar:1.1.1.Final]<br> > >=C2=A0 =C2=A0 =C2=A0at<br> > > org.jboss.invocation.InterceptorContext$Invocation.proceed(Interc= eptorContext.java:374)<br> > > [jboss-invocation-1.1.1.Final.jar:1.1.1.Final]<br> > >=C2=A0 =C2=A0 =C2=A0at<br> > > org.jboss.as.weld.ejb.Jsr299BindingsInterceptor.delegateIntercept= ion(Jsr299BindingsInterceptor.java:114)<br> > > [jboss-as-weld-7.1.1.Final.jar:7.1.1.Final]<br> > >=C2=A0 =C2=A0 =C2=A0at<br> > > org.jboss.as.weld.ejb.Jsr299BindingsInterceptor.doMethodIntercept= ion(Jsr299BindingsInterceptor.java:125)<br> > > [jboss-as-weld-7.1.1.Final.jar:7.1.1.Final]<br> > >=C2=A0 =C2=A0 =C2=A0at<br> > > org.jboss.as.weld.ejb.Jsr299BindingsInterceptor.processInvocation= (Jsr299BindingsInterceptor.java:135)<br> > > [jboss-as-weld-7.1.1.Final.jar:7.1.1.Final]<br> > >=C2=A0 =C2=A0 =C2=A0at<br> > > org.jboss.as.ee.component.interceptors.UserInterceptorFactory$1.p= rocessInvocation(UserInterceptorFactory.java:36)<br> > > [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final]<br> > >=C2=A0 =C2=A0 =C2=A0at<br> > > org.jboss.invocation.InterceptorContext.proceed(InterceptorContex= t.java:288)<br> > > [jboss-invocation-1.1.1.Final.jar:1.1.1.Final]<br> > >=C2=A0 =C2=A0 =C2=A0at<br> > > org.jboss.invocation.InterceptorContext$Invocation.proceed(Interc= eptorContext.java:374)<br> > > [jboss-invocation-1.1.1.Final.jar:1.1.1.Final]<br> > >=C2=A0 =C2=A0 =C2=A0at<br> > > org.ovirt.engine.core.bll.interceptors.ThreadLocalSessionCleanerI= nterceptor.injectWebContextToThreadLocal(ThreadLocalSessionCleanerIntercept= or.java:13)<br> > > [bll.jar:]<br> > >=C2=A0 =C2=A0 =C2=A0at sun.reflect.NativeMethodAccessorImpl.invoke= 0(Native Method)<br> > > [rt.jar:1.7.0_51]<br> > >=C2=A0 =C2=A0 =C2=A0at<br> > > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorI= mpl.java:57)<br> > > [rt.jar:1.7.0_51]<br> > >=C2=A0 =C2=A0 =C2=A0at<br> > > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodA= ccessorImpl.java:43)<br> > > [rt.jar:1.7.0_51]<br> > >=C2=A0 =C2=A0 =C2=A0at java.lang.reflect.Method.invoke(Method.java= :606) [rt.jar:1.7.0_51]<br> > >=C2=A0 =C2=A0 =C2=A0at<br> > > org.jboss.as.ee.component.ManagedReferenceLifecycleMethodIntercep= torFactory$ManagedReferenceLifecycleMethodInterceptor.processInvocation(Man= agedReferenceLifecycleMethodInterceptorFactory.java:123)<br> > > [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final]<br> > >=C2=A0 =C2=A0 =C2=A0at<br> > > org.jboss.invocation.InterceptorContext.proceed(InterceptorContex= t.java:288)<br> > > [jboss-invocation-1.1.1.Final.jar:1.1.1.Final]<br> > >=C2=A0 =C2=A0 =C2=A0at<br> > > org.jboss.invocation.WeavedInterceptor.processInvocation(WeavedIn= terceptor.java:53)<br> > > [jboss-invocation-1.1.1.Final.jar:1.1.1.Final]<br> > >=C2=A0 =C2=A0 =C2=A0at<br> > > org.jboss.as.ee.component.interceptors.UserInterceptorFactory$1.p= rocessInvocation(UserInterceptorFactory.java:36)<br> > > [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final]<br> > >=C2=A0 =C2=A0 =C2=A0at<br> > > org.jboss.invocation.InterceptorContext.proceed(InterceptorContex= t.java:288)<br> > > [jboss-invocation-1.1.1.Final.jar:1.1.1.Final]<br> > >=C2=A0 =C2=A0 =C2=A0at<br> > > org.jboss.as.weld.ejb.EjbRequestScopeActivationInterceptor.proces= sInvocation(EjbRequestScopeActivationInterceptor.java:82)<br> > > [jboss-as-weld-7.1.1.Final.jar:7.1.1.Final]<br> > >=C2=A0 =C2=A0 =C2=A0at<br> > > org.jboss.invocation.InterceptorContext.proceed(InterceptorContex= t.java:288)<br> > > [jboss-invocation-1.1.1.Final.jar:1.1.1.Final]<br> > >=C2=A0 =C2=A0 =C2=A0at<br> > > org.jboss.invocation.InitialInterceptor.processInvocation(Initial= Interceptor.java:21)<br> > > [jboss-invocation-1.1.1.Final.jar:1.1.1.Final]<br> > >=C2=A0 =C2=A0 =C2=A0at<br> > > org.jboss.invocation.InterceptorContext.proceed(InterceptorContex= t.java:288)<br> > > [jboss-invocation-1.1.1.Final.jar:1.1.1.Final]<br> > >=C2=A0 =C2=A0 =C2=A0at<br> > > org.jboss.invocation.ChainedInterceptor.processInvocation(Chained= Interceptor.java:61)<br> > > [jboss-invocation-1.1.1.Final.jar:1.1.1.Final]<br> > >=C2=A0 =C2=A0 =C2=A0at<br> > > org.jboss.as.ee.component.interceptors.ComponentDispatcherInterce= ptor.processInvocation(ComponentDispatcherInterceptor.java:53)<br> > > [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final]<br> > >=C2=A0 =C2=A0 =C2=A0at<br> > > org.jboss.invocation.InterceptorContext.proceed(InterceptorContex= t.java:288)<br> > > [jboss-invocation-1.1.1.Final.jar:1.1.1.Final]<br> > >=C2=A0 =C2=A0 =C2=A0at<br> > > org.jboss.as.ejb3.component.singleton.SingletonComponentInstanceA= ssociationInterceptor.processInvocation(SingletonComponentInstanceAssociati= onInterceptor.java:53)<br> > > [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final]<br> > >=C2=A0 =C2=A0 =C2=A0at<br> > > org.jboss.invocation.InterceptorContext.proceed(InterceptorContex= t.java:288)<br> > > [jboss-invocation-1.1.1.Final.jar:1.1.1.Final]<br> > >=C2=A0 =C2=A0 =C2=A0at<br> > > org.jboss.as.ejb3.tx.CMTTxInterceptor.invokeInNoTx(CMTTxIntercept= or.java:211)<br> > > [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final]<br> > >=C2=A0 =C2=A0 =C2=A0at<br> > > org.jboss.as.ejb3.tx.CMTTxInterceptor.supports(CMTTxInterceptor.j= ava:363)<br> > > [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final]<br> > >=C2=A0 =C2=A0 =C2=A0at<br> > > org.jboss.as.ejb3.tx.CMTTxInterceptor.processInvocation(CMTTxInte= rceptor.java:194)<br> > > [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final]<br> > >=C2=A0 =C2=A0 =C2=A0at<br> > > org.jboss.invocation.InterceptorContext.proceed(InterceptorContex= t.java:288)<br> > > [jboss-invocation-1.1.1.Final.jar:1.1.1.Final]<br> > >=C2=A0 =C2=A0 =C2=A0at<br> > > org.jboss.as.ejb3.component.interceptors.CurrentInvocationContext= Interceptor.processInvocation(CurrentInvocationContextInterceptor.java:41)<= br> > > [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final]<br> > >=C2=A0 =C2=A0 =C2=A0at<br> > > org.jboss.invocation.InterceptorContext.proceed(InterceptorContex= t.java:288)<br> > > [jboss-invocation-1.1.1.Final.jar:1.1.1.Final]<br> > >=C2=A0 =C2=A0 =C2=A0at<br> > > org.jboss.as.ejb3.component.interceptors.LoggingInterceptor.proce= ssInvocation(LoggingInterceptor.java:59)<br> > > [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final]<br> > >=C2=A0 =C2=A0 =C2=A0at<br> > > org.jboss.invocation.InterceptorContext.proceed(InterceptorContex= t.java:288)<br> > > [jboss-invocation-1.1.1.Final.jar:1.1.1.Final]<br> > >=C2=A0 =C2=A0 =C2=A0at<br> > > org.jboss.as.ee.component.NamespaceContextInterceptor.processInvo= cation(NamespaceContextInterceptor.java:50)<br> > > [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final]<br> > >=C2=A0 =C2=A0 =C2=A0at<br> > > org.jboss.invocation.InterceptorContext.proceed(InterceptorContex= t.java:288)<br> > > [jboss-invocation-1.1.1.Final.jar:1.1.1.Final]<br> > >=C2=A0 =C2=A0 =C2=A0at<br> > > org.jboss.as.ee.component.TCCLInterceptor.processInvocation(TCCLI= nterceptor.java:45)<br> > > [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final]<br> > >=C2=A0 =C2=A0 =C2=A0at<br> > > org.jboss.invocation.InterceptorContext.proceed(InterceptorContex= t.java:288)<br> > > [jboss-invocation-1.1.1.Final.jar:1.1.1.Final]<br> > >=C2=A0 =C2=A0 =C2=A0at<br> > > org.jboss.invocation.ChainedInterceptor.processInvocation(Chained= Interceptor.java:61)<br> > > [jboss-invocation-1.1.1.Final.jar:1.1.1.Final]<br> > >=C2=A0 =C2=A0 =C2=A0at<br> > > org.jboss.as.ee.component.ViewService$View.invoke(ViewService.jav= a:165)<br> > > [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final]<br> > >=C2=A0 =C2=A0 =C2=A0at<br> > > org.jboss.as.ee.component.ViewDescription$1.processInvocation(Vie= wDescription.java:173)<br> > > [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final]<br> > >=C2=A0 =C2=A0 =C2=A0at<br> > > org.jboss.invocation.InterceptorContext.proceed(InterceptorContex= t.java:288)<br> > > [jboss-invocation-1.1.1.Final.jar:1.1.1.Final]<br> > >=C2=A0 =C2=A0 =C2=A0at<br> > > org.jboss.invocation.ChainedInterceptor.processInvocation(Chained= Interceptor.java:61)<br> > > [jboss-invocation-1.1.1.Final.jar:1.1.1.Final]<br> > >=C2=A0 =C2=A0 =C2=A0at<br> > > org.jboss.as.ee.component.ProxyInvocationHandler.invoke(ProxyInvo= cationHandler.java:72)<br> > > [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final]<br> > >=C2=A0 =C2=A0 =C2=A0at<br> > > org.ovirt.engine.core.common.interfaces.BackendLocal$$$view7.logi= n(Unknown<br> > > Source) [common.jar:]<br> > >=C2=A0 =C2=A0 =C2=A0at<br> > > org.ovirt.engine.ui.frontend.server.gwt.GenericApiGWTServiceImpl.= login(GenericApiGWTServiceImpl.java:183)<br> > >=C2=A0 =C2=A0 =C2=A0at sun.reflect.NativeMethodAccessorImpl.invoke= 0(Native Method)<br> > > [rt.jar:1.7.0_51]<br> > >=C2=A0 =C2=A0 =C2=A0at<br> > > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorI= mpl.java:57)<br> > > [rt.jar:1.7.0_51]<br> > >=C2=A0 =C2=A0 =C2=A0at<br> > > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodA= ccessorImpl.java:43)<br> > > [rt.jar:1.7.0_51]<br> > >=C2=A0 =C2=A0 =C2=A0at java.lang.reflect.Method.invoke(Method.java= :606) [rt.jar:1.7.0_51]<br> > >=C2=A0 =C2=A0 =C2=A0at com.google.gwt.rpc.server.RPC.invokeAndStre= amResponse(RPC.java:196)<br> > >=C2=A0 =C2=A0 =C2=A0at<br> > >=C2=A0 =C2=A0 =C2=A0com.google.gwt.rpc.server.RpcServlet.processCa= ll(RpcServlet.java:172)<br> > >=C2=A0 =C2=A0 =C2=A0at<br> > >=C2=A0 =C2=A0 =C2=A0com.google.gwt.rpc.server.RpcServlet.processPo= st(RpcServlet.java:233)<br> > >=C2=A0 =C2=A0 =C2=A0at<br> > > com.google.gwt.user.server.rpc.AbstractRemoteServiceServlet.doPos= t(AbstractRemoteServiceServlet.java:62)<br> > >=C2=A0 =C2=A0 =C2=A0at javax.servlet.http.HttpServlet.service(Http= Servlet.java:754)<br> > > [jboss-servlet-api_3.0_spec-1.0.0.Final.jar:1.0.0.Final]<br> > >=C2=A0 =C2=A0 =C2=A0at javax.servlet.http.HttpServlet.service(Http= Servlet.java:847)<br> > > [jboss-servlet-api_3.0_spec-1.0.0.Final.jar:1.0.0.Final]<br> > >=C2=A0 =C2=A0 =C2=A0at<br> > > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(= ApplicationFilterChain.java:329)<br> > >=C2=A0 =C2=A0 =C2=A0at<br> > > org.apache.catalina.core.ApplicationFilterChain.doFilter(Applicat= ionFilterChain.java:248)<br> > >=C2=A0 =C2=A0 =C2=A0at<br> > > org.ovirt.engine.core.utils.servlet.HeaderFilter.doFilter(HeaderF= ilter.java:94)<br> > > [utils.jar:]<br> > >=C2=A0 =C2=A0 =C2=A0at<br> > > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(= ApplicationFilterChain.java:280)<br> > >=C2=A0 =C2=A0 =C2=A0at<br> > > org.apache.catalina.core.ApplicationFilterChain.doFilter(Applicat= ionFilterChain.java:248)<br> > >=C2=A0 =C2=A0 =C2=A0at<br> > > org.ovirt.engine.ui.frontend.server.gwt.GwtCachingFilter.doFilter= (GwtCachingFilter.java:132)<br> > >=C2=A0 =C2=A0 =C2=A0at<br> > > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(= ApplicationFilterChain.java:280)<br> > >=C2=A0 =C2=A0 =C2=A0at<br> > > org.apache.catalina.core.ApplicationFilterChain.doFilter(Applicat= ionFilterChain.java:248)<br> > >=C2=A0 =C2=A0 =C2=A0at<br> > > org.ovirt.engine.core.branding.BrandingFilter.doFilter(BrandingFi= lter.java:72)<br> > >=C2=A0 =C2=A0 =C2=A0at<br> > > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(= ApplicationFilterChain.java:280)<br> > >=C2=A0 =C2=A0 =C2=A0at<br> > > org.apache.catalina.core.ApplicationFilterChain.doFilter(Applicat= ionFilterChain.java:248)<br> > >=C2=A0 =C2=A0 =C2=A0at<br> > > org.ovirt.engine.core.utils.servlet.LocaleFilter.doFilter(LocaleF= ilter.java:64)<br> > > [utils.jar:]<br> > >=C2=A0 =C2=A0 =C2=A0at<br> > > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(= ApplicationFilterChain.java:280)<br> > >=C2=A0 =C2=A0 =C2=A0at<br> > > org.apache.catalina.core.ApplicationFilterChain.doFilter(Applicat= ionFilterChain.java:248)<br> > >=C2=A0 =C2=A0 =C2=A0at<br> > > org.ovirt.engine.core.aaa.filters.SessionMgmtFilter.doFilter(Sess= ionMgmtFilter.java:31)<br> > > [aaa.jar:]<br> > >=C2=A0 =C2=A0 =C2=A0at<br> > > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(= ApplicationFilterChain.java:280)<br> > >=C2=A0 =C2=A0 =C2=A0at<br> > > org.apache.catalina.core.ApplicationFilterChain.doFilter(Applicat= ionFilterChain.java:248)<br> > >=C2=A0 =C2=A0 =C2=A0at<br> > > org.ovirt.engine.core.aaa.filters.LoginFilter.doFilter(LoginFilte= r.java:73)<br> > > [aaa.jar:]<br> > >=C2=A0 =C2=A0 =C2=A0at<br> > > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(= ApplicationFilterChain.java:280)<br> > >=C2=A0 =C2=A0 =C2=A0at<br> > > org.apache.catalina.core.ApplicationFilterChain.doFilter(Applicat= ionFilterChain.java:248)<br> > >=C2=A0 =C2=A0 =C2=A0at<br> > > org.ovirt.engine.core.aaa.filters.NegotiationFilter.doFilter(Nego= tiationFilter.java:131)<br> > > [aaa.jar:]<br> > >=C2=A0 =C2=A0 =C2=A0at<br> > > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(= ApplicationFilterChain.java:280)<br> > >=C2=A0 =C2=A0 =C2=A0at<br> > > org.apache.catalina.core.ApplicationFilterChain.doFilter(Applicat= ionFilterChain.java:248)<br> > >=C2=A0 =C2=A0 =C2=A0at<br> > > org.ovirt.engine.core.aaa.filters.BasicAuthenticationFilter.doFil= ter(BasicAuthenticationFilter.java:75)<br> > > [aaa.jar:]<br> > >=C2=A0 =C2=A0 =C2=A0at<br> > > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(= ApplicationFilterChain.java:280)<br> > >=C2=A0 =C2=A0 =C2=A0at<br> > > org.apache.catalina.core.ApplicationFilterChain.doFilter(Applicat= ionFilterChain.java:248)<br> > >=C2=A0 =C2=A0 =C2=A0at<br> > > org.ovirt.engine.core.aaa.filters.SessionValidationFilter.doFilte= r(SessionValidationFilter.java:63)<br> > > [aaa.jar:]<br> > >=C2=A0 =C2=A0 =C2=A0at<br> > > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(= ApplicationFilterChain.java:280)<br> > >=C2=A0 =C2=A0 =C2=A0at<br> > > org.apache.catalina.core.ApplicationFilterChain.doFilter(Applicat= ionFilterChain.java:248)<br> > >=C2=A0 =C2=A0 =C2=A0at<br> > > org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrap= perValve.java:275)<br> > >=C2=A0 =C2=A0 =C2=A0at<br> > > org.apache.catalina.core.StandardContextValve.invoke(StandardCont= extValve.java:161)<br> > >=C2=A0 =C2=A0 =C2=A0at<br> > > org.apache.catalina.authenticator.AuthenticatorBase.invoke(Authen= ticatorBase.java:489)<br> > >=C2=A0 =C2=A0 =C2=A0at<br> > > org.jboss.as.web.security.SecurityContextAssociationValve.invoke(= SecurityContextAssociationValve.java:153)<br> > >=C2=A0 =C2=A0 =C2=A0at<br> > > org.apache.catalina.core.StandardHostValve.invoke(StandardHostVal= ve.java:155)<br> > >=C2=A0 =C2=A0 =C2=A0at<br> > > org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportVal= ve.java:102)<br> > >=C2=A0 =C2=A0 =C2=A0at org.jboss.web.rewrite.RewriteValve.invoke(R= ewriteValve.java:466)<br> > >=C2=A0 =C2=A0 =C2=A0at<br> > > org.apache.catalina.core.StandardEngineValve.invoke(StandardEngin= eValve.java:109)<br> > >=C2=A0 =C2=A0 =C2=A0at<br> > > org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter= =2Ejava:368)<br> > >=C2=A0 =C2=A0 =C2=A0at org.apache.coyote.ajp.AjpProcessor.process(= AjpProcessor.java:505)<br> > >=C2=A0 =C2=A0 =C2=A0at<br> > > org.apache.coyote.ajp.AjpProtocol$AjpConnectionHandler.process(Aj= pProtocol.java:445)<br> > >=C2=A0 =C2=A0 =C2=A0at<br> > > org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.jav= a:930)<br> > >=C2=A0 =C2=A0 =C2=A0at java.lang.Thread.run(Thread.java:744) [rt.j= ar:1.7.0_51]<br> > ><br> > > Could you help me with this problem, please?<br> > ><br> > > Many thanks in advanced,<br> > ><br> > > Juanjo.<br> > ><br> > > On Tue, Nov 25, 2014 at 12:24 PM, Ondra Machacek <<a href=3D"m= ailto:omachace@redhat.com">omachace@redhat.com</a>><br> > > wrote:<br> > ><br> > > > Hi,<br> > > ><br> > > > can you please try different account than Administrator?<br> > > ><br> > > > ----- Original Message -----<br> > > > > From: "Juan Jose" <<a href=3D"mailto:jj197= 005@gmail.com">jj197005@gmail.com</a>><br> > > > > To: <a href=3D"mailto:omachace@redhat.com">omachace@red= hat.com</a>, <a href=3D"mailto:alonbl@redhat.com">alonbl@redhat.com</a>, &q= uot;Yair Zaslavsky" <<br> > > > <a href=3D"mailto:yzaslavs@redhat.com">yzaslavs@redhat.com</= a>>, <a href=3D"mailto:users@ovirt.org">users@ovirt.org</a><br> > > > > Sent: Tuesday, November 25, 2014 11:01:13 AM<br> > > > > Subject: Re: [ovirt-users] Adding domain to oVirt to 3.= 5 issue<br> > > > ><br> > > > > Hello everybody,<br> > > > ><br> > > > > Ondra you are right, I removed the domain. I have alrea= dy tried to<br> > > > execute<br> > > > > the command with lower case the domain name and the res= ult is the same<br> > > > ><br> > > > > engine-manage-domains add --domain=3Dsiee.local --provi= der=3Dad<br> > > > > --user=3DAdministrator=C2=A0 --add-permissions<br> > > > > Enter password:<br> > > > > No user in Directory was found for Administrator@SIEE.L= OCAL. Trying<br> > > > > next<br> > > > > LDAP server in list<br> > > > > Failure while testing domain siee.local. Details: No us= er information<br> > > > > was<br> > > > > found for user<br> > > > ><br> > > > > the result to the command psql -U engine -d engine -c &= quot;select * from<br> > > > > vdc_options where option_name=3D'LDAPSecurityAuthen= tication'" is:<br> > > > ><br> > > > > psql: FATAL:=C2=A0 Ident authentication failed for user= "engine"<br> > > > ><br> > > > > And for second command psql -U engine -d engine -c &quo= t;update vdc_options<br> > > > set<br> > > > > option_value=3D'siee.local:GSSAPI' where<br> > > > > option_name=3D'LDAPSecurityAuthentication'"= ;, I receive the same response:<br> > > > ><br> > > > > psql: FATAL:=C2=A0 Ident authentication failed for user= "engine"<br> > > > ><br> > > > > Is there any problem?<br> > > > ><br> > > > > Many thanks in advanced,<br> > > > ><br> > > > > Juanjo.<br> > > > ><br> > > > ><br> > > > > On Mon, Nov 24, 2014 at 1:57 PM, Ondra Machacek <<a = href=3D"mailto:omachace@redhat.com">omachace@redhat.com</a>><br> > > > wrote:<br> > > > ><br> > > > > > I understood that domain can be deleted, but can&#= 39;t be added,<br> > > > > > so there won't be needed values to update in v= dc_options.<br> > > > > ><br> > > > > > Juanjo - Can you please provide us what's the = result of command:<br> > > > > ><br> > > > > > $ psql -U engine -d engine -c "select * from = vdc_options where<br> > > > > > option_name=3D'LDAPSecurityAuthentication'= "<br> > > > > ><br> > > > > > If it's empty or if the domain name is upper c= ase or lower case?<br> > > > > > If it's upper, than please lower case it.<br> > > > > > $ psql -U engine -d engine -c "update vdc_opt= ions set<br> > > > > > option_value=3D'siee.local:GSSAPI' where<b= r> > > > > > option_name=3D'LDAPSecurityAuthentication'= "<br> > > > > ><br> > > > > ><br> > > > > > ----- Original Message -----<br> > > > > > > From: "Alon Bar-Lev" <<a href=3D= "mailto:alonbl@redhat.com">alonbl@redhat.com</a>><br> > > > > > > To: "Ondra Machacek" <<a href=3D= "mailto:omachace@redhat.com">omachace@redhat.com</a>><br> > > > > > > Cc: <a href=3D"mailto:jj197005@gmail.com">jj1= 97005@gmail.com</a>, <a href=3D"mailto:users@ovirt.org">users@ovirt.org</a>= , "Yair Zaslavsky" <<br> > > > > > <a href=3D"mailto:yzaslavs@redhat.com">yzaslavs@re= dhat.com</a>><br> > > > > > > Sent: Monday, November 24, 2014 1:49:11 PM<br=
alonbl@redhat.com</a>><br> > > > > > > > Sent: Monday, November 24, 2014 2:46:20 = PM<br> > > > > > > > Subject: Re: [ovirt-users] Adding domain= to oVirt to 3.5 issue<br> > > > > > > ><br> > > > > > > > Please try to run your command with doma= in in lower case:<br> > > > > > > ><br> > > > > > > > engine-manage-domains add --domain=3Dsie= e.local --provider=3Dad<br> > > > > > > > --user=3DAdministrator<br> > > > > > ><br> > > > > > > it is already added, won't it simpler to = modify the vdc_options?<br> > > > > > ><br> > > > > > > ><br> > > > > > > ><br> > > > > > > > ----- Original Message -----<br> > > > > > > > > From: "Alon Bar-Lev" <= <a href=3D"mailto:alonbl@redhat.com">alonbl@redhat.com</a>><br> > > > > > > > > To: "Juan Jose" <<a hr= ef=3D"mailto:jj197005@gmail.com">jj197005@gmail.com</a>><br> > > > > > > > > Cc: <a href=3D"mailto:users@ovirt.o= rg">users@ovirt.org</a>, "Yair Zaslavsky" <<a href=3D"mailto:y= zaslavs@redhat.com">yzaslavs@redhat.com</a>>,<br> > > > "Ondra<br> > > > > > > > > Machacek" <<a href=3D"mailt= o:omachace@redhat.com">omachace@redhat.com</a>><br> > > > > > > > > Sent: Monday, November 24, 2014 1:2= 7:39 PM<br> > > > > > > > > Subject: Re: [ovirt-users] Adding d= omain to oVirt to 3.5 issue<br> > > > > > > > ><br> > > > > > > > ><br> > > > > > > > > Yes,<br> > > > > > > > > I think we just fixed this[1].<br> > > > > > > > > We can fix this manually, yair, ond= ra what is the easiest fix?<br> > > > > > > > ><br> > > > > > > > > BTW: you can also checkout the new = ldap provider<br> > > > > > > > > (ovirt-engine-extension-aaa-ldap) i= n 3.5 which should be much<br> > > > more<br> > > > > > > > > robust[1], I can help you set it up= =2E<br> > > > > > > > ><br> > > > > > > > > [1] <a href=3D"https://bugzilla.red= hat.com/show_bug.cgi?id=3D1167211" target=3D"_blank">https://bugzilla.redha= t.com/show_bug.cgi?id=3D1167211</a><br> > > > > > > > > [2]<br> > > > > > > > ><br> > > > > ><br> > > > <a href=3D"http://gerrit.ovirt.org/gitweb?p=3Dovirt-engine-e= xtension-aaa-ldap.git;a=3Dblob;f=3DREADME;hb=3DHEAD" target=3D"_blank">http= ://gerrit.ovirt.org/gitweb?p=3Dovirt-engine-extension-aaa-ldap.git;a=3Dblob= ;f=3DREADME;hb=3DHEAD</a><br> > > > > > > > ><br> > > > > > > > > ----- Original Message -----<br> > > > > > > > > > From: "Juan Jose" &l= t;<a href=3D"mailto:jj197005@gmail.com">jj197005@gmail.com</a>><br> > > > > > > > > > To: <a href=3D"mailto:users@ov= irt.org">users@ovirt.org</a><br> > > > > > > > > > Sent: Monday, November 24, 201= 4 2:22:44 PM<br> > > > > > > > > > Subject: [ovirt-users] Adding = domain to oVirt to 3.5 issue<br> > > > > > > > > ><br> > > > > > > > > > Hello everybody,<br> > > > > > > > > ><br> > > > > > > > > > I have upgraded my oVirt 3.4 t= o 3.5 version without any<br> > > > > > > > > > problem<br> > > > > > > > > > apparently.<br> > > > > > > > > ><br> > > > > > > > > > After finish the upgrade I hav= e tried to login with any of my<br> > > > AD<br> > > > > > users<br> > > > > > > > > > from<br> > > > > > > > > > my Samba 4, like I used to do = in oVirt 3.4 but I received<br> > > > > > > > > > authentication<br> > > > > > > > > > errors as below error:<br> > > > > > > > > ><br> > > > > > > > > > 2014-11-21 14:06:02,681 ERROR<= br> > > > > > > > > ><br> > > > > ><br> > > > [org.ovirt.engine.extensions.aaa.builtin.kerberosldap.GSSAPI= DirContextAuthenticationStrategy]<br> > > > > > > > > > (ajp--127.0.0.1-8702-3) Kerber= os error: Pre-authentication<br> > > > > > information<br> > > > > > > > > > was<br> > > > > > > > > > invalid (24)<br> > > > > > > > > > 2014-11-21 14:06:02,683 ERROR<= br> > > > > > > > > ><br> > > > > ><br> > > > [org.ovirt.engine.extensions.aaa.builtin.kerberosldap.GSSAPI= DirContextAuthenticationStrategy]<br> > > > > > > > > > (ajp--127.0.0.1-8702-3) Authen= tication Failed. Please verify<br> > > > the<br> > > > > > > > > > username<br> > > > > > > > > > and password.<br> > > > > > > > > > 2014-11-21 14:06:02,685 ERROR<= br> > > > > > > > > ><br> > > > > ><br> > > > [org.ovirt.engine.extensions.aaa.builtin.kerberosldap.Direct= orySearcher]<br> > > > > > > > > > (ajp--127.0.0.1-8702-3) Failed= ldap search server<br> > > > > > > > > > ldap://adserver.siee.local:389= using user juanjo@SIEE.LOCAL<br> > > > due to<br> > > > > > > > > > Authentication Failed. Please = verify the username and<br> > > > password.. We<br> > > > > > > > > > should<br> > > > > > > > > > not try the next server<br> > > > > > > > > > 2014-11-21 14:06:02,688 ERROR<= br> > > > > > > > > ><br> > > > > ><br> > > > [org.ovirt.engine.extensions.aaa.builtin.kerberosldap.LdapBr= okerCommandBase]<br> > > > > > > > > > (ajp--127.0.0.1-8702-3) Failed= to run command<br> > > > > > > > > > LdapGetAdUserByUserNameCommand= =2E Domain is siee.local. User is<br> > > > > > > > > > juanjo@SIEE.LOCAL.<br> > > > > > > > > > 2014-11-21 14:06:02,690 ERROR<= br> > > > > > > > > > [org.ovirt.engine.core.bll.aaa= =2ELoginAdminUserCommand]<br> > > > > > > > > > (ajp--127.0.0.1-8702-3) Error = during CanDoActionFailure.:<br> > > > Class:<br> > > > > > class<br> > > > > > > > > ><br> > > > > ><br> > > > org.ovirt.engine.core.extensions.mgr.ExtensionInvokeCommandF= ailedException<br> > > > > > > > > > Input:<br> > > > > > > > > > {Extkey[name=3DEXTENSION_INVOK= E_CONTEXT;type=3Dclass<br> > > > > > > > > ><br> > > > > ><br> > > > org.ovirt.engine.api.extensions.ExtMap;uuid=3DEXTENSION_INVO= KE_CONTEXT[886d2ebb-312a-49ae-9cc3-e1f849834b7d];]=3D{Extkey[name=3DEXTENSI= ON_INTERFACE_VERSION_MAX;type=3Dclass<br> > > > > > > > > ><br> > > > > ><br> > > > java.lang.Integer;uuid=3DEXTENSION_INTERFACE_VERSION_MAX[f4c= ff49f-2717-4901-8ee9-df362446e3e7];]=3D0,<br> > > > > > > > > > Extkey[name=3DEXTENSION_LICENS= E;type=3Dclass<br> > > > > > > > > ><br> > > > > ><br> > > > java.lang.String;uuid=3DEXTENSION_LICENSE[8a61ad65-054c-4e31= -9c6d-1ca4d60a4c18];]=3DASL<br> > > > > > > > > > 2.0, Extkey[name=3DEXTENSION_H= OME_URL;type=3Dclass<br> > > > > > > > > ><br> > > > > ><br> > > > java.lang.String;uuid=3DEXTENSION_HOME_URL[4ad7a2f4-f969-42d= 4-b399-72d192e18304];]=3D<br> > > > > > > > > > <a href=3D"http://www.ovirt.or= g" target=3D"_blank">http://www.ovirt.org</a> ,<br> > > > > > > > > > Extkey[name=3DEXTENSION_LOCALE= ;type=3Dclass<br> > > > > > > > > ><br> > > > > ><br> > > > java.lang.String;uuid=3DEXTENSION_LOCALE[0780b112-0ce0-404a-= b85e-8765d778bb29];]=3Den_US,<br> > > > > > > > > > Extkey[name=3DEXTENSION_NAME;t= ype=3Dclass<br> > > > > > > > > ><br> > > > > ><br> > > > java.lang.String;uuid=3DEXTENSION_NAME[651381d3-f54f-4547-bf= 28-b0b01a103184];]=3DKerberos/Ldap<br> > > > > > > > > > Authz (Built-in),<br> > > > > > > > > > Extkey[name=3DEXTENSION_INTERF= ACE_VERSION_MIN;type=3Dclass<br> > > > > > > > > ><br> > > > > ><br> > > > java.lang.Integer;uuid=3DEXTENSION_INTERFACE_VERSION_MIN[2b8= 4fc91-305b-497b-a1d7-d961b9d2ce0b];]=3D0,<br> > > > > > > > > > Extkey[name=3DEXTENSION_CONFIG= URATION;type=3Dclass<br> > > > > > > > > ><br> > > > > ><br> > > > java.util.Properties;uuid=3DEXTENSION_CONFIGURATION[2d48ab72= -f0a1-4312-b4ae-5068a226b0fc];]=3D***,<br> > > > > > > > > > Extkey[name=3DEXTENSION_AUTHOR= ;type=3Dclass<br> > > > > > > > > ><br> > > > > ><br> > > > java.lang.String;uuid=3DEXTENSION_AUTHOR[ef242f7a-2dad-4bc5-= 9aad-e07018b7fbcc];]=3DThe<br> > > > > > > > > > oVirt Project,<br> > > > > > Extkey[name=3DAAA_AUTHZ_QUERY_MAX_FILTER_SIZE;type= =3Dclass<br> > > > > > > > > ><br> > > > > ><br> > > > java.lang.Integer;uuid=3DAAA_AUTHZ_QUERY_MAX_FILTER_SIZE[2eb= 1f541-0f65-44a1-a6e3-014e247595f5];]=3D100,<br> > > > > > > > > > Extkey[name=3DEXTENSION_INSTAN= CE_NAME;type=3Dclass<br> > > > > > > > > ><br> > > > > ><br> > > > java.lang.String;uuid=3DEXTENSION_INSTANCE_NAME[65c67ff6-aec= a-4bd5-a245-8674327f011b];]=3Dsiee.local,<br> > > > > > > > > > Extkey[name=3DEXTENSION_BUILD_= INTERFACE_VERSION;type=3Dclass<br> > > > > > > > > ><br> > > > > ><br> > > > java.lang.Integer;uuid=3DEXTENSION_BUILD_INTERFACE_VERSION[c= b479e5a-4b23-46f8-aed3-56a4747a8ab7];]=3D0,<br> > > > > > > > > > Extkey[name=3DAAA_AUTHZ_CAPABI= LITIES;type=3Dclass<br> > > > > > > > > ><br> > > > > ><br> > > > java.lang.Long;uuid=3DAAA_AUTHZ_CAPABILITIES[6106d1fb-9291-4= 351-a947-b897b9540a23];]=3D1,<br> > > > > > > > > ><br> > > > Extkey[name=3DEXTENSION_CONFIGURATION_SENSITIVE_KEYS;type=3D= interface<br> > > > > > > > > ><br> > > > > ><br> > > > java.util.Collection;uuid=3DEXTENSION_CONFIGURATION_SENSITIV= E_KEYS[a456efa1-73ff-4204-9f9b-ebff01e35263];]=3D[],<br> > > > > > > > > > Extkey[name=3DEXTENSION_GLOBAL= _CONTEXT;type=3Dclass<br> > > > > > > > > ><br> > > > > ><br> > > > org.ovirt.engine.api.extensions.ExtMap;uuid=3DEXTENSION_GLOB= AL_CONTEXT[9799e72f-7af6-4cf1-bf08-297bc8903676];]=3D*skip*,<br> > > > > > > > > > Extkey[name=3DEXTENSION_VERSIO= N;type=3Dclass<br> > > > > > > > > ><br> > > > > ><br> > > > java.lang.String;uuid=3DEXTENSION_VERSION[fe35f6a8-8239-4bdb= -ab1a-af9f779ce68c];]=3DN/A,<br> > > > > > > > > > Extkey[name=3DAAA_AUTHZ_AVAILA= BLE_NAMESPACES;type=3Dinterface<br> > > > > > > > > ><br> > > > > ><br> > > > java.util.Collection;uuid=3DAAA_AUTHZ_AVAILABLE_NAMESPACES[6= dffa34c-955f-486a-bd35-0a272b45a711];]=3D[*],<br> > > > > > > > > > Extkey[name=3DEXTENSION_MANAGE= R_TRACE_LOG;type=3Dinterface<br> > > > > > > > > ><br> > > > > ><br> > > > org.slf4j.Logger;uuid=3DEXTENSION_MANAGER_TRACE_LOG[863db666= -3ea7-4751-9695-918a3197ad83];]=3Dorg.slf4j.impl.Slf4jLogger(org.ovirt.engi= ne.core.extensions.mgr.ExtensionsManager.trace.Kerberos/Ldap<br> > > > > > > > > > Authz (Built-in).siee.local),<= br> > > > > > > > > > Extkey[name=3DEXTENSION_PROVID= ES;type=3Dinterface<br> > > > > > > > > ><br> > > > > ><br> > > > java.util.Collection;uuid=3DEXTENSION_PROVIDES[8cf373a6-65b5= -4594-b828-0e275087de91];]=3D[org.ovirt.engine.api.extensions.aaa.Authz]},<= br> > > > > > > > > > Extkey[name=3DAAA_AUTHZ_QUERY_= FLAGS;type=3Dclass<br> > > > > > > > > ><br> > > > > ><br> > > > java.lang.Integer;uuid=3DAAA_AUTHZ_QUERY_FLAGS[97d226e9-8d87= -49a0-9a7f-af689320907b];]=3D3,<br> > > > > > > > > > Extkey[name=3DEXTENSION_INVOKE= _COMMAND;type=3Dclass<br> > > > > > > > > ><br> > > > > ><br> > > > org.ovirt.engine.api.extensions.ExtUUID;uuid=3DEXTENSION_INV= OKE_COMMAND[485778ab-bede-4f1a-b823-77b262a2f28d];]=3DAAA_AUTHZ_FETCH_PRINC= IPAL_RECORD[5a5bf9bb-9336-4376-a823-26efe1ba26df],<br> > > > > > > > > > Extkey[name=3DAAA_AUTHN_AUTH_R= ECORD;type=3Dclass<br> > > > > > > > > ><br> > > > > ><br> > > > org.ovirt.engine.api.extensions.ExtMap;uuid=3DAAA_AUTHN_AUTH= _RECORD[e9462168-b53b-44ac-9af5-f25e1697173e];]=3D{Extkey[name=3DAAA_AUTHN_= AUTH_RECORD_PRINCIPAL;type=3Dclass<br> > > > > > > > > ><br> > > > > ><br> > > > java.lang.String;uuid=3DAAA_AUTHN_AUTH_RECORD_PRINCIPAL[c349= 8f07-11fe-464c-958c-8bd7490b119a];]=3Djuanjo}}<br> > > > > > > > > > Output:<br> > > > > > > > > > {Extkey[name=3DEXTENSION_INVOK= E_RESULT;type=3Dclass<br> > > > > > > > > ><br> > > > > ><br> > > > java.lang.Integer;uuid=3DEXTENSION_INVOKE_RESULT[0909d91d-8b= de-40fb-b6c0-099c772ddd4e];]=3D2,<br> > > > > > > > > > Extkey[name=3DAAA_AUTHZ_STATUS= ;type=3Dclass<br> > > > > > > > > ><br> > > > > ><br> > > > java.lang.Integer;uuid=3DAAA_AUTHZ_STATUS[566f0ba5-8329-4de1= -952a-7a81e4bedd3e];]=3D1}<br> > > > > > > > > ><br> > > > > > > > > > at<br> > > > > > > > > ><br> > > > > ><br> > > > org.ovirt.engine.core.extensions.mgr.ExtensionProxy.invoke(E= xtensionProxy.java:91)<br> > > > > > > > > > [extensions-manager.jar:]<br> > > > > > > > > > at<br> > > > > > > > > ><br> > > > > ><br> > > > org.ovirt.engine.core.extensions.mgr.ExtensionProxy.invoke(E= xtensionProxy.java:109)<br> > > > > > > > > > [extensions-manager.jar:]<br> > > > > > > > > > at<br> > > > > > > > > ><br> > > > > ><br> > > > org.ovirt.engine.core.aaa.AuthzUtils.fetchPrincipalRecordImp= l(AuthzUtils.java:51)<br> > > > > > > > > > [aaa.jar:]<br> > > > > > > > > > at<br> > > > > > > > > ><br> > > > > ><br> > > > org.ovirt.engine.core.aaa.AuthzUtils.fetchPrincipalRecord(Au=
