[Users] tool engine-manage-domains
victor nunes
victor.rebli at gmail.com
Tue Dec 18 01:36:15 UTC 2012
So returning.
I got a machine, I installed Fedora 17 on it.
With that I managed to install FreeIPA.
FreeIPA configured, and managed to add the domain with the tool
"oVirt-manage-domains".
Created in FreeIPA users, set their passwords.
I gave permission for them.
However, I can only login with the admin user in the new domain.
With users that I created, is giving the following message:
Can not Login. User Password has expired, Please change your password.
So, I need to give any more permission for users to login?
Att,
2012/12/6 Yair Zaslavsky <yzaslavs at redhat.com>
>
>
> ------------------------------
>
> *From: *"victor nunes" <victor.rebli at gmail.com>
> *To: *"Yair Zaslavsky" <yzaslavs at redhat.com>
> *Cc: *users at ovirt.org, "Itamar Heim" <iheim at redhat.com>
> *Sent: *Thursday, December 6, 2012 2:14:49 AM
>
> *Subject: *Re: [Users] tool engine-manage-domains
>
> Hello,
>
> I'm going to do all these tests, but a question.
>
> I need to configure Kerberos on the server LDAP?
>
> Att,
>
> Yes.
>
>
>
> 2012/12/4 Yair Zaslavsky <yzaslavs at redhat.com>
>
>> Hi,
>> Several things -
>> a. I think logging at this point should be improved
>> b. Since the log is not informative enough, please try the following:
>> 1. Check that your credentials are correct
>> 2. Check you have no clock skew issue (the time difference between the
>> machine running manage-domains and your ldap server should be less or equal
>> to 5 minutes).
>> 3. Connection refused so there is some connectivity issue -
>> please query your ldap SRV records for the domain (IMHO dig SRV
>> _ldap._tcp.viperde.com.br should do the trick)
>> please try to connect to these ldap servers manually -
>>
>> For example, if the returned host from the dig SRV query is
>> aaa.viperde.com.br
>>
>> perform:
>> telnet aaa.viperde.com.br 389
>>
>> Turns out that I did not have telnet installed on my fc17 machine -
>> I used yum install telnet to install it.
>>
>> Kind regards,
>>
>> Yair
>>
>>
>> ------------------------------
>>
>> *From: *"victor nunes" <victor.rebli at gmail.com>
>> *To: *"Itamar Heim" <iheim at redhat.com>
>> *Cc: *"Yair Zaslavsky" <yzaslavs at redhat.com>, users at ovirt.org
>> *Sent: *Tuesday, December 4, 2012 3:28:56 AM
>> *Subject: *Re: [Users] tool engine-manage-domains
>>
>>
>> Thanks for the reply.
>>
>> I do not have another machine to the power configuar FreeIPA.
>>
>> I have a machine, I do not have access, which is an LDAP server installed
>> on it.
>> I configured a machine that is oVirt-manage as ldap client, I configured
>> the dns, but in time to include the domain happens the following error:
>>
>> Error: exception message: Connection refused
>> Failure while testing domain viprede.com.br. Details: Kerberos error.
>> Please check log for further Top details.
>>
>> in the logs, I have the following lines:
>>
>> 03/12/2012 20:25:26,390 INFO
>> [org.ovirt.engine.core.utils.kerberos.ManageDomains] Creating kerberos
>> configuration for domain (s): viprede.com.br
>> 03/12/2012 20:25:26,422 INFO
>> [org.ovirt.engine.core.utils.kerberos.ManageDomains] Successfully created
>> kerberos configuration for domain (s): viprede.com.br
>> 03/12/2012 20:25:26,422 INFO
>> [org.ovirt.engine.core.utils.kerberos.ManageDomains] Testing kerberos
>> configuration for domain: viprede.com.br.
>>
>> So what could be this error?
>>
>> 2012/11/29 Itamar Heim <iheim at redhat.com>
>>
>>> On 11/29/2012 05:58 AM, victor nunes wrote:
>>>
>>>>
>>>>
>>>> 2012/11/29 Yair Zaslavsky <yzaslavs at redhat.com <mailto:
>>>> yzaslavs at redhat.com>>
>>>>
>>>>
>>>> Hi,
>>>> Can you redirect your question to users at ovirt.org
>>>> <mailto:users at ovirt.org>?
>>>>
>>>> I think others will help you to forward your question to relevant
>>>> people here (not sure I can provide a good answer).
