[Users] tool engine-manage-domains
victor nunes
victor.rebli at gmail.com
Tue Dec 18 10:39:35 UTC 2012
In fact, I just created the user in FreeIPA, added and gave permission for
the user in oVirt, and tried to login with it.
Att,
2012/12/18 pstehlik <pstehlik at redhat.com>
> **
>
> Hi,
>
> indeed, looks like that. It can be easily checked by 'kinit my-user at domain'
> from IPA machine (or any client which uses correct settings in
> /etc/krb5.conf). In case you create user in ipa it's default policy will
> ask you for pwd change when auth performs for 1st time.
>
> P.
>
>
>
>
> On Tuesday 18 of December 2012 01:30:26 Yair Zaslavsky wrote:
>
> No,
>
> Have you tried to perform authentication using this user regardless of
> oVirt?
>
>
> My speculation (Pavel, Oved , can you approve?)
>
>
> it seems like your password policy might require to change the password at
> first login (I saw such password policy at ActiveDirectory ).
>
>
> Yair
> ------------------------------
>
> From: "victor nunes" <victor.rebli at gmail.com>
> To: "Yair Zaslavsky" <yzaslavs at redhat.com>
> Cc: users at ovirt.org
> Sent: Tuesday, December 18, 2012 3:36:15 AM
> Subject: Re: [Users] tool engine-manage-domains
>
>
> So returning.
>
>
> I got a machine, I installed Fedora 17 on it.
>
> With that I managed to install FreeIPA.
>
> FreeIPA configured, and managed to add the domain with the tool
>
> "oVirt-manage-domains".
>
>
> Created in FreeIPA users, set their passwords.
>
> I gave permission for them.
>
> However, I can only login with the admin user in the new domain.
>
> With users that I created, is giving the following message:
>
>
> Can not Login. User Password has expired, Please change your password.
>
>
> So, I need to give any more permission for users to login?
>
>
>
> Att,
>
> 2012/12/6 Yair Zaslavsky <yzaslavs at redhat.com>
>
>
>
> ------------------------------
>
> From: "victor nunes" <victor.rebli at gmail.com>
> To: "Yair Zaslavsky" <yzaslavs at redhat.com>
> Cc: users at ovirt.org, "Itamar Heim" <iheim at redhat.com>
> Sent: Thursday, December 6, 2012 2:14:49 AM
>
>
> Subject: Re: [Users] tool engine-manage-domains
>
> Hello,
>
>
> I'm going to do all these tests, but a question.
>
>
> I need to configure Kerberos on the server LDAP?
>
>
> Att,
>
> Yes.
>
>
>
>
> 2012/12/4 Yair Zaslavsky <yzaslavs at redhat.com>
>
> Hi,
>
> Several things -
>
> a. I think logging at this point should be improved
>
> b. Since the log is not informative enough, please try the following:
>
> 1. Check that your credentials are correct
>
> 2. Check you have no clock skew issue (the time difference between the
> machine running manage-domains and your ldap server should be less or equal
> to 5 minutes).
>
> 3. Connection refused so there is some connectivity issue -
>
> please query your ldap SRV records for the domain (IMHO dig SRV _ldap._tcp.
> viperde.com.br should do the trick)
>
> please try to connect to these ldap servers manually -
>
>
> For example, if the returned host from the dig SRV query is
>
> aaa.viperde.com.br
>
>
> perform:
>
> telnet aaa.viperde.com.br 389
>
>
> Turns out that I did not have telnet installed on my fc17 machine -
>
> I used yum install telnet to install it.
>
>
> Kind regards,
>
>
> Yair
>
>
>
> ------------------------------
>
> From: "victor nunes" <victor.rebli at gmail.com>
> To: "Itamar Heim" <iheim at redhat.com>
> Cc: "Yair Zaslavsky" <yzaslavs at redhat.com>, users at ovirt.org
> Sent: Tuesday, December 4, 2012 3:28:56 AM
> Subject: Re: [Users] tool engine-manage-domains
>
>
>
> Thanks for the reply.