> > > > > > Subject: Re: [ovirt-users] Adding domain to o= Virt to 3.5 issue<br> > > > > > ><br> > > > > > ><br> > > > > > ><br> > > > > > > ----- Original Message -----<br> > > > > > > > From: "Ondra Machacek" <<a = href=3D"mailto:omachace@redhat.com">omachace@redhat.com</a>><br> > > > > > > > To: <a href=3D"mailto:jj197005@gmail.com= ">jj197005@gmail.com</a><br> > > > > > > > Cc: <a href=3D"mailto:users@ovirt.org">u= sers@ovirt.org</a>, "Yair Zaslavsky" <<a href=3D"mailto:yzasla= vs@redhat.com">yzaslavs@redhat.com</a>>,<br> > > > > > > > "Alon<br> > > > > > Bar-Lev"<br> > > > > > > > <<a href=3D"mailto:alonbl@redhat.com"= thzUtils.java:42)<br> > > > > > > > > > [aaa.jar:]<br> > > > > > > > > > at<br> > > > > > > > > ><br> > > > > ><br> > > > org.ovirt.engine.core.bll.aaa.LoginBaseCommand.isUserCanBeAu= thenticated(LoginBaseCommand.java:234)<br> > > > > > > > > > [bll.jar:]<br> > > > > > > > > > at<br> > > > > > > > > ><br> > > > > ><br> > > > org.ovirt.engine.core.bll.aaa.LoginAdminUserCommand.canDoAct= ion(LoginAdminUserCommand.java:15)<br> > > > > > > > > > [bll.jar:]<br> > > > > > > > > > at<br> > > > > > > > > ><br> > > > > ><br> > > > org.ovirt.engine.core.bll.CommandBase.internalCanDoAction(Co= mmandBase.java:744)<br> > > > > > > > > > [bll.jar:]<br> > > > > > > > > > at<br> > > > > > > > > ><br> > > > > ><br> > > > org.ovirt.engine.core.bll.CommandBase.executeAction(CommandB= ase.java:338)<br> > > > > > > > > > [bll.jar:]<br> > > > > > > > > > at org.ovirt.engine.core.bll.B= ackend.login(Backend.java:575)<br> > > > > > [bll.jar:]<br> > > > > > > > > > at sun.reflect.NativeMethodAcc= essorImpl.invoke0(Native<br> > > > > > > > > > Method)<br> > > > > > > > > > [rt.jar:1.7.0_51]<br> > > > > > > > > > at<br> > > > > > > > > ><br> > > > > ><br> > > > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAcce= ssorImpl.java:57)<br> > > > > > > > > > [rt.jar:1.7.0_51]<br> > > > > > > > > > at<br> > > > > > > > > ><br> > > > > ><br> > > > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMe= thodAccessorImpl.java:43)<br> > > > > > > > > > [rt.jar:1.7.0_51]<br> > > > > > > > > > at java.lang.reflect.Method.in= voke(Method.java:606)<br> > > > > > [rt.jar:1.7.0_51]<br> > > > > > > > > > at<br> > > > > > > > > ><br> > > > > ><br> > > > org.jboss.as.ee.component.ManagedReferenceMethodInterceptorF= actory$ManagedReferenceMethodInterceptor.processInvocation(ManagedReference= MethodInterceptorFactory.java:72)<br> > > > > > > > > > [jboss-as-ee-7.1.1.Final.jar:7= =2E1.1.Final]<br> > > > > > > > > > at<br> > > > > > > > > ><br> > > > > ><br> > > > org.jboss.invocation.InterceptorContext.proceed(InterceptorC= ontext.java:288)<br> > > > > > > > > > [jboss-invocation-1.1.1.Final.= jar:1.1.1.Final]<br> > > > > > > > > > at<br> > > > > > > > > ><br> > > > > ><br> > > > org.jboss.invocation.InterceptorContext$Invocation.proceed(I= nterceptorContext.java:374)<br> > > > > > > > > > [jboss-invocation-1.1.1.Final.= jar:1.1.1.Final]<br> > > > > > > > > > at<br> > > > > > > > > ><br> > > > > ><br> > > > org.jboss.as.weld.ejb.Jsr299BindingsInterceptor.delegateInte= rception(Jsr299BindingsInterceptor.java:114)<br> > > > > > > > > > [jboss-as-weld-7.1.1.Final.jar= :7.1.1.Final]<br> > > > > > > > > > at<br> > > > > > > > > ><br> > > > > ><br> > > > org.jboss.as.weld.ejb.Jsr299BindingsInterceptor.doMethodInte= rception(Jsr299BindingsInterceptor.java:125)<br> > > > > > > > > > [jboss-as-weld-7.1.1.Final.jar= :7.1.1.Final]<br> > > > > > > > > > at<br> > > > > > > > > ><br> > > > > ><br> > > > org.jboss.as.weld.ejb.Jsr299BindingsInterceptor.processInvoc= ation(Jsr299BindingsInterceptor.java:135)<br> > > > > > > > > > [jboss-as-weld-7.1.1.Final.jar= :7.1.1.Final]<br> > > > > > > > > > at<br> > > > > > > > > ><br> > > > > ><br> > > > org.jboss.as.ee.component.interceptors.UserInterceptorFactor= y$1.processInvocation(UserInterceptorFactory.java:36)<br> > > > > > > > > > [jboss-as-ee-7.1.1.Final.jar:7= =2E1.1.Final]<br> > > > > > > > > > at<br> > > > > > > > > ><br> > > > > ><br> > > > org.jboss.invocation.InterceptorContext.proceed(InterceptorC= ontext.java:288)<br> > > > > > > > > > [jboss-invocation-1.1.1.Final.= jar:1.1.1.Final]<br> > > > > > > > > > at<br> > > > > > > > > ><br> > > > > ><br> > > > org.jboss.invocation.InterceptorContext$Invocation.proceed(I= nterceptorContext.java:374)<br> > > > > > > > > > [jboss-invocation-1.1.1.Final.= jar:1.1.1.Final]<br> > > > > > > > > > at<br> > > > > > > > > ><br> > > > > ><br> > > > org.ovirt.engine.core.bll.interceptors.ThreadLocalSessionCle= anerInterceptor.injectWebContextToThreadLocal(ThreadLocalSessionCleanerInte= rceptor.java:13)<br> > > > > > > > > > [bll.jar:]<br> > > > > > > > > > at sun.reflect.NativeMethodAcc= essorImpl.invoke0(Native<br> > > > > > > > > > Method)<br> > > > > > > > > > [rt.jar:1.7.0_51]<br> > > > > > > > > > at<br> > > > > > > > > ><br> > > > > ><br> > > > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAcce= ssorImpl.java:57)<br> > > > > > > > > > [rt.jar:1.7.0_51]<br> > > > > > > > > > at<br> > > > > > > > > ><br> > > > > ><br> > > > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMe= thodAccessorImpl.java:43)<br> > > > > > > > > > [rt.jar:1.7.0_51]<br> > > > > > > > > > at java.lang.reflect.Method.in= voke(Method.java:606)<br> > > > > > [rt.jar:1.7.0_51]<br> > > > > > > > > > at<br> > > > > > > > > ><br> > > > > ><br> > > > org.jboss.as.ee.component.ManagedReferenceLifecycleMethodInt= erceptorFactory$ManagedReferenceLifecycleMethodInterceptor.processInvocatio= n(ManagedReferenceLifecycleMethodInterceptorFactory.java:123)<br> > > > > > > > > > [jboss-as-ee-7.1.1.Final.jar:7= =2E1.1.Final]<br> > > > > > > > > > at<br> > > > > > > > > ><br> > > > > ><br> > > > org.jboss.invocation.InterceptorContext.proceed(InterceptorC= ontext.java:288)<br> > > > > > > > > > [jboss-invocation-1.1.1.Final.= jar:1.1.1.Final]<br> > > > > > > > > > at<br> > > > > > > > > ><br> > > > > ><br> > > > org.jboss.invocation.WeavedInterceptor.processInvocation(Wea= vedInterceptor.java:53)<br> > > > > > > > > > [jboss-invocation-1.1.1.Final.= jar:1.1.1.Final]<br> > > > > > > > > > at<br> > > > > > > > > ><br> > > > > ><br> > > > org.jboss.as.ee.component.interceptors.UserInterceptorFactor= y$1.processInvocation(UserInterceptorFactory.java:36)<br> > > > > > > > > > [jboss-as-ee-7.1.1.Final.jar:7= =2E1.1.Final]<br> > > > > > > > > > at<br> > > > > > > > > ><br> > > > > ><br> > > > org.jboss.invocation.InterceptorContext.proceed(InterceptorC= ontext.java:288)<br> > > > > > > > > > [jboss-invocation-1.1.1.Final.= jar:1.1.1.Final]<br> > > > > > > > > > at<br> > > > > > > > > ><br> > > > > ><br> > > > org.jboss.as.weld.ejb.EjbRequestScopeActivationInterceptor.p= rocessInvocation(EjbRequestScopeActivationInterceptor.java:82)<br> > > > > > > > > > [jboss-as-weld-7.1.1.Final.jar= :7.1.1.Final]<br> > > > > > > > > > at<br> > > > > > > > > ><br> > > > > ><br> > > > org.jboss.invocation.InterceptorContext.proceed(InterceptorC= ontext.java:288)<br> > > > > > > > > > [jboss-invocation-1.1.1.Final.= jar:1.1.1.Final]<br> > > > > > > > > > at<br> > > > > > > > > ><br> > > > > ><br> > > > org.jboss.invocation.InitialInterceptor.processInvocation(In= itialInterceptor.java:21)<br> > > > > > > > > > [jboss-invocation-1.1.1.Final.= jar:1.1.1.Final]<br> > > > > > > > > > at<br> > > > > > > > > ><br> > > > > ><br> > > > org.jboss.invocation.InterceptorContext.proceed(InterceptorC= ontext.java:288)<br> > > > > > > > > > [jboss-invocation-1.1.1.Final.= jar:1.1.1.Final]<br> > > > > > > > > > at<br> > > > > > > > > ><br> > > > > ><br> > > > org.jboss.invocation.ChainedInterceptor.processInvocation(Ch= ainedInterceptor.java:61)<br> > > > > > > > > > [jboss-invocation-1.1.1.Final.= jar:1.1.1.Final]<br> > > > > > > > > > at<br> > > > > > > > > ><br> > > > > ><br> > > > org.jboss.as.ee.component.interceptors.ComponentDispatcherIn= terceptor.processInvocation(ComponentDispatcherInterceptor.java:53)<br> > > > > > > > > > [jboss-as-ee-7.1.1.Final.jar:7= =2E1.1.Final]<br> > > > > > > > > > at<br> > > > > > > > > ><br> > > > > ><br> > > > org.jboss.invocation.InterceptorContext.proceed(InterceptorC= ontext.java:288)<br> > > > > > > > > > [jboss-invocation-1.1.1.Final.= jar:1.1.1.Final]<br> > > > > > > > > > at<br> > > > > > > > > ><br> > > > > ><br> > > > org.jboss.as.ejb3.component.singleton.SingletonComponentInst= anceAssociationInterceptor.processInvocation(SingletonComponentInstanceAsso= ciationInterceptor.java:53)<br> > > > > > > > > > [jboss-as-ejb3-7.1.1.Final.jar= :7.1.1.Final]<br> > > > > > > > > > at<br> > > > > > > > > ><br> > > > > ><br> > > > org.jboss.invocation.InterceptorContext.proceed(InterceptorC= ontext.java:288)<br> > > > > > > > > > [jboss-invocation-1.1.1.Final.= jar:1.1.1.Final]<br> > > > > > > > > > at<br> > > > > > > > > ><br> > > > > ><br> > > > org.jboss.as.ejb3.tx.CMTTxInterceptor.invokeInNoTx(CMTTxInte= rceptor.java:211)<br> > > > > > > > > > [jboss-as-ejb3-7.1.1.Final.jar= :7.1.1.Final]<br> > > > > > > > > > at<br> > > > > > > > > ><br> > > > > ><br> > > > org.jboss.as.ejb3.tx.CMTTxInterceptor.supports(CMTTxIntercep= tor.java:363)<br> > > > > > > > > > [jboss-as-ejb3-7.1.1.Final.jar= :7.1.1.Final]<br> > > > > > > > > > at<br> > > > > > > > > ><br> > > > > ><br> > > > org.jboss.as.ejb3.tx.CMTTxInterceptor.processInvocation(CMTT= xInterceptor.java:194)<br> > > > > > > > > > [jboss-as-ejb3-7.1.1.Final.jar= :7.1.1.Final]<br> > > > > > > > > > at<br> > > > > > > > > ><br> > > > > ><br> > > > org.jboss.invocation.InterceptorContext.proceed(InterceptorC= ontext.java:288)<br> > > > > > > > > > [jboss-invocation-1.1.1.Final.= jar:1.1.1.Final]<br> > > > > > > > > > at<br> > > > > > > > > ><br> > > > > ><br> > > > org.jboss.as.ejb3.component.interceptors.CurrentInvocationCo= ntextInterceptor.processInvocation(CurrentInvocationContextInterceptor.java= :41)<br> > > > > > > > > > [jboss-as-ejb3-7.1.1.Final.jar= :7.1.1.Final]<br> > > > > > > > > > at<br> > > > > > > > > ><br> > > > > ><br> > > > org.jboss.invocation.InterceptorContext.proceed(InterceptorC= ontext.java:288)<br> > > > > > > > > > [jboss-invocation-1.1.1.Final.= jar:1.1.1.Final]<br> > > > > > > > > > at<br> > > > > > > > > ><br> > > > > ><br> > > > org.jboss.as.ejb3.component.interceptors.LoggingInterceptor.= processInvocation(LoggingInterceptor.java:59)<br> > > > > > > > > > [jboss-as-ejb3-7.1.1.Final.jar= :7.1.1.Final]<br> > > > > > > > > > at<br> > > > > > > > > ><br> > > > > ><br> > > > org.jboss.invocation.InterceptorContext.proceed(InterceptorC= ontext.java:288)<br> > > > > > > > > > [jboss-invocation-1.1.1.Final.= jar:1.1.1.Final]<br> > > > > > > > > > at<br> > > > > > > > > ><br> > > > > ><br> > > > org.jboss.as.ee.component.NamespaceContextInterceptor.proces= sInvocation(NamespaceContextInterceptor.java:50)<br> > > > > > > > > > [jboss-as-ee-7.1.1.Final.jar:7= =2E1.1.Final]<br> > > > > > > > > > at<br> > > > > > > > > ><br> > > > > ><br> > > > org.jboss.invocation.InterceptorContext.proceed(InterceptorC= ontext.java:288)<br> > > > > > > > > > [jboss-invocation-1.1.1.Final.= jar:1.1.1.Final]<br> > > > > > > > > > at<br> > > > > > > > > ><br> > > > > ><br> > > > org.jboss.as.ee.component.TCCLInterceptor.processInvocation(= TCCLInterceptor.java:45)<br> > > > > > > > > > [jboss-as-ee-7.1.1.Final.jar:7= =2E1.1.Final]<br> > > > > > > > > > at<br> > > > > > > > > ><br> > > > > ><br> > > > org.jboss.invocation.InterceptorContext.proceed(InterceptorC= ontext.java:288)<br> > > > > > > > > > [jboss-invocation-1.1.1.Final.= jar:1.1.1.Final]<br> > > > > > > > > > at<br> > > > > > > > > ><br> > > > > ><br> > > > org.jboss.invocation.ChainedInterceptor.processInvocation(Ch= ainedInterceptor.java:61)<br> > > > > > > > > > [jboss-invocation-1.1.1.Final.= jar:1.1.1.Final]<br> > > > > > > > > > at<br> > > > > > > > > ><br> > > > > > org.jboss.as.ee.component.ViewService$View.invoke(= ViewService.java:165)<br> > > > > > > > > > [jboss-as-ee-7.1.1.Final.jar:7= =2E1.1.Final]<br> > > > > > > > > > at<br> > > > > > > > > ><br> > > > > ><br> > > > org.jboss.as.ee.component.ViewDescription$1.processInvocatio= n(ViewDescription.java:173)<br> > > > > > > > > > [jboss-as-ee-7.1.1.Final.jar:7= =2E1.1.Final]<br> > > > > > > > > > at<br> > > > > > > > > ><br> > > > > ><br> > > > org.jboss.invocation.InterceptorContext.proceed(InterceptorC= ontext.java:288)<br> > > > > > > > > > [jboss-invocation-1.1.1.Final.= jar:1.1.1.Final]<br> > > > > > > > > > at<br> > > > > > > > > ><br> > > > > ><br> > > > org.jboss.invocation.ChainedInterceptor.processInvocation(Ch= ainedInterceptor.java:61)<br> > > > > > > > > > [jboss-invocation-1.1.1.Final.= jar:1.1.1.Final]<br> > > > > > > > > > at<br> > > > > > > > > ><br> > > > > ><br> > > > org.jboss.as.ee.component.ProxyInvocationHandler.invoke(Prox= yInvocationHandler.java:72)<br> > > > > > > > > > [jboss-as-ee-7.1.1.Final.jar:7= =2E1.1.Final]<br> > > > > > > > > > at<br> > > > > > > > > ><br> > > > > ><br> > > > org.ovirt.engine.core.common.interfaces.BackendLocal$$$view7= =2Elogin(Unknown<br> > > > > > > > > > Source) [common.jar:]<br> > > > > > > > > > at<br> > > > > > > > > ><br> > > > > ><br> > > > org.ovirt.engine.ui.frontend.server.gwt.GenericApiGWTService= Impl.login(GenericApiGWTServiceImpl.java:183)<br> > > > > > > > > > at sun.reflect.NativeMethodAcc= essorImpl.invoke0(Native<br> > > > > > > > > > Method)<br> > > > > > > > > > [rt.jar:1.7.0_51]<br> > > > > > > > > > at<br> > > > > > > > > ><br> > > > > ><br> > > > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAcce= ssorImpl.java:57)<br> > > > > > > > > > [rt.jar:1.7.0_51]<br> > > > > > > > > > at<br> > > > > > > > > ><br> > > > > ><br> > > > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMe= thodAccessorImpl.java:43)<br> > > > > > > > > > [rt.jar:1.7.0_51]<br> > > > > > > > > > at java.lang.reflect.Method.in= voke(Method.java:606)<br> > > > > > [rt.jar:1.7.0_51]<br> > > > > > > > > > at<br> > > > > > com.google.gwt.rpc.server.RPC.invokeAndStreamRespo= nse(RPC.java:196)<br> > > > > > > > > > at<br> > > > > > > > > ><br> > > > > > com.google.gwt.rpc.server.RpcServlet.processCall(R= pcServlet.java:172)<br> > > > > > > > > > at<br> > > > > > > > > ><br> > > > > > com.google.gwt.rpc.server.RpcServlet.processPost(R= pcServlet.java:233)<br> > > > > > > > > > at<br> > > > > > > > > ><br> > > > > ><br> > > > com.google.gwt.user.server.rpc.AbstractRemoteServiceServlet.= doPost(AbstractRemoteServiceServlet.java:62)<br> > > > > > > > > > at<br> > > > > > > > > > javax.servlet.http.HttpServlet= =2Eservice(HttpServlet.java:754)<br> > > > > > > > > > [jboss-servlet-api_3.0_spec-1.= 0.0.Final.jar:1.0.0.Final]<br> > > > > > > > > > at<br> > > > > > > > > > javax.servlet.http.HttpServlet= =2Eservice(HttpServlet.java:847)<br> > > > > > > > > > [jboss-servlet-api_3.0_spec-1.= 0.0.Final.jar:1.0.0.Final]<br> > > > > > > > > > at<br> > > > > > > > > ><br> > > > > ><br> > > > org.apache.catalina.core.ApplicationFilterChain.internalDoFi= lter(ApplicationFilterChain.java:329)<br> > > > > > > > > > at<br> > > > > > > > > ><br> > > > > ><br> > > > org.apache.catalina.core.ApplicationFilterChain.doFilter(App= licationFilterChain.java:248)<br> > > > > > > > > > at<br> > > > > > > > > ><br> > > > > ><br> > > > org.ovirt.engine.core.utils.servlet.HeaderFilter.doFilter(He= aderFilter.java:94)<br> > > > > > > > > > [utils.jar:]<br> > > > > > > > > > at<br> > > > > > > > > ><br> > > > > ><br> > > > org.apache.catalina.core.ApplicationFilterChain.internalDoFi= lter(ApplicationFilterChain.java:280)<br> > > > > > > > > > at<br> > > > > > > > > ><br> > > > > ><br> > > > org.apache.catalina.core.ApplicationFilterChain.doFilter(App= licationFilterChain.java:248)<br> > > > > > > > > > at<br> > > > > > > > > ><br> > > > > ><br> > > > org.ovirt.engine.ui.frontend.server.gwt.GwtCachingFilter.doF= ilter(GwtCachingFilter.java:132)<br> > > > > > > > > > at<br> > > > > > > > > ><br> > > > > ><br> > > > org.apache.catalina.core.ApplicationFilterChain.internalDoFi= lter(ApplicationFilterChain.java:280)<br> > > > > > > > > > at<br> > > > > > > > > ><br> > > > > ><br> > > > org.apache.catalina.core.ApplicationFilterChain.doFilter(App= licationFilterChain.java:248)<br> > > > > > > > > > at<br> > > > > > > > > ><br> > > > > ><br> > > > org.ovirt.engine.core.branding.BrandingFilter.doFilter(Brand= ingFilter.java:72)<br> > > > > > > > > > at<br> > > > > > > > > ><br> > > > > ><br> > > > org.apache.catalina.core.ApplicationFilterChain.internalDoFi= lter(ApplicationFilterChain.java:280)<br> > > > > > > > > > at<br> > > > > > > > > ><br> > > > > ><br> > > > org.apache.catalina.core.ApplicationFilterChain.doFilter(App= licationFilterChain.java:248)<br> > > > > > > > > > at<br> > > > > > > > > ><br> > > > > ><br> > > > org.ovirt.engine.core.utils.servlet.LocaleFilter.doFilter(Lo= caleFilter.java:64)<br> > > > > > > > > > [utils.jar:]<br> > > > > > > > > > at<br> > > > > > > > > ><br> > > > > ><br> > > > org.apache.catalina.core.ApplicationFilterChain.internalDoFi= lter(ApplicationFilterChain.java:280)<br> > > > > > > > > > at<br> > > > > > > > > ><br> > > > > ><br> > > > org.apache.catalina.core.ApplicationFilterChain.doFilter(App= licationFilterChain.java:248)<br> > > > > > > > > > at<br> > > > > > > > > ><br> > > > > ><br> > > > org.ovirt.engine.core.aaa.filters.SessionMgmtFilter.doFilter= (SessionMgmtFilter.java:31)<br> > > > > > > > > > [aaa.jar:]<br> > > > > > > > > > at<br> > > > > > > > > ><br> > > > > ><br> > > > org.apache.catalina.core.ApplicationFilterChain.internalDoFi= lter(ApplicationFilterChain.java:280)<br> > > > > > > > > > at<br> > > > > > > > > ><br> > > > > ><br> > > > org.apache.catalina.core.ApplicationFilterChain.doFilter(App= licationFilterChain.java:248)<br> > > > > > > > > > at<br> > > > > > > > > ><br> > > > > ><br> > > > org.ovirt.engine.core.aaa.filters.LoginFilter.doFilter(Login= Filter.java:73)<br> > > > > > > > > > [aaa.jar:]<br> > > > > > > > > > at<br> > > > > > > > > ><br> > > > > ><br> > > > org.apache.catalina.core.ApplicationFilterChain.internalDoFi= lter(ApplicationFilterChain.java:280)<br> > > > > > > > > > at<br> > > > > > > > > ><br> > > > > ><br> > > > org.apache.catalina.core.ApplicationFilterChain.doFilter(App= licationFilterChain.java:248)<br> > > > > > > > > > at<br> > > > > > > > > ><br> > > > > ><br> > > > org.ovirt.engine.core.aaa.filters.NegotiationFilter.doFilter= (NegotiationFilter.java:131)<br> > > > > > > > > > [aaa.jar:]<br> > > > > > > > > > at<br> > > > > > > > > ><br> > > > > ><br> > > > org.apache.catalina.core.ApplicationFilterChain.internalDoFi= lter(ApplicationFilterChain.java:280)<br> > > > > > > > > > at<br> > > > > > > > > ><br> > > > > ><br> > > > org.apache.catalina.core.ApplicationFilterChain.doFilter(App= licationFilterChain.java:248)<br> > > > > > > > > > at<br> > > > > > > > > ><br> > > > > ><br> > > > org.ovirt.engine.core.aaa.filters.BasicAuthenticationFilter.= doFilter(BasicAuthenticationFilter.java:75)<br> > > > > > > > > > [aaa.jar:]<br> > > > > > > > > > at<br> > > > > > > > > ><br> > > > > ><br> > > > org.apache.catalina.core.ApplicationFilterChain.internalDoFi= lter(ApplicationFilterChain.java:280)<br> > > > > > > > > > at<br> > > > > > > > > ><br> > > > > ><br> > > > org.apache.catalina.core.ApplicationFilterChain.doFilter(App= licationFilterChain.java:248)<br> > > > > > > > > > at<br> > > > > > > > > ><br> > > > > ><br> > > > org.ovirt.engine.core.aaa.filters.SessionValidationFilter.do= Filter(SessionValidationFilter.java:63)<br> > > > > > > > > > [aaa.jar:]<br> > > > > > > > > > at<br> > > > > > > > > ><br> > > > > ><br> > > > org.apache.catalina.core.ApplicationFilterChain.internalDoFi= lter(ApplicationFilterChain.java:280)<br> > > > > > > > > > at<br> > > > > > > > > ><br> > > > > ><br> > > > org.apache.catalina.core.ApplicationFilterChain.doFilter(App= licationFilterChain.java:248)<br> > > > > > > > > > at<br> > > > > > > > > ><br> > > > > ><br> > > > org.apache.catalina.core.StandardWrapperValve.invoke(Standar= dWrapperValve.java:275)<br> > > > > > > > > > at<br> > > > > > > > > ><br> > > > > ><br> > > > org.apache.catalina.core.StandardContextValve.invoke(Standar= dContextValve.java:161)<br> > > > > > > > > > at<br> > > > > > > > > ><br> > > > > ><br> > > > org.apache.catalina.authenticator.AuthenticatorBase.invoke(A= uthenticatorBase.java:489)<br> > > > > > > > > > at<br> > > > > > > > > ><br> > > > > ><br> > > > org.jboss.as.web.security.SecurityContextAssociationValve.in= voke(SecurityContextAssociationValve.java:153)<br> > > > > > > > > > at<br> > > > > > > > > ><br> > > > > ><br> > > > org.apache.catalina.core.StandardHostValve.invoke(StandardHo= stValve.java:155)<br> > > > > > > > > > at<br> > > > > > > > > ><br> > > > > ><br> > > > org.apache.catalina.valves.ErrorReportValve.invoke(ErrorRepo= rtValve.java:102)<br> > > > > > > > > > at<br> > > > org.jboss.web.rewrite.RewriteValve.invoke(RewriteValve.java:= 466)<br> > > > > > > > > > at<br> > > > > > > > > ><br> > > > > ><br> > > > org.apache.catalina.core.StandardEngineValve.invoke(Standard= EngineValve.java:109)<br> > > > > > > > > > at<br> > > > > > > > > ><br> > > > > ><br> > > > org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAd= apter.java:368)<br> > > > > > > > > > at<br> > > > > > org.apache.coyote.ajp.AjpProcessor.process(AjpProc= essor.java:505)<br> > > > > > > > > > at<br> > > > > > > > > ><br> > > > > ><br> > > > org.apache.coyote.ajp.AjpProtocol$AjpConnectionHandler.proce= ss(AjpProtocol.java:445)<br> > > > > > > > > > at<br> > > > > > > > > ><br> > > > > > org.apache.tomcat.util.net.JIoEndpoint$Worker.run(= JIoEndpoint.java:930)<br> > > > > > > > > > at java.lang.Thread.run(Thread= =2Ejava:744) [rt.jar:1.7.0_51]<br> > > > > > > > > ><br> > > > > > > > > > I have not changed any passwor= d from any of my AD users.<br> > > > > > > > > ><br> > > > > > > > > > I have removed from my oVirt 3= =2E5 the domain with:<br> > > > > > > > > ><br> > > > > > > > > > engine-manage-domains delete -= -domain=3Dsiee.local<br> > > > > > --user=3DAdministrator<br> > > > > > > > > ><br> > > > > > > > > > And I have removed the domain = without problems. But I want to<br> > > > add<br> > > > > > it<br> > > > > > > > > > again<br> > > > > > > > > > but I can't. I execute the= bellow command, put the password<br> > > > > > > > > > of<br> > > > my<br> > > > > > > > > > Administrator domain and I rec= eive the error showed bellow:<br> > > > > > > > > ><br> > > > > > > > > > engine-manage-domains add --do= main=3DSIEE.LOCAL --provider=3Dad<br> > > > > > > > > > --user=3DAdministrator<br> > > > > > > > > > Enter password:<br> > > > > > > > > > No user in Directory was found= for Administrator@SIEE.LOCAL.<br> > > > > > Trying<br> > > > > > > > > > next<br> > > > > > > > > > LDAP<br> > > > > > > > > > server in list<br> > > > > > > > > > Failure while testing domain s= iee.local. Details: No user<br> > > > > > information<br> > > > > > > > > > was<br> > > > > > > > > > found for user<br> > > > > > > > > ><br> > > > > > > > > > The password that I use is cor= rect because I can login with<br> > > > user<br> > > > > > > > > > Administrator in the domain si= ee.local through a Windows 7<br> > > > > > Enterprise<br> > > > > > > > > > client. All this issue comes a= fter my upgrade to oVirt 3.5.<br> > > > Does<br> > > > > > > > > > someone<br> > > > > > > > > > help me with this problem?. If= more info is needed or logs,<br> > > > please<br> > > > > > ask<br> > > > > > > > > > me.<br> > > > > > > > > ><br> > > > > > > > > > Many thanks in advanced,<br> > > > > > > > > ><br> > > > > > > > > > Juanjo<br> > > > > > > > > ><br> > > > > > > > > > ______________________________= _________________<br> > > > > > > > > > Users mailing list<br> > > > > > > > > > <a href=3D"mailto:Users@ovirt.= org">Users@ovirt.org</a><br> > > > > > > > > > <a href=3D"http://lists.ovirt.= org/mailman/listinfo/users" target=3D"_blank">http://lists.ovirt.org/mailma= n/listinfo/users</a><br> > > > > > > > > ><br> > > > > > > > ><br> > > > > > > ><br> > > > > > ><br> > > > > ><br> > > > ><br> > > ><br> > ><br> ><br> </div></div></blockquote></div><br></div> --Alternative_=_Boundary_=_1416959010--
----- Original Message -----
From: "Juan Jose" <jj197005@gmail.com> To: "Ondra Machacek" <omachace@redhat.com>, "Yair Zaslavsky" <yzaslavs@redhat.com>, alonbl@redhat.com, users@ovirt.org Sent: Tuesday, November 25, 2014 6:09:18 PM Subject: Re: [ovirt-users] Adding domain to oVirt to 3.5 issue
Hello again,
Yes the password is correct, I can login in a Windows machine to my domain siee.local with the user Juanjo. Moreover I have chanbged this user password to simpler one and the result is the same.
I have logged in administration portal with internal admin user and I try to navigate through the domain to find user to assign some user in a VM but nothing is showed as you can see in the attached screen image and any error is faced in administration portal, but the /var/log/ovirt-engine/engine.log show this:
2014-11-25 17:02:05,355 ERROR [org.ovirt.engine.extensions.aaa.builtin.kerberosldap.GSSAPIDirContextAuthenticationStrategy] (ajp--127.0.0.1-8702-5) Kerberos error: Pre-authentication information was invalid (24) 2014-11-25 17:02:05,356 ERROR [org.ovirt.engine.extensions.aaa.builtin.kerberosldap.GSSAPIDirContextAuthenticationStrategy] (ajp--127.0.0.1-8702-5) Authentication Failed. Please verify the username and password. 2014-11-25 17:02:05,357 ERROR [org.ovirt.engine.extensions.aaa.builtin.kerberosldap.DirectorySearcher] (ajp--127.0.0.1-8702-5) Failed ldap search server ldap://adserver.siee.local:389 using user juanjo@SIEE.LOCAL due to Authentication Failed. Please verify the username and password.. We should not try the next server 2014-11-25 17:02:05,359 ERROR [org.ovirt.engine.extensions.aaa.builtin.kerberosldap.LdapBrokerCommandBase] (ajp--127.0.0.1-8702-5) Failed to run command LdapSearchUserByQueryCommand. Domain is siee.local. User is juanjo@SIEE.LOCAL. 2014-11-25 17:02:05,402 ERROR [org.ovirt.engine.extensions.aaa.builtin.kerberosldap.GSSAPIDirContextAuthenticationStrategy] (ajp--127.0.0.1-8702-5) Kerberos error: Pre-authentication information was invalid (24) 2014-11-25 17:02:05,404 ERROR [org.ovirt.engine.extensions.aaa.builtin.kerberosldap.GSSAPIDirContextAuthenticationStrategy] (ajp--127.0.0.1-8702-5) Authentication Failed. Please verify the username and password. 2014-11-25 17:02:05,406 ERROR [org.ovirt.engine.extensions.aaa.builtin.kerberosldap.DirectorySearcher] (ajp--127.0.0.1-8702-5) Failed ldap search server ldap://adserver.siee.local:389 using user juanjo@SIEE.LOCAL due to Authentication Failed. Please verify the username and password.. We should not try the next server 2014-11-25 17:02:05,408 ERROR [org.ovirt.engine.extensions.aaa.builtin.kerberosldap.LdapBrokerCommandBase] (ajp--127.0.0.1-8702-5) Failed to run command LdapSearchGroupsByQueryCommand. Domain is siee.local. User is juanjo@SIEE.LOCAL.
every time I click "Go" button. Moreover I haven't changed anything from my Samba4 AD and it is working handling my siee.local domain. This error is showed since oVirt 3.5 upgrade.
Many thanks in advance,
Juanjo.
As Alon suggested, you can try the next provider for 3.5 However, until you do so, can you use kinit in order to perform kerberos authentication with the problematic user? Cheers, Yair
On Tue, Nov 25, 2014 at 2:29 PM, Ondra Machacek <omachace@redhat.com> wrote:
Also, can you please try to search within this domain, not only login to it? Does it fail or works good?
(in webadmin go to users tab and click add, select your domain and search for users).
