[Users] tool engine-manage-domains
pstehlik
pstehlik at redhat.com
Tue Dec 18 08:41:04 UTC 2012
Hi,
indeed, looks like that. It can be easily checked by 'kinit my-user at domain'
from IPA machine (or any client which uses correct settings in
/etc/krb5.conf). In case you create user in ipa it's default policy will ask
you for pwd change when auth performs for 1st time.
P.
On Tuesday 18 of December 2012 01:30:26 Yair Zaslavsky wrote:
No,
Have you tried to perform authentication using this user regardless of oVirt?
My speculation (Pavel, Oved , can you approve?)
it seems like your password policy might require to change the password at
first login (I saw such password policy at ActiveDirectory ).
Yair
From: "victor nunes" <victor.rebli at gmail.com>
To: "Yair Zaslavsky" <yzaslavs at redhat.com>
Cc: users at ovirt.org
Sent: Tuesday, December 18, 2012 3:36:15 AM
Subject: Re: [Users] tool engine-manage-domains
So returning.
I got a machine, I installed Fedora 17 on it.
With that I managed to install FreeIPA.
FreeIPA configured, and managed to add the domain with the tool
"oVirt-manage-domains".
Created in FreeIPA users, set their passwords.
I gave permission for them.
However, I can only login with the admin user in the new domain.
With users that I created, is giving the following message:
Can not Login. User Password has expired, Please change your password.
So, I need to give any more permission for users to login?
Att,
2012/12/6 Yair Zaslavsky <yzaslavs at redhat.com>
From: "victor nunes" <victor.rebli at gmail.com>
To: "Yair Zaslavsky" <yzaslavs at redhat.com>
Cc: users at ovirt.org, "Itamar Heim" <iheim at redhat.com>
Sent: Thursday, December 6, 2012 2:14:49 AM
Subject: Re: [Users] tool engine-manage-domains
Hello,
I'm going to do all these tests, but a question.
I need to configure Kerberos on the server LDAP?
Att,
Yes.
2012/12/4 Yair Zaslavsky <yzaslavs at redhat.com>
Hi,
Several things -
a. I think logging at this point should be improved
b. Since the log is not informative enough, please try the following:
1. Check that your credentials are correct
2. Check you have no clock skew issue (the time difference between the machine
running manage-domains and your ldap server should be less or equal to 5
minutes).
3. Connection refused so there is some connectivity issue -
please query your ldap SRV records for the domain (IMHO dig SRV
_ldap._tcp.viperde.com.br should do the trick)
please try to connect to these ldap servers manually -
For example, if the returned host from the dig SRV query is
aaa.viperde.com.br
perform:
telnet aaa.viperde.com.br 389
Turns out that I did not have telnet installed on my fc17 machine -
I used yum install telnet to install it.
Kind regards,
Yair
From: "victor nunes" <victor.rebli at gmail.com>
To: "Itamar Heim" <iheim at redhat.com>
Cc: "Yair Zaslavsky" <yzaslavs at redhat.com>, users at ovirt.org
Sent: Tuesday, December 4, 2012 3:28:56 AM
Subject: Re: [Users] tool engine-manage-domains
Thanks for the reply.
I do not have another machine to the power configuar FreeIPA.
I have a machine, I do not have access, which is an LDAP server installed on
it.
I configured a machine that is oVirt-manage as ldap client, I configured the
dns, but in time to include the domain happens the following error:
Error: exception message: Connection refused
Failure while testing domain viprede.com.br. Details: Kerberos error. Please
check log for further Top details.
in the logs, I have the following lines:
03/12/2012 20:25:26,390 INFO
[org.ovirt.engine.core.utils.kerberos.ManageDomains] Creating kerberos
configuration for domain (s): viprede.com.br
03/12/2012 20:25:26,422 INFO
[org.ovirt.engine.core.utils.kerberos.ManageDomains] Successfully created
kerberos configuration for domain (s): viprede.com.br
03/12/2012 20:25:26,422 INFO
[org.ovirt.engine.core.utils.kerberos.ManageDomains] Testing kerberos
configuration for domain: viprede.com.br.
So what could be this error?
2012/11/29 Itamar Heim <iheim at redhat.com>
On 11/29/2012 05:58 AM, victor nunes wrote:
2012/11/29 Yair Zaslavsky <yzaslavs at redhat.com <mailto:yzaslavs at redhat.com>>
Hi,
Can you redirect your question to users at ovirt.org
<mailto:users at ovirt.org>?