>>>>
>>>>
>>>>
>>>> On 11/29/2012 03:26 AM, victor nunes wrote:
>>>>
>>>> So I'm trying to install FreeIPA on the same machine that
>>>> oVirt-manage,
>>>> but at the time of installation, the following error occurs:
>>>>
>>>> FreeIPA-server conflicts with 1: mod_ssl-2.2.22-4.fc17.x86_64
>>>>
>>>>
>>>> Looking for a solution to the problem, I discovered that this is
>>>> a bug
>>>> reported by others.
>>>>
>>>> Follow the link to the bug reported:
>>>> https://bugzilla.redhat.com/__**show_bug.cgi?id=840098<https://bugzilla.redhat.com/__show_bug.cgi?id=840098>
>>>>
>>>> <https://bugzilla.redhat.com/**show_bug.cgi?id=840098<https://bugzilla.redhat.com/show_bug.cgi?id=840098>
>>>> >
>>>>
>>>> Then, using oo FreeIPA not be possible, which otherwise I have
>>>> to add
>>>> new domains and users?
>>>>
>>>> Em 8 de novembro de 2012 02:41, Yair Zaslavsky
>>>> <yzaslavs at redhat.com <mailto:yzaslavs at redhat.com>
>>>> <mailto:yzaslavs at redhat.com <mailto:yzaslavs at redhat.com>>>
>>>> escreveu:
>>>>
>>>>
>>>>
>>>> Hi,
>>>> You cannot create new users for the internal domain.
>>>> The internal domain was developed for quick POC, just to
>>>> allow login
>>>> to the system without the need for ldap provider.
>>>> I recommend you install some ldap server (i.e - free IPA)
>>>> and try to
>>>> work with it.
>>>>
>>>>
>>>>
>>>> On 11/08/2012 01:08 AM, victor nunes wrote:
>>>>
>>>> Sorry.
>>>>
>>>> Att,
>>>>
>>>> 2012/11/7 victor nunes <victor.rebli at gmail.com
>>>> <mailto:victor.rebli at gmail.com**>
>>>> <mailto:victor.rebli at gmail.com
>>>> <mailto:victor.rebli at gmail.com**>__>
>>>> <mailto:victor.rebli at gmail.com
>>>> <mailto:victor.rebli at gmail.com**> <mailto:
>>>> victor.rebli at gmail.com
>>>> <mailto:victor.rebli at gmail.com**>__>__>>
>>>>
>>>>
>>>>
>>>>
>>>> Thanks for the reply.
>>>>
>>>> As the command "engine-manage-domains" works with
>>>> ldap, how
>>>> can I
>>>> create another user in the field "internal", and
>>>> user
>>>> "admin" that
>>>> is created when you installed the engine-setup?
>>>>
>>>> 2012/11/4 Yair Zaslavsky <yzaslavs at redhat.com
>>>> <mailto:yzaslavs at redhat.com>
>>>> <mailto:yzaslavs at redhat.com <mailto:
>>>> yzaslavs at redhat.com>>
>>>> <mailto:yzaslavs at redhat.com
>>>> <mailto:yzaslavs at redhat.com> <mailto:yzaslavs at redhat.com
>>>> <mailto:yzaslavs at redhat.com>>>**>
>>>>
>>>>
>>>>
>>>> Hi,
>>>> The specified tool handle only ldap domains,
>>>> and not the
>>>> internal domain.
>>>> What would you like to change at the internal
>>>> domain?
>>>> I suggest you try to use engine-config for
>>>> this.