From: "Alon Bar-Lev" <alonbl@redhat.com> To: "Juan Jose" <jj197005@gmail.com> Cc: "Ondra Machacek" <omachace@redhat.com>, "Yair Zaslavsky" < yzaslavs@redhat.com>, users@ovirt.org Sent: Tuesday, November 25, 2014 1:49:20 PM Subject: Re: [ovirt-users] Adding domain to oVirt to 3.5 issue
2014-11-25 12:54:10,687 ERROR [org.ovirt.engine.extensions.aaa.builtin.kerberosldap.DirectorySearcher] (ajp--127.0.0.1-8702-5) Failed ldap search server ldap://adserver.siee.local:389 using user juanjo@SIEE.LOCAL due to Authentication Failed. Please verify the username and password.. We should not try the next server
----- Original Message -----
From: "Juan Jose" <jj197005@gmail.com> To: "Ondra Machacek" <omachace@redhat.com>, alonbl@redhat.com, "Yair Zaslavsky" <yzaslavs@redhat.com>, users@ovirt.org Sent: Tuesday, November 25, 2014 2:29:26 PM Subject: Re: [ovirt-users] Adding domain to oVirt to 3.5 issue
Hello Ondra and everybody,
It works with my other user:
engine-manage-domains add --domain=siee.local --provider=ad --user=juanjo --add-permissions Enter password: Successfully added domain siee.local. oVirt Engine restart is required in order for the changes to take place (service ovirt-engine restart). Manage Domains completed successfully
But after restarted ovirt-engine if I try to loging with "juanjo" in
administrator portal and I receive the error "General command validation failure", as you can see in the attached image.
I'm showing below the engine.log lines with the error:
2014-11-25 12:54:10,680 ERROR
[org.ovirt.engine.extensions.aaa.builtin.kerberosldap.GSSAPIDirContextAuthenticationStrategy]
(ajp--127.0.0.1-8702-5) Kerberos error: Pre-authentication information was invalid (24) 2014-11-25 12:54:10,681 ERROR
[org.ovirt.engine.extensions.aaa.builtin.kerberosldap.GSSAPIDirContextAuthenticationStrategy]
(ajp--127.0.0.1-8702-5) Authentication Failed. Please verify the username and password. 2014-11-25 12:54:10,687 ERROR
[org.ovirt.engine.extensions.aaa.builtin.kerberosldap.DirectorySearcher]
(ajp--127.0.0.1-8702-5) Failed ldap search server ldap://adserver.siee.local:389 using user juanjo@SIEE.LOCAL due to Authentication Failed. Please verify the username and password.. We should not try the next server 2014-11-25 12:54:10,688 ERROR
[org.ovirt.engine.extensions.aaa.builtin.kerberosldap.LdapBrokerCommandBase]
(ajp--127.0.0.1-8702-5) Failed to run command LdapGetAdUserByUserNameCommand. Domain is siee.local. User is juanjo@SIEE.LOCAL. 2014-11-25 12:54:10,689 ERROR [org.ovirt.engine.core.bll.aaa.LoginAdminUserCommand] (ajp--127.0.0.1-8702-5) Error during CanDoActionFailure.: Class: class
org.ovirt.engine.core.extensions.mgr.ExtensionInvokeCommandFailedException
Input: {Extkey[name=EXTENSION_INVOKE_CONTEXT;type=class
org.ovirt.engine.api.extensions.ExtMap;uuid=EXTENSION_INVOKE_CONTEXT[886d2ebb-312a-49ae-9cc3-e1f849834b7d];]={Extkey[name=EXTENSION_INTERFACE_VERSION_MAX;type=class
java.lang.Integer;uuid=EXTENSION_INTERFACE_VERSION_MAX[f4cff49f-2717-4901-8ee9-df362446e3e7];]=0,
Extkey[name=EXTENSION_LICENSE;type=class
java.lang.String;uuid=EXTENSION_LICENSE[8a61ad65-054c-4e31-9c6d-1ca4d60a4c18];]=ASL
2.0, Extkey[name=EXTENSION_HOME_URL;type=class
java.lang.String;uuid=EXTENSION_HOME_URL[4ad7a2f4-f969-42d4-b399-72d192e18304];]=
http://www.ovirt.org, Extkey[name=EXTENSION_LOCALE;type=class
java.lang.String;uuid=EXTENSION_LOCALE[0780b112-0ce0-404a-b85e-8765d778bb29];]=en_US,
Extkey[name=EXTENSION_NAME;type=class
java.lang.String;uuid=EXTENSION_NAME[651381d3-f54f-4547-bf28-b0b01a103184];]=Kerberos/Ldap
Authz (Built-in), Extkey[name=EXTENSION_INTERFACE_VERSION_MIN;type=class
java.lang.Integer;uuid=EXTENSION_INTERFACE_VERSION_MIN[2b84fc91-305b-497b-a1d7-d961b9d2ce0b];]=0,
Extkey[name=EXTENSION_CONFIGURATION;type=class
java.util.Properties;uuid=EXTENSION_CONFIGURATION[2d48ab72-f0a1-4312-b4ae-5068a226b0fc];]=***,
Extkey[name=EXTENSION_AUTHOR;type=class
java.lang.String;uuid=EXTENSION_AUTHOR[ef242f7a-2dad-4bc5-9aad-e07018b7fbcc];]=The
oVirt Project, Extkey[name=AAA_AUTHZ_QUERY_MAX_FILTER_SIZE;type=class
java.lang.Integer;uuid=AAA_AUTHZ_QUERY_MAX_FILTER_SIZE[2eb1f541-0f65-44a1-a6e3-014e247595f5];]=100,
Extkey[name=EXTENSION_INSTANCE_NAME;type=class
java.lang.String;uuid=EXTENSION_INSTANCE_NAME[65c67ff6-aeca-4bd5-a245-8674327f011b];]=siee.local,
Extkey[name=EXTENSION_BUILD_INTERFACE_VERSION;type=class
java.lang.Integer;uuid=EXTENSION_BUILD_INTERFACE_VERSION[cb479e5a-4b23-46f8-aed3-56a4747a8ab7];]=0,
Extkey[name=AAA_AUTHZ_CAPABILITIES;type=class
java.lang.Long;uuid=AAA_AUTHZ_CAPABILITIES[6106d1fb-9291-4351-a947-b897b9540a23];]=1,
Extkey[name=EXTENSION_CONFIGURATION_SENSITIVE_KEYS;type=interface
java.util.Collection;uuid=EXTENSION_CONFIGURATION_SENSITIVE_KEYS[a456efa1-73ff-4204-9f9b-ebff01e35263];]=[],
Extkey[name=EXTENSION_GLOBAL_CONTEXT;type=class
org.ovirt.engine.api.extensions.ExtMap;uuid=EXTENSION_GLOBAL_CONTEXT[9799e72f-7af6-4cf1-bf08-297bc8903676];]=*skip*,
Extkey[name=EXTENSION_VERSION;type=class
java.lang.String;uuid=EXTENSION_VERSION[fe35f6a8-8239-4bdb-ab1a-af9f779ce68c];]=N/A,
Extkey[name=AAA_AUTHZ_AVAILABLE_NAMESPACES;type=interface
java.util.Collection;uuid=AAA_AUTHZ_AVAILABLE_NAMESPACES[6dffa34c-955f-486a-bd35-0a272b45a711];]=[*],
Extkey[name=EXTENSION_MANAGER_TRACE_LOG;type=interface
org.slf4j.Logger;uuid=EXTENSION_MANAGER_TRACE_LOG[863db666-3ea7-4751-9695-918a3197ad83];]=org.slf4j.impl.Slf4jLogger(org.ovirt.engine.core.extensions.mgr.ExtensionsManager.trace.Kerberos/Ldap
Authz (Built-in).siee.local), Extkey[name=EXTENSION_PROVIDES;type=interface
java.util.Collection;uuid=EXTENSION_PROVIDES[8cf373a6-65b5-4594-b828-0e275087de91];]=[org.ovirt.engine.api.extensions.aaa.Authz]},
Extkey[name=AAA_AUTHZ_QUERY_FLAGS;type=class
java.lang.Integer;uuid=AAA_AUTHZ_QUERY_FLAGS[97d226e9-8d87-49a0-9a7f-af689320907b];]=3,
Extkey[name=EXTENSION_INVOKE_COMMAND;type=class
org.ovirt.engine.api.extensions.ExtUUID;uuid=EXTENSION_INVOKE_COMMAND[485778ab-bede-4f1a-b823-77b262a2f28d];]=AAA_AUTHZ_FETCH_PRINCIPAL_RECORD[5a5bf9bb-9336-4376-a823-26efe1ba26df],
Extkey[name=AAA_AUTHN_AUTH_RECORD;type=class
org.ovirt.engine.api.extensions.ExtMap;uuid=AAA_AUTHN_AUTH_RECORD[e9462168-b53b-44ac-9af5-f25e1697173e];]={Extkey[name=AAA_AUTHN_AUTH_RECORD_PRINCIPAL;type=class
java.lang.String;uuid=AAA_AUTHN_AUTH_RECORD_PRINCIPAL[c3498f07-11fe-464c-958c-8bd7490b119a];]=juanjo}}
Output: {Extkey[name=EXTENSION_INVOKE_RESULT;type=class
java.lang.Integer;uuid=EXTENSION_INVOKE_RESULT[0909d91d-8bde-40fb-b6c0-099c772ddd4e];]=2,
Extkey[name=AAA_AUTHZ_STATUS;type=class
java.lang.Integer;uuid=AAA_AUTHZ_STATUS[566f0ba5-8329-4de1-952a-7a81e4bedd3e];]=1}
at
org.ovirt.engine.core.extensions.mgr.ExtensionProxy.invoke(ExtensionProxy.java:91)
[extensions-manager.jar:] at
org.ovirt.engine.core.extensions.mgr.ExtensionProxy.invoke(ExtensionProxy.java:109)
[extensions-manager.jar:] at
org.ovirt.engine.core.aaa.AuthzUtils.fetchPrincipalRecordImpl(AuthzUtils.java:51)
[aaa.jar:] at
org.ovirt.engine.core.aaa.AuthzUtils.fetchPrincipalRecord(AuthzUtils.java:42)
[aaa.jar:] at
org.ovirt.engine.core.bll.aaa.LoginBaseCommand.isUserCanBeAuthenticated(LoginBaseCommand.java:234)
[bll.jar:] at
org.ovirt.engine.core.bll.aaa.LoginAdminUserCommand.canDoAction(LoginAdminUserCommand.java:15)
[bll.jar:] at
org.ovirt.engine.core.bll.CommandBase.internalCanDoAction(CommandBase.java:744)
[bll.jar:] at
org.ovirt.engine.core.bll.CommandBase.executeAction(CommandBase.java:338)
[bll.jar:] at org.ovirt.engine.core.bll.Backend.login(Backend.java:575) [bll.jar:] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.7.0_51] at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
[rt.jar:1.7.0_51] at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
[rt.jar:1.7.0_51] at java.lang.reflect.Method.invoke(Method.java:606) [rt.jar:1.7.0_51] at
org.jboss.as.ee.component.ManagedReferenceMethodInterceptorFactory$ManagedReferenceMethodInterceptor.processInvocation(ManagedReferenceMethodInterceptorFactory.java:72)
[jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
[jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at
org.jboss.invocation.InterceptorContext$Invocation.proceed(InterceptorContext.java:374)
[jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at
org.jboss.as.weld.ejb.Jsr299BindingsInterceptor.delegateInterception(Jsr299BindingsInterceptor.java:114)
[jboss-as-weld-7.1.1.Final.jar:7.1.1.Final] at
org.jboss.as.weld.ejb.Jsr299BindingsInterceptor.doMethodInterception(Jsr299BindingsInterceptor.java:125)
[jboss-as-weld-7.1.1.Final.jar:7.1.1.Final] at
org.jboss.as.weld.ejb.Jsr299BindingsInterceptor.processInvocation(Jsr299BindingsInterceptor.java:135)
[jboss-as-weld-7.1.1.Final.jar:7.1.1.Final] at
org.jboss.as.ee.component.interceptors.UserInterceptorFactory$1.processInvocation(UserInterceptorFactory.java:36)
[jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
[jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at
org.jboss.invocation.InterceptorContext$Invocation.proceed(InterceptorContext.java:374)
[jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at
org.ovirt.engine.core.bll.interceptors.ThreadLocalSessionCleanerInterceptor.injectWebContextToThreadLocal(ThreadLocalSessionCleanerInterceptor.java:13)
[bll.jar:] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.7.0_51] at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
[rt.jar:1.7.0_51] at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
[rt.jar:1.7.0_51] at java.lang.reflect.Method.invoke(Method.java:606) [rt.jar:1.7.0_51] at
org.jboss.as.ee.component.ManagedReferenceLifecycleMethodInterceptorFactory$ManagedReferenceLifecycleMethodInterceptor.processInvocation(ManagedReferenceLifecycleMethodInterceptorFactory.java:123)
[jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
[jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at
org.jboss.invocation.WeavedInterceptor.processInvocation(WeavedInterceptor.java:53)
[jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at
org.jboss.as.ee.component.interceptors.UserInterceptorFactory$1.processInvocation(UserInterceptorFactory.java:36)
[jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
[jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at
org.jboss.as.weld.ejb.EjbRequestScopeActivationInterceptor.processInvocation(EjbRequestScopeActivationInterceptor.java:82)
[jboss-as-weld-7.1.1.Final.jar:7.1.1.Final] at
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
[jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at
org.jboss.invocation.InitialInterceptor.processInvocation(InitialInterceptor.java:21)
[jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
[jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at
org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61)
[jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at
org.jboss.as.ee.component.interceptors.ComponentDispatcherInterceptor.processInvocation(ComponentDispatcherInterceptor.java:53)
[jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
[jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at
org.jboss.as.ejb3.component.singleton.SingletonComponentInstanceAssociationInterceptor.processInvocation(SingletonComponentInstanceAssociationInterceptor.java:53)
[jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] at
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
[jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at
org.jboss.as.ejb3.tx.CMTTxInterceptor.invokeInNoTx(CMTTxInterceptor.java:211)
[jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] at
org.jboss.as.ejb3.tx.CMTTxInterceptor.supports(CMTTxInterceptor.java:363)
[jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] at
org.jboss.as.ejb3.tx.CMTTxInterceptor.processInvocation(CMTTxInterceptor.java:194)
[jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] at
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
[jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at
org.jboss.as.ejb3.component.interceptors.CurrentInvocationContextInterceptor.processInvocation(CurrentInvocationContextInterceptor.java:41)
[jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] at
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
[jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at
org.jboss.as.ejb3.component.interceptors.LoggingInterceptor.processInvocation(LoggingInterceptor.java:59)
[jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] at
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
[jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at
org.jboss.as.ee.component.NamespaceContextInterceptor.processInvocation(NamespaceContextInterceptor.java:50)
[jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
[jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at
org.jboss.as.ee.component.TCCLInterceptor.processInvocation(TCCLInterceptor.java:45)
[jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
[jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at
org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61)
[jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.as.ee.component.ViewService$View.invoke(ViewService.java:165) [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at
org.jboss.as.ee.component.ViewDescription$1.processInvocation(ViewDescription.java:173)
[jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
[jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at
org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61)
[jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at
org.jboss.as.ee.component.ProxyInvocationHandler.invoke(ProxyInvocationHandler.java:72)
[jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at
org.ovirt.engine.core.common.interfaces.BackendLocal$$$view7.login(Unknown
Source) [common.jar:] at
org.ovirt.engine.ui.frontend.server.gwt.GenericApiGWTServiceImpl.login(GenericApiGWTServiceImpl.java:183)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.7.0_51] at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
[rt.jar:1.7.0_51] at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
[rt.jar:1.7.0_51] at java.lang.reflect.Method.invoke(Method.java:606) [rt.jar:1.7.0_51] at com.google.gwt.rpc.server.RPC.invokeAndStreamResponse(RPC.java:196) at
com.google.gwt.rpc.server.RpcServlet.processCall(RpcServlet.java:172)
at
com.google.gwt.rpc.server.RpcServlet.processPost(RpcServlet.java:233)
at
com.google.gwt.user.server.rpc.AbstractRemoteServiceServlet.doPost(AbstractRemoteServiceServlet.java:62)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:754) [jboss-servlet-api_3.0_spec-1.0.0.Final.jar:1.0.0.Final] at javax.servlet.http.HttpServlet.service(HttpServlet.java:847) [jboss-servlet-api_3.0_spec-1.0.0.Final.jar:1.0.0.Final] at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:329)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)
at
org.ovirt.engine.core.utils.servlet.HeaderFilter.doFilter(HeaderFilter.java:94)
[utils.jar:] at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)
at
org.ovirt.engine.ui.frontend.server.gwt.GwtCachingFilter.doFilter(GwtCachingFilter.java:132)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)
at
org.ovirt.engine.core.branding.BrandingFilter.doFilter(BrandingFilter.java:72)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)
at
org.ovirt.engine.core.utils.servlet.LocaleFilter.doFilter(LocaleFilter.java:64)
[utils.jar:] at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)
at
org.ovirt.engine.core.aaa.filters.SessionMgmtFilter.doFilter(SessionMgmtFilter.java:31)
[aaa.jar:] at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)
at
org.ovirt.engine.core.aaa.filters.LoginFilter.doFilter(LoginFilter.java:73)
[aaa.jar:] at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)
at
org.ovirt.engine.core.aaa.filters.NegotiationFilter.doFilter(NegotiationFilter.java:131)
[aaa.jar:] at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)
at
org.ovirt.engine.core.aaa.filters.BasicAuthenticationFilter.doFilter(BasicAuthenticationFilter.java:75)
[aaa.jar:] at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)
at
org.ovirt.engine.core.aaa.filters.SessionValidationFilter.doFilter(SessionValidationFilter.java:63)
[aaa.jar:] at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:275)
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:161)
at
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:489)
at
org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityContextAssociationValve.java:153)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:155)
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
at org.jboss.web.rewrite.RewriteValve.invoke(RewriteValve.java:466) at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:368)
at
org.apache.coyote.ajp.AjpProcessor.process(AjpProcessor.java:505)
at
org.apache.coyote.ajp.AjpProtocol$AjpConnectionHandler.process(AjpProtocol.java:445)
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:930) at java.lang.Thread.run(Thread.java:744) [rt.jar:1.7.0_51]
Could you help me with this problem, please?
Many thanks in advanced,
Juanjo.
On Tue, Nov 25, 2014 at 12:24 PM, Ondra Machacek <omachace@redhat.com> wrote:
Hi,
can you please try different account than Administrator?
----- Original Message -----
From: "Juan Jose" <jj197005@gmail.com> To: omachace@redhat.com, alonbl@redhat.com, "Yair Zaslavsky" < yzaslavs@redhat.com>, users@ovirt.org Sent: Tuesday, November 25, 2014 11:01:13 AM Subject: Re: [ovirt-users] Adding domain to oVirt to 3.5 issue
Hello everybody,
Ondra you are right, I removed the domain. I have already tried to execute the command with lower case the domain name and the result is the
same
engine-manage-domains add --domain=siee.local --provider=ad --user=Administrator --add-permissions Enter password: No user in Directory was found for Administrator@SIEE.LOCAL.
Trying
next LDAP server in list Failure while testing domain siee.local. Details: No user information was found for user
the result to the command psql -U engine -d engine -c "select * from vdc_options where option_name='LDAPSecurityAuthentication'" is:
psql: FATAL: Ident authentication failed for user "engine"
And for second command psql -U engine -d engine -c "update vdc_options set option_value='siee.local:GSSAPI' where option_name='LDAPSecurityAuthentication'", I receive the same response:
psql: FATAL: Ident authentication failed for user "engine"
Is there any problem?
Many thanks in advanced,
Juanjo.
On Mon, Nov 24, 2014 at 1:57 PM, Ondra Machacek < omachace@redhat.com> wrote:
> I understood that domain can be deleted, but can't be added, > so there won't be needed values to update in vdc_options. > > Juanjo - Can you please provide us what's the result of command: > > $ psql -U engine -d engine -c "select * from vdc_options where > option_name='LDAPSecurityAuthentication'" > > If it's empty or if the domain name is upper case or lower case? > If it's upper, than please lower case it. > $ psql -U engine -d engine -c "update vdc_options set > option_value='siee.local:GSSAPI' where > option_name='LDAPSecurityAuthentication'" > > > ----- Original Message ----- > > From: "Alon Bar-Lev" <alonbl@redhat.com> > > To: "Ondra Machacek" <omachace@redhat.com> > > Cc: jj197005@gmail.com, users@ovirt.org, "Yair Zaslavsky" < > yzaslavs@redhat.com> > > Sent: Monday, November 24, 2014 1:49:11 PM > > Subject: Re: [ovirt-users] Adding domain to oVirt to 3.5 issue > > > > > > > > ----- Original Message ----- > > > From: "Ondra Machacek" <omachace@redhat.com> > > > To: jj197005@gmail.com > > > Cc: users@ovirt.org, "Yair Zaslavsky" <yzaslavs@redhat.com>, > > > "Alon > Bar-Lev" > > > <alonbl@redhat.com> > > > Sent: Monday, November 24, 2014 2:46:20 PM > > > Subject: Re: [ovirt-users] Adding domain to oVirt to 3.5 issue > > > > > > Please try to run your command with domain in lower case: > > > > > > engine-manage-domains add --domain=siee.local --provider=ad > > > --user=Administrator > > > > it is already added, won't it simpler to modify the vdc_options? > > > > > > > > > > > ----- Original Message ----- > > > > From: "Alon Bar-Lev" <alonbl@redhat.com> > > > > To: "Juan Jose" <jj197005@gmail.com> > > > > Cc: users@ovirt.org, "Yair Zaslavsky" <yzaslavs@redhat.com , "Ondra > > > > Machacek" <omachace@redhat.com> > > > > Sent: Monday, November 24, 2014 1:27:39 PM > > > > Subject: Re: [ovirt-users] Adding domain to oVirt to 3.5 issue > > > > > > > > > > > > Yes, > > > > I think we just fixed this[1]. > > > > We can fix this manually, yair, ondra what is the easiest fix? > > > > > > > > BTW: you can also checkout the new ldap provider > > > > (ovirt-engine-extension-aaa-ldap) in 3.5 which should be much more > > > > robust[1], I can help you set it up. > > > > > > > > [1] https://bugzilla.redhat.com/show_bug.cgi?id=1167211 > > > > [2] > > > > >
http://gerrit.ovirt.org/gitweb?p=ovirt-engine-extension-aaa-ldap.git;a=blob;...
> > > > > > > > ----- Original Message ----- > > > > > From: "Juan Jose" <jj197005@gmail.com> > > > > > To: users@ovirt.org > > > > > Sent: Monday, November 24, 2014 2:22:44 PM > > > > > Subject: [ovirt-users] Adding domain to oVirt to 3.5 issue > > > > > > > > > > Hello everybody, > > > > > > > > > > I have upgraded my oVirt 3.4 to 3.5 version without any > > > > > problem > > > > > apparently. > > > > > > > > > > After finish the upgrade I have tried to login with any of my AD > users > > > > > from > > > > > my Samba 4, like I used to do in oVirt 3.4 but I received > > > > > authentication > > > > > errors as below error: > > > > > > > > > > 2014-11-21 14:06:02,681 ERROR > > > > > >
[org.ovirt.engine.extensions.aaa.builtin.kerberosldap.GSSAPIDirContextAuthenticationStrategy]
> > > > > (ajp--127.0.0.1-8702-3) Kerberos error: Pre-authentication > information > > > > > was > > > > > invalid (24) > > > > > 2014-11-21 14:06:02,683 ERROR > > > > > >
[org.ovirt.engine.extensions.aaa.builtin.kerberosldap.GSSAPIDirContextAuthenticationStrategy]
> > > > > (ajp--127.0.0.1-8702-3) Authentication Failed. Please verify the > > > > > username > > > > > and password. > > > > > 2014-11-21 14:06:02,685 ERROR > > > > > >
[org.ovirt.engine.extensions.aaa.builtin.kerberosldap.DirectorySearcher]
> > > > > (ajp--127.0.0.1-8702-3) Failed ldap search server > > > > > ldap://adserver.siee.local:389 using user juanjo@SIEE.LOCAL due to > > > > > Authentication Failed. Please verify the username and password.. We > > > > > should > > > > > not try the next server > > > > > 2014-11-21 14:06:02,688 ERROR > > > > > >
[org.ovirt.engine.extensions.aaa.builtin.kerberosldap.LdapBrokerCommandBase]
> > > > > (ajp--127.0.0.1-8702-3) Failed to run command > > > > > LdapGetAdUserByUserNameCommand. Domain is siee.local. User is > > > > > juanjo@SIEE.LOCAL. > > > > > 2014-11-21 14:06:02,690 ERROR > > > > > [org.ovirt.engine.core.bll.aaa.LoginAdminUserCommand] > > > > > (ajp--127.0.0.1-8702-3) Error during CanDoActionFailure.: Class: > class > > > > > >
org.ovirt.engine.core.extensions.mgr.ExtensionInvokeCommandFailedException
> > > > > Input: > > > > > {Extkey[name=EXTENSION_INVOKE_CONTEXT;type=class > > > > > >
org.ovirt.engine.api.extensions.ExtMap;uuid=EXTENSION_INVOKE_CONTEXT[886d2ebb-312a-49ae-9cc3-e1f849834b7d];]={Extkey[name=EXTENSION_INTERFACE_VERSION_MAX;type=class
> > > > > >
java.lang.Integer;uuid=EXTENSION_INTERFACE_VERSION_MAX[f4cff49f-2717-4901-8ee9-df362446e3e7];]=0,
> > > > > Extkey[name=EXTENSION_LICENSE;type=class > > > > > >
java.lang.String;uuid=EXTENSION_LICENSE[8a61ad65-054c-4e31-9c6d-1ca4d60a4c18];]=ASL
> > > > > 2.0, Extkey[name=EXTENSION_HOME_URL;type=class > > > > > >
java.lang.String;uuid=EXTENSION_HOME_URL[4ad7a2f4-f969-42d4-b399-72d192e18304];]=
> > > > > http://www.ovirt.org , > > > > > Extkey[name=EXTENSION_LOCALE;type=class > > > > > >
java.lang.String;uuid=EXTENSION_LOCALE[0780b112-0ce0-404a-b85e-8765d778bb29];]=en_US,
> > > > > Extkey[name=EXTENSION_NAME;type=class > > > > > >
java.lang.String;uuid=EXTENSION_NAME[651381d3-f54f-4547-bf28-b0b01a103184];]=Kerberos/Ldap
> > > > > Authz (Built-in), > > > > > Extkey[name=EXTENSION_INTERFACE_VERSION_MIN;type=class > > > > > >
java.lang.Integer;uuid=EXTENSION_INTERFACE_VERSION_MIN[2b84fc91-305b-497b-a1d7-d961b9d2ce0b];]=0,
> > > > > Extkey[name=EXTENSION_CONFIGURATION;type=class > > > > > >
java.util.Properties;uuid=EXTENSION_CONFIGURATION[2d48ab72-f0a1-4312-b4ae-5068a226b0fc];]=***,
> > > > > Extkey[name=EXTENSION_AUTHOR;type=class > > > > > >
java.lang.String;uuid=EXTENSION_AUTHOR[ef242f7a-2dad-4bc5-9aad-e07018b7fbcc];]=The
> > > > > oVirt Project, > Extkey[name=AAA_AUTHZ_QUERY_MAX_FILTER_SIZE;type=class > > > > > >
java.lang.Integer;uuid=AAA_AUTHZ_QUERY_MAX_FILTER_SIZE[2eb1f541-0f65-44a1-a6e3-014e247595f5];]=100,
> > > > > Extkey[name=EXTENSION_INSTANCE_NAME;type=class > > > > > >
java.lang.String;uuid=EXTENSION_INSTANCE_NAME[65c67ff6-aeca-4bd5-a245-8674327f011b];]=siee.local,
> > > > > Extkey[name=EXTENSION_BUILD_INTERFACE_VERSION;type=class > > > > > >
java.lang.Integer;uuid=EXTENSION_BUILD_INTERFACE_VERSION[cb479e5a-4b23-46f8-aed3-56a4747a8ab7];]=0,
> > > > > Extkey[name=AAA_AUTHZ_CAPABILITIES;type=class > > > > > >
java.lang.Long;uuid=AAA_AUTHZ_CAPABILITIES[6106d1fb-9291-4351-a947-b897b9540a23];]=1,
> > > > > Extkey[name=EXTENSION_CONFIGURATION_SENSITIVE_KEYS;type=interface > > > > > >
java.util.Collection;uuid=EXTENSION_CONFIGURATION_SENSITIVE_KEYS[a456efa1-73ff-4204-9f9b-ebff01e35263];]=[],
> > > > > Extkey[name=EXTENSION_GLOBAL_CONTEXT;type=class > > > > > >
org.ovirt.engine.api.extensions.ExtMap;uuid=EXTENSION_GLOBAL_CONTEXT[9799e72f-7af6-4cf1-bf08-297bc8903676];]=*skip*,
> > > > > Extkey[name=EXTENSION_VERSION;type=class > > > > > >
java.lang.String;uuid=EXTENSION_VERSION[fe35f6a8-8239-4bdb-ab1a-af9f779ce68c];]=N/A,
> > > > > Extkey[name=AAA_AUTHZ_AVAILABLE_NAMESPACES;type=interface > > > > > >
java.util.Collection;uuid=AAA_AUTHZ_AVAILABLE_NAMESPACES[6dffa34c-955f-486a-bd35-0a272b45a711];]=[*],
> > > > > Extkey[name=EXTENSION_MANAGER_TRACE_LOG;type=interface > > > > > >
org.slf4j.Logger;uuid=EXTENSION_MANAGER_TRACE_LOG[863db666-3ea7-4751-9695-918a3197ad83];]=org.slf4j.impl.Slf4jLogger(org.ovirt.engine.core.extensions.mgr.ExtensionsManager.trace.Kerberos/Ldap
> > > > > Authz (Built-in).siee.local), > > > > > Extkey[name=EXTENSION_PROVIDES;type=interface > > > > > >
java.util.Collection;uuid=EXTENSION_PROVIDES[8cf373a6-65b5-4594-b828-0e275087de91];]=[org.ovirt.engine.api.extensions.aaa.Authz]},
> > > > > Extkey[name=AAA_AUTHZ_QUERY_FLAGS;type=class > > > > > >
java.lang.Integer;uuid=AAA_AUTHZ_QUERY_FLAGS[97d226e9-8d87-49a0-9a7f-af689320907b];]=3,
> > > > > Extkey[name=EXTENSION_INVOKE_COMMAND;type=class > > > > > >
org.ovirt.engine.api.extensions.ExtUUID;uuid=EXTENSION_INVOKE_COMMAND[485778ab-bede-4f1a-b823-77b262a2f28d];]=AAA_AUTHZ_FETCH_PRINCIPAL_RECORD[5a5bf9bb-9336-4376-a823-26efe1ba26df],
> > > > > Extkey[name=AAA_AUTHN_AUTH_RECORD;type=class > > > > > >
org.ovirt.engine.api.extensions.ExtMap;uuid=AAA_AUTHN_AUTH_RECORD[e9462168-b53b-44ac-9af5-f25e1697173e];]={Extkey[name=AAA_AUTHN_AUTH_RECORD_PRINCIPAL;type=class
> > > > > >
java.lang.String;uuid=AAA_AUTHN_AUTH_RECORD_PRINCIPAL[c3498f07-11fe-464c-958c-8bd7490b119a];]=juanjo}}
> > > > > Output: > > > > > {Extkey[name=EXTENSION_INVOKE_RESULT;type=class > > > > > >
java.lang.Integer;uuid=EXTENSION_INVOKE_RESULT[0909d91d-8bde-40fb-b6c0-099c772ddd4e];]=2,
> > > > > Extkey[name=AAA_AUTHZ_STATUS;type=class > > > > > >
java.lang.Integer;uuid=AAA_AUTHZ_STATUS[566f0ba5-8329-4de1-952a-7a81e4bedd3e];]=1}
> > > > > > > > > > at > > > > > >
org.ovirt.engine.core.extensions.mgr.ExtensionProxy.invoke(ExtensionProxy.java:91)
> > > > > [extensions-manager.jar:] > > > > > at > > > > > >
org.ovirt.engine.core.extensions.mgr.ExtensionProxy.invoke(ExtensionProxy.java:109)
> > > > > [extensions-manager.jar:] > > > > > at > > > > > >
org.ovirt.engine.core.aaa.AuthzUtils.fetchPrincipalRecordImpl(AuthzUtils.java:51)
> > > > > [aaa.jar:] > > > > > at > > > > > >
org.ovirt.engine.core.aaa.AuthzUtils.fetchPrincipalRecord(AuthzUtils.java:42)
> > > > > [aaa.jar:] > > > > > at > > > > > >
org.ovirt.engine.core.bll.aaa.LoginBaseCommand.isUserCanBeAuthenticated(LoginBaseCommand.java:234)
> > > > > [bll.jar:] > > > > > at > > > > > >
org.ovirt.engine.core.bll.aaa.LoginAdminUserCommand.canDoAction(LoginAdminUserCommand.java:15)
> > > > > [bll.jar:] > > > > > at > > > > > >
org.ovirt.engine.core.bll.CommandBase.internalCanDoAction(CommandBase.java:744)
> > > > > [bll.jar:] > > > > > at > > > > > >
org.ovirt.engine.core.bll.CommandBase.executeAction(CommandBase.java:338)
> > > > > [bll.jar:] > > > > > at org.ovirt.engine.core.bll.Backend.login(Backend.java:575) > [bll.jar:] > > > > > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native > > > > > Method) > > > > > [rt.jar:1.7.0_51] > > > > > at > > > > > >
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
> > > > > [rt.jar:1.7.0_51] > > > > > at > > > > > >
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> > > > > [rt.jar:1.7.0_51] > > > > > at java.lang.reflect.Method.invoke(Method.java:606) > [rt.jar:1.7.0_51] > > > > > at > > > > > >
org.jboss.as.ee.component.ManagedReferenceMethodInterceptorFactory$ManagedReferenceMethodInterceptor.processInvocation(ManagedReferenceMethodInterceptorFactory.java:72)
> > > > > [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] > > > > > at > > > > > >
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
> > > > > [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > > > > > at > > > > > >
org.jboss.invocation.InterceptorContext$Invocation.proceed(InterceptorContext.java:374)
> > > > > [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > > > > > at > > > > > >
org.jboss.as.weld.ejb.Jsr299BindingsInterceptor.delegateInterception(Jsr299BindingsInterceptor.java:114)
> > > > > [jboss-as-weld-7.1.1.Final.jar:7.1.1.Final] > > > > > at > > > > > >
org.jboss.as.weld.ejb.Jsr299BindingsInterceptor.doMethodInterception(Jsr299BindingsInterceptor.java:125)
> > > > > [jboss-as-weld-7.1.1.Final.jar:7.1.1.Final] > > > > > at > > > > > >
org.jboss.as.weld.ejb.Jsr299BindingsInterceptor.processInvocation(Jsr299BindingsInterceptor.java:135)
> > > > > [jboss-as-weld-7.1.1.Final.jar:7.1.1.Final] > > > > > at > > > > > >
org.jboss.as.ee.component.interceptors.UserInterceptorFactory$1.processInvocation(UserInterceptorFactory.java:36)
> > > > > [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] > > > > > at > > > > > >
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
> > > > > [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > > > > > at > > > > > >
org.jboss.invocation.InterceptorContext$Invocation.proceed(InterceptorContext.java:374)
> > > > > [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > > > > > at > > > > > >
org.ovirt.engine.core.bll.interceptors.ThreadLocalSessionCleanerInterceptor.injectWebContextToThreadLocal(ThreadLocalSessionCleanerInterceptor.java:13)
> > > > > [bll.jar:] > > > > > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native > > > > > Method) > > > > > [rt.jar:1.7.0_51] > > > > > at > > > > > >
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
> > > > > [rt.jar:1.7.0_51] > > > > > at > > > > > >
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> > > > > [rt.jar:1.7.0_51] > > > > > at java.lang.reflect.Method.invoke(Method.java:606) > [rt.jar:1.7.0_51] > > > > > at > > > > > >
org.jboss.as.ee.component.ManagedReferenceLifecycleMethodInterceptorFactory$ManagedReferenceLifecycleMethodInterceptor.processInvocation(ManagedReferenceLifecycleMethodInterceptorFactory.java:123)
> > > > > [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] > > > > > at > > > > > >
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
> > > > > [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > > > > > at > > > > > >
org.jboss.invocation.WeavedInterceptor.processInvocation(WeavedInterceptor.java:53)
> > > > > [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > > > > > at > > > > > >
org.jboss.as.ee.component.interceptors.UserInterceptorFactory$1.processInvocation(UserInterceptorFactory.java:36)
> > > > > [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] > > > > > at > > > > > >
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
> > > > > [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > > > > > at > > > > > >
org.jboss.as.weld.ejb.EjbRequestScopeActivationInterceptor.processInvocation(EjbRequestScopeActivationInterceptor.java:82)
> > > > > [jboss-as-weld-7.1.1.Final.jar:7.1.1.Final] > > > > > at > > > > > >
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
> > > > > [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > > > > > at > > > > > >
org.jboss.invocation.InitialInterceptor.processInvocation(InitialInterceptor.java:21)
> > > > > [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > > > > > at > > > > > >
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
> > > > > [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > > > > > at > > > > > >
org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61)
> > > > > [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > > > > > at > > > > > >
org.jboss.as.ee.component.interceptors.ComponentDispatcherInterceptor.processInvocation(ComponentDispatcherInterceptor.java:53)
> > > > > [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] > > > > > at > > > > > >
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
> > > > > [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > > > > > at > > > > > >
org.jboss.as.ejb3.component.singleton.SingletonComponentInstanceAssociationInterceptor.processInvocation(SingletonComponentInstanceAssociationInterceptor.java:53)
> > > > > [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] > > > > > at > > > > > >
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
> > > > > [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > > > > > at > > > > > >
org.jboss.as.ejb3.tx.CMTTxInterceptor.invokeInNoTx(CMTTxInterceptor.java:211)
> > > > > [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] > > > > > at > > > > > >
org.jboss.as.ejb3.tx.CMTTxInterceptor.supports(CMTTxInterceptor.java:363)
> > > > > [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] > > > > > at > > > > > >
org.jboss.as.ejb3.tx.CMTTxInterceptor.processInvocation(CMTTxInterceptor.java:194)
> > > > > [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] > > > > > at > > > > > >
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
> > > > > [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > > > > > at > > > > > >
org.jboss.as.ejb3.component.interceptors.CurrentInvocationContextInterceptor.processInvocation(CurrentInvocationContextInterceptor.java:41)
> > > > > [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] > > > > > at > > > > > >
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
> > > > > [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > > > > > at > > > > > >
org.jboss.as.ejb3.component.interceptors.LoggingInterceptor.processInvocation(LoggingInterceptor.java:59)
> > > > > [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] > > > > > at > > > > > >
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
> > > > > [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > > > > > at > > > > > >
org.jboss.as.ee.component.NamespaceContextInterceptor.processInvocation(NamespaceContextInterceptor.java:50)
> > > > > [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] > > > > > at > > > > > >
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
> > > > > [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > > > > > at > > > > > >
org.jboss.as.ee.component.TCCLInterceptor.processInvocation(TCCLInterceptor.java:45)
> > > > > [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] > > > > > at > > > > > >
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
> > > > > [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > > > > > at > > > > > >
org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61)
> > > > > [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > > > > > at > > > > > > org.jboss.as.ee.component.ViewService$View.invoke(ViewService.java:165) > > > > > [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] > > > > > at > > > > > >
org.jboss.as.ee.component.ViewDescription$1.processInvocation(ViewDescription.java:173)
> > > > > [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] > > > > > at > > > > > >
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
> > > > > [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > > > > > at > > > > > >
org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61)
> > > > > [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > > > > > at > > > > > >
org.jboss.as.ee.component.ProxyInvocationHandler.invoke(ProxyInvocationHandler.java:72)
> > > > > [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] > > > > > at > > > > > >
org.ovirt.engine.core.common.interfaces.BackendLocal$$$view7.login(Unknown
> > > > > Source) [common.jar:] > > > > > at > > > > > >
org.ovirt.engine.ui.frontend.server.gwt.GenericApiGWTServiceImpl.login(GenericApiGWTServiceImpl.java:183)
> > > > > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native > > > > > Method) > > > > > [rt.jar:1.7.0_51] > > > > > at > > > > > >
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
> > > > > [rt.jar:1.7.0_51] > > > > > at > > > > > >
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> > > > > [rt.jar:1.7.0_51] > > > > > at java.lang.reflect.Method.invoke(Method.java:606) > [rt.jar:1.7.0_51] > > > > > at > com.google.gwt.rpc.server.RPC.invokeAndStreamResponse(RPC.java:196) > > > > > at > > > > > > com.google.gwt.rpc.server.RpcServlet.processCall(RpcServlet.java:172) > > > > > at > > > > > > com.google.gwt.rpc.server.RpcServlet.processPost(RpcServlet.java:233) > > > > > at > > > > > >
com.google.gwt.user.server.rpc.AbstractRemoteServiceServlet.doPost(AbstractRemoteServiceServlet.java:62)
> > > > > at > > > > > javax.servlet.http.HttpServlet.service(HttpServlet.java:754) > > > > > [jboss-servlet-api_3.0_spec-1.0.0.Final.jar:1.0.0.Final] > > > > > at > > > > > javax.servlet.http.HttpServlet.service(HttpServlet.java:847) > > > > > [jboss-servlet-api_3.0_spec-1.0.0.Final.jar:1.0.0.Final] > > > > > at > > > > > >
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:329)
> > > > > at > > > > > >
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)
> > > > > at > > > > > >
org.ovirt.engine.core.utils.servlet.HeaderFilter.doFilter(HeaderFilter.java:94)
> > > > > [utils.jar:] > > > > > at > > > > > >
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280)
> > > > > at > > > > > >
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)
> > > > > at > > > > > >
org.ovirt.engine.ui.frontend.server.gwt.GwtCachingFilter.doFilter(GwtCachingFilter.java:132)
> > > > > at > > > > > >
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280)
> > > > > at > > > > > >
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)
> > > > > at > > > > > >
org.ovirt.engine.core.branding.BrandingFilter.doFilter(BrandingFilter.java:72)
> > > > > at > > > > > >
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280)
> > > > > at > > > > > >
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)
> > > > > at > > > > > >
org.ovirt.engine.core.utils.servlet.LocaleFilter.doFilter(LocaleFilter.java:64)
> > > > > [utils.jar:] > > > > > at > > > > > >
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280)
> > > > > at > > > > > >
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)
> > > > > at > > > > > >
org.ovirt.engine.core.aaa.filters.SessionMgmtFilter.doFilter(SessionMgmtFilter.java:31)
> > > > > [aaa.jar:] > > > > > at > > > > > >
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280)
> > > > > at > > > > > >
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)
> > > > > at > > > > > >
org.ovirt.engine.core.aaa.filters.LoginFilter.doFilter(LoginFilter.java:73)
> > > > > [aaa.jar:] > > > > > at > > > > > >
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280)
> > > > > at > > > > > >
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)
> > > > > at > > > > > >
org.ovirt.engine.core.aaa.filters.NegotiationFilter.doFilter(NegotiationFilter.java:131)
> > > > > [aaa.jar:] > > > > > at > > > > > >
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280)
> > > > > at > > > > > >
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)
> > > > > at > > > > > >
org.ovirt.engine.core.aaa.filters.BasicAuthenticationFilter.doFilter(BasicAuthenticationFilter.java:75)
> > > > > [aaa.jar:] > > > > > at > > > > > >
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280)
> > > > > at > > > > > >
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)
> > > > > at > > > > > >
org.ovirt.engine.core.aaa.filters.SessionValidationFilter.doFilter(SessionValidationFilter.java:63)
> > > > > [aaa.jar:] > > > > > at > > > > > >
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280)
> > > > > at > > > > > >
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)
> > > > > at > > > > > >
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:275)
> > > > > at > > > > > >
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:161)
> > > > > at > > > > > >
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:489)
> > > > > at > > > > > >
org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityContextAssociationValve.java:153)
> > > > > at > > > > > >
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:155)
> > > > > at > > > > > >
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
> > > > > at org.jboss.web.rewrite.RewriteValve.invoke(RewriteValve.java:466) > > > > > at > > > > > >
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
> > > > > at > > > > > >
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:368)
> > > > > at > org.apache.coyote.ajp.AjpProcessor.process(AjpProcessor.java:505) > > > > > at > > > > > >
org.apache.coyote.ajp.AjpProtocol$AjpConnectionHandler.process(AjpProtocol.java:445)
> > > > > at > > > > > > org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:930) > > > > > at java.lang.Thread.run(Thread.java:744) [rt.jar:1.7.0_51] > > > > > > > > > > I have not changed any password from any of my AD users. > > > > > > > > > > I have removed from my oVirt 3.5 the domain with: > > > > > > > > > > engine-manage-domains delete --domain=siee.local > --user=Administrator > > > > > > > > > > And I have removed the domain without problems. But I want to add > it > > > > > again > > > > > but I can't. I execute the bellow command, put the
----- Original Message ----- the password
> > > > > of my > > > > > Administrator domain and I receive the error showed bellow: > > > > > > > > > > engine-manage-domains add --domain=SIEE.LOCAL --provider=ad > > > > > --user=Administrator > > > > > Enter password: > > > > > No user in Directory was found for Administrator@SIEE.LOCAL. > Trying > > > > > next > > > > > LDAP > > > > > server in list > > > > > Failure while testing domain siee.local. Details: No user > information > > > > > was > > > > > found for user > > > > > > > > > > The password that I use is correct because I can login with user > > > > > Administrator in the domain siee.local through a Windows 7 > Enterprise > > > > > client. All this issue comes after my upgrade to oVirt 3.5. Does > > > > > someone > > > > > help me with this problem?. If more info is needed or logs, please > ask > > > > > me. > > > > > > > > > > Many thanks in advanced, > > > > > > > > > > Juanjo > > > > > > > > > > _______________________________________________ > > > > > Users mailing list > > > > > Users@ovirt.org > > > > > http://lists.ovirt.org/mailman/listinfo/users > > > > > > > > > > > > > > >
Hello everybody, I will try to configure ovirt-engine-extension-aaa-ldap package as Alon says. By other side, I have executed the command kinit and the response is: kinit: Client not found in Kerberos database while getting initial credentials My /etc/krb5.conf files is (adserver.siee.local is my AD server based in Samba 4), I have modified this file to exchange EXAMPLE.COM by siee.local and adserver.siee.local: /etc/krb5.conf: [logging] default = FILE:/var/log/krb5libs.log kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind.log [libdefaults] default_realm = SIEE.LOCAL dns_lookup_realm = false dns_lookup_kdc = false ticket_lifetime = 24h renew_lifetime = 7d forwardable = true [realms] SIEE.LOCAL = { kdc = adserver.siee.local admin_server = adserver.siee.local } [domain_realm] .siee.local = SIEE.LOCAL siee.local = SIEE.LOCAL My /etc/ovirt-engine/krb5.conf: [libdefaults] default_realm = SIEE.LOCAL dns_lookup_realm = true dns_lookup_kdc = true ticket_lifetime = 24h renew_lifetime = 7d forwardable = no default_tkt_enctypes = arcfour-hmac-md5 udp_preference_limit = 1 #realms #domain_realm This last file is the same that I had before my upgrade to oVirt 3.5. Many thanks again, Juanjo. On Wed, Nov 26, 2014 at 5:37 AM, Yair Zaslavsky <yzaslavs@redhat.com> wrote:
----- Original Message -----
From: "Juan Jose" <jj197005@gmail.com> To: "Ondra Machacek" <omachace@redhat.com>, "Yair Zaslavsky" < yzaslavs@redhat.com>, alonbl@redhat.com, users@ovirt.org Sent: Tuesday, November 25, 2014 6:09:18 PM Subject: Re: [ovirt-users] Adding domain to oVirt to 3.5 issue
Hello again,
Yes the password is correct, I can login in a Windows machine to my domain siee.local with the user Juanjo. Moreover I have chanbged this user password to simpler one and the result is the same.