I think others will help you to forward your question to relevant
people here (not sure I can provide a good answer).
On 11/29/2012 03:26 AM, victor nunes wrote:
So I'm trying to install FreeIPA on the same machine that
oVirt-manage,
but at the time of installation, the following error occurs:
FreeIPA-server conflicts with 1: mod_ssl-2.2.22-4.fc17.x86_64
Looking for a solution to the problem, I discovered that this is
a bug
reported by others.
Follow the link to the bug reported:
https://bugzilla.redhat.com/__show_bug.cgi?id=840098
<https://bugzilla.redhat.com/show_bug.cgi?id=840098>
Then, using oo FreeIPA not be possible, which otherwise I have
to add
new domains and users?
Em 8 de novembro de 2012 02:41, Yair Zaslavsky
<yzaslavs at redhat.com <mailto:yzaslavs at redhat.com>
<mailto:yzaslavs at redhat.com <mailto:yzaslavs at redhat.com>>> escreveu:
Hi,
You cannot create new users for the internal domain.
The internal domain was developed for quick POC, just to
allow login
to the system without the need for ldap provider.
I recommend you install some ldap server (i.e - free IPA)
and try to
work with it.
On 11/08/2012 01:08 AM, victor nunes wrote:
Sorry.
Att,
2012/11/7 victor nunes <victor.rebli at gmail.com
<mailto:victor.rebli at gmail.com>
<mailto:victor.rebli at gmail.com
<mailto:victor.rebli at gmail.com>__>
<mailto:victor.rebli at gmail.com
<mailto:victor.rebli at gmail.com> <mailto:victor.rebli at gmail.com
<mailto:victor.rebli at gmail.com>__>__>>
Thanks for the reply.
As the command "engine-manage-domains" works with
ldap, how
can I
create another user in the field "internal", and user
"admin" that
is created when you installed the engine-setup?
2012/11/4 Yair Zaslavsky <yzaslavs at redhat.com
<mailto:yzaslavs at redhat.com>
<mailto:yzaslavs at redhat.com <mailto:yzaslavs at redhat.com>>
<mailto:yzaslavs at redhat.com
<mailto:yzaslavs at redhat.com> <mailto:yzaslavs at redhat.com
<mailto:yzaslavs at redhat.com>>>>
Hi,
The specified tool handle only ldap domains,
and not the
internal domain.
What would you like to change at the internal
domain?
I suggest you try to use engine-config for this.
------------------------------____----------------------------__--
__------------
*From: *"victor nunes"
<victor.rebli at gmail.com <mailto:victor.rebli at gmail.com>
<mailto:victor.rebli at gmail.com
<mailto:victor.rebli at gmail.com>__>
<mailto:victor.rebli at gmail.com
<mailto:victor.rebli at gmail.com>
<mailto:victor.rebli at gmail.com
<mailto:victor.rebli at gmail.com>__>__>>
*To: *users at ovirt.org
<mailto:users at ovirt.org> <mailto:users at ovirt.org
<mailto:users at ovirt.org>>
<mailto:users at ovirt.org <mailto:users at ovirt.org>
<mailto:users at ovirt.org <mailto:users at ovirt.org>>>
*Sent: *Sunday, November 4, 2012 12:18:55 AM
*Subject: *[Users] tool engine-manage-domains
I'm trying to change the default domain, the
"internal" with
the following command:
engine-manage-domains -action=edit
-domain=internal
However, i am getting the following message:
"Domain internal doesn't exist int the
configuration"
This is my domain admin user that is
configured in the
installation ovirt-setup.
So, how can i fix it to include a user in
this domain?
Att,
--
“Encarada do ponto de vista da juventude,
a vida
parece um
futuro
indefinidamente longo, ao passo que, na
velhice,
ela parece
um passado
deveras curto. Assim, a vida no seu início se
apresenta do
mesmo modo
que as coisas quando as olhamos através de um
binóculo usado
ao contrário; mas, ao
seu final, ela se parece com as coisas
tal qual
são vistas
quando o binóculo
é usado de modo normal. Um homem precisa ter
envelhecido e
vivido
bastante para perceber como a vida é curta”.