>>>>
>>>>
>>>>
>>>>
>>>> ------------------------------**____--------------------------*
>>>> *--__--__------------
>>>>
>>>>
>>>>
>>>> *From: *"victor nunes"
>>>> <victor.rebli at gmail.com <mailto:victor.rebli at gmail.com**>
>>>> <mailto:victor.rebli at gmail.com
>>>> <mailto:victor.rebli at gmail.com**>__>
>>>> <mailto:victor.rebli at gmail.com
>>>> <mailto:victor.rebli at gmail.com**>
>>>> <mailto:victor.rebli at gmail.com
>>>> <mailto:victor.rebli at gmail.com**>__>__>>
>>>>
>>>> *To: *users at ovirt.org
>>>> <mailto:users at ovirt.org> <mailto:users at ovirt.org
>>>> <mailto:users at ovirt.org>>
>>>> <mailto:users at ovirt.org <mailto:users at ovirt.org>
>>>> <mailto:users at ovirt.org <mailto:users at ovirt.org>>>
>>>>
>>>> *Sent: *Sunday, November 4, 2012 12:18:55
>>>> AM
>>>> *Subject: *[Users] tool
>>>> engine-manage-domains
>>>>
>>>>
>>>>
>>>> I'm trying to change the default domain,
>>>> the
>>>> "internal" with
>>>> the following command:
>>>>
>>>> engine-manage-domains -action=edit
>>>> -domain=internal
>>>>
>>>> However, i am getting the following
>>>> message:
>>>>
>>>> "Domain internal doesn't exist int the
>>>> configuration"
>>>>
>>>> This is my domain admin user that is
>>>> configured in the
>>>> installation ovirt-setup.
>>>>
>>>> So, how can i fix it to include a user in
>>>> this domain?
>>>>
>>>>
>>>> Att,
>>>>
>>>>
>>>>
>>>>
>>>> --
>>>> “Encarada do ponto de vista da juventude,
>>>> a vida
>>>> parece um
>>>> futuro
>>>> indefinidamente longo, ao passo que, na
>>>> velhice,
>>>> ela parece
>>>> um passado
>>>> deveras curto. Assim, a vida no seu
>>>> início se
>>>> apresenta do
>>>> mesmo modo
>>>> que as coisas quando as olhamos através
>>>> de um
>>>> binóculo usado
>>>> ao contrário; mas, ao
>>>> seu final, ela se parece com as coisas
>>>> tal qual
>>>> são vistas
>>>> quando o binóculo
>>>> é usado de modo normal. Um homem precisa
>>>> ter
>>>> envelhecido e
>>>> vivido
>>>> bastante para perceber como a vida é
>>>> curta”.
>>>>
>>>> (Poema de Arthur Schopenhauer)
>>>>
>>>>
>>>> ______________________________**_____________________
>>>>
>>>> Users mailing list
>>>> Users at ovirt.org <mailto:Users at ovirt.org> <mailto:
>>>> Users at ovirt.org
>>>> <mailto:Users at ovirt.org>> <mailto:Users at ovirt.org
>>>> <mailto:Users at ovirt.org>
>>>> <mailto:Users at ovirt.org <mailto:Users at ovirt.org>>>
>>>>
>>>> http://lists.ovirt.org/____**mailman/listinfo/users<http://lists.ovirt.org/____mailman/listinfo/users>
>>>> <http://lists.ovirt.org/__**mailman/listinfo/users<http://lists.ovirt.org/__mailman/listinfo/users>
>>>> >
>>>>
>>>>
>>>> <http://lists.ovirt.org/__**mailman/listinfo/users<http://lists.ovirt.org/__mailman/listinfo/users>
>>>> <http://lists.ovirt.org/**mailman/listinfo/users<http://lists.ovirt.org/mailman/listinfo/users>
>>>> >>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> --
>>>> “Encarada do ponto de vista da juventude, a vida
>>>> parece um
>>>> futuro
>>>> indefinidamente longo, ao passo que, na velhice,
>>>> ela parece
>>>> um passado
>>>> deveras curto. Assim, a vida no seu início se
>>>> apresenta do
>>>> mesmo modo
>>>> que as coisas quando as olhamos através de um
>>>> binóculo usado ao
>>>> contrário; mas, ao
>>>> seu final, ela se parece com as coisas tal qual
>>>> são vistas
>>>> quando o
>>>> binóculo
>>>> é usado de modo normal. Um homem precisa ter
>>>> envelhecido e
>>>> vivido
>>>> bastante para perceber como a vida é curta”.
>>>>
>>>> (Poema de Arthur Schopenhauer)
>>>>
>>>>
>>>>
>>>>
>>>> --
>>>> “Encarada do ponto de vista da juventude, a vida parece
>>>> um futuro
>>>> indefinidamente longo, ao passo que, na velhice, ela
>>>> parece um
>>>> passado
>>>> deveras curto. Assim, a vida no seu início se apresenta
>>>> do mesmo
>>>> modo
>>>> que as coisas quando as olhamos através de um binóculo
>>>> usado ao
>>>> contrário; mas, ao
>>>> seu final, ela se parece com as coisas tal qual são
>>>> vistas quando o
>>>> binóculo
>>>> é usado de modo normal. Um homem precisa ter
>>>> envelhecido e vivido
>>>> bastante para perceber como a vida é curta”.