I have logged in administration portal with internal admin user and I try to navigate through the domain to find user to assign some user in a VM but nothing is showed as you can see in the attached screen image and any error is faced in administration portal, but the /var/log/ovirt-engine/engine.log show this:
2014-11-25 17:02:05,355 ERROR
[org.ovirt.engine.extensions.aaa.builtin.kerberosldap.GSSAPIDirContextAuthenticationStrategy]
(ajp--127.0.0.1-8702-5) Kerberos error: Pre-authentication information was invalid (24) 2014-11-25 17:02:05,356 ERROR
[org.ovirt.engine.extensions.aaa.builtin.kerberosldap.GSSAPIDirContextAuthenticationStrategy]
(ajp--127.0.0.1-8702-5) Authentication Failed. Please verify the username and password. 2014-11-25 17:02:05,357 ERROR [org.ovirt.engine.extensions.aaa.builtin.kerberosldap.DirectorySearcher] (ajp--127.0.0.1-8702-5) Failed ldap search server ldap://adserver.siee.local:389 using user juanjo@SIEE.LOCAL due to Authentication Failed. Please verify the username and password.. We should not try the next server 2014-11-25 17:02:05,359 ERROR
[org.ovirt.engine.extensions.aaa.builtin.kerberosldap.LdapBrokerCommandBase]
(ajp--127.0.0.1-8702-5) Failed to run command LdapSearchUserByQueryCommand. Domain is siee.local. User is juanjo@SIEE.LOCAL. 2014-11-25 17:02:05,402 ERROR
[org.ovirt.engine.extensions.aaa.builtin.kerberosldap.GSSAPIDirContextAuthenticationStrategy]
(ajp--127.0.0.1-8702-5) Kerberos error: Pre-authentication information was invalid (24) 2014-11-25 17:02:05,404 ERROR
[org.ovirt.engine.extensions.aaa.builtin.kerberosldap.GSSAPIDirContextAuthenticationStrategy]
(ajp--127.0.0.1-8702-5) Authentication Failed. Please verify the username and password. 2014-11-25 17:02:05,406 ERROR [org.ovirt.engine.extensions.aaa.builtin.kerberosldap.DirectorySearcher] (ajp--127.0.0.1-8702-5) Failed ldap search server ldap://adserver.siee.local:389 using user juanjo@SIEE.LOCAL due to Authentication Failed. Please verify the username and password.. We should not try the next server 2014-11-25 17:02:05,408 ERROR
[org.ovirt.engine.extensions.aaa.builtin.kerberosldap.LdapBrokerCommandBase]
(ajp--127.0.0.1-8702-5) Failed to run command LdapSearchGroupsByQueryCommand. Domain is siee.local. User is juanjo@SIEE.LOCAL.
every time I click "Go" button. Moreover I haven't changed anything from my Samba4 AD and it is working handling my siee.local domain. This error is showed since oVirt 3.5 upgrade.
Many thanks in advance,
Juanjo.
As Alon suggested, you can try the next provider for 3.5 However, until you do so, can you use kinit in order to perform kerberos authentication with the problematic user?
Cheers, Yair
On Tue, Nov 25, 2014 at 2:29 PM, Ondra Machacek <omachace@redhat.com>
wrote:
Also, can you please try to search within this domain, not only login to it? Does it fail or works good?
(in webadmin go to users tab and click add, select your domain and search for users).
----- Original Message -----
From: "Alon Bar-Lev" <alonbl@redhat.com> To: "Juan Jose" <jj197005@gmail.com> Cc: "Ondra Machacek" <omachace@redhat.com>, "Yair Zaslavsky" < yzaslavs@redhat.com>, users@ovirt.org Sent: Tuesday, November 25, 2014 1:49:20 PM Subject: Re: [ovirt-users] Adding domain to oVirt to 3.5 issue
2014-11-25 12:54:10,687 ERROR
(ajp--127.0.0.1-8702-5) Failed ldap search server ldap://adserver.siee.local:389 using user juanjo@SIEE.LOCAL due to Authentication Failed. Please verify the username and password.. We should not try the next server
From: "Juan Jose" <jj197005@gmail.com> To: "Ondra Machacek" <omachace@redhat.com>, alonbl@redhat.com, "Yair Zaslavsky" <yzaslavs@redhat.com>, users@ovirt.org Sent: Tuesday, November 25, 2014 2:29:26 PM Subject: Re: [ovirt-users] Adding domain to oVirt to 3.5 issue
Hello Ondra and everybody,
It works with my other user:
engine-manage-domains add --domain=siee.local --provider=ad --user=juanjo --add-permissions Enter password: Successfully added domain siee.local. oVirt Engine restart is required in order for the changes to take place (service ovirt-engine restart). Manage Domains completed successfully
But after restarted ovirt-engine if I try to loging with "juanjo" in
----- Original Message ----- the
administrator portal and I receive the error "General command validation failure", as you can see in the attached image.
I'm showing below the engine.log lines with the error:
2014-11-25 12:54:10,680 ERROR
[org.ovirt.engine.extensions.aaa.builtin.kerberosldap.GSSAPIDirContextAuthenticationStrategy]
(ajp--127.0.0.1-8702-5) Kerberos error: Pre-authentication information was invalid (24) 2014-11-25 12:54:10,681 ERROR
[org.ovirt.engine.extensions.aaa.builtin.kerberosldap.GSSAPIDirContextAuthenticationStrategy]
(ajp--127.0.0.1-8702-5) Authentication Failed. Please verify the username and password. 2014-11-25 12:54:10,687 ERROR
[org.ovirt.engine.extensions.aaa.builtin.kerberosldap.DirectorySearcher]
(ajp--127.0.0.1-8702-5) Failed ldap search server ldap://adserver.siee.local:389 using user juanjo@SIEE.LOCAL due to Authentication Failed. Please verify the username and password.. We should not try the next server 2014-11-25 12:54:10,688 ERROR
[org.ovirt.engine.extensions.aaa.builtin.kerberosldap.LdapBrokerCommandBase]
(ajp--127.0.0.1-8702-5) Failed to run command LdapGetAdUserByUserNameCommand. Domain is siee.local. User is juanjo@SIEE.LOCAL. 2014-11-25 12:54:10,689 ERROR [org.ovirt.engine.core.bll.aaa.LoginAdminUserCommand] (ajp--127.0.0.1-8702-5) Error during CanDoActionFailure.: Class: class
org.ovirt.engine.core.extensions.mgr.ExtensionInvokeCommandFailedException
Input: {Extkey[name=EXTENSION_INVOKE_CONTEXT;type=class
org.ovirt.engine.api.extensions.ExtMap;uuid=EXTENSION_INVOKE_CONTEXT[886d2ebb-312a-49ae-9cc3-e1f849834b7d];]={Extkey[name=EXTENSION_INTERFACE_VERSION_MAX;type=class
java.lang.Integer;uuid=EXTENSION_INTERFACE_VERSION_MAX[f4cff49f-2717-4901-8ee9-df362446e3e7];]=0,
Extkey[name=EXTENSION_LICENSE;type=class
java.lang.String;uuid=EXTENSION_LICENSE[8a61ad65-054c-4e31-9c6d-1ca4d60a4c18];]=ASL
2.0, Extkey[name=EXTENSION_HOME_URL;type=class
java.lang.String;uuid=EXTENSION_HOME_URL[4ad7a2f4-f969-42d4-b399-72d192e18304];]=
http://www.ovirt.org, Extkey[name=EXTENSION_LOCALE;type=class
java.lang.String;uuid=EXTENSION_LOCALE[0780b112-0ce0-404a-b85e-8765d778bb29];]=en_US,
Extkey[name=EXTENSION_NAME;type=class
java.lang.String;uuid=EXTENSION_NAME[651381d3-f54f-4547-bf28-b0b01a103184];]=Kerberos/Ldap
Authz (Built-in), Extkey[name=EXTENSION_INTERFACE_VERSION_MIN;type=class
java.lang.Integer;uuid=EXTENSION_INTERFACE_VERSION_MIN[2b84fc91-305b-497b-a1d7-d961b9d2ce0b];]=0,
Extkey[name=EXTENSION_CONFIGURATION;type=class
java.util.Properties;uuid=EXTENSION_CONFIGURATION[2d48ab72-f0a1-4312-b4ae-5068a226b0fc];]=***,
Extkey[name=EXTENSION_AUTHOR;type=class
java.lang.String;uuid=EXTENSION_AUTHOR[ef242f7a-2dad-4bc5-9aad-e07018b7fbcc];]=The
oVirt Project, Extkey[name=AAA_AUTHZ_QUERY_MAX_FILTER_SIZE;type=class
java.lang.Integer;uuid=AAA_AUTHZ_QUERY_MAX_FILTER_SIZE[2eb1f541-0f65-44a1-a6e3-014e247595f5];]=100,
Extkey[name=EXTENSION_INSTANCE_NAME;type=class
java.lang.String;uuid=EXTENSION_INSTANCE_NAME[65c67ff6-aeca-4bd5-a245-8674327f011b];]=siee.local,
Extkey[name=EXTENSION_BUILD_INTERFACE_VERSION;type=class
java.lang.Integer;uuid=EXTENSION_BUILD_INTERFACE_VERSION[cb479e5a-4b23-46f8-aed3-56a4747a8ab7];]=0,
Extkey[name=AAA_AUTHZ_CAPABILITIES;type=class
java.lang.Long;uuid=AAA_AUTHZ_CAPABILITIES[6106d1fb-9291-4351-a947-b897b9540a23];]=1,
Extkey[name=EXTENSION_CONFIGURATION_SENSITIVE_KEYS;type=interface
java.util.Collection;uuid=EXTENSION_CONFIGURATION_SENSITIVE_KEYS[a456efa1-73ff-4204-9f9b-ebff01e35263];]=[],
Extkey[name=EXTENSION_GLOBAL_CONTEXT;type=class
org.ovirt.engine.api.extensions.ExtMap;uuid=EXTENSION_GLOBAL_CONTEXT[9799e72f-7af6-4cf1-bf08-297bc8903676];]=*skip*,
Extkey[name=EXTENSION_VERSION;type=class
java.lang.String;uuid=EXTENSION_VERSION[fe35f6a8-8239-4bdb-ab1a-af9f779ce68c];]=N/A,
Extkey[name=AAA_AUTHZ_AVAILABLE_NAMESPACES;type=interface
java.util.Collection;uuid=AAA_AUTHZ_AVAILABLE_NAMESPACES[6dffa34c-955f-486a-bd35-0a272b45a711];]=[*],
Extkey[name=EXTENSION_MANAGER_TRACE_LOG;type=interface
org.slf4j.Logger;uuid=EXTENSION_MANAGER_TRACE_LOG[863db666-3ea7-4751-9695-918a3197ad83];]=org.slf4j.impl.Slf4jLogger(org.ovirt.engine.core.extensions.mgr.ExtensionsManager.trace.Kerberos/Ldap
Authz (Built-in).siee.local), Extkey[name=EXTENSION_PROVIDES;type=interface
java.util.Collection;uuid=EXTENSION_PROVIDES[8cf373a6-65b5-4594-b828-0e275087de91];]=[org.ovirt.engine.api.extensions.aaa.Authz]},
Extkey[name=AAA_AUTHZ_QUERY_FLAGS;type=class
java.lang.Integer;uuid=AAA_AUTHZ_QUERY_FLAGS[97d226e9-8d87-49a0-9a7f-af689320907b];]=3,
Extkey[name=EXTENSION_INVOKE_COMMAND;type=class
org.ovirt.engine.api.extensions.ExtUUID;uuid=EXTENSION_INVOKE_COMMAND[485778ab-bede-4f1a-b823-77b262a2f28d];]=AAA_AUTHZ_FETCH_PRINCIPAL_RECORD[5a5bf9bb-9336-4376-a823-26efe1ba26df],
Extkey[name=AAA_AUTHN_AUTH_RECORD;type=class
org.ovirt.engine.api.extensions.ExtMap;uuid=AAA_AUTHN_AUTH_RECORD[e9462168-b53b-44ac-9af5-f25e1697173e];]={Extkey[name=AAA_AUTHN_AUTH_RECORD_PRINCIPAL;type=class
java.lang.String;uuid=AAA_AUTHN_AUTH_RECORD_PRINCIPAL[c3498f07-11fe-464c-958c-8bd7490b119a];]=juanjo}}
Output: {Extkey[name=EXTENSION_INVOKE_RESULT;type=class
java.lang.Integer;uuid=EXTENSION_INVOKE_RESULT[0909d91d-8bde-40fb-b6c0-099c772ddd4e];]=2,
Extkey[name=AAA_AUTHZ_STATUS;type=class
java.lang.Integer;uuid=AAA_AUTHZ_STATUS[566f0ba5-8329-4de1-952a-7a81e4bedd3e];]=1}
at
org.ovirt.engine.core.extensions.mgr.ExtensionProxy.invoke(ExtensionProxy.java:91)
[extensions-manager.jar:] at
org.ovirt.engine.core.extensions.mgr.ExtensionProxy.invoke(ExtensionProxy.java:109)
[extensions-manager.jar:] at
org.ovirt.engine.core.aaa.AuthzUtils.fetchPrincipalRecordImpl(AuthzUtils.java:51)
[aaa.jar:] at
org.ovirt.engine.core.aaa.AuthzUtils.fetchPrincipalRecord(AuthzUtils.java:42)
[aaa.jar:] at
org.ovirt.engine.core.bll.aaa.LoginBaseCommand.isUserCanBeAuthenticated(LoginBaseCommand.java:234)
[bll.jar:] at
org.ovirt.engine.core.bll.aaa.LoginAdminUserCommand.canDoAction(LoginAdminUserCommand.java:15)
[bll.jar:] at
org.ovirt.engine.core.bll.CommandBase.internalCanDoAction(CommandBase.java:744)
[bll.jar:] at
org.ovirt.engine.core.bll.CommandBase.executeAction(CommandBase.java:338)
[bll.jar:] at org.ovirt.engine.core.bll.Backend.login(Backend.java:575) [bll.jar:] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.7.0_51] at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
[rt.jar:1.7.0_51] at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
[rt.jar:1.7.0_51] at java.lang.reflect.Method.invoke(Method.java:606) [rt.jar:1.7.0_51] at
org.jboss.as.ee.component.ManagedReferenceMethodInterceptorFactory$ManagedReferenceMethodInterceptor.processInvocation(ManagedReferenceMethodInterceptorFactory.java:72)
[jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
[jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at
org.jboss.invocation.InterceptorContext$Invocation.proceed(InterceptorContext.java:374)
[jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at
org.jboss.as.weld.ejb.Jsr299BindingsInterceptor.delegateInterception(Jsr299BindingsInterceptor.java:114)
[jboss-as-weld-7.1.1.Final.jar:7.1.1.Final] at
org.jboss.as.weld.ejb.Jsr299BindingsInterceptor.doMethodInterception(Jsr299BindingsInterceptor.java:125)
[jboss-as-weld-7.1.1.Final.jar:7.1.1.Final] at
org.jboss.as.weld.ejb.Jsr299BindingsInterceptor.processInvocation(Jsr299BindingsInterceptor.java:135)
[jboss-as-weld-7.1.1.Final.jar:7.1.1.Final] at
org.jboss.as.ee.component.interceptors.UserInterceptorFactory$1.processInvocation(UserInterceptorFactory.java:36)
[jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
[jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at
org.jboss.invocation.InterceptorContext$Invocation.proceed(InterceptorContext.java:374)
[jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at
org.ovirt.engine.core.bll.interceptors.ThreadLocalSessionCleanerInterceptor.injectWebContextToThreadLocal(ThreadLocalSessionCleanerInterceptor.java:13)
[bll.jar:] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.7.0_51] at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
[rt.jar:1.7.0_51] at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
[rt.jar:1.7.0_51] at java.lang.reflect.Method.invoke(Method.java:606) [rt.jar:1.7.0_51] at
org.jboss.as.ee.component.ManagedReferenceLifecycleMethodInterceptorFactory$ManagedReferenceLifecycleMethodInterceptor.processInvocation(ManagedReferenceLifecycleMethodInterceptorFactory.java:123)
[jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
[jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at
org.jboss.invocation.WeavedInterceptor.processInvocation(WeavedInterceptor.java:53)
[jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at
org.jboss.as.ee.component.interceptors.UserInterceptorFactory$1.processInvocation(UserInterceptorFactory.java:36)
[jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
[jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at
org.jboss.as.weld.ejb.EjbRequestScopeActivationInterceptor.processInvocation(EjbRequestScopeActivationInterceptor.java:82)
[jboss-as-weld-7.1.1.Final.jar:7.1.1.Final] at
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
[jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at
org.jboss.invocation.InitialInterceptor.processInvocation(InitialInterceptor.java:21)
[jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
[jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at
org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61)
[jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at
org.jboss.as.ee.component.interceptors.ComponentDispatcherInterceptor.processInvocation(ComponentDispatcherInterceptor.java:53)
[jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
[jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at
org.jboss.as.ejb3.component.singleton.SingletonComponentInstanceAssociationInterceptor.processInvocation(SingletonComponentInstanceAssociationInterceptor.java:53)
[jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] at
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
[jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at
org.jboss.as.ejb3.tx.CMTTxInterceptor.invokeInNoTx(CMTTxInterceptor.java:211)
[jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] at
org.jboss.as.ejb3.tx.CMTTxInterceptor.supports(CMTTxInterceptor.java:363)
[jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] at
org.jboss.as.ejb3.tx.CMTTxInterceptor.processInvocation(CMTTxInterceptor.java:194)
[jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] at
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
[jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at
org.jboss.as.ejb3.component.interceptors.CurrentInvocationContextInterceptor.processInvocation(CurrentInvocationContextInterceptor.java:41)
[jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] at
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
[jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at
org.jboss.as.ejb3.component.interceptors.LoggingInterceptor.processInvocation(LoggingInterceptor.java:59)
[jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] at
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
[jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at
org.jboss.as.ee.component.NamespaceContextInterceptor.processInvocation(NamespaceContextInterceptor.java:50)
[jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
[jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at
org.jboss.as.ee.component.TCCLInterceptor.processInvocation(TCCLInterceptor.java:45)
[jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
[jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at
org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61)
[jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at
org.jboss.as.ee.component.ViewService$View.invoke(ViewService.java:165)
[jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at
org.jboss.as.ee.component.ViewDescription$1.processInvocation(ViewDescription.java:173)
[jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
[jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at
org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61)
[jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at
org.jboss.as.ee.component.ProxyInvocationHandler.invoke(ProxyInvocationHandler.java:72)
[jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at
org.ovirt.engine.core.common.interfaces.BackendLocal$$$view7.login(Unknown
Source) [common.jar:] at
org.ovirt.engine.ui.frontend.server.gwt.GenericApiGWTServiceImpl.login(GenericApiGWTServiceImpl.java:183)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.7.0_51] at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
[rt.jar:1.7.0_51] at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
[rt.jar:1.7.0_51] at java.lang.reflect.Method.invoke(Method.java:606) [rt.jar:1.7.0_51] at com.google.gwt.rpc.server.RPC.invokeAndStreamResponse(RPC.java:196) at
com.google.gwt.rpc.server.RpcServlet.processCall(RpcServlet.java:172)
at
com.google.gwt.rpc.server.RpcServlet.processPost(RpcServlet.java:233)
at
com.google.gwt.user.server.rpc.AbstractRemoteServiceServlet.doPost(AbstractRemoteServiceServlet.java:62)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:754) [jboss-servlet-api_3.0_spec-1.0.0.Final.jar:1.0.0.Final] at javax.servlet.http.HttpServlet.service(HttpServlet.java:847) [jboss-servlet-api_3.0_spec-1.0.0.Final.jar:1.0.0.Final] at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:329)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)
at
org.ovirt.engine.core.utils.servlet.HeaderFilter.doFilter(HeaderFilter.java:94)
[utils.jar:] at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)
at
org.ovirt.engine.ui.frontend.server.gwt.GwtCachingFilter.doFilter(GwtCachingFilter.java:132)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)
at
org.ovirt.engine.core.branding.BrandingFilter.doFilter(BrandingFilter.java:72)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)
at
org.ovirt.engine.core.utils.servlet.LocaleFilter.doFilter(LocaleFilter.java:64)
[utils.jar:] at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)
at
org.ovirt.engine.core.aaa.filters.SessionMgmtFilter.doFilter(SessionMgmtFilter.java:31)
[aaa.jar:] at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)
at
org.ovirt.engine.core.aaa.filters.LoginFilter.doFilter(LoginFilter.java:73)
[aaa.jar:] at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)
at
org.ovirt.engine.core.aaa.filters.NegotiationFilter.doFilter(NegotiationFilter.java:131)
[aaa.jar:] at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)
at
org.ovirt.engine.core.aaa.filters.BasicAuthenticationFilter.doFilter(BasicAuthenticationFilter.java:75)
[aaa.jar:] at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)
at
org.ovirt.engine.core.aaa.filters.SessionValidationFilter.doFilter(SessionValidationFilter.java:63)
[aaa.jar:] at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:275)
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:161)
at
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:489)
at
org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityContextAssociationValve.java:153)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:155)
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
at
org.jboss.web.rewrite.RewriteValve.invoke(RewriteValve.java:466)
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:368)
at
org.apache.coyote.ajp.AjpProcessor.process(AjpProcessor.java:505)
at
org.apache.coyote.ajp.AjpProtocol$AjpConnectionHandler.process(AjpProtocol.java:445)
at
org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:930)
at java.lang.Thread.run(Thread.java:744) [rt.jar:1.7.0_51]
Could you help me with this problem, please?
Many thanks in advanced,
Juanjo.
On Tue, Nov 25, 2014 at 12:24 PM, Ondra Machacek <
omachace@redhat.com>
wrote:
Hi,
can you please try different account than Administrator?
----- Original Message ----- > From: "Juan Jose" <jj197005@gmail.com> > To: omachace@redhat.com, alonbl@redhat.com, "Yair Zaslavsky" < yzaslavs@redhat.com>, users@ovirt.org > Sent: Tuesday, November 25, 2014 11:01:13 AM > Subject: Re: [ovirt-users] Adding domain to oVirt to 3.5 issue > > Hello everybody, > > Ondra you are right, I removed the domain. I have already
execute > the command with lower case the domain name and the result is
[org.ovirt.engine.extensions.aaa.builtin.kerberosldap.DirectorySearcher] tried to the
same
> > engine-manage-domains add --domain=siee.local --provider=ad > --user=Administrator --add-permissions > Enter password: > No user in Directory was found for Administrator@SIEE.LOCAL. Trying > next > LDAP server in list > Failure while testing domain siee.local. Details: No user information > was > found for user > > the result to the command psql -U engine -d engine -c "select * from > vdc_options where option_name='LDAPSecurityAuthentication'" is: > > psql: FATAL: Ident authentication failed for user "engine" > > And for second command psql -U engine -d engine -c "update vdc_options set > option_value='siee.local:GSSAPI' where > option_name='LDAPSecurityAuthentication'", I receive the same response: > > psql: FATAL: Ident authentication failed for user "engine" > > Is there any problem? > > Many thanks in advanced, > > Juanjo. > > > On Mon, Nov 24, 2014 at 1:57 PM, Ondra Machacek < omachace@redhat.com> wrote: > > > I understood that domain can be deleted, but can't be added, > > so there won't be needed values to update in vdc_options. > > > > Juanjo - Can you please provide us what's the result of command: > > > > $ psql -U engine -d engine -c "select * from vdc_options where > > option_name='LDAPSecurityAuthentication'" > > > > If it's empty or if the domain name is upper case or lower case? > > If it's upper, than please lower case it. > > $ psql -U engine -d engine -c "update vdc_options set > > option_value='siee.local:GSSAPI' where > > option_name='LDAPSecurityAuthentication'" > > > > > > ----- Original Message ----- > > > From: "Alon Bar-Lev" <alonbl@redhat.com> > > > To: "Ondra Machacek" <omachace@redhat.com> > > > Cc: jj197005@gmail.com, users@ovirt.org, "Yair Zaslavsky" < > > yzaslavs@redhat.com> > > > Sent: Monday, November 24, 2014 1:49:11 PM > > > Subject: Re: [ovirt-users] Adding domain to oVirt to 3.5 issue > > > > > > > > > > > > ----- Original Message ----- > > > > From: "Ondra Machacek" <omachace@redhat.com> > > > > To: jj197005@gmail.com > > > > Cc: users@ovirt.org, "Yair Zaslavsky" < yzaslavs@redhat.com>, > > > > "Alon > > Bar-Lev" > > > > <alonbl@redhat.com> > > > > Sent: Monday, November 24, 2014 2:46:20 PM > > > > Subject: Re: [ovirt-users] Adding domain to oVirt to 3.5 issue > > > > > > > > Please try to run your command with domain in lower case: > > > > > > > > engine-manage-domains add --domain=siee.local --provider=ad > > > > --user=Administrator > > > > > > it is already added, won't it simpler to modify the vdc_options? > > > > > > > > > > > > > > > ----- Original Message ----- > > > > > From: "Alon Bar-Lev" <alonbl@redhat.com> > > > > > To: "Juan Jose" <jj197005@gmail.com> > > > > > Cc: users@ovirt.org, "Yair Zaslavsky" < yzaslavs@redhat.com , "Ondra > > > > > Machacek" <omachace@redhat.com> > > > > > Sent: Monday, November 24, 2014 1:27:39 PM > > > > > Subject: Re: [ovirt-users] Adding domain to oVirt to 3.5 issue > > > > > > > > > > > > > > > Yes, > > > > > I think we just fixed this[1]. > > > > > We can fix this manually, yair, ondra what is the easiest fix? > > > > > > > > > > BTW: you can also checkout the new ldap provider > > > > > (ovirt-engine-extension-aaa-ldap) in 3.5 which should be much more > > > > > robust[1], I can help you set it up. > > > > > > > > > > [1] https://bugzilla.redhat.com/show_bug.cgi?id=1167211 > > > > > [2] > > > > > > >
http://gerrit.ovirt.org/gitweb?p=ovirt-engine-extension-aaa-ldap.git;a=blob;...