(Poema de Arthur Schopenhauer)
___________________________________________________
Users mailing list
Users at ovirt.org <mailto:Users at ovirt.org> <mailto:Users at ovirt.org
<http://lists.ovirt.org/__mailman/listinfo/users
<http://lists.ovirt.org/mailman/listinfo/users>>
--
“Encarada do ponto de vista da juventude, a vida
parece um
futuro
indefinidamente longo, ao passo que, na velhice,
ela parece
um passado
deveras curto. Assim, a vida no seu início se
apresenta do
mesmo modo
que as coisas quando as olhamos através de um
binóculo usado ao
contrário; mas, ao
seu final, ela se parece com as coisas tal qual
são vistas
quando o
binóculo
é usado de modo normal. Um homem precisa ter
envelhecido e
vivido
bastante para perceber como a vida é curta”.
(Poema de Arthur Schopenhauer)
--
“Encarada do ponto de vista da juventude, a vida parece
um futuro
indefinidamente longo, ao passo que, na velhice, ela
parece um
passado
deveras curto. Assim, a vida no seu início se apresenta
do mesmo
modo
que as coisas quando as olhamos através de um binóculo
usado ao
contrário; mas, ao
seu final, ela se parece com as coisas tal qual são
vistas quando o
binóculo
é usado de modo normal. Um homem precisa ter
envelhecido e vivido
bastante para perceber como a vida é curta”.
(Poema de Arthur Schopenhauer)
--
“Encarada do ponto de vista da juventude, a vida parece um futuro
indefinidamente longo, ao passo que, na velhice, ela parece um
passado
deveras curto. Assim, a vida no seu início se apresenta do mesmo
modo
que as coisas quando as olhamos através de um binóculo usado ao
contrário; mas, ao
seu final, ela se parece com as coisas tal qual são vistas quando o
binóculo
é usado de modo normal. Um homem precisa ter envelhecido e vivido
bastante para perceber como a vida é curta”.
(Poema de Arthur Schopenhauer)
--
“Encarada do ponto de vista da juventude, a vida parece um futuro
indefinidamente longo, ao passo que, na velhice, ela parece um passado
deveras curto. Assim, a vida no seu início se apresenta do mesmo modo
que as coisas quando as olhamos através de um binóculo usado ao
contrário; mas, ao
seu final, ela se parece com as coisas tal qual são vistas quando o
binóculo
é usado de modo normal. Um homem precisa ter envelhecido e vivido
bastante para perceber como a vida é curta”.
(Poema de Arthur Schopenhauer)
_______________________________________________
Users mailing list
Users at ovirt.org
http://lists.ovirt.org/mailman/listinfo/users
there are three issues with installing freeipa on same machine as ovirt:
1. the mod_ssl, which is solvable, but requires some work on our side.
2. we faced some upgrade issues around this use case, though non are relevant
right now iirc.
3. freeipa will override the default apache homepage redirection ovirt placed.
have you considered running freeipa in a guest? you can still use
admin at internal for issues with that guest if needed.
--
“Encarada do ponto de vista da juventude, a vida parece um futuro
indefinidamente longo, ao passo que, na velhice, ela parece um passado
deveras curto. Assim, a vida no seu início se apresenta do mesmo modo
que as coisas quando as olhamos através de um binóculo usado ao contrário;
mas, ao
seu final, ela se parece com as coisas tal qual são vistas quando o binóculo
é usado de modo normal. Um homem precisa ter envelhecido e vivido
bastante para perceber como a vida é curta”.
(Poema de Arthur Schopenhauer)
--
“Encarada do ponto de vista da juventude, a vida parece um futuro
indefinidamente longo, ao passo que, na velhice, ela parece um passado
deveras curto. Assim, a vida no seu início se apresenta do mesmo modo
que as coisas quando as olhamos através de um binóculo usado ao contrário;
mas, ao
seu final, ela se parece com as coisas tal qual são vistas quando o binóculo
é usado de modo normal. Um homem precisa ter envelhecido e vivido
bastante para perceber como a vida é curta”.
(Poema de Arthur Schopenhauer)
--
“Encarada do ponto de vista da juventude, a vida parece um futuro
indefinidamente longo, ao passo que, na velhice, ela parece um passado
deveras curto. Assim, a vida no seu início se apresenta do mesmo modo
que as coisas quando as olhamos através de um binóculo usado ao contrário;
mas, ao
seu final, ela se parece com as coisas tal qual são vistas quando o binóculo
é usado de modo normal. Um homem precisa ter envelhecido e vivido
bastante para perceber como a vida é curta”.
(Poema de Arthur Schopenhauer)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ovirt.org/pipermail/users/attachments/20121218/025f0cf6/attachment-0001.html>
More information about the Users
mailing list