>
>
> I do not have another machine to the power configuar FreeIPA.
>
>
> I have a machine, I do not have access, which is an LDAP server installed
> on it.
>
> I configured a machine that is oVirt-manage as ldap client, I configured
> the dns, but in time to include the domain happens the following error:
>
>
> Error: exception message: Connection refused
>
> Failure while testing domain viprede.com.br. Details: Kerberos error.
> Please check log for further Top details.
>
>
> in the logs, I have the following lines:
>
>
> 03/12/2012 20:25:26,390 INFO
> [org.ovirt.engine.core.utils.kerberos.ManageDomains] Creating kerberos
> configuration for domain (s): viprede.com.br
>
> 03/12/2012 20:25:26,422 INFO
> [org.ovirt.engine.core.utils.kerberos.ManageDomains] Successfully created
> kerberos configuration for domain (s): viprede.com.br
>
> 03/12/2012 20:25:26,422 INFO
> [org.ovirt.engine.core.utils.kerberos.ManageDomains] Testing kerberos
> configuration for domain: viprede.com.br.
>
>
> So what could be this error?
>
> 2012/11/29 Itamar Heim <iheim at redhat.com>
>
> On 11/29/2012 05:58 AM, victor nunes wrote:
>
>
>
> 2012/11/29 Yair Zaslavsky <yzaslavs at redhat.com <mailto:yzaslavs at redhat.com
> >>
>
>
>
> Hi,
> Can you redirect your question to users at ovirt.org
>
> <mailto:users at ovirt.org>?
>
>
> I think others will help you to forward your question to relevant
> people here (not sure I can provide a good answer).
>
>
>
> On 11/29/2012 03:26 AM, victor nunes wrote:
>
> So I'm trying to install FreeIPA on the same machine that
> oVirt-manage,
> but at the time of installation, the following error occurs:
>
> FreeIPA-server conflicts with 1: mod_ssl-2.2.22-4.fc17.x86_64
>
>
> Looking for a solution to the problem, I discovered that this is
> a bug
> reported by others.
>
> Follow the link to the bug reported:
> https://bugzilla.redhat.com/__show_bug.cgi?id=840098
>
>
> <https://bugzilla.redhat.com/show_bug.cgi?id=840098>
>
> Then, using oo FreeIPA not be possible, which otherwise I have
> to add
> new domains and users?
>
> Em 8 de novembro de 2012 02:41, Yair Zaslavsky
> <yzaslavs at redhat.com <mailto:yzaslavs at redhat.com>
>
> <mailto:yzaslavs at redhat.com <mailto:yzaslavs at redhat.com>>>
> escreveu:
>
>
>
>
> Hi,
> You cannot create new users for the internal domain.
> The internal domain was developed for quick POC, just to
> allow login
> to the system without the need for ldap provider.
> I recommend you install some ldap server (i.e - free IPA)
> and try to
> work with it.
>
>
>
> On 11/08/2012 01:08 AM, victor nunes wrote:
>
> Sorry.
>
> Att,
>
> 2012/11/7 victor nunes <victor.rebli at gmail.com
> <mailto:victor.rebli at gmail.com>
> <mailto:victor.rebli at gmail.com
> <mailto:victor.rebli at gmail.com>__>
> <mailto:victor.rebli at gmail.com
> <mailto:victor.rebli at gmail.com> <mailto:victor.rebli at gmail.com
>
> <mailto:victor.rebli at gmail.com>__>__>>
>
>
>
>
>
> Thanks for the reply.
>
> As the command "engine-manage-domains" works with
> ldap, how
> can I
> create another user in the field "internal", and user
> "admin" that
> is created when you installed the engine-setup?