> > > > > > > > > > ----- Original Message ----- > > > > > > From: "Juan Jose" <jj197005@gmail.com> > > > > > > To: users@ovirt.org > > > > > > Sent: Monday, November 24, 2014 2:22:44 PM > > > > > > Subject: [ovirt-users] Adding domain to oVirt to 3.5 issue > > > > > > > > > > > > Hello everybody, > > > > > > > > > > > > I have upgraded my oVirt 3.4 to 3.5 version without any > > > > > > problem > > > > > > apparently. > > > > > > > > > > > > After finish the upgrade I have tried to login with any of my AD > > users > > > > > > from > > > > > > my Samba 4, like I used to do in oVirt 3.4 but I received > > > > > > authentication > > > > > > errors as below error: > > > > > > > > > > > > 2014-11-21 14:06:02,681 ERROR > > > > > > > >
[org.ovirt.engine.extensions.aaa.builtin.kerberosldap.GSSAPIDirContextAuthenticationStrategy]
> > > > > > (ajp--127.0.0.1-8702-3) Kerberos error: Pre-authentication > > information > > > > > > was > > > > > > invalid (24) > > > > > > 2014-11-21 14:06:02,683 ERROR > > > > > > > >
[org.ovirt.engine.extensions.aaa.builtin.kerberosldap.GSSAPIDirContextAuthenticationStrategy]
> > > > > > (ajp--127.0.0.1-8702-3) Authentication Failed. Please verify the > > > > > > username > > > > > > and password. > > > > > > 2014-11-21 14:06:02,685 ERROR > > > > > > > >
[org.ovirt.engine.extensions.aaa.builtin.kerberosldap.DirectorySearcher]
> > > > > > (ajp--127.0.0.1-8702-3) Failed ldap search server > > > > > > ldap://adserver.siee.local:389 using user juanjo@SIEE.LOCAL due to > > > > > > Authentication Failed. Please verify the username and password.. We > > > > > > should > > > > > > not try the next server > > > > > > 2014-11-21 14:06:02,688 ERROR > > > > > > > >
[org.ovirt.engine.extensions.aaa.builtin.kerberosldap.LdapBrokerCommandBase]
> > > > > > (ajp--127.0.0.1-8702-3) Failed to run command > > > > > > LdapGetAdUserByUserNameCommand. Domain is siee.local. User is > > > > > > juanjo@SIEE.LOCAL. > > > > > > 2014-11-21 14:06:02,690 ERROR > > > > > > [org.ovirt.engine.core.bll.aaa.LoginAdminUserCommand] > > > > > > (ajp--127.0.0.1-8702-3) Error during CanDoActionFailure.: Class: > > class > > > > > > > >
org.ovirt.engine.core.extensions.mgr.ExtensionInvokeCommandFailedException
> > > > > > Input: > > > > > > {Extkey[name=EXTENSION_INVOKE_CONTEXT;type=class > > > > > > > >
org.ovirt.engine.api.extensions.ExtMap;uuid=EXTENSION_INVOKE_CONTEXT[886d2ebb-312a-49ae-9cc3-e1f849834b7d];]={Extkey[name=EXTENSION_INTERFACE_VERSION_MAX;type=class
> > > > > > > >
java.lang.Integer;uuid=EXTENSION_INTERFACE_VERSION_MAX[f4cff49f-2717-4901-8ee9-df362446e3e7];]=0,
> > > > > > Extkey[name=EXTENSION_LICENSE;type=class > > > > > > > >
java.lang.String;uuid=EXTENSION_LICENSE[8a61ad65-054c-4e31-9c6d-1ca4d60a4c18];]=ASL
> > > > > > 2.0, Extkey[name=EXTENSION_HOME_URL;type=class > > > > > > > >
java.lang.String;uuid=EXTENSION_HOME_URL[4ad7a2f4-f969-42d4-b399-72d192e18304];]=
> > > > > > http://www.ovirt.org , > > > > > > Extkey[name=EXTENSION_LOCALE;type=class > > > > > > > >
java.lang.String;uuid=EXTENSION_LOCALE[0780b112-0ce0-404a-b85e-8765d778bb29];]=en_US,
> > > > > > Extkey[name=EXTENSION_NAME;type=class > > > > > > > >
java.lang.String;uuid=EXTENSION_NAME[651381d3-f54f-4547-bf28-b0b01a103184];]=Kerberos/Ldap
> > > > > > Authz (Built-in), > > > > > > Extkey[name=EXTENSION_INTERFACE_VERSION_MIN;type=class > > > > > > > >
java.lang.Integer;uuid=EXTENSION_INTERFACE_VERSION_MIN[2b84fc91-305b-497b-a1d7-d961b9d2ce0b];]=0,
> > > > > > Extkey[name=EXTENSION_CONFIGURATION;type=class > > > > > > > >
java.util.Properties;uuid=EXTENSION_CONFIGURATION[2d48ab72-f0a1-4312-b4ae-5068a226b0fc];]=***,
> > > > > > Extkey[name=EXTENSION_AUTHOR;type=class > > > > > > > >
java.lang.String;uuid=EXTENSION_AUTHOR[ef242f7a-2dad-4bc5-9aad-e07018b7fbcc];]=The
> > > > > > oVirt Project, > > Extkey[name=AAA_AUTHZ_QUERY_MAX_FILTER_SIZE;type=class > > > > > > > >
java.lang.Integer;uuid=AAA_AUTHZ_QUERY_MAX_FILTER_SIZE[2eb1f541-0f65-44a1-a6e3-014e247595f5];]=100,
> > > > > > Extkey[name=EXTENSION_INSTANCE_NAME;type=class > > > > > > > >
java.lang.String;uuid=EXTENSION_INSTANCE_NAME[65c67ff6-aeca-4bd5-a245-8674327f011b];]=siee.local,
> > > > > > Extkey[name=EXTENSION_BUILD_INTERFACE_VERSION;type=class > > > > > > > >
java.lang.Integer;uuid=EXTENSION_BUILD_INTERFACE_VERSION[cb479e5a-4b23-46f8-aed3-56a4747a8ab7];]=0,
> > > > > > Extkey[name=AAA_AUTHZ_CAPABILITIES;type=class > > > > > > > >
java.lang.Long;uuid=AAA_AUTHZ_CAPABILITIES[6106d1fb-9291-4351-a947-b897b9540a23];]=1,
> > > > > > Extkey[name=EXTENSION_CONFIGURATION_SENSITIVE_KEYS;type=interface > > > > > > > >
java.util.Collection;uuid=EXTENSION_CONFIGURATION_SENSITIVE_KEYS[a456efa1-73ff-4204-9f9b-ebff01e35263];]=[],
> > > > > > Extkey[name=EXTENSION_GLOBAL_CONTEXT;type=class > > > > > > > >
org.ovirt.engine.api.extensions.ExtMap;uuid=EXTENSION_GLOBAL_CONTEXT[9799e72f-7af6-4cf1-bf08-297bc8903676];]=*skip*,
> > > > > > Extkey[name=EXTENSION_VERSION;type=class > > > > > > > >
java.lang.String;uuid=EXTENSION_VERSION[fe35f6a8-8239-4bdb-ab1a-af9f779ce68c];]=N/A,
> > > > > > Extkey[name=AAA_AUTHZ_AVAILABLE_NAMESPACES;type=interface > > > > > > > >
java.util.Collection;uuid=AAA_AUTHZ_AVAILABLE_NAMESPACES[6dffa34c-955f-486a-bd35-0a272b45a711];]=[*],
> > > > > > Extkey[name=EXTENSION_MANAGER_TRACE_LOG;type=interface > > > > > > > >
org.slf4j.Logger;uuid=EXTENSION_MANAGER_TRACE_LOG[863db666-3ea7-4751-9695-918a3197ad83];]=org.slf4j.impl.Slf4jLogger(org.ovirt.engine.core.extensions.mgr.ExtensionsManager.trace.Kerberos/Ldap
> > > > > > Authz (Built-in).siee.local), > > > > > > Extkey[name=EXTENSION_PROVIDES;type=interface > > > > > > > >
java.util.Collection;uuid=EXTENSION_PROVIDES[8cf373a6-65b5-4594-b828-0e275087de91];]=[org.ovirt.engine.api.extensions.aaa.Authz]},
> > > > > > Extkey[name=AAA_AUTHZ_QUERY_FLAGS;type=class > > > > > > > >
java.lang.Integer;uuid=AAA_AUTHZ_QUERY_FLAGS[97d226e9-8d87-49a0-9a7f-af689320907b];]=3,
> > > > > > Extkey[name=EXTENSION_INVOKE_COMMAND;type=class > > > > > > > >
org.ovirt.engine.api.extensions.ExtUUID;uuid=EXTENSION_INVOKE_COMMAND[485778ab-bede-4f1a-b823-77b262a2f28d];]=AAA_AUTHZ_FETCH_PRINCIPAL_RECORD[5a5bf9bb-9336-4376-a823-26efe1ba26df],
> > > > > > Extkey[name=AAA_AUTHN_AUTH_RECORD;type=class > > > > > > > >
org.ovirt.engine.api.extensions.ExtMap;uuid=AAA_AUTHN_AUTH_RECORD[e9462168-b53b-44ac-9af5-f25e1697173e];]={Extkey[name=AAA_AUTHN_AUTH_RECORD_PRINCIPAL;type=class
> > > > > > > >
java.lang.String;uuid=AAA_AUTHN_AUTH_RECORD_PRINCIPAL[c3498f07-11fe-464c-958c-8bd7490b119a];]=juanjo}}
> > > > > > Output: > > > > > > {Extkey[name=EXTENSION_INVOKE_RESULT;type=class > > > > > > > >
java.lang.Integer;uuid=EXTENSION_INVOKE_RESULT[0909d91d-8bde-40fb-b6c0-099c772ddd4e];]=2,
> > > > > > Extkey[name=AAA_AUTHZ_STATUS;type=class > > > > > > > >
java.lang.Integer;uuid=AAA_AUTHZ_STATUS[566f0ba5-8329-4de1-952a-7a81e4bedd3e];]=1}
> > > > > > > > > > > > at > > > > > > > >
org.ovirt.engine.core.extensions.mgr.ExtensionProxy.invoke(ExtensionProxy.java:91)
> > > > > > [extensions-manager.jar:] > > > > > > at > > > > > > > >
org.ovirt.engine.core.extensions.mgr.ExtensionProxy.invoke(ExtensionProxy.java:109)
> > > > > > [extensions-manager.jar:] > > > > > > at > > > > > > > >
org.ovirt.engine.core.aaa.AuthzUtils.fetchPrincipalRecordImpl(AuthzUtils.java:51)
> > > > > > [aaa.jar:] > > > > > > at > > > > > > > >
org.ovirt.engine.core.aaa.AuthzUtils.fetchPrincipalRecord(AuthzUtils.java:42)
> > > > > > [aaa.jar:] > > > > > > at > > > > > > > >
org.ovirt.engine.core.bll.aaa.LoginBaseCommand.isUserCanBeAuthenticated(LoginBaseCommand.java:234)
> > > > > > [bll.jar:] > > > > > > at > > > > > > > >
org.ovirt.engine.core.bll.aaa.LoginAdminUserCommand.canDoAction(LoginAdminUserCommand.java:15)
> > > > > > [bll.jar:] > > > > > > at > > > > > > > >
org.ovirt.engine.core.bll.CommandBase.internalCanDoAction(CommandBase.java:744)
> > > > > > [bll.jar:] > > > > > > at > > > > > > > >
org.ovirt.engine.core.bll.CommandBase.executeAction(CommandBase.java:338)
> > > > > > [bll.jar:] > > > > > > at org.ovirt.engine.core.bll.Backend.login(Backend.java:575) > > [bll.jar:] > > > > > > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native > > > > > > Method) > > > > > > [rt.jar:1.7.0_51] > > > > > > at > > > > > > > >
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
> > > > > > [rt.jar:1.7.0_51] > > > > > > at > > > > > > > >
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> > > > > > [rt.jar:1.7.0_51] > > > > > > at java.lang.reflect.Method.invoke(Method.java:606) > > [rt.jar:1.7.0_51] > > > > > > at > > > > > > > >
org.jboss.as.ee.component.ManagedReferenceMethodInterceptorFactory$ManagedReferenceMethodInterceptor.processInvocation(ManagedReferenceMethodInterceptorFactory.java:72)
> > > > > > [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] > > > > > > at > > > > > > > >
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
> > > > > > [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > > > > > > at > > > > > > > >
org.jboss.invocation.InterceptorContext$Invocation.proceed(InterceptorContext.java:374)
> > > > > > [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > > > > > > at > > > > > > > >
org.jboss.as.weld.ejb.Jsr299BindingsInterceptor.delegateInterception(Jsr299BindingsInterceptor.java:114)
> > > > > > [jboss-as-weld-7.1.1.Final.jar:7.1.1.Final] > > > > > > at > > > > > > > >
org.jboss.as.weld.ejb.Jsr299BindingsInterceptor.doMethodInterception(Jsr299BindingsInterceptor.java:125)
> > > > > > [jboss-as-weld-7.1.1.Final.jar:7.1.1.Final] > > > > > > at > > > > > > > >
org.jboss.as.weld.ejb.Jsr299BindingsInterceptor.processInvocation(Jsr299BindingsInterceptor.java:135)
> > > > > > [jboss-as-weld-7.1.1.Final.jar:7.1.1.Final] > > > > > > at > > > > > > > >
org.jboss.as.ee.component.interceptors.UserInterceptorFactory$1.processInvocation(UserInterceptorFactory.java:36)
> > > > > > [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] > > > > > > at > > > > > > > >
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
> > > > > > [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > > > > > > at > > > > > > > >
org.jboss.invocation.InterceptorContext$Invocation.proceed(InterceptorContext.java:374)
> > > > > > [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > > > > > > at > > > > > > > >
org.ovirt.engine.core.bll.interceptors.ThreadLocalSessionCleanerInterceptor.injectWebContextToThreadLocal(ThreadLocalSessionCleanerInterceptor.java:13)
> > > > > > [bll.jar:] > > > > > > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native > > > > > > Method) > > > > > > [rt.jar:1.7.0_51] > > > > > > at > > > > > > > >
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
> > > > > > [rt.jar:1.7.0_51] > > > > > > at > > > > > > > >
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> > > > > > [rt.jar:1.7.0_51] > > > > > > at java.lang.reflect.Method.invoke(Method.java:606) > > [rt.jar:1.7.0_51] > > > > > > at > > > > > > > >
org.jboss.as.ee.component.ManagedReferenceLifecycleMethodInterceptorFactory$ManagedReferenceLifecycleMethodInterceptor.processInvocation(ManagedReferenceLifecycleMethodInterceptorFactory.java:123)
> > > > > > [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] > > > > > > at > > > > > > > >
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
> > > > > > [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > > > > > > at > > > > > > > >
org.jboss.invocation.WeavedInterceptor.processInvocation(WeavedInterceptor.java:53)
> > > > > > [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > > > > > > at > > > > > > > >
org.jboss.as.ee.component.interceptors.UserInterceptorFactory$1.processInvocation(UserInterceptorFactory.java:36)
> > > > > > [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] > > > > > > at > > > > > > > >
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
> > > > > > [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > > > > > > at > > > > > > > >
org.jboss.as.weld.ejb.EjbRequestScopeActivationInterceptor.processInvocation(EjbRequestScopeActivationInterceptor.java:82)
> > > > > > [jboss-as-weld-7.1.1.Final.jar:7.1.1.Final] > > > > > > at > > > > > > > >
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
> > > > > > [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > > > > > > at > > > > > > > >
org.jboss.invocation.InitialInterceptor.processInvocation(InitialInterceptor.java:21)
> > > > > > [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > > > > > > at > > > > > > > >
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
> > > > > > [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > > > > > > at > > > > > > > >
org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61)
> > > > > > [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > > > > > > at > > > > > > > >
org.jboss.as.ee.component.interceptors.ComponentDispatcherInterceptor.processInvocation(ComponentDispatcherInterceptor.java:53)
> > > > > > [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] > > > > > > at > > > > > > > >
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
> > > > > > [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > > > > > > at > > > > > > > >
org.jboss.as.ejb3.component.singleton.SingletonComponentInstanceAssociationInterceptor.processInvocation(SingletonComponentInstanceAssociationInterceptor.java:53)
> > > > > > [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] > > > > > > at > > > > > > > >
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
> > > > > > [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > > > > > > at > > > > > > > >
org.jboss.as.ejb3.tx.CMTTxInterceptor.invokeInNoTx(CMTTxInterceptor.java:211)
> > > > > > [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] > > > > > > at > > > > > > > >
org.jboss.as.ejb3.tx.CMTTxInterceptor.supports(CMTTxInterceptor.java:363)
> > > > > > [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] > > > > > > at > > > > > > > >
org.jboss.as.ejb3.tx.CMTTxInterceptor.processInvocation(CMTTxInterceptor.java:194)
> > > > > > [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] > > > > > > at > > > > > > > >
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
> > > > > > [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > > > > > > at > > > > > > > >
org.jboss.as.ejb3.component.interceptors.CurrentInvocationContextInterceptor.processInvocation(CurrentInvocationContextInterceptor.java:41)
> > > > > > [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] > > > > > > at > > > > > > > >
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
> > > > > > [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > > > > > > at > > > > > > > >
org.jboss.as.ejb3.component.interceptors.LoggingInterceptor.processInvocation(LoggingInterceptor.java:59)
> > > > > > [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] > > > > > > at > > > > > > > >
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
> > > > > > [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > > > > > > at > > > > > > > >
org.jboss.as.ee.component.NamespaceContextInterceptor.processInvocation(NamespaceContextInterceptor.java:50)
> > > > > > [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] > > > > > > at > > > > > > > >
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
> > > > > > [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > > > > > > at > > > > > > > >
org.jboss.as.ee.component.TCCLInterceptor.processInvocation(TCCLInterceptor.java:45)
> > > > > > [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] > > > > > > at > > > > > > > >
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
> > > > > > [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > > > > > > at > > > > > > > >
org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61)
> > > > > > [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > > > > > > at > > > > > > > > org.jboss.as.ee.component.ViewService$View.invoke(ViewService.java:165) > > > > > > [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] > > > > > > at > > > > > > > >
org.jboss.as.ee.component.ViewDescription$1.processInvocation(ViewDescription.java:173)
> > > > > > [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] > > > > > > at > > > > > > > >
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
> > > > > > [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > > > > > > at > > > > > > > >
org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61)
> > > > > > [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > > > > > > at > > > > > > > >
org.jboss.as.ee.component.ProxyInvocationHandler.invoke(ProxyInvocationHandler.java:72)
> > > > > > [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] > > > > > > at > > > > > > > >
org.ovirt.engine.core.common.interfaces.BackendLocal$$$view7.login(Unknown
> > > > > > Source) [common.jar:] > > > > > > at > > > > > > > >
org.ovirt.engine.ui.frontend.server.gwt.GenericApiGWTServiceImpl.login(GenericApiGWTServiceImpl.java:183)
> > > > > > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native > > > > > > Method) > > > > > > [rt.jar:1.7.0_51] > > > > > > at > > > > > > > >
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
> > > > > > [rt.jar:1.7.0_51] > > > > > > at > > > > > > > >
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> > > > > > [rt.jar:1.7.0_51] > > > > > > at java.lang.reflect.Method.invoke(Method.java:606) > > [rt.jar:1.7.0_51] > > > > > > at > > com.google.gwt.rpc.server.RPC.invokeAndStreamResponse(RPC.java:196) > > > > > > at > > > > > > > > com.google.gwt.rpc.server.RpcServlet.processCall(RpcServlet.java:172) > > > > > > at > > > > > > > > com.google.gwt.rpc.server.RpcServlet.processPost(RpcServlet.java:233) > > > > > > at > > > > > > > >
com.google.gwt.user.server.rpc.AbstractRemoteServiceServlet.doPost(AbstractRemoteServiceServlet.java:62)
> > > > > > at > > > > > > javax.servlet.http.HttpServlet.service(HttpServlet.java:754) > > > > > > [jboss-servlet-api_3.0_spec-1.0.0.Final.jar:1.0.0.Final] > > > > > > at > > > > > > javax.servlet.http.HttpServlet.service(HttpServlet.java:847) > > > > > > [jboss-servlet-api_3.0_spec-1.0.0.Final.jar:1.0.0.Final] > > > > > > at > > > > > > > >
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:329)
> > > > > > at > > > > > > > >
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)
> > > > > > at > > > > > > > >
org.ovirt.engine.core.utils.servlet.HeaderFilter.doFilter(HeaderFilter.java:94)
> > > > > > [utils.jar:] > > > > > > at > > > > > > > >
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280)
> > > > > > at > > > > > > > >
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)
> > > > > > at > > > > > > > >
org.ovirt.engine.ui.frontend.server.gwt.GwtCachingFilter.doFilter(GwtCachingFilter.java:132)
> > > > > > at > > > > > > > >
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280)
> > > > > > at > > > > > > > >
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)
> > > > > > at > > > > > > > >
org.ovirt.engine.core.branding.BrandingFilter.doFilter(BrandingFilter.java:72)
> > > > > > at > > > > > > > >
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280)
> > > > > > at > > > > > > > >
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)
> > > > > > at > > > > > > > >
org.ovirt.engine.core.utils.servlet.LocaleFilter.doFilter(LocaleFilter.java:64)
> > > > > > [utils.jar:] > > > > > > at > > > > > > > >
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280)
> > > > > > at > > > > > > > >
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)
> > > > > > at > > > > > > > >
org.ovirt.engine.core.aaa.filters.SessionMgmtFilter.doFilter(SessionMgmtFilter.java:31)
> > > > > > [aaa.jar:] > > > > > > at > > > > > > > >
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280)
> > > > > > at > > > > > > > >
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)
> > > > > > at > > > > > > > >
org.ovirt.engine.core.aaa.filters.LoginFilter.doFilter(LoginFilter.java:73)
> > > > > > [aaa.jar:] > > > > > > at > > > > > > > >
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280)
> > > > > > at > > > > > > > >
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)
> > > > > > at > > > > > > > >
org.ovirt.engine.core.aaa.filters.NegotiationFilter.doFilter(NegotiationFilter.java:131)
> > > > > > [aaa.jar:] > > > > > > at > > > > > > > >
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280)
> > > > > > at > > > > > > > >
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)
> > > > > > at > > > > > > > >
org.ovirt.engine.core.aaa.filters.BasicAuthenticationFilter.doFilter(BasicAuthenticationFilter.java:75)
> > > > > > [aaa.jar:] > > > > > > at > > > > > > > >
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280)
> > > > > > at > > > > > > > >
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)
> > > > > > at > > > > > > > >
org.ovirt.engine.core.aaa.filters.SessionValidationFilter.doFilter(SessionValidationFilter.java:63)
> > > > > > [aaa.jar:] > > > > > > at > > > > > > > >
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280)
> > > > > > at > > > > > > > >
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)
> > > > > > at > > > > > > > >
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:275)
> > > > > > at > > > > > > > >
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:161)
> > > > > > at > > > > > > > >
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:489)
> > > > > > at > > > > > > > >
org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityContextAssociationValve.java:153)
> > > > > > at > > > > > > > >
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:155)
> > > > > > at > > > > > > > >
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
> > > > > > at org.jboss.web.rewrite.RewriteValve.invoke(RewriteValve.java:466) > > > > > > at > > > > > > > >
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
> > > > > > at > > > > > > > >
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:368)
> > > > > > at > > org.apache.coyote.ajp.AjpProcessor.process(AjpProcessor.java:505) > > > > > > at > > > > > > > >
org.apache.coyote.ajp.AjpProtocol$AjpConnectionHandler.process(AjpProtocol.java:445)
> > > > > > at > > > > > > > > org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:930) > > > > > > at java.lang.Thread.run(Thread.java:744) [rt.jar:1.7.0_51] > > > > > > > > > > > > I have not changed any password from any of my AD users. > > > > > > > > > > > > I have removed from my oVirt 3.5 the domain with: > > > > > > > > > > > > engine-manage-domains delete --domain=siee.local > > --user=Administrator > > > > > > > > > > > > And I have removed the domain without problems. But I want to add > > it > > > > > > again > > > > > > but I can't. I execute the bellow command, put the password > > > > > > of my > > > > > > Administrator domain and I receive the error showed bellow: > > > > > > > > > > > > engine-manage-domains add --domain=SIEE.LOCAL --provider=ad > > > > > > --user=Administrator > > > > > > Enter password: > > > > > > No user in Directory was found for Administrator@SIEE.LOCAL. > > Trying > > > > > > next > > > > > > LDAP > > > > > > server in list > > > > > > Failure while testing domain siee.local. Details: No user > > information > > > > > > was > > > > > > found for user > > > > > > > > > > > > The password that I use is correct because I can login with user > > > > > > Administrator in the domain siee.local through a Windows 7 > > Enterprise > > > > > > client. All this issue comes after my upgrade to oVirt 3.5. Does > > > > > > someone > > > > > > help me with this problem?. If more info is needed or logs, please > > ask > > > > > > me. > > > > > > > > > > > > Many thanks in advanced, > > > > > > > > > > > > Juanjo > > > > > > > > > > > > _______________________________________________ > > > > > > Users mailing list > > > > > > Users@ovirt.org > > > > > > http://lists.ovirt.org/mailman/listinfo/users > > > > > > > > > > > > > > > > > > > > >
----- Original Message -----
From: "Juan Jose" <jj197005@gmail.com> To: "Yair Zaslavsky" <yzaslavs@redhat.com>, "Ondra Machacek" <omachace@redhat.com>, alonbl@redhat.com, users@ovirt.org Sent: Wednesday, November 26, 2014 1:01:37 PM Subject: Re: [ovirt-users] Adding domain to oVirt to 3.5 issue
Hello everybody,
I will try to configure ovirt-engine-extension-aaa-ldap package as Alon says.
+1 please do.
By other side, I have executed the command kinit and the response is:
kinit: Client not found in Kerberos database while getting initial credentials
I am sure you did tht, but just to be on the safe side - did u perform kinit principal@REALM?
My /etc/krb5.conf files is (adserver.siee.local is my AD server based in Samba 4), I have modified this file to exchange EXAMPLE.COM by siee.local and adserver.siee.local:
/etc/krb5.conf: [logging] default = FILE:/var/log/krb5libs.log kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind.log
[libdefaults] default_realm = SIEE.LOCAL dns_lookup_realm = false dns_lookup_kdc = false ticket_lifetime = 24h renew_lifetime = 7d forwardable = true
[realms] SIEE.LOCAL = { kdc = adserver.siee.local admin_server = adserver.siee.local }
[domain_realm] .siee.local = SIEE.LOCAL siee.local = SIEE.LOCAL
My /etc/ovirt-engine/krb5.conf:
[libdefaults]
default_realm = SIEE.LOCAL dns_lookup_realm = true dns_lookup_kdc = true ticket_lifetime = 24h renew_lifetime = 7d forwardable = no default_tkt_enctypes = arcfour-hmac-md5 udp_preference_limit = 1
#realms
#domain_realm
This last file is the same that I had before my upgrade to oVirt 3.5.
Many thanks again,
Juanjo.
On Wed, Nov 26, 2014 at 5:37 AM, Yair Zaslavsky <yzaslavs@redhat.com> wrote:
----- Original Message -----
From: "Juan Jose" <jj197005@gmail.com> To: "Ondra Machacek" <omachace@redhat.com>, "Yair Zaslavsky" < yzaslavs@redhat.com>, alonbl@redhat.com, users@ovirt.org Sent: Tuesday, November 25, 2014 6:09:18 PM Subject: Re: [ovirt-users] Adding domain to oVirt to 3.5 issue
Hello again,
Yes the password is correct, I can login in a Windows machine to my domain siee.local with the user Juanjo. Moreover I have chanbged this user password to simpler one and the result is the same.
I have logged in administration portal with internal admin user and I try to navigate through the domain to find user to assign some user in a VM but nothing is showed as you can see in the attached screen image and any error is faced in administration portal, but the /var/log/ovirt-engine/engine.log show this:
2014-11-25 17:02:05,355 ERROR
[org.ovirt.engine.extensions.aaa.builtin.kerberosldap.GSSAPIDirContextAuthenticationStrategy]
(ajp--127.0.0.1-8702-5) Kerberos error: Pre-authentication information was invalid (24) 2014-11-25 17:02:05,356 ERROR
[org.ovirt.engine.extensions.aaa.builtin.kerberosldap.GSSAPIDirContextAuthenticationStrategy]
(ajp--127.0.0.1-8702-5) Authentication Failed. Please verify the username and password. 2014-11-25 17:02:05,357 ERROR [org.ovirt.engine.extensions.aaa.builtin.kerberosldap.DirectorySearcher] (ajp--127.0.0.1-8702-5) Failed ldap search server ldap://adserver.siee.local:389 using user juanjo@SIEE.LOCAL due to Authentication Failed. Please verify the username and password.. We should not try the next server 2014-11-25 17:02:05,359 ERROR
[org.ovirt.engine.extensions.aaa.builtin.kerberosldap.LdapBrokerCommandBase]
(ajp--127.0.0.1-8702-5) Failed to run command LdapSearchUserByQueryCommand. Domain is siee.local. User is juanjo@SIEE.LOCAL. 2014-11-25 17:02:05,402 ERROR
[org.ovirt.engine.extensions.aaa.builtin.kerberosldap.GSSAPIDirContextAuthenticationStrategy]
(ajp--127.0.0.1-8702-5) Kerberos error: Pre-authentication information was invalid (24) 2014-11-25 17:02:05,404 ERROR
[org.ovirt.engine.extensions.aaa.builtin.kerberosldap.GSSAPIDirContextAuthenticationStrategy]
(ajp--127.0.0.1-8702-5) Authentication Failed. Please verify the username and password. 2014-11-25 17:02:05,406 ERROR [org.ovirt.engine.extensions.aaa.builtin.kerberosldap.DirectorySearcher] (ajp--127.0.0.1-8702-5) Failed ldap search server ldap://adserver.siee.local:389 using user juanjo@SIEE.LOCAL due to Authentication Failed. Please verify the username and password.. We should not try the next server 2014-11-25 17:02:05,408 ERROR
[org.ovirt.engine.extensions.aaa.builtin.kerberosldap.LdapBrokerCommandBase]
(ajp--127.0.0.1-8702-5) Failed to run command LdapSearchGroupsByQueryCommand. Domain is siee.local. User is juanjo@SIEE.LOCAL.
every time I click "Go" button. Moreover I haven't changed anything from my Samba4 AD and it is working handling my siee.local domain. This error is showed since oVirt 3.5 upgrade.
Many thanks in advance,
Juanjo.
As Alon suggested, you can try the next provider for 3.5 However, until you do so, can you use kinit in order to perform kerberos authentication with the problematic user?
Cheers, Yair
On Tue, Nov 25, 2014 at 2:29 PM, Ondra Machacek <omachace@redhat.com>
wrote:
Also, can you please try to search within this domain, not only login to it? Does it fail or works good?
(in webadmin go to users tab and click add, select your domain and search for users).
----- Original Message -----
From: "Alon Bar-Lev" <alonbl@redhat.com> To: "Juan Jose" <jj197005@gmail.com> Cc: "Ondra Machacek" <omachace@redhat.com>, "Yair Zaslavsky" < yzaslavs@redhat.com>, users@ovirt.org Sent: Tuesday, November 25, 2014 1:49:20 PM Subject: Re: [ovirt-users] Adding domain to oVirt to 3.5 issue
2014-11-25 12:54:10,687 ERROR
(ajp--127.0.0.1-8702-5) Failed ldap search server ldap://adserver.siee.local:389 using user juanjo@SIEE.LOCAL due to Authentication Failed. Please verify the username and password.. We should not try the next server
From: "Juan Jose" <jj197005@gmail.com> To: "Ondra Machacek" <omachace@redhat.com>, alonbl@redhat.com, "Yair Zaslavsky" <yzaslavs@redhat.com>, users@ovirt.org Sent: Tuesday, November 25, 2014 2:29:26 PM Subject: Re: [ovirt-users] Adding domain to oVirt to 3.5 issue
Hello Ondra and everybody,
It works with my other user:
engine-manage-domains add --domain=siee.local --provider=ad --user=juanjo --add-permissions Enter password: Successfully added domain siee.local. oVirt Engine restart is required in order for the changes to take place (service ovirt-engine restart). Manage Domains completed successfully
But after restarted ovirt-engine if I try to loging with "juanjo" in
----- Original Message ----- the
administrator portal and I receive the error "General command validation failure", as you can see in the attached image.
I'm showing below the engine.log lines with the error:
2014-11-25 12:54:10,680 ERROR
[org.ovirt.engine.extensions.aaa.builtin.kerberosldap.GSSAPIDirContextAuthenticationStrategy]
(ajp--127.0.0.1-8702-5) Kerberos error: Pre-authentication information was invalid (24) 2014-11-25 12:54:10,681 ERROR
[org.ovirt.engine.extensions.aaa.builtin.kerberosldap.GSSAPIDirContextAuthenticationStrategy]
(ajp--127.0.0.1-8702-5) Authentication Failed. Please verify the username and password. 2014-11-25 12:54:10,687 ERROR
[org.ovirt.engine.extensions.aaa.builtin.kerberosldap.DirectorySearcher]
(ajp--127.0.0.1-8702-5) Failed ldap search server ldap://adserver.siee.local:389 using user juanjo@SIEE.LOCAL due to Authentication Failed. Please verify the username and password.. We should not try the next server 2014-11-25 12:54:10,688 ERROR
[org.ovirt.engine.extensions.aaa.builtin.kerberosldap.LdapBrokerCommandBase]
(ajp--127.0.0.1-8702-5) Failed to run command LdapGetAdUserByUserNameCommand. Domain is siee.local. User is juanjo@SIEE.LOCAL. 2014-11-25 12:54:10,689 ERROR [org.ovirt.engine.core.bll.aaa.LoginAdminUserCommand] (ajp--127.0.0.1-8702-5) Error during CanDoActionFailure.: Class: class
org.ovirt.engine.core.extensions.mgr.ExtensionInvokeCommandFailedException
Input: {Extkey[name=EXTENSION_INVOKE_CONTEXT;type=class
org.ovirt.engine.api.extensions.ExtMap;uuid=EXTENSION_INVOKE_CONTEXT[886d2ebb-312a-49ae-9cc3-e1f849834b7d];]={Extkey[name=EXTENSION_INTERFACE_VERSION_MAX;type=class
java.lang.Integer;uuid=EXTENSION_INTERFACE_VERSION_MAX[f4cff49f-2717-4901-8ee9-df362446e3e7];]=0,
Extkey[name=EXTENSION_LICENSE;type=class
java.lang.String;uuid=EXTENSION_LICENSE[8a61ad65-054c-4e31-9c6d-1ca4d60a4c18];]=ASL
2.0, Extkey[name=EXTENSION_HOME_URL;type=class
java.lang.String;uuid=EXTENSION_HOME_URL[4ad7a2f4-f969-42d4-b399-72d192e18304];]=
http://www.ovirt.org, Extkey[name=EXTENSION_LOCALE;type=class
java.lang.String;uuid=EXTENSION_LOCALE[0780b112-0ce0-404a-b85e-8765d778bb29];]=en_US,
Extkey[name=EXTENSION_NAME;type=class
java.lang.String;uuid=EXTENSION_NAME[651381d3-f54f-4547-bf28-b0b01a103184];]=Kerberos/Ldap
Authz (Built-in), Extkey[name=EXTENSION_INTERFACE_VERSION_MIN;type=class
java.lang.Integer;uuid=EXTENSION_INTERFACE_VERSION_MIN[2b84fc91-305b-497b-a1d7-d961b9d2ce0b];]=0,
Extkey[name=EXTENSION_CONFIGURATION;type=class
java.util.Properties;uuid=EXTENSION_CONFIGURATION[2d48ab72-f0a1-4312-b4ae-5068a226b0fc];]=***,
Extkey[name=EXTENSION_AUTHOR;type=class
java.lang.String;uuid=EXTENSION_AUTHOR[ef242f7a-2dad-4bc5-9aad-e07018b7fbcc];]=The
oVirt Project, Extkey[name=AAA_AUTHZ_QUERY_MAX_FILTER_SIZE;type=class
java.lang.Integer;uuid=AAA_AUTHZ_QUERY_MAX_FILTER_SIZE[2eb1f541-0f65-44a1-a6e3-014e247595f5];]=100,
Extkey[name=EXTENSION_INSTANCE_NAME;type=class
java.lang.String;uuid=EXTENSION_INSTANCE_NAME[65c67ff6-aeca-4bd5-a245-8674327f011b];]=siee.local,
Extkey[name=EXTENSION_BUILD_INTERFACE_VERSION;type=class
java.lang.Integer;uuid=EXTENSION_BUILD_INTERFACE_VERSION[cb479e5a-4b23-46f8-aed3-56a4747a8ab7];]=0,
Extkey[name=AAA_AUTHZ_CAPABILITIES;type=class
java.lang.Long;uuid=AAA_AUTHZ_CAPABILITIES[6106d1fb-9291-4351-a947-b897b9540a23];]=1,
Extkey[name=EXTENSION_CONFIGURATION_SENSITIVE_KEYS;type=interface
java.util.Collection;uuid=EXTENSION_CONFIGURATION_SENSITIVE_KEYS[a456efa1-73ff-4204-9f9b-ebff01e35263];]=[],
Extkey[name=EXTENSION_GLOBAL_CONTEXT;type=class
org.ovirt.engine.api.extensions.ExtMap;uuid=EXTENSION_GLOBAL_CONTEXT[9799e72f-7af6-4cf1-bf08-297bc8903676];]=*skip*,
Extkey[name=EXTENSION_VERSION;type=class
java.lang.String;uuid=EXTENSION_VERSION[fe35f6a8-8239-4bdb-ab1a-af9f779ce68c];]=N/A,
Extkey[name=AAA_AUTHZ_AVAILABLE_NAMESPACES;type=interface
java.util.Collection;uuid=AAA_AUTHZ_AVAILABLE_NAMESPACES[6dffa34c-955f-486a-bd35-0a272b45a711];]=[*],
Extkey[name=EXTENSION_MANAGER_TRACE_LOG;type=interface
org.slf4j.Logger;uuid=EXTENSION_MANAGER_TRACE_LOG[863db666-3ea7-4751-9695-918a3197ad83];]=org.slf4j.impl.Slf4jLogger(org.ovirt.engine.core.extensions.mgr.ExtensionsManager.trace.Kerberos/Ldap
Authz (Built-in).siee.local), Extkey[name=EXTENSION_PROVIDES;type=interface
java.util.Collection;uuid=EXTENSION_PROVIDES[8cf373a6-65b5-4594-b828-0e275087de91];]=[org.ovirt.engine.api.extensions.aaa.Authz]},
Extkey[name=AAA_AUTHZ_QUERY_FLAGS;type=class
java.lang.Integer;uuid=AAA_AUTHZ_QUERY_FLAGS[97d226e9-8d87-49a0-9a7f-af689320907b];]=3,
Extkey[name=EXTENSION_INVOKE_COMMAND;type=class
org.ovirt.engine.api.extensions.ExtUUID;uuid=EXTENSION_INVOKE_COMMAND[485778ab-bede-4f1a-b823-77b262a2f28d];]=AAA_AUTHZ_FETCH_PRINCIPAL_RECORD[5a5bf9bb-9336-4376-a823-26efe1ba26df],
Extkey[name=AAA_AUTHN_AUTH_RECORD;type=class
org.ovirt.engine.api.extensions.ExtMap;uuid=AAA_AUTHN_AUTH_RECORD[e9462168-b53b-44ac-9af5-f25e1697173e];]={Extkey[name=AAA_AUTHN_AUTH_RECORD_PRINCIPAL;type=class
java.lang.String;uuid=AAA_AUTHN_AUTH_RECORD_PRINCIPAL[c3498f07-11fe-464c-958c-8bd7490b119a];]=juanjo}}
Output: {Extkey[name=EXTENSION_INVOKE_RESULT;type=class
java.lang.Integer;uuid=EXTENSION_INVOKE_RESULT[0909d91d-8bde-40fb-b6c0-099c772ddd4e];]=2,
Extkey[name=AAA_AUTHZ_STATUS;type=class
java.lang.Integer;uuid=AAA_AUTHZ_STATUS[566f0ba5-8329-4de1-952a-7a81e4bedd3e];]=1}
at
org.ovirt.engine.core.extensions.mgr.ExtensionProxy.invoke(ExtensionProxy.java:91)
[extensions-manager.jar:] at
org.ovirt.engine.core.extensions.mgr.ExtensionProxy.invoke(ExtensionProxy.java:109)
[extensions-manager.jar:] at
org.ovirt.engine.core.aaa.AuthzUtils.fetchPrincipalRecordImpl(AuthzUtils.java:51)
[aaa.jar:] at
org.ovirt.engine.core.aaa.AuthzUtils.fetchPrincipalRecord(AuthzUtils.java:42)
[aaa.jar:] at
org.ovirt.engine.core.bll.aaa.LoginBaseCommand.isUserCanBeAuthenticated(LoginBaseCommand.java:234)
[bll.jar:] at
org.ovirt.engine.core.bll.aaa.LoginAdminUserCommand.canDoAction(LoginAdminUserCommand.java:15)
[bll.jar:] at
org.ovirt.engine.core.bll.CommandBase.internalCanDoAction(CommandBase.java:744)
[bll.jar:] at
org.ovirt.engine.core.bll.CommandBase.executeAction(CommandBase.java:338)
[bll.jar:] at org.ovirt.engine.core.bll.Backend.login(Backend.java:575) [bll.jar:] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.7.0_51] at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
[rt.jar:1.7.0_51] at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
[rt.jar:1.7.0_51] at java.lang.reflect.Method.invoke(Method.java:606) [rt.jar:1.7.0_51] at
org.jboss.as.ee.component.ManagedReferenceMethodInterceptorFactory$ManagedReferenceMethodInterceptor.processInvocation(ManagedReferenceMethodInterceptorFactory.java:72)
[jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
[jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at
org.jboss.invocation.InterceptorContext$Invocation.proceed(InterceptorContext.java:374)
[jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at
org.jboss.as.weld.ejb.Jsr299BindingsInterceptor.delegateInterception(Jsr299BindingsInterceptor.java:114)
[jboss-as-weld-7.1.1.Final.jar:7.1.1.Final] at
org.jboss.as.weld.ejb.Jsr299BindingsInterceptor.doMethodInterception(Jsr299BindingsInterceptor.java:125)
[jboss-as-weld-7.1.1.Final.jar:7.1.1.Final] at
org.jboss.as.weld.ejb.Jsr299BindingsInterceptor.processInvocation(Jsr299BindingsInterceptor.java:135)
[jboss-as-weld-7.1.1.Final.jar:7.1.1.Final] at
org.jboss.as.ee.component.interceptors.UserInterceptorFactory$1.processInvocation(UserInterceptorFactory.java:36)
[jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
[jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at
org.jboss.invocation.InterceptorContext$Invocation.proceed(InterceptorContext.java:374)
[jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at
org.ovirt.engine.core.bll.interceptors.ThreadLocalSessionCleanerInterceptor.injectWebContextToThreadLocal(ThreadLocalSessionCleanerInterceptor.java:13)
[bll.jar:] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.7.0_51] at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
[rt.jar:1.7.0_51] at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
[rt.jar:1.7.0_51] at java.lang.reflect.Method.invoke(Method.java:606) [rt.jar:1.7.0_51] at
org.jboss.as.ee.component.ManagedReferenceLifecycleMethodInterceptorFactory$ManagedReferenceLifecycleMethodInterceptor.processInvocation(ManagedReferenceLifecycleMethodInterceptorFactory.java:123)
[jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
[jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at
org.jboss.invocation.WeavedInterceptor.processInvocation(WeavedInterceptor.java:53)
[jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at
org.jboss.as.ee.component.interceptors.UserInterceptorFactory$1.processInvocation(UserInterceptorFactory.java:36)
[jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
[jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at
org.jboss.as.weld.ejb.EjbRequestScopeActivationInterceptor.processInvocation(EjbRequestScopeActivationInterceptor.java:82)
[jboss-as-weld-7.1.1.Final.jar:7.1.1.Final] at
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
[jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at
org.jboss.invocation.InitialInterceptor.processInvocation(InitialInterceptor.java:21)
[jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
[jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at
org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61)
[jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at
org.jboss.as.ee.component.interceptors.ComponentDispatcherInterceptor.processInvocation(ComponentDispatcherInterceptor.java:53)
[jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
[jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at
org.jboss.as.ejb3.component.singleton.SingletonComponentInstanceAssociationInterceptor.processInvocation(SingletonComponentInstanceAssociationInterceptor.java:53)
[jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] at
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
[jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at
org.jboss.as.ejb3.tx.CMTTxInterceptor.invokeInNoTx(CMTTxInterceptor.java:211)
[jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] at
org.jboss.as.ejb3.tx.CMTTxInterceptor.supports(CMTTxInterceptor.java:363)
[jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] at
org.jboss.as.ejb3.tx.CMTTxInterceptor.processInvocation(CMTTxInterceptor.java:194)
[jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] at
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
[jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at
org.jboss.as.ejb3.component.interceptors.CurrentInvocationContextInterceptor.processInvocation(CurrentInvocationContextInterceptor.java:41)
[jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] at
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
[jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at
org.jboss.as.ejb3.component.interceptors.LoggingInterceptor.processInvocation(LoggingInterceptor.java:59)
[jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] at
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
[jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at
org.jboss.as.ee.component.NamespaceContextInterceptor.processInvocation(NamespaceContextInterceptor.java:50)
[jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
[jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at
org.jboss.as.ee.component.TCCLInterceptor.processInvocation(TCCLInterceptor.java:45)
[jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
[jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at
org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61)
[jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at
org.jboss.as.ee.component.ViewService$View.invoke(ViewService.java:165)
[jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at
org.jboss.as.ee.component.ViewDescription$1.processInvocation(ViewDescription.java:173)
[jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
[jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at
org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61)
[jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at
org.jboss.as.ee.component.ProxyInvocationHandler.invoke(ProxyInvocationHandler.java:72)
[jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at
org.ovirt.engine.core.common.interfaces.BackendLocal$$$view7.login(Unknown
Source) [common.jar:] at
org.ovirt.engine.ui.frontend.server.gwt.GenericApiGWTServiceImpl.login(GenericApiGWTServiceImpl.java:183)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.7.0_51] at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
[rt.jar:1.7.0_51] at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
[rt.jar:1.7.0_51] at java.lang.reflect.Method.invoke(Method.java:606) [rt.jar:1.7.0_51] at com.google.gwt.rpc.server.RPC.invokeAndStreamResponse(RPC.java:196) at
com.google.gwt.rpc.server.RpcServlet.processCall(RpcServlet.java:172)
at
com.google.gwt.rpc.server.RpcServlet.processPost(RpcServlet.java:233)
at
com.google.gwt.user.server.rpc.AbstractRemoteServiceServlet.doPost(AbstractRemoteServiceServlet.java:62)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:754) [jboss-servlet-api_3.0_spec-1.0.0.Final.jar:1.0.0.Final] at javax.servlet.http.HttpServlet.service(HttpServlet.java:847) [jboss-servlet-api_3.0_spec-1.0.0.Final.jar:1.0.0.Final] at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:329)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)
at
org.ovirt.engine.core.utils.servlet.HeaderFilter.doFilter(HeaderFilter.java:94)
[utils.jar:] at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)
at
org.ovirt.engine.ui.frontend.server.gwt.GwtCachingFilter.doFilter(GwtCachingFilter.java:132)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)
at
org.ovirt.engine.core.branding.BrandingFilter.doFilter(BrandingFilter.java:72)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)
at
org.ovirt.engine.core.utils.servlet.LocaleFilter.doFilter(LocaleFilter.java:64)
[utils.jar:] at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)
at
org.ovirt.engine.core.aaa.filters.SessionMgmtFilter.doFilter(SessionMgmtFilter.java:31)
[aaa.jar:] at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)
at
org.ovirt.engine.core.aaa.filters.LoginFilter.doFilter(LoginFilter.java:73)
[aaa.jar:] at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)
at
org.ovirt.engine.core.aaa.filters.NegotiationFilter.doFilter(NegotiationFilter.java:131)
[aaa.jar:] at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)
at
org.ovirt.engine.core.aaa.filters.BasicAuthenticationFilter.doFilter(BasicAuthenticationFilter.java:75)
[aaa.jar:] at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)
at
org.ovirt.engine.core.aaa.filters.SessionValidationFilter.doFilter(SessionValidationFilter.java:63)
[aaa.jar:] at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:275)
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:161)
at
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:489)
at
org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityContextAssociationValve.java:153)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:155)
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
at
org.jboss.web.rewrite.RewriteValve.invoke(RewriteValve.java:466)
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:368)
at
org.apache.coyote.ajp.AjpProcessor.process(AjpProcessor.java:505)
at
org.apache.coyote.ajp.AjpProtocol$AjpConnectionHandler.process(AjpProtocol.java:445)
at
org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:930)
at java.lang.Thread.run(Thread.java:744) [rt.jar:1.7.0_51]
Could you help me with this problem, please?