>>>>
>>>> (Poema de Arthur Schopenhauer)
>>>>
>>>>
>>>>
>>>>
>>>> --
>>>> “Encarada do ponto de vista da juventude, a vida parece um
>>>> futuro
>>>> indefinidamente longo, ao passo que, na velhice, ela parece um
>>>> passado
>>>> deveras curto. Assim, a vida no seu início se apresenta do mesmo
>>>> modo
>>>> que as coisas quando as olhamos através de um binóculo usado ao
>>>> contrário; mas, ao
>>>> seu final, ela se parece com as coisas tal qual são vistas
>>>> quando o
>>>> binóculo
>>>> é usado de modo normal. Um homem precisa ter envelhecido e
>>>> vivido
>>>> bastante para perceber como a vida é curta”.
>>>>
>>>> (Poema de Arthur Schopenhauer)
>>>>
>>>>
>>>>
>>>>
>>>> --
>>>> “Encarada do ponto de vista da juventude, a vida parece um futuro
>>>> indefinidamente longo, ao passo que, na velhice, ela parece um passado
>>>> deveras curto. Assim, a vida no seu início se apresenta do mesmo modo
>>>> que as coisas quando as olhamos através de um binóculo usado ao
>>>> contrário; mas, ao
>>>> seu final, ela se parece com as coisas tal qual são vistas quando o
>>>> binóculo
>>>> é usado de modo normal. Um homem precisa ter envelhecido e vivido
>>>> bastante para perceber como a vida é curta”.
>>>>
>>>> (Poema de Arthur Schopenhauer)
>>>>
>>>>
>>>> ______________________________**_________________
>>>> Users mailing list
>>>> Users at ovirt.org
>>>> http://lists.ovirt.org/**mailman/listinfo/users<http://lists.ovirt.org/mailman/listinfo/users>
>>>>
>>>>
>>> there are three issues with installing freeipa on same machine as ovirt:
>>> 1. the mod_ssl, which is solvable, but requires some work on our side.
>>> 2. we faced some upgrade issues around this use case, though non are
>>> relevant right now iirc.
>>> 3. freeipa will override the default apache homepage redirection ovirt
>>> placed.
>>>
>>> have you considered running freeipa in a guest? you can still use
>>> admin at internal for issues with that guest if needed.
>>>
>>
>>
>>
>> --
>> “Encarada do ponto de vista da juventude, a vida parece um futuro
>> indefinidamente longo, ao passo que, na velhice, ela parece um passado
>> deveras curto. Assim, a vida no seu início se apresenta do mesmo modo
>> que as coisas quando as olhamos através de um binóculo usado ao
>> contrário; mas, ao
>> seu final, ela se parece com as coisas tal qual são vistas quando o
>> binóculo
>> é usado de modo normal. Um homem precisa ter envelhecido e vivido
>> bastante para perceber como a vida é curta”.
>>
>> (Poema de Arthur Schopenhauer)
>>
>>
>>
>
>
> --
> “Encarada do ponto de vista da juventude, a vida parece um futuro
> indefinidamente longo, ao passo que, na velhice, ela parece um passado
> deveras curto. Assim, a vida no seu início se apresenta do mesmo modo
> que as coisas quando as olhamos através de um binóculo usado ao contrário;
> mas, ao
> seu final, ela se parece com as coisas tal qual são vistas quando o
> binóculo
> é usado de modo normal. Um homem precisa ter envelhecido e vivido
> bastante para perceber como a vida é curta”.
>
> (Poema de Arthur Schopenhauer)
>
>
>
--
“Encarada do ponto de vista da juventude, a vida parece um futuro
indefinidamente longo, ao passo que, na velhice, ela parece um passado
deveras curto. Assim, a vida no seu início se apresenta do mesmo modo
que as coisas quando as olhamos através de um binóculo usado ao contrário;
mas, ao
seu final, ela se parece com as coisas tal qual são vistas quando o
binóculo
é usado de modo normal. Um homem precisa ter envelhecido e vivido
bastante para perceber como a vida é curta”.
(Poema de Arthur Schopenhauer)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ovirt.org/pipermail/users/attachments/20121217/68551d1f/attachment-0001.html>
More information about the Users
mailing list