Many thanks in advanced,
Juanjo.
On Tue, Nov 25, 2014 at 12:24 PM, Ondra Machacek <
omachace@redhat.com>
wrote:
> Hi, > > can you please try different account than Administrator? > > ----- Original Message ----- > > From: "Juan Jose" <jj197005@gmail.com> > > To: omachace@redhat.com, alonbl@redhat.com, "Yair Zaslavsky" < > yzaslavs@redhat.com>, users@ovirt.org > > Sent: Tuesday, November 25, 2014 11:01:13 AM > > Subject: Re: [ovirt-users] Adding domain to oVirt to 3.5 issue > > > > Hello everybody, > > > > Ondra you are right, I removed the domain. I have already
> execute > > the command with lower case the domain name and the result is
[org.ovirt.engine.extensions.aaa.builtin.kerberosldap.DirectorySearcher] tried to the
same
> > > > engine-manage-domains add --domain=siee.local --provider=ad > > --user=Administrator --add-permissions > > Enter password: > > No user in Directory was found for Administrator@SIEE.LOCAL. Trying > > next > > LDAP server in list > > Failure while testing domain siee.local. Details: No user information > > was > > found for user > > > > the result to the command psql -U engine -d engine -c "select * from > > vdc_options where option_name='LDAPSecurityAuthentication'" is: > > > > psql: FATAL: Ident authentication failed for user "engine" > > > > And for second command psql -U engine -d engine -c "update vdc_options > set > > option_value='siee.local:GSSAPI' where > > option_name='LDAPSecurityAuthentication'", I receive the same response: > > > > psql: FATAL: Ident authentication failed for user "engine" > > > > Is there any problem? > > > > Many thanks in advanced, > > > > Juanjo. > > > > > > On Mon, Nov 24, 2014 at 1:57 PM, Ondra Machacek < omachace@redhat.com> > wrote: > > > > > I understood that domain can be deleted, but can't be added, > > > so there won't be needed values to update in vdc_options. > > > > > > Juanjo - Can you please provide us what's the result of command: > > > > > > $ psql -U engine -d engine -c "select * from vdc_options where > > > option_name='LDAPSecurityAuthentication'" > > > > > > If it's empty or if the domain name is upper case or lower case? > > > If it's upper, than please lower case it. > > > $ psql -U engine -d engine -c "update vdc_options set > > > option_value='siee.local:GSSAPI' where > > > option_name='LDAPSecurityAuthentication'" > > > > > > > > > ----- Original Message ----- > > > > From: "Alon Bar-Lev" <alonbl@redhat.com> > > > > To: "Ondra Machacek" <omachace@redhat.com> > > > > Cc: jj197005@gmail.com, users@ovirt.org, "Yair Zaslavsky" < > > > yzaslavs@redhat.com> > > > > Sent: Monday, November 24, 2014 1:49:11 PM > > > > Subject: Re: [ovirt-users] Adding domain to oVirt to 3.5 issue > > > > > > > > > > > > > > > > ----- Original Message ----- > > > > > From: "Ondra Machacek" <omachace@redhat.com> > > > > > To: jj197005@gmail.com > > > > > Cc: users@ovirt.org, "Yair Zaslavsky" < yzaslavs@redhat.com>, > > > > > "Alon > > > Bar-Lev" > > > > > <alonbl@redhat.com> > > > > > Sent: Monday, November 24, 2014 2:46:20 PM > > > > > Subject: Re: [ovirt-users] Adding domain to oVirt to 3.5 issue > > > > > > > > > > Please try to run your command with domain in lower case: > > > > > > > > > > engine-manage-domains add --domain=siee.local --provider=ad > > > > > --user=Administrator > > > > > > > > it is already added, won't it simpler to modify the vdc_options? > > > > > > > > > > > > > > > > > > > ----- Original Message ----- > > > > > > From: "Alon Bar-Lev" <alonbl@redhat.com> > > > > > > To: "Juan Jose" <jj197005@gmail.com> > > > > > > Cc: users@ovirt.org, "Yair Zaslavsky" < yzaslavs@redhat.com , > "Ondra > > > > > > Machacek" <omachace@redhat.com> > > > > > > Sent: Monday, November 24, 2014 1:27:39 PM > > > > > > Subject: Re: [ovirt-users] Adding domain to oVirt to 3.5 issue > > > > > > > > > > > > > > > > > > Yes, > > > > > > I think we just fixed this[1]. > > > > > > We can fix this manually, yair, ondra what is the easiest fix? > > > > > > > > > > > > BTW: you can also checkout the new ldap provider > > > > > > (ovirt-engine-extension-aaa-ldap) in 3.5 which should be much > more > > > > > > robust[1], I can help you set it up. > > > > > > > > > > > > [1] https://bugzilla.redhat.com/show_bug.cgi?id=1167211 > > > > > > [2] > > > > > > > > > >
http://gerrit.ovirt.org/gitweb?p=ovirt-engine-extension-aaa-ldap.git;a=blob;...
> > > > > > > > > > > > ----- Original Message ----- > > > > > > > From: "Juan Jose" <jj197005@gmail.com> > > > > > > > To: users@ovirt.org > > > > > > > Sent: Monday, November 24, 2014 2:22:44 PM > > > > > > > Subject: [ovirt-users] Adding domain to oVirt to 3.5 issue > > > > > > > > > > > > > > Hello everybody, > > > > > > > > > > > > > > I have upgraded my oVirt 3.4 to 3.5 version without any > > > > > > > problem > > > > > > > apparently. > > > > > > > > > > > > > > After finish the upgrade I have tried to login with any of my > AD > > > users > > > > > > > from > > > > > > > my Samba 4, like I used to do in oVirt 3.4 but I received > > > > > > > authentication > > > > > > > errors as below error: > > > > > > > > > > > > > > 2014-11-21 14:06:02,681 ERROR > > > > > > > > > > >
[org.ovirt.engine.extensions.aaa.builtin.kerberosldap.GSSAPIDirContextAuthenticationStrategy]
> > > > > > > (ajp--127.0.0.1-8702-3) Kerberos error: Pre-authentication > > > information > > > > > > > was > > > > > > > invalid (24) > > > > > > > 2014-11-21 14:06:02,683 ERROR > > > > > > > > > > >
[org.ovirt.engine.extensions.aaa.builtin.kerberosldap.GSSAPIDirContextAuthenticationStrategy]
> > > > > > > (ajp--127.0.0.1-8702-3) Authentication Failed. Please verify > the > > > > > > > username > > > > > > > and password. > > > > > > > 2014-11-21 14:06:02,685 ERROR > > > > > > > > > > >
[org.ovirt.engine.extensions.aaa.builtin.kerberosldap.DirectorySearcher]
> > > > > > > (ajp--127.0.0.1-8702-3) Failed ldap search server > > > > > > > ldap://adserver.siee.local:389 using user juanjo@SIEE.LOCAL > due to > > > > > > > Authentication Failed. Please verify the username and > password.. We > > > > > > > should > > > > > > > not try the next server > > > > > > > 2014-11-21 14:06:02,688 ERROR > > > > > > > > > > >
[org.ovirt.engine.extensions.aaa.builtin.kerberosldap.LdapBrokerCommandBase]
> > > > > > > (ajp--127.0.0.1-8702-3) Failed to run command > > > > > > > LdapGetAdUserByUserNameCommand. Domain is siee.local. User is > > > > > > > juanjo@SIEE.LOCAL. > > > > > > > 2014-11-21 14:06:02,690 ERROR > > > > > > > [org.ovirt.engine.core.bll.aaa.LoginAdminUserCommand] > > > > > > > (ajp--127.0.0.1-8702-3) Error during CanDoActionFailure.: > Class: > > > class > > > > > > > > > > >
org.ovirt.engine.core.extensions.mgr.ExtensionInvokeCommandFailedException
> > > > > > > Input: > > > > > > > {Extkey[name=EXTENSION_INVOKE_CONTEXT;type=class > > > > > > > > > > >
org.ovirt.engine.api.extensions.ExtMap;uuid=EXTENSION_INVOKE_CONTEXT[886d2ebb-312a-49ae-9cc3-e1f849834b7d];]={Extkey[name=EXTENSION_INTERFACE_VERSION_MAX;type=class
> > > > > > > > > > >
java.lang.Integer;uuid=EXTENSION_INTERFACE_VERSION_MAX[f4cff49f-2717-4901-8ee9-df362446e3e7];]=0,
> > > > > > > Extkey[name=EXTENSION_LICENSE;type=class > > > > > > > > > > >
java.lang.String;uuid=EXTENSION_LICENSE[8a61ad65-054c-4e31-9c6d-1ca4d60a4c18];]=ASL
> > > > > > > 2.0, Extkey[name=EXTENSION_HOME_URL;type=class > > > > > > > > > > >
java.lang.String;uuid=EXTENSION_HOME_URL[4ad7a2f4-f969-42d4-b399-72d192e18304];]=
> > > > > > > http://www.ovirt.org , > > > > > > > Extkey[name=EXTENSION_LOCALE;type=class > > > > > > > > > > >
java.lang.String;uuid=EXTENSION_LOCALE[0780b112-0ce0-404a-b85e-8765d778bb29];]=en_US,
> > > > > > > Extkey[name=EXTENSION_NAME;type=class > > > > > > > > > > >
java.lang.String;uuid=EXTENSION_NAME[651381d3-f54f-4547-bf28-b0b01a103184];]=Kerberos/Ldap
> > > > > > > Authz (Built-in), > > > > > > > Extkey[name=EXTENSION_INTERFACE_VERSION_MIN;type=class > > > > > > > > > > >
java.lang.Integer;uuid=EXTENSION_INTERFACE_VERSION_MIN[2b84fc91-305b-497b-a1d7-d961b9d2ce0b];]=0,
> > > > > > > Extkey[name=EXTENSION_CONFIGURATION;type=class > > > > > > > > > > >
java.util.Properties;uuid=EXTENSION_CONFIGURATION[2d48ab72-f0a1-4312-b4ae-5068a226b0fc];]=***,
> > > > > > > Extkey[name=EXTENSION_AUTHOR;type=class > > > > > > > > > > >
java.lang.String;uuid=EXTENSION_AUTHOR[ef242f7a-2dad-4bc5-9aad-e07018b7fbcc];]=The
> > > > > > > oVirt Project, > > > Extkey[name=AAA_AUTHZ_QUERY_MAX_FILTER_SIZE;type=class > > > > > > > > > > >
java.lang.Integer;uuid=AAA_AUTHZ_QUERY_MAX_FILTER_SIZE[2eb1f541-0f65-44a1-a6e3-014e247595f5];]=100,
> > > > > > > Extkey[name=EXTENSION_INSTANCE_NAME;type=class > > > > > > > > > > >
java.lang.String;uuid=EXTENSION_INSTANCE_NAME[65c67ff6-aeca-4bd5-a245-8674327f011b];]=siee.local,
> > > > > > > Extkey[name=EXTENSION_BUILD_INTERFACE_VERSION;type=class > > > > > > > > > > >
java.lang.Integer;uuid=EXTENSION_BUILD_INTERFACE_VERSION[cb479e5a-4b23-46f8-aed3-56a4747a8ab7];]=0,
> > > > > > > Extkey[name=AAA_AUTHZ_CAPABILITIES;type=class > > > > > > > > > > >
java.lang.Long;uuid=AAA_AUTHZ_CAPABILITIES[6106d1fb-9291-4351-a947-b897b9540a23];]=1,
> > > > > > > > Extkey[name=EXTENSION_CONFIGURATION_SENSITIVE_KEYS;type=interface > > > > > > > > > > >
java.util.Collection;uuid=EXTENSION_CONFIGURATION_SENSITIVE_KEYS[a456efa1-73ff-4204-9f9b-ebff01e35263];]=[],
> > > > > > > Extkey[name=EXTENSION_GLOBAL_CONTEXT;type=class > > > > > > > > > > >
org.ovirt.engine.api.extensions.ExtMap;uuid=EXTENSION_GLOBAL_CONTEXT[9799e72f-7af6-4cf1-bf08-297bc8903676];]=*skip*,
> > > > > > > Extkey[name=EXTENSION_VERSION;type=class > > > > > > > > > > >
java.lang.String;uuid=EXTENSION_VERSION[fe35f6a8-8239-4bdb-ab1a-af9f779ce68c];]=N/A,
> > > > > > > Extkey[name=AAA_AUTHZ_AVAILABLE_NAMESPACES;type=interface > > > > > > > > > > >
java.util.Collection;uuid=AAA_AUTHZ_AVAILABLE_NAMESPACES[6dffa34c-955f-486a-bd35-0a272b45a711];]=[*],
> > > > > > > Extkey[name=EXTENSION_MANAGER_TRACE_LOG;type=interface > > > > > > > > > > >
org.slf4j.Logger;uuid=EXTENSION_MANAGER_TRACE_LOG[863db666-3ea7-4751-9695-918a3197ad83];]=org.slf4j.impl.Slf4jLogger(org.ovirt.engine.core.extensions.mgr.ExtensionsManager.trace.Kerberos/Ldap
> > > > > > > Authz (Built-in).siee.local), > > > > > > > Extkey[name=EXTENSION_PROVIDES;type=interface > > > > > > > > > > >
java.util.Collection;uuid=EXTENSION_PROVIDES[8cf373a6-65b5-4594-b828-0e275087de91];]=[org.ovirt.engine.api.extensions.aaa.Authz]},
> > > > > > > Extkey[name=AAA_AUTHZ_QUERY_FLAGS;type=class > > > > > > > > > > >
java.lang.Integer;uuid=AAA_AUTHZ_QUERY_FLAGS[97d226e9-8d87-49a0-9a7f-af689320907b];]=3,
> > > > > > > Extkey[name=EXTENSION_INVOKE_COMMAND;type=class > > > > > > > > > > >
org.ovirt.engine.api.extensions.ExtUUID;uuid=EXTENSION_INVOKE_COMMAND[485778ab-bede-4f1a-b823-77b262a2f28d];]=AAA_AUTHZ_FETCH_PRINCIPAL_RECORD[5a5bf9bb-9336-4376-a823-26efe1ba26df],
> > > > > > > Extkey[name=AAA_AUTHN_AUTH_RECORD;type=class > > > > > > > > > > >
org.ovirt.engine.api.extensions.ExtMap;uuid=AAA_AUTHN_AUTH_RECORD[e9462168-b53b-44ac-9af5-f25e1697173e];]={Extkey[name=AAA_AUTHN_AUTH_RECORD_PRINCIPAL;type=class
> > > > > > > > > > >
java.lang.String;uuid=AAA_AUTHN_AUTH_RECORD_PRINCIPAL[c3498f07-11fe-464c-958c-8bd7490b119a];]=juanjo}}
> > > > > > > Output: > > > > > > > {Extkey[name=EXTENSION_INVOKE_RESULT;type=class > > > > > > > > > > >
java.lang.Integer;uuid=EXTENSION_INVOKE_RESULT[0909d91d-8bde-40fb-b6c0-099c772ddd4e];]=2,
> > > > > > > Extkey[name=AAA_AUTHZ_STATUS;type=class > > > > > > > > > > >
java.lang.Integer;uuid=AAA_AUTHZ_STATUS[566f0ba5-8329-4de1-952a-7a81e4bedd3e];]=1}
> > > > > > > > > > > > > > at > > > > > > > > > > >
org.ovirt.engine.core.extensions.mgr.ExtensionProxy.invoke(ExtensionProxy.java:91)
> > > > > > > [extensions-manager.jar:] > > > > > > > at > > > > > > > > > > >
org.ovirt.engine.core.extensions.mgr.ExtensionProxy.invoke(ExtensionProxy.java:109)
> > > > > > > [extensions-manager.jar:] > > > > > > > at > > > > > > > > > > >
org.ovirt.engine.core.aaa.AuthzUtils.fetchPrincipalRecordImpl(AuthzUtils.java:51)
> > > > > > > [aaa.jar:] > > > > > > > at > > > > > > > > > > >
org.ovirt.engine.core.aaa.AuthzUtils.fetchPrincipalRecord(AuthzUtils.java:42)
> > > > > > > [aaa.jar:] > > > > > > > at > > > > > > > > > > >
org.ovirt.engine.core.bll.aaa.LoginBaseCommand.isUserCanBeAuthenticated(LoginBaseCommand.java:234)
> > > > > > > [bll.jar:] > > > > > > > at > > > > > > > > > > >
org.ovirt.engine.core.bll.aaa.LoginAdminUserCommand.canDoAction(LoginAdminUserCommand.java:15)
> > > > > > > [bll.jar:] > > > > > > > at > > > > > > > > > > >
org.ovirt.engine.core.bll.CommandBase.internalCanDoAction(CommandBase.java:744)
> > > > > > > [bll.jar:] > > > > > > > at > > > > > > > > > > >
org.ovirt.engine.core.bll.CommandBase.executeAction(CommandBase.java:338)
> > > > > > > [bll.jar:] > > > > > > > at org.ovirt.engine.core.bll.Backend.login(Backend.java:575) > > > [bll.jar:] > > > > > > > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native > > > > > > > Method) > > > > > > > [rt.jar:1.7.0_51] > > > > > > > at > > > > > > > > > > >
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
> > > > > > > [rt.jar:1.7.0_51] > > > > > > > at > > > > > > > > > > >
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> > > > > > > [rt.jar:1.7.0_51] > > > > > > > at java.lang.reflect.Method.invoke(Method.java:606) > > > [rt.jar:1.7.0_51] > > > > > > > at > > > > > > > > > > >
org.jboss.as.ee.component.ManagedReferenceMethodInterceptorFactory$ManagedReferenceMethodInterceptor.processInvocation(ManagedReferenceMethodInterceptorFactory.java:72)
> > > > > > > [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] > > > > > > > at > > > > > > > > > > >
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
> > > > > > > [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > > > > > > > at > > > > > > > > > > >
org.jboss.invocation.InterceptorContext$Invocation.proceed(InterceptorContext.java:374)
> > > > > > > [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > > > > > > > at > > > > > > > > > > >
org.jboss.as.weld.ejb.Jsr299BindingsInterceptor.delegateInterception(Jsr299BindingsInterceptor.java:114)
> > > > > > > [jboss-as-weld-7.1.1.Final.jar:7.1.1.Final] > > > > > > > at > > > > > > > > > > >
org.jboss.as.weld.ejb.Jsr299BindingsInterceptor.doMethodInterception(Jsr299BindingsInterceptor.java:125)
> > > > > > > [jboss-as-weld-7.1.1.Final.jar:7.1.1.Final] > > > > > > > at > > > > > > > > > > >
org.jboss.as.weld.ejb.Jsr299BindingsInterceptor.processInvocation(Jsr299BindingsInterceptor.java:135)
> > > > > > > [jboss-as-weld-7.1.1.Final.jar:7.1.1.Final] > > > > > > > at > > > > > > > > > > >
org.jboss.as.ee.component.interceptors.UserInterceptorFactory$1.processInvocation(UserInterceptorFactory.java:36)
> > > > > > > [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] > > > > > > > at > > > > > > > > > > >
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
> > > > > > > [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > > > > > > > at > > > > > > > > > > >
org.jboss.invocation.InterceptorContext$Invocation.proceed(InterceptorContext.java:374)
> > > > > > > [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > > > > > > > at > > > > > > > > > > >
org.ovirt.engine.core.bll.interceptors.ThreadLocalSessionCleanerInterceptor.injectWebContextToThreadLocal(ThreadLocalSessionCleanerInterceptor.java:13)
> > > > > > > [bll.jar:] > > > > > > > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native > > > > > > > Method) > > > > > > > [rt.jar:1.7.0_51] > > > > > > > at > > > > > > > > > > >
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
> > > > > > > [rt.jar:1.7.0_51] > > > > > > > at > > > > > > > > > > >
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> > > > > > > [rt.jar:1.7.0_51] > > > > > > > at java.lang.reflect.Method.invoke(Method.java:606) > > > [rt.jar:1.7.0_51] > > > > > > > at > > > > > > > > > > >
org.jboss.as.ee.component.ManagedReferenceLifecycleMethodInterceptorFactory$ManagedReferenceLifecycleMethodInterceptor.processInvocation(ManagedReferenceLifecycleMethodInterceptorFactory.java:123)
> > > > > > > [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] > > > > > > > at > > > > > > > > > > >
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
> > > > > > > [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > > > > > > > at > > > > > > > > > > >
org.jboss.invocation.WeavedInterceptor.processInvocation(WeavedInterceptor.java:53)
> > > > > > > [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > > > > > > > at > > > > > > > > > > >
org.jboss.as.ee.component.interceptors.UserInterceptorFactory$1.processInvocation(UserInterceptorFactory.java:36)
> > > > > > > [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] > > > > > > > at > > > > > > > > > > >
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
> > > > > > > [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > > > > > > > at > > > > > > > > > > >
org.jboss.as.weld.ejb.EjbRequestScopeActivationInterceptor.processInvocation(EjbRequestScopeActivationInterceptor.java:82)
> > > > > > > [jboss-as-weld-7.1.1.Final.jar:7.1.1.Final] > > > > > > > at > > > > > > > > > > >
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
> > > > > > > [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > > > > > > > at > > > > > > > > > > >
org.jboss.invocation.InitialInterceptor.processInvocation(InitialInterceptor.java:21)
> > > > > > > [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > > > > > > > at > > > > > > > > > > >
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
> > > > > > > [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > > > > > > > at > > > > > > > > > > >
org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61)
> > > > > > > [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > > > > > > > at > > > > > > > > > > >
org.jboss.as.ee.component.interceptors.ComponentDispatcherInterceptor.processInvocation(ComponentDispatcherInterceptor.java:53)
> > > > > > > [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] > > > > > > > at > > > > > > > > > > >
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
> > > > > > > [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > > > > > > > at > > > > > > > > > > >
org.jboss.as.ejb3.component.singleton.SingletonComponentInstanceAssociationInterceptor.processInvocation(SingletonComponentInstanceAssociationInterceptor.java:53)
> > > > > > > [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] > > > > > > > at > > > > > > > > > > >
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
> > > > > > > [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > > > > > > > at > > > > > > > > > > >
org.jboss.as.ejb3.tx.CMTTxInterceptor.invokeInNoTx(CMTTxInterceptor.java:211)
> > > > > > > [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] > > > > > > > at > > > > > > > > > > >
org.jboss.as.ejb3.tx.CMTTxInterceptor.supports(CMTTxInterceptor.java:363)
> > > > > > > [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] > > > > > > > at > > > > > > > > > > >
org.jboss.as.ejb3.tx.CMTTxInterceptor.processInvocation(CMTTxInterceptor.java:194)
> > > > > > > [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] > > > > > > > at > > > > > > > > > > >
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
> > > > > > > [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > > > > > > > at > > > > > > > > > > >
org.jboss.as.ejb3.component.interceptors.CurrentInvocationContextInterceptor.processInvocation(CurrentInvocationContextInterceptor.java:41)
> > > > > > > [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] > > > > > > > at > > > > > > > > > > >
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
> > > > > > > [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > > > > > > > at > > > > > > > > > > >
org.jboss.as.ejb3.component.interceptors.LoggingInterceptor.processInvocation(LoggingInterceptor.java:59)
> > > > > > > [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] > > > > > > > at > > > > > > > > > > >
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
> > > > > > > [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > > > > > > > at > > > > > > > > > > >
org.jboss.as.ee.component.NamespaceContextInterceptor.processInvocation(NamespaceContextInterceptor.java:50)
> > > > > > > [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] > > > > > > > at > > > > > > > > > > >
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
> > > > > > > [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > > > > > > > at > > > > > > > > > > >
org.jboss.as.ee.component.TCCLInterceptor.processInvocation(TCCLInterceptor.java:45)
> > > > > > > [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] > > > > > > > at > > > > > > > > > > >
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
> > > > > > > [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > > > > > > > at > > > > > > > > > > >
org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61)
> > > > > > > [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > > > > > > > at > > > > > > > > > > org.jboss.as.ee.component.ViewService$View.invoke(ViewService.java:165) > > > > > > > [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] > > > > > > > at > > > > > > > > > > >
org.jboss.as.ee.component.ViewDescription$1.processInvocation(ViewDescription.java:173)
> > > > > > > [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] > > > > > > > at > > > > > > > > > > >
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
> > > > > > > [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > > > > > > > at > > > > > > > > > > >
org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61)
> > > > > > > [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > > > > > > > at > > > > > > > > > > >
org.jboss.as.ee.component.ProxyInvocationHandler.invoke(ProxyInvocationHandler.java:72)
> > > > > > > [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] > > > > > > > at > > > > > > > > > > >
org.ovirt.engine.core.common.interfaces.BackendLocal$$$view7.login(Unknown
> > > > > > > Source) [common.jar:] > > > > > > > at > > > > > > > > > > >
org.ovirt.engine.ui.frontend.server.gwt.GenericApiGWTServiceImpl.login(GenericApiGWTServiceImpl.java:183)
> > > > > > > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native > > > > > > > Method) > > > > > > > [rt.jar:1.7.0_51] > > > > > > > at > > > > > > > > > > >
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
> > > > > > > [rt.jar:1.7.0_51] > > > > > > > at > > > > > > > > > > >
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> > > > > > > [rt.jar:1.7.0_51] > > > > > > > at java.lang.reflect.Method.invoke(Method.java:606) > > > [rt.jar:1.7.0_51] > > > > > > > at > > > com.google.gwt.rpc.server.RPC.invokeAndStreamResponse(RPC.java:196) > > > > > > > at > > > > > > > > > > com.google.gwt.rpc.server.RpcServlet.processCall(RpcServlet.java:172) > > > > > > > at > > > > > > > > > > com.google.gwt.rpc.server.RpcServlet.processPost(RpcServlet.java:233) > > > > > > > at > > > > > > > > > > >
com.google.gwt.user.server.rpc.AbstractRemoteServiceServlet.doPost(AbstractRemoteServiceServlet.java:62)
> > > > > > > at > > > > > > > javax.servlet.http.HttpServlet.service(HttpServlet.java:754) > > > > > > > [jboss-servlet-api_3.0_spec-1.0.0.Final.jar:1.0.0.Final] > > > > > > > at > > > > > > > javax.servlet.http.HttpServlet.service(HttpServlet.java:847) > > > > > > > [jboss-servlet-api_3.0_spec-1.0.0.Final.jar:1.0.0.Final] > > > > > > > at > > > > > > > > > > >
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:329)
> > > > > > > at > > > > > > > > > > >
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)
> > > > > > > at > > > > > > > > > > >
org.ovirt.engine.core.utils.servlet.HeaderFilter.doFilter(HeaderFilter.java:94)
> > > > > > > [utils.jar:] > > > > > > > at > > > > > > > > > > >
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280)
> > > > > > > at > > > > > > > > > > >
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)
> > > > > > > at > > > > > > > > > > >
org.ovirt.engine.ui.frontend.server.gwt.GwtCachingFilter.doFilter(GwtCachingFilter.java:132)
> > > > > > > at > > > > > > > > > > >
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280)
> > > > > > > at > > > > > > > > > > >
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)
> > > > > > > at > > > > > > > > > > >
org.ovirt.engine.core.branding.BrandingFilter.doFilter(BrandingFilter.java:72)
> > > > > > > at > > > > > > > > > > >
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280)
> > > > > > > at > > > > > > > > > > >
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)
> > > > > > > at > > > > > > > > > > >
org.ovirt.engine.core.utils.servlet.LocaleFilter.doFilter(LocaleFilter.java:64)
> > > > > > > [utils.jar:] > > > > > > > at > > > > > > > > > > >
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280)
> > > > > > > at > > > > > > > > > > >
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)
> > > > > > > at > > > > > > > > > > >
org.ovirt.engine.core.aaa.filters.SessionMgmtFilter.doFilter(SessionMgmtFilter.java:31)
> > > > > > > [aaa.jar:] > > > > > > > at > > > > > > > > > > >
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280)
> > > > > > > at > > > > > > > > > > >
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)
> > > > > > > at > > > > > > > > > > >
org.ovirt.engine.core.aaa.filters.LoginFilter.doFilter(LoginFilter.java:73)
> > > > > > > [aaa.jar:] > > > > > > > at > > > > > > > > > > >
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280)
> > > > > > > at > > > > > > > > > > >
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)
> > > > > > > at > > > > > > > > > > >
org.ovirt.engine.core.aaa.filters.NegotiationFilter.doFilter(NegotiationFilter.java:131)
> > > > > > > [aaa.jar:] > > > > > > > at > > > > > > > > > > >
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280)
> > > > > > > at > > > > > > > > > > >
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)
> > > > > > > at > > > > > > > > > > >
org.ovirt.engine.core.aaa.filters.BasicAuthenticationFilter.doFilter(BasicAuthenticationFilter.java:75)
> > > > > > > [aaa.jar:] > > > > > > > at > > > > > > > > > > >
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280)
> > > > > > > at > > > > > > > > > > >
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)
> > > > > > > at > > > > > > > > > > >
org.ovirt.engine.core.aaa.filters.SessionValidationFilter.doFilter(SessionValidationFilter.java:63)
> > > > > > > [aaa.jar:] > > > > > > > at > > > > > > > > > > >
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280)
> > > > > > > at > > > > > > > > > > >
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)
> > > > > > > at > > > > > > > > > > >
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:275)
> > > > > > > at > > > > > > > > > > >
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:161)
> > > > > > > at > > > > > > > > > > >
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:489)
> > > > > > > at > > > > > > > > > > >
org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityContextAssociationValve.java:153)
> > > > > > > at > > > > > > > > > > >
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:155)
> > > > > > > at > > > > > > > > > > >
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
> > > > > > > at > org.jboss.web.rewrite.RewriteValve.invoke(RewriteValve.java:466) > > > > > > > at > > > > > > > > > > >
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
> > > > > > > at > > > > > > > > > > >
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:368)
> > > > > > > at > > > org.apache.coyote.ajp.AjpProcessor.process(AjpProcessor.java:505) > > > > > > > at > > > > > > > > > > >
org.apache.coyote.ajp.AjpProtocol$AjpConnectionHandler.process(AjpProtocol.java:445)
> > > > > > > at > > > > > > > > > > org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:930) > > > > > > > at java.lang.Thread.run(Thread.java:744) [rt.jar:1.7.0_51] > > > > > > > > > > > > > > I have not changed any password from any of my AD users. > > > > > > > > > > > > > > I have removed from my oVirt 3.5 the domain with: > > > > > > > > > > > > > > engine-manage-domains delete --domain=siee.local > > > --user=Administrator > > > > > > > > > > > > > > And I have removed the domain without problems. But I want to > add > > > it > > > > > > > again > > > > > > > but I can't. I execute the bellow command, put the password > > > > > > > of > my > > > > > > > Administrator domain and I receive the error showed bellow: > > > > > > > > > > > > > > engine-manage-domains add --domain=SIEE.LOCAL --provider=ad > > > > > > > --user=Administrator > > > > > > > Enter password: > > > > > > > No user in Directory was found for Administrator@SIEE.LOCAL. > > > Trying > > > > > > > next > > > > > > > LDAP > > > > > > > server in list > > > > > > > Failure while testing domain siee.local. Details: No user > > > information > > > > > > > was > > > > > > > found for user > > > > > > > > > > > > > > The password that I use is correct because I can login with > user > > > > > > > Administrator in the domain siee.local through a Windows 7 > > > Enterprise > > > > > > > client. All this issue comes after my upgrade to oVirt 3.5. > Does > > > > > > > someone > > > > > > > help me with this problem?. If more info is needed or logs, > please > > > ask > > > > > > > me. > > > > > > > > > > > > > > Many thanks in advanced, > > > > > > > > > > > > > > Juanjo > > > > > > > > > > > > > > _______________________________________________ > > > > > > > Users mailing list > > > > > > > Users@ovirt.org > > > > > > > http://lists.ovirt.org/mailman/listinfo/users > > > > > > > > > > > > > > > > > > > > > > > > > > > >
Hello again, I have modified my /etc/krb5.conf and now I don't have any error, at least if I use my domain in upper case: [root@ovirt-engine ~]# kinit juanjo@SIEE.LOCAL Password for juanjo@siee.local: Warning: Your password will expire in 41 days on Tue Jan 6 16:50:21 2015 But I continue with ovirt administrator portal error: 2014-11-26 13:11:23,934 ERROR [org.ovirt.engine.extensions.aaa.builtin.kerberosldap.GSSAPIDirContextAuthenticationStrategy] (ajp--127.0.0.1-8702-1) Kerberos error: Pre-authentication information was invalid (24) 2014-11-26 13:11:23,935 ERROR [org.ovirt.engine.extensions.aaa.builtin.kerberosldap.GSSAPIDirContextAuthenticationStrategy] (ajp--127.0.0.1-8702-1) Authentication Failed. Please verify the username and password. 2014-11-26 13:11:23,940 ERROR [org.ovirt.engine.extensions.aaa.builtin.kerberosldap.DirectorySearcher] (ajp--127.0.0.1-8702-1) Failed ldap search server ldap://adserver.siee.local:389 using user juanjo@SIEE.LOCAL due to Authentication Failed. Please verify the username and password.. We should not try the next server 2014-11-26 13:11:23,941 ERROR [org.ovirt.engine.extensions.aaa.builtin.kerberosldap.LdapBrokerCommandBase] (ajp--127.0.0.1-8702-1) Failed to run command LdapGetAdUserByUserNameCommand. Domain is siee.local. User is juanjo@SIEE.LOCAL. 2014-11-26 13:11:23,943 ERROR [org.ovirt.engine.core.bll.aaa.LoginAdminUserCommand] (ajp--127.0.0.1-8702-1) Error during CanDoActionFailure.: Class: class org.ovirt.engine.core.extensions.mgr.ExtensionInvokeCommandFailedException Input: {Extkey[name=EXTENSION_INVOKE_CONTEXT;type=class org.ovirt.engine.api.extensions.ExtMap;uuid=EXTENSION_INVOKE_CONTEXT[886d2ebb-312a-49ae-9cc3-e1f849834b7d];]={Extkey[name=EXTENSION_INTERFACE_VERSION_MAX;type=class java.lang.Integer;uuid=EXTENSION_INTERFACE_VERSION_MAX[f4cff49f-2717-4901-8ee9-df362446e3e7];]=0, Extkey[name=EXTENSION_LICENSE;type=class java.lang.String;uuid=EXTENSION_LICENSE[8a61ad65-054c-4e31-9c6d-1ca4d60a4c18];]=ASL 2.0, Extkey[name=EXTENSION_HOME_URL;type=class java.lang.String;uuid=EXTENSION_HOME_URL[4ad7a2f4-f969-42d4-b399-72d192e18304];]= http://www.ovirt.org, Extkey[name=EXTENSION_LOCALE;type=class java.lang.String;uuid=EXTENSION_LOCALE[0780b112-0ce0-404a-b85e-8765d778bb29];]=en_US, Extkey[name=EXTENSION_NAME;type=class java.lang.String;uuid=EXTENSION_NAME[651381d3-f54f-4547-bf28-b0b01a103184];]=Kerberos/Ldap Authz (Built-in), Extkey[name=EXTENSION_INTERFACE_VERSION_MIN;type=class java.lang.Integer;uuid=EXTENSION_INTERFACE_VERSION_MIN[2b84fc91-305b-497b-a1d7-d961b9d2ce0b];]=0, Extkey[name=EXTENSION_CONFIGURATION;type=class java.util.Properties;uuid=EXTENSION_CONFIGURATION[2d48ab72-f0a1-4312-b4ae-5068a226b0fc];]=***, Extkey[name=EXTENSION_AUTHOR;type=class java.lang.String;uuid=EXTENSION_AUTHOR[ef242f7a-2dad-4bc5-9aad-e07018b7fbcc];]=The oVirt Project, Extkey[name=AAA_AUTHZ_QUERY_MAX_FILTER_SIZE;type=class java.lang.Integer;uuid=AAA_AUTHZ_QUERY_MAX_FILTER_SIZE[2eb1f541-0f65-44a1-a6e3-014e247595f5];]=100, Extkey[name=EXTENSION_INSTANCE_NAME;type=class java.lang.String;uuid=EXTENSION_INSTANCE_NAME[65c67ff6-aeca-4bd5-a245-8674327f011b];]=siee.local, Extkey[name=EXTENSION_BUILD_INTERFACE_VERSION;type=class java.lang.Integer;uuid=EXTENSION_BUILD_INTERFACE_VERSION[cb479e5a-4b23-46f8-aed3-56a4747a8ab7];]=0, Extkey[name=AAA_AUTHZ_CAPABILITIES;type=class java.lang.Long;uuid=AAA_AUTHZ_CAPABILITIES[6106d1fb-9291-4351-a947-b897b9540a23];]=1, Extkey[name=EXTENSION_CONFIGURATION_SENSITIVE_KEYS;type=interface java.util.Collection;uuid=EXTENSION_CONFIGURATION_SENSITIVE_KEYS[a456efa1-73ff-4204-9f9b-ebff01e35263];]=[], Extkey[name=EXTENSION_GLOBAL_CONTEXT;type=class org.ovirt.engine.api.extensions.ExtMap;uuid=EXTENSION_GLOBAL_CONTEXT[9799e72f-7af6-4cf1-bf08-297bc8903676];]=*skip*, Extkey[name=EXTENSION_VERSION;type=class java.lang.String;uuid=EXTENSION_VERSION[fe35f6a8-8239-4bdb-ab1a-af9f779ce68c];]=N/A, Extkey[name=AAA_AUTHZ_AVAILABLE_NAMESPACES;type=interface java.util.Collection;uuid=AAA_AUTHZ_AVAILABLE_NAMESPACES[6dffa34c-955f-486a-bd35-0a272b45a711];]=[*], Extkey[name=EXTENSION_MANAGER_TRACE_LOG;type=interface org.slf4j.Logger;uuid=EXTENSION_MANAGER_TRACE_LOG[863db666-3ea7-4751-9695-918a3197ad83];]=org.slf4j.impl.Slf4jLogger(org.ovirt.engine.core.extensions.mgr.ExtensionsManager.trace.Kerberos/Ldap Authz (Built-in).siee.local), Extkey[name=EXTENSION_PROVIDES;type=interface java.util.Collection;uuid=EXTENSION_PROVIDES[8cf373a6-65b5-4594-b828-0e275087de91];]=[org.ovirt.engine.api.extensions.aaa.Authz]}, Extkey[name=AAA_AUTHZ_QUERY_FLAGS;type=class java.lang.Integer;uuid=AAA_AUTHZ_QUERY_FLAGS[97d226e9-8d87-49a0-9a7f-af689320907b];]=3, Extkey[name=EXTENSION_INVOKE_COMMAND;type=class org.ovirt.engine.api.extensions.ExtUUID;uuid=EXTENSION_INVOKE_COMMAND[485778ab-bede-4f1a-b823-77b262a2f28d];]=AAA_AUTHZ_FETCH_PRINCIPAL_RECORD[5a5bf9bb-9336-4376-a823-26efe1ba26df], Extkey[name=AAA_AUTHN_AUTH_RECORD;type=class org.ovirt.engine.api.extensions.ExtMap;uuid=AAA_AUTHN_AUTH_RECORD[e9462168-b53b-44ac-9af5-f25e1697173e];]={Extkey[name=AAA_AUTHN_AUTH_RECORD_PRINCIPAL;type=class java.lang.String;uuid=AAA_AUTHN_AUTH_RECORD_PRINCIPAL[c3498f07-11fe-464c-958c-8bd7490b119a];]=juanjo}} Output: {Extkey[name=EXTENSION_INVOKE_RESULT;type=class java.lang.Integer;uuid=EXTENSION_INVOKE_RESULT[0909d91d-8bde-40fb-b6c0-099c772ddd4e];]=2, Extkey[name=AAA_AUTHZ_STATUS;type=class java.lang.Integer;uuid=AAA_AUTHZ_STATUS[566f0ba5-8329-4de1-952a-7a81e4bedd3e];]=1} at org.ovirt.engine.core.extensions.mgr.ExtensionProxy.invoke(ExtensionProxy.java:91) [extensions-manager.jar:] at org.ovirt.engine.core.extensions.mgr.ExtensionProxy.invoke(ExtensionProxy.java:109) [extensions-manager.jar:] at org.ovirt.engine.core.aaa.AuthzUtils.fetchPrincipalRecordImpl(AuthzUtils.java:51) [aaa.jar:] at org.ovirt.engine.core.aaa.AuthzUtils.fetchPrincipalRecord(AuthzUtils.java:42) [aaa.jar:] at org.ovirt.engine.core.bll.aaa.LoginBaseCommand.isUserCanBeAuthenticated(LoginBaseCommand.java:234) [bll.jar:] at org.ovirt.engine.core.bll.aaa.LoginAdminUserCommand.canDoAction(LoginAdminUserCommand.java:15) [bll.jar:] at org.ovirt.engine.core.bll.CommandBase.internalCanDoAction(CommandBase.java:744) [bll.jar:] at org.ovirt.engine.core.bll.CommandBase.executeAction(CommandBase.java:338) [bll.jar:] at org.ovirt.engine.core.bll.Backend.login(Backend.java:575) [bll.jar:] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.7.0_51] at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) [rt.jar:1.7.0_51] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [rt.jar:1.7.0_51] at java.lang.reflect.Method.invoke(Method.java:606) [rt.jar:1.7.0_51] at org.jboss.as.ee.component.ManagedReferenceMethodInterceptorFactory$ManagedReferenceMethodInterceptor.processInvocation(ManagedReferenceMethodInterceptorFactory.java:72) [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.invocation.InterceptorContext$Invocation.proceed(InterceptorContext.java:374) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.as.weld.ejb.Jsr299BindingsInterceptor.delegateInterception(Jsr299BindingsInterceptor.java:114) [jboss-as-weld-7.1.1.Final.jar:7.1.1.Final] at org.jboss.as.weld.ejb.Jsr299BindingsInterceptor.doMethodInterception(Jsr299BindingsInterceptor.java:125) [jboss-as-weld-7.1.1.Final.jar:7.1.1.Final] at org.jboss.as.weld.ejb.Jsr299BindingsInterceptor.processInvocation(Jsr299BindingsInterceptor.java:135) [jboss-as-weld-7.1.1.Final.jar:7.1.1.Final] at org.jboss.as.ee.component.interceptors.UserInterceptorFactory$1.processInvocation(UserInterceptorFactory.java:36) [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.invocation.InterceptorContext$Invocation.proceed(InterceptorContext.java:374) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.ovirt.engine.core.bll.interceptors.ThreadLocalSessionCleanerInterceptor.injectWebContextToThreadLocal(ThreadLocalSessionCleanerInterceptor.java:13) [bll.jar:] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.7.0_51] at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) [rt.jar:1.7.0_51] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [rt.jar:1.7.0_51] at java.lang.reflect.Method.invoke(Method.java:606) [rt.jar:1.7.0_51] at org.jboss.as.ee.component.ManagedReferenceLifecycleMethodInterceptorFactory$ManagedReferenceLifecycleMethodInterceptor.processInvocation(ManagedReferenceLifecycleMethodInterceptorFactory.java:123) [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.invocation.WeavedInterceptor.processInvocation(WeavedInterceptor.java:53) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.as.ee.component.interceptors.UserInterceptorFactory$1.processInvocation(UserInterceptorFactory.java:36) [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.as.weld.ejb.EjbRequestScopeActivationInterceptor.processInvocation(EjbRequestScopeActivationInterceptor.java:82) [jboss-as-weld-7.1.1.Final.jar:7.1.1.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.invocation.InitialInterceptor.processInvocation(InitialInterceptor.java:21) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.as.ee.component.interceptors.ComponentDispatcherInterceptor.processInvocation(ComponentDispatcherInterceptor.java:53) [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.as.ejb3.component.singleton.SingletonComponentInstanceAssociationInterceptor.processInvocation(SingletonComponentInstanceAssociationInterceptor.java:53) [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.as.ejb3.tx.CMTTxInterceptor.invokeInNoTx(CMTTxInterceptor.java:211) [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] at org.jboss.as.ejb3.tx.CMTTxInterceptor.supports(CMTTxInterceptor.java:363) [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] at org.jboss.as.ejb3.tx.CMTTxInterceptor.processInvocation(CMTTxInterceptor.java:194) [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.as.ejb3.component.interceptors.CurrentInvocationContextInterceptor.processInvocation(CurrentInvocationContextInterceptor.java:41) [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.as.ejb3.component.interceptors.LoggingInterceptor.processInvocation(LoggingInterceptor.java:59) [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.as.ee.component.NamespaceContextInterceptor.processInvocation(NamespaceContextInterceptor.java:50) [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.as.ee.component.TCCLInterceptor.processInvocation(TCCLInterceptor.java:45) [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.as.ee.component.ViewService$View.invoke(ViewService.java:165) [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at org.jboss.as.ee.component.ViewDescription$1.processInvocation(ViewDescription.java:173) [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.as.ee.component.ProxyInvocationHandler.invoke(ProxyInvocationHandler.java:72) [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at org.ovirt.engine.core.common.interfaces.BackendLocal$$$view7.login(Unknown Source) [common.jar:] at org.ovirt.engine.ui.frontend.server.gwt.GenericApiGWTServiceImpl.login(GenericApiGWTServiceImpl.java:183) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.7.0_51] at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) [rt.jar:1.7.0_51] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [rt.jar:1.7.0_51] at java.lang.reflect.Method.invoke(Method.java:606) [rt.jar:1.7.0_51] at com.google.gwt.rpc.server.RPC.invokeAndStreamResponse(RPC.java:196) at com.google.gwt.rpc.server.RpcServlet.processCall(RpcServlet.java:172) at com.google.gwt.rpc.server.RpcServlet.processPost(RpcServlet.java:233) at com.google.gwt.user.server.rpc.AbstractRemoteServiceServlet.doPost(AbstractRemoteServiceServlet.java:62) at javax.servlet.http.HttpServlet.service(HttpServlet.java:754) [jboss-servlet-api_3.0_spec-1.0.0.Final.jar:1.0.0.Final] at javax.servlet.http.HttpServlet.service(HttpServlet.java:847) [jboss-servlet-api_3.0_spec-1.0.0.Final.jar:1.0.0.Final] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:329) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248) at org.ovirt.engine.core.utils.servlet.HeaderFilter.doFilter(HeaderFilter.java:94) [utils.jar:] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248) at org.ovirt.engine.ui.frontend.server.gwt.GwtCachingFilter.doFilter(GwtCachingFilter.java:132) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248) at org.ovirt.engine.core.branding.BrandingFilter.doFilter(BrandingFilter.java:72) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248) at org.ovirt.engine.core.utils.servlet.LocaleFilter.doFilter(LocaleFilter.java:64) [utils.jar:] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248) at org.ovirt.engine.core.aaa.filters.SessionMgmtFilter.doFilter(SessionMgmtFilter.java:31) [aaa.jar:] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248) at org.ovirt.engine.core.aaa.filters.LoginFilter.doFilter(LoginFilter.java:73) [aaa.jar:] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248) at org.ovirt.engine.core.aaa.filters.NegotiationFilter.doFilter(NegotiationFilter.java:131) [aaa.jar:] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248) at org.ovirt.engine.core.aaa.filters.BasicAuthenticationFilter.doFilter(BasicAuthenticationFilter.java:75) [aaa.jar:] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248) at org.ovirt.engine.core.aaa.filters.SessionValidationFilter.doFilter(SessionValidationFilter.java:63) [aaa.jar:] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:275) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:161) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:489) at org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityContextAssociationValve.java:153) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:155) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) at org.jboss.web.rewrite.RewriteValve.invoke(RewriteValve.java:466) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:368) at org.apache.coyote.ajp.AjpProcessor.process(AjpProcessor.java:505) at org.apache.coyote.ajp.AjpProtocol$AjpConnectionHandler.process(AjpProtocol.java:445) at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:930) at java.lang.Thread.run(Thread.java:744) [rt.jar:1.7.0_51] Any suggestion? Many thanks On Wed, Nov 26, 2014 at 12:13 PM, Yair Zaslavsky <yzaslavs@redhat.com> wrote:
----- Original Message -----
From: "Juan Jose" <jj197005@gmail.com> To: "Yair Zaslavsky" <yzaslavs@redhat.com>, "Ondra Machacek" < omachace@redhat.com>, alonbl@redhat.com, users@ovirt.org Sent: Wednesday, November 26, 2014 1:01:37 PM Subject: Re: [ovirt-users] Adding domain to oVirt to 3.5 issue
Hello everybody,
I will try to configure ovirt-engine-extension-aaa-ldap package as Alon says.
+1 please do.
By other side, I have executed the command kinit and the response is:
kinit: Client not found in Kerberos database while getting initial credentials
I am sure you did tht, but just to be on the safe side - did u perform kinit principal@REALM?
My /etc/krb5.conf files is (adserver.siee.local is my AD server based in Samba 4), I have modified this file to exchange EXAMPLE.COM by
and adserver.siee.local:
/etc/krb5.conf: [logging] default = FILE:/var/log/krb5libs.log kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind.log
[libdefaults] default_realm = SIEE.LOCAL dns_lookup_realm = false dns_lookup_kdc = false ticket_lifetime = 24h renew_lifetime = 7d forwardable = true
[realms] SIEE.LOCAL = { kdc = adserver.siee.local admin_server = adserver.siee.local }
[domain_realm] .siee.local = SIEE.LOCAL siee.local = SIEE.LOCAL
My /etc/ovirt-engine/krb5.conf:
[libdefaults]
default_realm = SIEE.LOCAL dns_lookup_realm = true dns_lookup_kdc = true ticket_lifetime = 24h renew_lifetime = 7d forwardable = no default_tkt_enctypes = arcfour-hmac-md5 udp_preference_limit = 1
#realms
#domain_realm
This last file is the same that I had before my upgrade to oVirt 3.5.
Many thanks again,
Juanjo.
On Wed, Nov 26, 2014 at 5:37 AM, Yair Zaslavsky <yzaslavs@redhat.com> wrote:
----- Original Message -----
From: "Juan Jose" <jj197005@gmail.com> To: "Ondra Machacek" <omachace@redhat.com>, "Yair Zaslavsky" < yzaslavs@redhat.com>, alonbl@redhat.com, users@ovirt.org Sent: Tuesday, November 25, 2014 6:09:18 PM Subject: Re: [ovirt-users] Adding domain to oVirt to 3.5 issue
Hello again,
Yes the password is correct, I can login in a Windows machine to my domain siee.local with the user Juanjo. Moreover I have chanbged this user password to simpler one and the result is the same.
I have logged in administration portal with internal admin user and
I try
to navigate through the domain to find user to assign some user in a VM but nothing is showed as you can see in the attached screen image and any error is faced in administration portal, but the /var/log/ovirt-engine/engine.log show this:
2014-11-25 17:02:05,355 ERROR
[org.ovirt.engine.extensions.aaa.builtin.kerberosldap.GSSAPIDirContextAuthenticationStrategy]
(ajp--127.0.0.1-8702-5) Kerberos error: Pre-authentication information was invalid (24) 2014-11-25 17:02:05,356 ERROR
[org.ovirt.engine.extensions.aaa.builtin.kerberosldap.GSSAPIDirContextAuthenticationStrategy]
(ajp--127.0.0.1-8702-5) Authentication Failed. Please verify the username and password. 2014-11-25 17:02:05,357 ERROR
[org.ovirt.engine.extensions.aaa.builtin.kerberosldap.DirectorySearcher]
(ajp--127.0.0.1-8702-5) Failed ldap search server ldap://adserver.siee.local:389 using user juanjo@SIEE.LOCAL due to Authentication Failed. Please verify the username and password.. We should not try the next server 2014-11-25 17:02:05,359 ERROR
[org.ovirt.engine.extensions.aaa.builtin.kerberosldap.LdapBrokerCommandBase]
(ajp--127.0.0.1-8702-5) Failed to run command LdapSearchUserByQueryCommand. Domain is siee.local. User is juanjo@SIEE.LOCAL. 2014-11-25 17:02:05,402 ERROR
[org.ovirt.engine.extensions.aaa.builtin.kerberosldap.GSSAPIDirContextAuthenticationStrategy]
(ajp--127.0.0.1-8702-5) Kerberos error: Pre-authentication information was invalid (24) 2014-11-25 17:02:05,404 ERROR
[org.ovirt.engine.extensions.aaa.builtin.kerberosldap.GSSAPIDirContextAuthenticationStrategy]
(ajp--127.0.0.1-8702-5) Authentication Failed. Please verify the username and password. 2014-11-25 17:02:05,406 ERROR
[org.ovirt.engine.extensions.aaa.builtin.kerberosldap.DirectorySearcher]
(ajp--127.0.0.1-8702-5) Failed ldap search server ldap://adserver.siee.local:389 using user juanjo@SIEE.LOCAL due to Authentication Failed. Please verify the username and password.. We should not try the next server 2014-11-25 17:02:05,408 ERROR
[org.ovirt.engine.extensions.aaa.builtin.kerberosldap.LdapBrokerCommandBase]
(ajp--127.0.0.1-8702-5) Failed to run command LdapSearchGroupsByQueryCommand. Domain is siee.local. User is juanjo@SIEE.LOCAL.
every time I click "Go" button. Moreover I haven't changed anything from my Samba4 AD and it is working handling my siee.local domain. This error is showed since oVirt 3.5 upgrade.
Many thanks in advance,
Juanjo.
As Alon suggested, you can try the next provider for 3.5 However, until you do so, can you use kinit in order to perform kerberos authentication with the problematic user?
Cheers, Yair
On Tue, Nov 25, 2014 at 2:29 PM, Ondra Machacek <omachace@redhat.com
wrote:
Also, can you please try to search within this domain, not only login to it? Does it fail or works good?
(in webadmin go to users tab and click add, select your domain and search for users).
----- Original Message -----
From: "Alon Bar-Lev" <alonbl@redhat.com> To: "Juan Jose" <jj197005@gmail.com> Cc: "Ondra Machacek" <omachace@redhat.com>, "Yair Zaslavsky" < yzaslavs@redhat.com>, users@ovirt.org Sent: Tuesday, November 25, 2014 1:49:20 PM Subject: Re: [ovirt-users] Adding domain to oVirt to 3.5 issue
2014-11-25 12:54:10,687 ERROR
[org.ovirt.engine.extensions.aaa.builtin.kerberosldap.DirectorySearcher]
(ajp--127.0.0.1-8702-5) Failed ldap search server ldap://adserver.siee.local:389 using user juanjo@SIEE.LOCAL due to Authentication Failed. Please verify the username and password.. We should not try the next server
----- Original Message ----- > From: "Juan Jose" <jj197005@gmail.com> > To: "Ondra Machacek" <omachace@redhat.com>, alonbl@redhat.com, "Yair > Zaslavsky" <yzaslavs@redhat.com>, > users@ovirt.org > Sent: Tuesday, November 25, 2014 2:29:26 PM > Subject: Re: [ovirt-users] Adding domain to oVirt to 3.5 issue > > Hello Ondra and everybody, > > It works with my other user: > > engine-manage-domains add --domain=siee.local --provider=ad --user=juanjo > --add-permissions > Enter password: > Successfully added domain siee.local. oVirt Engine restart is required in > order for the changes to take place (service ovirt-engine restart). > Manage Domains completed successfully > > But after restarted ovirt-engine if I try to loging with "juanjo" in the > administrator portal and I receive the error "General command validation > failure", as you can see in the attached image. > > I'm showing below the engine.log lines with the error: > > 2014-11-25 12:54:10,680 ERROR >
[org.ovirt.engine.extensions.aaa.builtin.kerberosldap.GSSAPIDirContextAuthenticationStrategy]
> (ajp--127.0.0.1-8702-5) Kerberos error: Pre-authentication information was > invalid (24) > 2014-11-25 12:54:10,681 ERROR >
[org.ovirt.engine.extensions.aaa.builtin.kerberosldap.GSSAPIDirContextAuthenticationStrategy]
> (ajp--127.0.0.1-8702-5) Authentication Failed. Please verify
username
> and password. > 2014-11-25 12:54:10,687 ERROR >
[org.ovirt.engine.extensions.aaa.builtin.kerberosldap.DirectorySearcher]
> (ajp--127.0.0.1-8702-5) Failed ldap search server > ldap://adserver.siee.local:389 using user juanjo@SIEE.LOCAL due to > Authentication Failed. Please verify the username and
should
> not try the next server > 2014-11-25 12:54:10,688 ERROR >
[org.ovirt.engine.extensions.aaa.builtin.kerberosldap.LdapBrokerCommandBase]
> (ajp--127.0.0.1-8702-5) Failed to run command > LdapGetAdUserByUserNameCommand. Domain is siee.local. User is > juanjo@SIEE.LOCAL. > 2014-11-25 12:54:10,689 ERROR > [org.ovirt.engine.core.bll.aaa.LoginAdminUserCommand] > (ajp--127.0.0.1-8702-5) Error during CanDoActionFailure.: Class: class >
org.ovirt.engine.core.extensions.mgr.ExtensionInvokeCommandFailedException
> Input: > {Extkey[name=EXTENSION_INVOKE_CONTEXT;type=class >
org.ovirt.engine.api.extensions.ExtMap;uuid=EXTENSION_INVOKE_CONTEXT[886d2ebb-312a-49ae-9cc3-e1f849834b7d];]={Extkey[name=EXTENSION_INTERFACE_VERSION_MAX;type=class
>
java.lang.Integer;uuid=EXTENSION_INTERFACE_VERSION_MAX[f4cff49f-2717-4901-8ee9-df362446e3e7];]=0,
> Extkey[name=EXTENSION_LICENSE;type=class >
java.lang.String;uuid=EXTENSION_LICENSE[8a61ad65-054c-4e31-9c6d-1ca4d60a4c18];]=ASL
> 2.0, Extkey[name=EXTENSION_HOME_URL;type=class >
java.lang.String;uuid=EXTENSION_HOME_URL[4ad7a2f4-f969-42d4-b399-72d192e18304];]=
> http://www.ovirt.org, Extkey[name=EXTENSION_LOCALE;type=class >
java.lang.String;uuid=EXTENSION_LOCALE[0780b112-0ce0-404a-b85e-8765d778bb29];]=en_US,
> Extkey[name=EXTENSION_NAME;type=class >
java.lang.String;uuid=EXTENSION_NAME[651381d3-f54f-4547-bf28-b0b01a103184];]=Kerberos/Ldap
> Authz (Built-in), Extkey[name=EXTENSION_INTERFACE_VERSION_MIN;type=class >
java.lang.Integer;uuid=EXTENSION_INTERFACE_VERSION_MIN[2b84fc91-305b-497b-a1d7-d961b9d2ce0b];]=0,
> Extkey[name=EXTENSION_CONFIGURATION;type=class >
java.util.Properties;uuid=EXTENSION_CONFIGURATION[2d48ab72-f0a1-4312-b4ae-5068a226b0fc];]=***,
> Extkey[name=EXTENSION_AUTHOR;type=class >
java.lang.String;uuid=EXTENSION_AUTHOR[ef242f7a-2dad-4bc5-9aad-e07018b7fbcc];]=The
> oVirt Project, Extkey[name=AAA_AUTHZ_QUERY_MAX_FILTER_SIZE;type=class >
java.lang.Integer;uuid=AAA_AUTHZ_QUERY_MAX_FILTER_SIZE[2eb1f541-0f65-44a1-a6e3-014e247595f5];]=100,
> Extkey[name=EXTENSION_INSTANCE_NAME;type=class >
java.lang.String;uuid=EXTENSION_INSTANCE_NAME[65c67ff6-aeca-4bd5-a245-8674327f011b];]=siee.local,
> Extkey[name=EXTENSION_BUILD_INTERFACE_VERSION;type=class >
java.lang.Integer;uuid=EXTENSION_BUILD_INTERFACE_VERSION[cb479e5a-4b23-46f8-aed3-56a4747a8ab7];]=0,
> Extkey[name=AAA_AUTHZ_CAPABILITIES;type=class >
java.lang.Long;uuid=AAA_AUTHZ_CAPABILITIES[6106d1fb-9291-4351-a947-b897b9540a23];]=1,
> Extkey[name=EXTENSION_CONFIGURATION_SENSITIVE_KEYS;type=interface >
java.util.Collection;uuid=EXTENSION_CONFIGURATION_SENSITIVE_KEYS[a456efa1-73ff-4204-9f9b-ebff01e35263];]=[],
> Extkey[name=EXTENSION_GLOBAL_CONTEXT;type=class >
org.ovirt.engine.api.extensions.ExtMap;uuid=EXTENSION_GLOBAL_CONTEXT[9799e72f-7af6-4cf1-bf08-297bc8903676];]=*skip*,
> Extkey[name=EXTENSION_VERSION;type=class >
java.lang.String;uuid=EXTENSION_VERSION[fe35f6a8-8239-4bdb-ab1a-af9f779ce68c];]=N/A,
> Extkey[name=AAA_AUTHZ_AVAILABLE_NAMESPACES;type=interface >
java.util.Collection;uuid=AAA_AUTHZ_AVAILABLE_NAMESPACES[6dffa34c-955f-486a-bd35-0a272b45a711];]=[*],
> Extkey[name=EXTENSION_MANAGER_TRACE_LOG;type=interface >
org.slf4j.Logger;uuid=EXTENSION_MANAGER_TRACE_LOG[863db666-3ea7-4751-9695-918a3197ad83];]=org.slf4j.impl.Slf4jLogger(org.ovirt.engine.core.extensions.mgr.ExtensionsManager.trace.Kerberos/Ldap
> Authz (Built-in).siee.local), Extkey[name=EXTENSION_PROVIDES;type=interface >
java.util.Collection;uuid=EXTENSION_PROVIDES[8cf373a6-65b5-4594-b828-0e275087de91];]=[org.ovirt.engine.api.extensions.aaa.Authz]},
> Extkey[name=AAA_AUTHZ_QUERY_FLAGS;type=class >
java.lang.Integer;uuid=AAA_AUTHZ_QUERY_FLAGS[97d226e9-8d87-49a0-9a7f-af689320907b];]=3,
> Extkey[name=EXTENSION_INVOKE_COMMAND;type=class >
org.ovirt.engine.api.extensions.ExtUUID;uuid=EXTENSION_INVOKE_COMMAND[485778ab-bede-4f1a-b823-77b262a2f28d];]=AAA_AUTHZ_FETCH_PRINCIPAL_RECORD[5a5bf9bb-9336-4376-a823-26efe1ba26df],
> Extkey[name=AAA_AUTHN_AUTH_RECORD;type=class >
org.ovirt.engine.api.extensions.ExtMap;uuid=AAA_AUTHN_AUTH_RECORD[e9462168-b53b-44ac-9af5-f25e1697173e];]={Extkey[name=AAA_AUTHN_AUTH_RECORD_PRINCIPAL;type=class
>
java.lang.String;uuid=AAA_AUTHN_AUTH_RECORD_PRINCIPAL[c3498f07-11fe-464c-958c-8bd7490b119a];]=juanjo}}
> Output: > {Extkey[name=EXTENSION_INVOKE_RESULT;type=class >
java.lang.Integer;uuid=EXTENSION_INVOKE_RESULT[0909d91d-8bde-40fb-b6c0-099c772ddd4e];]=2,
> Extkey[name=AAA_AUTHZ_STATUS;type=class >
java.lang.Integer;uuid=AAA_AUTHZ_STATUS[566f0ba5-8329-4de1-952a-7a81e4bedd3e];]=1}
> > at >
org.ovirt.engine.core.extensions.mgr.ExtensionProxy.invoke(ExtensionProxy.java:91)
> [extensions-manager.jar:] > at >
org.ovirt.engine.core.extensions.mgr.ExtensionProxy.invoke(ExtensionProxy.java:109)
> [extensions-manager.jar:] > at >
org.ovirt.engine.core.aaa.AuthzUtils.fetchPrincipalRecordImpl(AuthzUtils.java:51)
> [aaa.jar:] > at >
org.ovirt.engine.core.aaa.AuthzUtils.fetchPrincipalRecord(AuthzUtils.java:42)
> [aaa.jar:] > at >
org.ovirt.engine.core.bll.aaa.LoginBaseCommand.isUserCanBeAuthenticated(LoginBaseCommand.java:234)
> [bll.jar:] > at >
org.ovirt.engine.core.bll.aaa.LoginAdminUserCommand.canDoAction(LoginAdminUserCommand.java:15)
> [bll.jar:] > at >
org.ovirt.engine.core.bll.CommandBase.internalCanDoAction(CommandBase.java:744)
> [bll.jar:] > at >
org.ovirt.engine.core.bll.CommandBase.executeAction(CommandBase.java:338)
> [bll.jar:] > at org.ovirt.engine.core.bll.Backend.login(Backend.java:575) [bll.jar:] > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > [rt.jar:1.7.0_51] > at >
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
> [rt.jar:1.7.0_51] > at >
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> [rt.jar:1.7.0_51] > at java.lang.reflect.Method.invoke(Method.java:606) [rt.jar:1.7.0_51] > at >
org.jboss.as.ee.component.ManagedReferenceMethodInterceptorFactory$ManagedReferenceMethodInterceptor.processInvocation(ManagedReferenceMethodInterceptorFactory.java:72)
> [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] > at >
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
> [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > at >
org.jboss.invocation.InterceptorContext$Invocation.proceed(InterceptorContext.java:374)
> [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > at >
org.jboss.as.weld.ejb.Jsr299BindingsInterceptor.delegateInterception(Jsr299BindingsInterceptor.java:114)
> [jboss-as-weld-7.1.1.Final.jar:7.1.1.Final] > at >
org.jboss.as.weld.ejb.Jsr299BindingsInterceptor.doMethodInterception(Jsr299BindingsInterceptor.java:125)
> [jboss-as-weld-7.1.1.Final.jar:7.1.1.Final] > at >
org.jboss.as.weld.ejb.Jsr299BindingsInterceptor.processInvocation(Jsr299BindingsInterceptor.java:135)
> [jboss-as-weld-7.1.1.Final.jar:7.1.1.Final] > at >
org.jboss.as.ee.component.interceptors.UserInterceptorFactory$1.processInvocation(UserInterceptorFactory.java:36)
> [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] > at >
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
> [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > at >
org.jboss.invocation.InterceptorContext$Invocation.proceed(InterceptorContext.java:374)
> [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > at >
org.ovirt.engine.core.bll.interceptors.ThreadLocalSessionCleanerInterceptor.injectWebContextToThreadLocal(ThreadLocalSessionCleanerInterceptor.java:13)
> [bll.jar:] > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > [rt.jar:1.7.0_51] > at >
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
> [rt.jar:1.7.0_51] > at >
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> [rt.jar:1.7.0_51] > at java.lang.reflect.Method.invoke(Method.java:606) [rt.jar:1.7.0_51] > at >
org.jboss.as.ee.component.ManagedReferenceLifecycleMethodInterceptorFactory$ManagedReferenceLifecycleMethodInterceptor.processInvocation(ManagedReferenceLifecycleMethodInterceptorFactory.java:123)
> [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] > at >
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
> [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > at >
org.jboss.invocation.WeavedInterceptor.processInvocation(WeavedInterceptor.java:53)
> [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > at >
org.jboss.as.ee.component.interceptors.UserInterceptorFactory$1.processInvocation(UserInterceptorFactory.java:36)
> [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] > at >
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
> [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > at >
org.jboss.as.weld.ejb.EjbRequestScopeActivationInterceptor.processInvocation(EjbRequestScopeActivationInterceptor.java:82)
> [jboss-as-weld-7.1.1.Final.jar:7.1.1.Final] > at >
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
> [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > at >
org.jboss.invocation.InitialInterceptor.processInvocation(InitialInterceptor.java:21)
> [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > at >
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
> [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > at >
org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61)
> [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > at >
org.jboss.as.ee.component.interceptors.ComponentDispatcherInterceptor.processInvocation(ComponentDispatcherInterceptor.java:53)
> [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] > at >
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
> [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > at >
org.jboss.as.ejb3.component.singleton.SingletonComponentInstanceAssociationInterceptor.processInvocation(SingletonComponentInstanceAssociationInterceptor.java:53)
> [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] > at >
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
> [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > at >
org.jboss.as.ejb3.tx.CMTTxInterceptor.invokeInNoTx(CMTTxInterceptor.java:211)
> [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] > at >
org.jboss.as.ejb3.tx.CMTTxInterceptor.supports(CMTTxInterceptor.java:363)
> [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] > at >
org.jboss.as.ejb3.tx.CMTTxInterceptor.processInvocation(CMTTxInterceptor.java:194)
> [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] > at >
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
> [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > at >
org.jboss.as.ejb3.component.interceptors.CurrentInvocationContextInterceptor.processInvocation(CurrentInvocationContextInterceptor.java:41)
> [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] > at >
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
> [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > at >
org.jboss.as.ejb3.component.interceptors.LoggingInterceptor.processInvocation(LoggingInterceptor.java:59)
> [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] > at >
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
> [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > at >
org.jboss.as.ee.component.NamespaceContextInterceptor.processInvocation(NamespaceContextInterceptor.java:50)
> [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] > at >
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
> [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > at >
org.jboss.as.ee.component.TCCLInterceptor.processInvocation(TCCLInterceptor.java:45)
> [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] > at >
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
> [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > at >
org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61)
> [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > at > org.jboss.as.ee.component.ViewService$View.invoke(ViewService.java:165) > [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] > at >
org.jboss.as.ee.component.ViewDescription$1.processInvocation(ViewDescription.java:173)
> [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] > at >
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
> [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > at >
org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61)
> [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > at >
org.jboss.as.ee.component.ProxyInvocationHandler.invoke(ProxyInvocationHandler.java:72)
> [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] > at >
org.ovirt.engine.core.common.interfaces.BackendLocal$$$view7.login(Unknown
> Source) [common.jar:] > at >
org.ovirt.engine.ui.frontend.server.gwt.GenericApiGWTServiceImpl.login(GenericApiGWTServiceImpl.java:183)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > [rt.jar:1.7.0_51] > at >
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
> [rt.jar:1.7.0_51] > at >
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> [rt.jar:1.7.0_51] > at java.lang.reflect.Method.invoke(Method.java:606) [rt.jar:1.7.0_51] > at com.google.gwt.rpc.server.RPC.invokeAndStreamResponse(RPC.java:196) > at >
com.google.gwt.rpc.server.RpcServlet.processCall(RpcServlet.java:172)
> at >
com.google.gwt.rpc.server.RpcServlet.processPost(RpcServlet.java:233)
> at >
com.google.gwt.user.server.rpc.AbstractRemoteServiceServlet.doPost(AbstractRemoteServiceServlet.java:62)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:754) > [jboss-servlet-api_3.0_spec-1.0.0.Final.jar:1.0.0.Final] > at javax.servlet.http.HttpServlet.service(HttpServlet.java:847) > [jboss-servlet-api_3.0_spec-1.0.0.Final.jar:1.0.0.Final] > at >
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:329)
> at >
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)
> at >
org.ovirt.engine.core.utils.servlet.HeaderFilter.doFilter(HeaderFilter.java:94)
> [utils.jar:] > at >
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280)
> at >
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)
> at >
org.ovirt.engine.ui.frontend.server.gwt.GwtCachingFilter.doFilter(GwtCachingFilter.java:132)
> at >
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280)
> at >
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)
> at >
org.ovirt.engine.core.branding.BrandingFilter.doFilter(BrandingFilter.java:72)
> at >
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280)
> at >
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)
> at >
org.ovirt.engine.core.utils.servlet.LocaleFilter.doFilter(LocaleFilter.java:64)
> [utils.jar:] > at >
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280)
> at >
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)
> at >
org.ovirt.engine.core.aaa.filters.SessionMgmtFilter.doFilter(SessionMgmtFilter.java:31)
> [aaa.jar:] > at >
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280)
> at >
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)
> at >
org.ovirt.engine.core.aaa.filters.LoginFilter.doFilter(LoginFilter.java:73)
> [aaa.jar:] > at >
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280)
> at >
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)
> at >
org.ovirt.engine.core.aaa.filters.NegotiationFilter.doFilter(NegotiationFilter.java:131)
> [aaa.jar:] > at >
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280)
> at >
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)
> at >
org.ovirt.engine.core.aaa.filters.BasicAuthenticationFilter.doFilter(BasicAuthenticationFilter.java:75)
> [aaa.jar:] > at >
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280)
> at >
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)
> at >
org.ovirt.engine.core.aaa.filters.SessionValidationFilter.doFilter(SessionValidationFilter.java:63)
> [aaa.jar:] > at >
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280)
> at >
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)
> at >
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:275)
> at >
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:161)
> at >
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:489)
> at >
org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityContextAssociationValve.java:153)
> at >
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:155)
> at >
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
> at org.jboss.web.rewrite.RewriteValve.invoke(RewriteValve.java:466) > at >
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
> at >
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:368)
> at org.apache.coyote.ajp.AjpProcessor.process(AjpProcessor.java:505) > at >
org.apache.coyote.ajp.AjpProtocol$AjpConnectionHandler.process(AjpProtocol.java:445)
> at > org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:930) > at java.lang.Thread.run(Thread.java:744) [rt.jar:1.7.0_51] > > Could you help me with this problem, please? > > Many thanks in advanced, > > Juanjo. > > On Tue, Nov 25, 2014 at 12:24 PM, Ondra Machacek < omachace@redhat.com> > wrote: > > > Hi, > > > > can you please try different account than Administrator? > > > > ----- Original Message ----- > > > From: "Juan Jose" <jj197005@gmail.com> > > > To: omachace@redhat.com, alonbl@redhat.com, "Yair Zaslavsky" < > > yzaslavs@redhat.com>, users@ovirt.org > > > Sent: Tuesday, November 25, 2014 11:01:13 AM > > > Subject: Re: [ovirt-users] Adding domain to oVirt to 3.5 issue > > > > > > Hello everybody, > > > > > > Ondra you are right, I removed the domain. I have already tried to > > execute > > > the command with lower case the domain name and the result is the same > > > > > > engine-manage-domains add --domain=siee.local --provider=ad > > > --user=Administrator --add-permissions > > > Enter password: > > > No user in Directory was found for Administrator@SIEE.LOCAL. Trying > > > next > > > LDAP server in list > > > Failure while testing domain siee.local. Details: No user information > > > was > > > found for user > > > > > > the result to the command psql -U engine -d engine -c "select * from > > > vdc_options where
> > > > > > psql: FATAL: Ident authentication failed for user "engine" > > > > > > And for second command psql -U engine -d engine -c "update vdc_options > > set > > > option_value='siee.local:GSSAPI' where > > > option_name='LDAPSecurityAuthentication'", I receive the same response: > > > > > > psql: FATAL: Ident authentication failed for user "engine" > > > > > > Is there any problem? > > > > > > Many thanks in advanced, > > > > > > Juanjo. > > > > > > > > > On Mon, Nov 24, 2014 at 1:57 PM, Ondra Machacek < omachace@redhat.com> > > wrote: > > > > > > > I understood that domain can be deleted, but can't be added, > > > > so there won't be needed values to update in vdc_options. > > > > > > > > Juanjo - Can you please provide us what's the result of command: > > > > > > > > $ psql -U engine -d engine -c "select * from vdc_options where > > > > option_name='LDAPSecurityAuthentication'" > > > > > > > > If it's empty or if the domain name is upper case or lower case? > > > > If it's upper, than please lower case it. > > > > $ psql -U engine -d engine -c "update vdc_options set > > > > option_value='siee.local:GSSAPI' where > > > > option_name='LDAPSecurityAuthentication'" > > > > > > > > > > > > ----- Original Message ----- > > > > > From: "Alon Bar-Lev" <alonbl@redhat.com> > > > > > To: "Ondra Machacek" <omachace@redhat.com> > > > > > Cc: jj197005@gmail.com, users@ovirt.org, "Yair Zaslavsky" < > > > > yzaslavs@redhat.com> > > > > > Sent: Monday, November 24, 2014 1:49:11 PM > > > > > Subject: Re: [ovirt-users] Adding domain to oVirt to 3.5 issue > > > > > > > > > > > > > > > > > > > > ----- Original Message ----- > > > > > > From: "Ondra Machacek" <omachace@redhat.com> > > > > > > To: jj197005@gmail.com > > > > > > Cc: users@ovirt.org, "Yair Zaslavsky" < yzaslavs@redhat.com>, > > > > > > "Alon > > > > Bar-Lev" > > > > > > <alonbl@redhat.com> > > > > > > Sent: Monday, November 24, 2014 2:46:20 PM > > > > > > Subject: Re: [ovirt-users] Adding domain to oVirt to 3.5 issue > > > > > > > > > > > > Please try to run your command with domain in lower case: > > > > > > > > > > > > engine-manage-domains add --domain=siee.local --provider=ad > > > > > > --user=Administrator > > > > > > > > > > it is already added, won't it simpler to modify the vdc_options? > > > > > > > > > > > > > > > > > > > > > > > ----- Original Message ----- > > > > > > > From: "Alon Bar-Lev" <alonbl@redhat.com> > > > > > > > To: "Juan Jose" <jj197005@gmail.com> > > > > > > > Cc: users@ovirt.org, "Yair Zaslavsky" < yzaslavs@redhat.com , > > "Ondra > > > > > > > Machacek" <omachace@redhat.com> > > > > > > > Sent: Monday, November 24, 2014 1:27:39 PM > > > > > > > Subject: Re: [ovirt-users] Adding domain to oVirt to 3.5 issue > > > > > > > > > > > > > > > > > > > > > Yes, > > > > > > > I think we just fixed this[1]. > > > > > > > We can fix this manually, yair, ondra what is the easiest fix? > > > > > > > > > > > > > > BTW: you can also checkout the new ldap provider > > > > > > > (ovirt-engine-extension-aaa-ldap) in 3.5 which should be much > > more > > > > > > > robust[1], I can help you set it up. > > > > > > > > > > > > > > [1] https://bugzilla.redhat.com/show_bug.cgi?id=1167211 > > > > > > > [2] > > > > > > > > > > > > >
http://gerrit.ovirt.org/gitweb?p=ovirt-engine-extension-aaa-ldap.git;a=blob;...
> > > > > > > > > > > > > > ----- Original Message ----- > > > > > > > > From: "Juan Jose" <jj197005@gmail.com> > > > > > > > > To: users@ovirt.org > > > > > > > > Sent: Monday, November 24, 2014 2:22:44 PM > > > > > > > > Subject: [ovirt-users] Adding domain to oVirt to 3.5 issue > > > > > > > > > > > > > > > > Hello everybody, > > > > > > > > > > > > > > > > I have upgraded my oVirt 3.4 to 3.5 version without any > > > > > > > > problem > > > > > > > > apparently. > > > > > > > > > > > > > > > > After finish the upgrade I have tried to login with any of my > > AD > > > > users > > > > > > > > from > > > > > > > > my Samba 4, like I used to do in oVirt 3.4 but I received > > > > > > > > authentication > > > > > > > > errors as below error: > > > > > > > > > > > > > > > > 2014-11-21 14:06:02,681 ERROR > > > > > > > > > > > > > >
[org.ovirt.engine.extensions.aaa.builtin.kerberosldap.GSSAPIDirContextAuthenticationStrategy]
> > > > > > > > (ajp--127.0.0.1-8702-3) Kerberos error: Pre-authentication > > > > information > > > > > > > > was > > > > > > > > invalid (24) > > > > > > > > 2014-11-21 14:06:02,683 ERROR > > > > > > > > > > > > > >
[org.ovirt.engine.extensions.aaa.builtin.kerberosldap.GSSAPIDirContextAuthenticationStrategy]
> > > > > > > > (ajp--127.0.0.1-8702-3) Authentication Failed. Please verify > > the > > > > > > > > username > > > > > > > > and password. > > > > > > > > 2014-11-21 14:06:02,685 ERROR > > > > > > > > > > > > > >
[org.ovirt.engine.extensions.aaa.builtin.kerberosldap.DirectorySearcher]
> > > > > > > > (ajp--127.0.0.1-8702-3) Failed ldap search server > > > > > > > > ldap://adserver.siee.local:389 using user juanjo@SIEE.LOCAL > > due to > > > > > > > > Authentication Failed. Please verify the username and > > password.. We > > > > > > > > should > > > > > > > > not try the next server > > > > > > > > 2014-11-21 14:06:02,688 ERROR > > > > > > > > > > > > > >
[org.ovirt.engine.extensions.aaa.builtin.kerberosldap.LdapBrokerCommandBase]
> > > > > > > > (ajp--127.0.0.1-8702-3) Failed to run command > > > > > > > > LdapGetAdUserByUserNameCommand. Domain is siee.local. User is > > > > > > > > juanjo@SIEE.LOCAL. > > > > > > > > 2014-11-21 14:06:02,690 ERROR > > > > > > > > [org.ovirt.engine.core.bll.aaa.LoginAdminUserCommand] > > > > > > > > (ajp--127.0.0.1-8702-3) Error during CanDoActionFailure.: > > Class: > > > > class > > > > > > > > > > > > > >
org.ovirt.engine.core.extensions.mgr.ExtensionInvokeCommandFailedException
> > > > > > > > Input: > > > > > > > > {Extkey[name=EXTENSION_INVOKE_CONTEXT;type=class > > > > > > > > > > > > > >
org.ovirt.engine.api.extensions.ExtMap;uuid=EXTENSION_INVOKE_CONTEXT[886d2ebb-312a-49ae-9cc3-e1f849834b7d];]={Extkey[name=EXTENSION_INTERFACE_VERSION_MAX;type=class
> > > > > > > > > > > > > >
java.lang.Integer;uuid=EXTENSION_INTERFACE_VERSION_MAX[f4cff49f-2717-4901-8ee9-df362446e3e7];]=0,
> > > > > > > > Extkey[name=EXTENSION_LICENSE;type=class > > > > > > > > > > > > > >
java.lang.String;uuid=EXTENSION_LICENSE[8a61ad65-054c-4e31-9c6d-1ca4d60a4c18];]=ASL
> > > > > > > > 2.0, Extkey[name=EXTENSION_HOME_URL;type=class > > > > > > > > > > > > > >
java.lang.String;uuid=EXTENSION_HOME_URL[4ad7a2f4-f969-42d4-b399-72d192e18304];]=
> > > > > > > > http://www.ovirt.org , > > > > > > > > Extkey[name=EXTENSION_LOCALE;type=class > > > > > > > > > > > > > >
java.lang.String;uuid=EXTENSION_LOCALE[0780b112-0ce0-404a-b85e-8765d778bb29];]=en_US,
> > > > > > > > Extkey[name=EXTENSION_NAME;type=class > > > > > > > > > > > > > >
java.lang.String;uuid=EXTENSION_NAME[651381d3-f54f-4547-bf28-b0b01a103184];]=Kerberos/Ldap
> > > > > > > > Authz (Built-in), > > > > > > > > Extkey[name=EXTENSION_INTERFACE_VERSION_MIN;type=class > > > > > > > > > > > > > >
java.lang.Integer;uuid=EXTENSION_INTERFACE_VERSION_MIN[2b84fc91-305b-497b-a1d7-d961b9d2ce0b];]=0,
> > > > > > > > Extkey[name=EXTENSION_CONFIGURATION;type=class > > > > > > > > > > > > > >
java.util.Properties;uuid=EXTENSION_CONFIGURATION[2d48ab72-f0a1-4312-b4ae-5068a226b0fc];]=***,
> > > > > > > > Extkey[name=EXTENSION_AUTHOR;type=class > > > > > > > > > > > > > >
java.lang.String;uuid=EXTENSION_AUTHOR[ef242f7a-2dad-4bc5-9aad-e07018b7fbcc];]=The
> > > > > > > > oVirt Project, > > > > Extkey[name=AAA_AUTHZ_QUERY_MAX_FILTER_SIZE;type=class > > > > > > > > > > > > > >
java.lang.Integer;uuid=AAA_AUTHZ_QUERY_MAX_FILTER_SIZE[2eb1f541-0f65-44a1-a6e3-014e247595f5];]=100,
> > > > > > > > Extkey[name=EXTENSION_INSTANCE_NAME;type=class > > > > > > > > > > > > > >
java.lang.String;uuid=EXTENSION_INSTANCE_NAME[65c67ff6-aeca-4bd5-a245-8674327f011b];]=siee.local,
> > > > > > > > Extkey[name=EXTENSION_BUILD_INTERFACE_VERSION;type=class > > > > > > > > > > > > > >
java.lang.Integer;uuid=EXTENSION_BUILD_INTERFACE_VERSION[cb479e5a-4b23-46f8-aed3-56a4747a8ab7];]=0,
> > > > > > > > Extkey[name=AAA_AUTHZ_CAPABILITIES;type=class > > > > > > > > > > > > > >
java.lang.Long;uuid=AAA_AUTHZ_CAPABILITIES[6106d1fb-9291-4351-a947-b897b9540a23];]=1,
> > > > > > > > > > Extkey[name=EXTENSION_CONFIGURATION_SENSITIVE_KEYS;type=interface > > > > > > > > > > > > > >
java.util.Collection;uuid=EXTENSION_CONFIGURATION_SENSITIVE_KEYS[a456efa1-73ff-4204-9f9b-ebff01e35263];]=[],
> > > > > > > > Extkey[name=EXTENSION_GLOBAL_CONTEXT;type=class > > > > > > > > > > > > > >
org.ovirt.engine.api.extensions.ExtMap;uuid=EXTENSION_GLOBAL_CONTEXT[9799e72f-7af6-4cf1-bf08-297bc8903676];]=*skip*,
> > > > > > > > Extkey[name=EXTENSION_VERSION;type=class > > > > > > > > > > > > > >
java.lang.String;uuid=EXTENSION_VERSION[fe35f6a8-8239-4bdb-ab1a-af9f779ce68c];]=N/A,
> > > > > > > > Extkey[name=AAA_AUTHZ_AVAILABLE_NAMESPACES;type=interface > > > > > > > > > > > > > >
java.util.Collection;uuid=AAA_AUTHZ_AVAILABLE_NAMESPACES[6dffa34c-955f-486a-bd35-0a272b45a711];]=[*],
> > > > > > > > Extkey[name=EXTENSION_MANAGER_TRACE_LOG;type=interface > > > > > > > > > > > > > >
org.slf4j.Logger;uuid=EXTENSION_MANAGER_TRACE_LOG[863db666-3ea7-4751-9695-918a3197ad83];]=org.slf4j.impl.Slf4jLogger(org.ovirt.engine.core.extensions.mgr.ExtensionsManager.trace.Kerberos/Ldap
> > > > > > > > Authz (Built-in).siee.local), > > > > > > > > Extkey[name=EXTENSION_PROVIDES;type=interface > > > > > > > > > > > > > >
java.util.Collection;uuid=EXTENSION_PROVIDES[8cf373a6-65b5-4594-b828-0e275087de91];]=[org.ovirt.engine.api.extensions.aaa.Authz]},
> > > > > > > > Extkey[name=AAA_AUTHZ_QUERY_FLAGS;type=class > > > > > > > > > > > > > >
java.lang.Integer;uuid=AAA_AUTHZ_QUERY_FLAGS[97d226e9-8d87-49a0-9a7f-af689320907b];]=3,
> > > > > > > > Extkey[name=EXTENSION_INVOKE_COMMAND;type=class > > > > > > > > > > > > > >
org.ovirt.engine.api.extensions.ExtUUID;uuid=EXTENSION_INVOKE_COMMAND[485778ab-bede-4f1a-b823-77b262a2f28d];]=AAA_AUTHZ_FETCH_PRINCIPAL_RECORD[5a5bf9bb-9336-4376-a823-26efe1ba26df],
> > > > > > > > Extkey[name=AAA_AUTHN_AUTH_RECORD;type=class > > > > > > > > > > > > > >
org.ovirt.engine.api.extensions.ExtMap;uuid=AAA_AUTHN_AUTH_RECORD[e9462168-b53b-44ac-9af5-f25e1697173e];]={Extkey[name=AAA_AUTHN_AUTH_RECORD_PRINCIPAL;type=class
> > > > > > > > > > > > > >
java.lang.String;uuid=AAA_AUTHN_AUTH_RECORD_PRINCIPAL[c3498f07-11fe-464c-958c-8bd7490b119a];]=juanjo}}
> > > > > > > > Output: > > > > > > > > {Extkey[name=EXTENSION_INVOKE_RESULT;type=class > > > > > > > > > > > > > >
java.lang.Integer;uuid=EXTENSION_INVOKE_RESULT[0909d91d-8bde-40fb-b6c0-099c772ddd4e];]=2,
> > > > > > > > Extkey[name=AAA_AUTHZ_STATUS;type=class > > > > > > > > > > > > > >
java.lang.Integer;uuid=AAA_AUTHZ_STATUS[566f0ba5-8329-4de1-952a-7a81e4bedd3e];]=1}
> > > > > > > > > > > > > > > > at > > > > > > > > > > > > > >
org.ovirt.engine.core.extensions.mgr.ExtensionProxy.invoke(ExtensionProxy.java:91)
> > > > > > > > [extensions-manager.jar:] > > > > > > > > at > > > > > > > > > > > > > >
org.ovirt.engine.core.extensions.mgr.ExtensionProxy.invoke(ExtensionProxy.java:109)
> > > > > > > > [extensions-manager.jar:] > > > > > > > > at > > > > > > > > > > > > > >
org.ovirt.engine.core.aaa.AuthzUtils.fetchPrincipalRecordImpl(AuthzUtils.java:51)
> > > > > > > > [aaa.jar:] > > > > > > > > at > > > > > > > > > > > > > >
org.ovirt.engine.core.aaa.AuthzUtils.fetchPrincipalRecord(AuthzUtils.java:42)
> > > > > > > > [aaa.jar:] > > > > > > > > at > > > > > > > > > > > > > >
org.ovirt.engine.core.bll.aaa.LoginBaseCommand.isUserCanBeAuthenticated(LoginBaseCommand.java:234)
> > > > > > > > [bll.jar:] > > > > > > > > at > > > > > > > > > > > > > >
org.ovirt.engine.core.bll.aaa.LoginAdminUserCommand.canDoAction(LoginAdminUserCommand.java:15)
> > > > > > > > [bll.jar:] > > > > > > > > at > > > > > > > > > > > > > >
org.ovirt.engine.core.bll.CommandBase.internalCanDoAction(CommandBase.java:744)
> > > > > > > > [bll.jar:] > > > > > > > > at > > > > > > > > > > > > > >
org.ovirt.engine.core.bll.CommandBase.executeAction(CommandBase.java:338)
> > > > > > > > [bll.jar:] > > > > > > > > at org.ovirt.engine.core.bll.Backend.login(Backend.java:575) > > > > [bll.jar:] > > > > > > > > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native > > > > > > > > Method) > > > > > > > > [rt.jar:1.7.0_51] > > > > > > > > at > > > > > > > > > > > > > >
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
> > > > > > > > [rt.jar:1.7.0_51] > > > > > > > > at > > > > > > > > > > > > > >
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> > > > > > > > [rt.jar:1.7.0_51] > > > > > > > > at java.lang.reflect.Method.invoke(Method.java:606) > > > > [rt.jar:1.7.0_51] > > > > > > > > at > > > > > > > > > > > > > >
org.jboss.as.ee.component.ManagedReferenceMethodInterceptorFactory$ManagedReferenceMethodInterceptor.processInvocation(ManagedReferenceMethodInterceptorFactory.java:72)
> > > > > > > > [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] > > > > > > > > at > > > > > > > > > > > > > >
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
> > > > > > > > [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > > > > > > > > at > > > > > > > > > > > > > >
org.jboss.invocation.InterceptorContext$Invocation.proceed(InterceptorContext.java:374)
> > > > > > > > [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > > > > > > > > at > > > > > > > > > > > > > >
org.jboss.as.weld.ejb.Jsr299BindingsInterceptor.delegateInterception(Jsr299BindingsInterceptor.java:114)
> > > > > > > > [jboss-as-weld-7.1.1.Final.jar:7.1.1.Final] > > > > > > > > at > > > > > > > > > > > > > >
org.jboss.as.weld.ejb.Jsr299BindingsInterceptor.doMethodInterception(Jsr299BindingsInterceptor.java:125)
> > > > > > > > [jboss-as-weld-7.1.1.Final.jar:7.1.1.Final] > > > > > > > > at > > > > > > > > > > > > > >
org.jboss.as.weld.ejb.Jsr299BindingsInterceptor.processInvocation(Jsr299BindingsInterceptor.java:135)
> > > > > > > > [jboss-as-weld-7.1.1.Final.jar:7.1.1.Final] > > > > > > > > at > > > > > > > > > > > > > >
org.jboss.as.ee.component.interceptors.UserInterceptorFactory$1.processInvocation(UserInterceptorFactory.java:36)
> > > > > > > > [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] > > > > > > > > at > > > > > > > > > > > > > >
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
> > > > > > > > [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > > > > > > > > at > > > > > > > > > > > > > >
org.jboss.invocation.InterceptorContext$Invocation.proceed(InterceptorContext.java:374)
> > > > > > > > [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > > > > > > > > at > > > > > > > > > > > > > >
org.ovirt.engine.core.bll.interceptors.ThreadLocalSessionCleanerInterceptor.injectWebContextToThreadLocal(ThreadLocalSessionCleanerInterceptor.java:13)
> > > > > > > > [bll.jar:] > > > > > > > > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native > > > > > > > > Method) > > > > > > > > [rt.jar:1.7.0_51] > > > > > > > > at > > > > > > > > > > > > > >
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
> > > > > > > > [rt.jar:1.7.0_51] > > > > > > > > at > > > > > > > > > > > > > >
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> > > > > > > > [rt.jar:1.7.0_51] > > > > > > > > at java.lang.reflect.Method.invoke(Method.java:606) > > > > [rt.jar:1.7.0_51] > > > > > > > > at > > > > > > > > > > > > > >
org.jboss.as.ee.component.ManagedReferenceLifecycleMethodInterceptorFactory$ManagedReferenceLifecycleMethodInterceptor.processInvocation(ManagedReferenceLifecycleMethodInterceptorFactory.java:123)
> > > > > > > > [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] > > > > > > > > at > > > > > > > > > > > > > >
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
> > > > > > > > [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > > > > > > > > at > > > > > > > > > > > > > >
org.jboss.invocation.WeavedInterceptor.processInvocation(WeavedInterceptor.java:53)
> > > > > > > > [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > > > > > > > > at > > > > > > > > > > > > > >
org.jboss.as.ee.component.interceptors.UserInterceptorFactory$1.processInvocation(UserInterceptorFactory.java:36)
> > > > > > > > [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] > > > > > > > > at > > > > > > > > > > > > > >
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
> > > > > > > > [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > > > > > > > > at > > > > > > > > > > > > > >
org.jboss.as.weld.ejb.EjbRequestScopeActivationInterceptor.processInvocation(EjbRequestScopeActivationInterceptor.java:82)
> > > > > > > > [jboss-as-weld-7.1.1.Final.jar:7.1.1.Final] > > > > > > > > at > > > > > > > > > > > > > >
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
> > > > > > > > [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > > > > > > > > at > > > > > > > > > > > > > >
org.jboss.invocation.InitialInterceptor.processInvocation(InitialInterceptor.java:21)
> > > > > > > > [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > > > > > > > > at > > > > > > > > > > > > > >
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
> > > > > > > > [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > > > > > > > > at > > > > > > > > > > > > > >
org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61)
> > > > > > > > [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > > > > > > > > at > > > > > > > > > > > > > >
org.jboss.as.ee.component.interceptors.ComponentDispatcherInterceptor.processInvocation(ComponentDispatcherInterceptor.java:53)
> > > > > > > > [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] > > > > > > > > at > > > > > > > > > > > > > >
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
> > > > > > > > [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > > > > > > > > at > > > > > > > > > > > > > >
org.jboss.as.ejb3.component.singleton.SingletonComponentInstanceAssociationInterceptor.processInvocation(SingletonComponentInstanceAssociationInterceptor.java:53)
> > > > > > > > [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] > > > > > > > > at > > > > > > > > > > > > > >
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
> > > > > > > > [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > > > > > > > > at > > > > > > > > > > > > > >
org.jboss.as.ejb3.tx.CMTTxInterceptor.invokeInNoTx(CMTTxInterceptor.java:211)
> > > > > > > > [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] > > > > > > > > at > > > > > > > > > > > > > >
org.jboss.as.ejb3.tx.CMTTxInterceptor.supports(CMTTxInterceptor.java:363)
> > > > > > > > [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] > > > > > > > > at > > > > > > > > > > > > > >
org.jboss.as.ejb3.tx.CMTTxInterceptor.processInvocation(CMTTxInterceptor.java:194)
> > > > > > > > [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] > > > > > > > > at > > > > > > > > > > > > > >
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
> > > > > > > > [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > > > > > > > > at > > > > > > > > > > > > > >
org.jboss.as.ejb3.component.interceptors.CurrentInvocationContextInterceptor.processInvocation(CurrentInvocationContextInterceptor.java:41)
> > > > > > > > [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] > > > > > > > > at > > > > > > > > > > > > > >
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
> > > > > > > > [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > > > > > > > > at > > > > > > > > > > > > > >
org.jboss.as.ejb3.component.interceptors.LoggingInterceptor.processInvocation(LoggingInterceptor.java:59)
> > > > > > > > [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] > > > > > > > > at > > > > > > > > > > > > > >
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
> > > > > > > > [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > > > > > > > > at > > > > > > > > > > > > > >
org.jboss.as.ee.component.NamespaceContextInterceptor.processInvocation(NamespaceContextInterceptor.java:50)
> > > > > > > > [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] > > > > > > > > at > > > > > > > > > > > > > >
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
> > > > > > > > [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > > > > > > > > at > > > > > > > > > > > > > >
org.jboss.as.ee.component.TCCLInterceptor.processInvocation(TCCLInterceptor.java:45)
> > > > > > > > [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] > > > > > > > > at > > > > > > > > > > > > > >
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
> > > > > > > > [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > > > > > > > > at > > > > > > > > > > > > > >
org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61)
> > > > > > > > [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > > > > > > > > at > > > > > > > > > > > >
org.jboss.as.ee.component.ViewService$View.invoke(ViewService.java:165)
> > > > > > > > [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] > > > > > > > > at > > > > > > > > > > > > > >
org.jboss.as.ee.component.ViewDescription$1.processInvocation(ViewDescription.java:173)
> > > > > > > > [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] > > > > > > > > at > > > > > > > > > > > > > >
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
> > > > > > > > [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > > > > > > > > at > > > > > > > > > > > > > >
org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61)
> > > > > > > > [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > > > > > > > > at > > > > > > > > > > > > > >
org.jboss.as.ee.component.ProxyInvocationHandler.invoke(ProxyInvocationHandler.java:72)
> > > > > > > > [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] > > > > > > > > at > > > > > > > > > > > > > >
org.ovirt.engine.core.common.interfaces.BackendLocal$$$view7.login(Unknown
> > > > > > > > Source) [common.jar:] > > > > > > > > at > > > > > > > > > > > > > >
org.ovirt.engine.ui.frontend.server.gwt.GenericApiGWTServiceImpl.login(GenericApiGWTServiceImpl.java:183)
> > > > > > > > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native > > > > > > > > Method) > > > > > > > > [rt.jar:1.7.0_51] > > > > > > > > at > > > > > > > > > > > > > >
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
> > > > > > > > [rt.jar:1.7.0_51] > > > > > > > > at > > > > > > > > > > > > > >
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> > > > > > > > [rt.jar:1.7.0_51] > > > > > > > > at java.lang.reflect.Method.invoke(Method.java:606) > > > > [rt.jar:1.7.0_51] > > > > > > > > at > > > > com.google.gwt.rpc.server.RPC.invokeAndStreamResponse(RPC.java:196) > > > > > > > > at > > > > > > > > > > > >
com.google.gwt.rpc.server.RpcServlet.processCall(RpcServlet.java:172)
> > > > > > > > at > > > > > > > > > > > >
com.google.gwt.rpc.server.RpcServlet.processPost(RpcServlet.java:233)
> > > > > > > > at > > > > > > > > > > > > > >
com.google.gwt.user.server.rpc.AbstractRemoteServiceServlet.doPost(AbstractRemoteServiceServlet.java:62)
> > > > > > > > at > > > > > > > > javax.servlet.http.HttpServlet.service(HttpServlet.java:754) > > > > > > > > [jboss-servlet-api_3.0_spec-1.0.0.Final.jar:1.0.0.Final] > > > > > > > > at > > > > > > > > javax.servlet.http.HttpServlet.service(HttpServlet.java:847) > > > > > > > > [jboss-servlet-api_3.0_spec-1.0.0.Final.jar:1.0.0.Final] > > > > > > > > at > > > > > > > > > > > > > >
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:329)
> > > > > > > > at > > > > > > > > > > > > > >
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)
> > > > > > > > at > > > > > > > > > > > > > >
org.ovirt.engine.core.utils.servlet.HeaderFilter.doFilter(HeaderFilter.java:94)
> > > > > > > > [utils.jar:] > > > > > > > > at > > > > > > > > > > > > > >
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280)
> > > > > > > > at > > > > > > > > > > > > > >
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)
> > > > > > > > at > > > > > > > > > > > > > >
org.ovirt.engine.ui.frontend.server.gwt.GwtCachingFilter.doFilter(GwtCachingFilter.java:132)
> > > > > > > > at > > > > > > > > > > > > > >
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280)
> > > > > > > > at > > > > > > > > > > > > > >
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)
> > > > > > > > at > > > > > > > > > > > > > >
org.ovirt.engine.core.branding.BrandingFilter.doFilter(BrandingFilter.java:72)
> > > > > > > > at > > > > > > > > > > > > > >
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280)
> > > > > > > > at > > > > > > > > > > > > > >
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)
> > > > > > > > at > > > > > > > > > > > > > >
org.ovirt.engine.core.utils.servlet.LocaleFilter.doFilter(LocaleFilter.java:64)
> > > > > > > > [utils.jar:] > > > > > > > > at > > > > > > > > > > > > > >
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280)
> > > > > > > > at > > > > > > > > > > > > > >
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)
> > > > > > > > at > > > > > > > > > > > > > >
org.ovirt.engine.core.aaa.filters.SessionMgmtFilter.doFilter(SessionMgmtFilter.java:31)
> > > > > > > > [aaa.jar:] > > > > > > > > at > > > > > > > > > > > > > >
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280)
> > > > > > > > at > > > > > > > > > > > > > >
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)
> > > > > > > > at > > > > > > > > > > > > > >
org.ovirt.engine.core.aaa.filters.LoginFilter.doFilter(LoginFilter.java:73)
> > > > > > > > [aaa.jar:] > > > > > > > > at > > > > > > > > > > > > > >
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280)
> > > > > > > > at > > > > > > > > > > > > > >
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)
> > > > > > > > at > > > > > > > > > > > > > >
org.ovirt.engine.core.aaa.filters.NegotiationFilter.doFilter(NegotiationFilter.java:131)
> > > > > > > > [aaa.jar:] > > > > > > > > at > > > > > > > > > > > > > >
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280)
> > > > > > > > at > > > > > > > > > > > > > >
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)
> > > > > > > > at > > > > > > > > > > > > > >
org.ovirt.engine.core.aaa.filters.BasicAuthenticationFilter.doFilter(BasicAuthenticationFilter.java:75)
> > > > > > > > [aaa.jar:] > > > > > > > > at > > > > > > > > > > > > > >
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280)
> > > > > > > > at > > > > > > > > > > > > > >
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)
> > > > > > > > at > > > > > > > > > > > > > >
org.ovirt.engine.core.aaa.filters.SessionValidationFilter.doFilter(SessionValidationFilter.java:63)
> > > > > > > > [aaa.jar:] > > > > > > > > at > > > > > > > > > > > > > >
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280)
> > > > > > > > at > > > > > > > > > > > > > >
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)
> > > > > > > > at > > > > > > > > > > > > > >
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:275)
> > > > > > > > at > > > > > > > > > > > > > >
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:161)
> > > > > > > > at > > > > > > > > > > > > > >
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:489)
> > > > > > > > at > > > > > > > > > > > > > >
org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityContextAssociationValve.java:153)
> > > > > > > > at > > > > > > > > > > > > > >
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:155)
> > > > > > > > at > > > > > > > > > > > > > >
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
> > > > > > > > at > > org.jboss.web.rewrite.RewriteValve.invoke(RewriteValve.java:466) > > > > > > > > at > > > > > > > > > > > > > >
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
> > > > > > > > at > > > > > > > > > > > > > >
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:368)
> > > > > > > > at > > > > org.apache.coyote.ajp.AjpProcessor.process(AjpProcessor.java:505) > > > > > > > > at > > > > > > > > > > > > > >
org.apache.coyote.ajp.AjpProtocol$AjpConnectionHandler.process(AjpProtocol.java:445)
> > > > > > > > at > > > > > > > > > > > >
org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:930)
> > > > > > > > at java.lang.Thread.run(Thread.java:744) [rt.jar:1.7.0_51] > > > > > > > > > > > > > > > > I have not changed any password from any of my AD users. > > > > > > > > > > > > > > > > I have removed from my oVirt 3.5 the domain with: > > > > > > > > > > > > > > > > engine-manage-domains delete --domain=siee.local > > > > --user=Administrator > > > > > > > > > > > > > > > > And I have removed the domain without problems. But I want to > > add > > > > it > > > > > > > > again > > > > > > > > but I can't. I execute the bellow command, put
siee.local the password.. We option_name='LDAPSecurityAuthentication'" is: the
password
> > > > > > > > of > > my > > > > > > > > Administrator domain and I receive the error showed bellow: > > > > > > > > > > > > > > > > engine-manage-domains add --domain=SIEE.LOCAL --provider=ad > > > > > > > > --user=Administrator > > > > > > > > Enter password: > > > > > > > > No user in Directory was found for Administrator@SIEE.LOCAL. > > > > Trying > > > > > > > > next > > > > > > > > LDAP > > > > > > > > server in list > > > > > > > > Failure while testing domain siee.local. Details: No user > > > > information > > > > > > > > was > > > > > > > > found for user > > > > > > > > > > > > > > > > The password that I use is correct because I can login with > > user > > > > > > > > Administrator in the domain siee.local through a Windows 7 > > > > Enterprise > > > > > > > > client. All this issue comes after my upgrade to oVirt 3.5. > > Does > > > > > > > > someone > > > > > > > > help me with this problem?. If more info is needed or logs, > > please > > > > ask > > > > > > > > me. > > > > > > > > > > > > > > > > Many thanks in advanced, > > > > > > > > > > > > > > > > Juanjo > > > > > > > > > > > > > > > > _______________________________________________ > > > > > > > > Users mailing list > > > > > > > > Users@ovirt.org > > > > > > > > http://lists.ovirt.org/mailman/listinfo/users > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > >
participants (5)
-
Alon Bar-Lev -
Juan Jose -
Ondra Machacek -
Paul Robert Marino -
Yair Zaslavsky