>
> 2012/11/4 Yair Zaslavsky <yzaslavs at redhat.com
> <mailto:yzaslavs at redhat.com>
> <mailto:yzaslavs at redhat.com <mailto:yzaslavs at redhat.com>>
> <mailto:yzaslavs at redhat.com
> <mailto:yzaslavs at redhat.com> <mailto:yzaslavs at redhat.com
> <mailto:yzaslavs at redhat.com>>>>
>
>
>
> Hi,
> The specified tool handle only ldap domains,
> and not the
> internal domain.
> What would you like to change at the internal
> domain?
> I suggest you try to use engine-config for this.
>
>
>
>
>
> ------------------------------____----------------------------__--__------------
>
>
>
>
> *From: *"victor nunes"
> <victor.rebli at gmail.com <mailto:victor.rebli at gmail.com>
> <mailto:victor.rebli at gmail.com
> <mailto:victor.rebli at gmail.com>__>
>
> <mailto:victor.rebli at gmail.com
> <mailto:victor.rebli at gmail.com>
> <mailto:victor.rebli at gmail.com
>
> <mailto:victor.rebli at gmail.com>__>__>>
>
>
> *To: *users at ovirt.org
> <mailto:users at ovirt.org> <mailto:users at ovirt.org
> <mailto:users at ovirt.org>>
> <mailto:users at ovirt.org <mailto:users at ovirt.org>
> <mailto:users at ovirt.org <mailto:users at ovirt.org>>>
>
> *Sent: *Sunday, November 4, 2012 12:18:55 AM
> *Subject: *[Users] tool engine-manage-domains
>
>
>
> I'm trying to change the default domain, the
> "internal" with
> the following command:
>
> engine-manage-domains -action=edit
> -domain=internal
>
> However, i am getting the following message:
>
> "Domain internal doesn't exist int the
> configuration"
>
> This is my domain admin user that is
> configured in the
> installation ovirt-setup.
>
> So, how can i fix it to include a user in
> this domain?
>
>
> Att,
>
>
>
>
> --
> “Encarada do ponto de vista da juventude,
> a vida
> parece um
> futuro
> indefinidamente longo, ao passo que, na
> velhice,
> ela parece
> um passado
> deveras curto. Assim, a vida no seu início se
> apresenta do
> mesmo modo
> que as coisas quando as olhamos através de um
> binóculo usado
> ao contrário; mas, ao
> seu final, ela se parece com as coisas
> tal qual
> são vistas
> quando o binóculo
> é usado de modo normal. Um homem precisa ter
> envelhecido e
> vivido
> bastante para perceber como a vida é curta”.
>
> (Poema de Arthur Schopenhauer)
>
>
> ___________________________________________________
>
>
> Users mailing list
> Users at ovirt.org <mailto:Users at ovirt.org> <mailto:Users at ovirt.org
>
> <mailto:Users at ovirt.org>> <mailto:Users at ovirt.org
> <mailto:Users at ovirt.org>
> <mailto:Users at ovirt.org <mailto:Users at ovirt.org>>>
>
> http://lists.ovirt.org/____mailman/listinfo/users
> <http://lists.ovirt.org/__mailman/listinfo/users>
>
>
>
> <http://lists.ovirt.org/__mailman/listinfo/users
> <http://lists.ovirt.org/mailman/listinfo/users>>
>
>
>
>
>
> --
> “Encarada do ponto de vista da juventude, a vida
> parece um
> futuro
> indefinidamente longo, ao passo que, na velhice,
> ela parece
> um passado
> deveras curto. Assim, a vida no seu início se
> apresenta do
> mesmo modo
> que as coisas quando as olhamos através de um
> binóculo usado ao
> contrário; mas, ao
> seu final, ela se parece com as coisas tal qual
> são vistas
> quando o
> binóculo
> é usado de modo normal. Um homem precisa ter
> envelhecido e
> vivido
> bastante para perceber como a vida é curta”.
>
> (Poema de Arthur Schopenhauer)
>
>
>
>
> --
> “Encarada do ponto de vista da juventude, a vida parece
> um futuro
> indefinidamente longo, ao passo que, na velhice, ela
> parece um
> passado
> deveras curto. Assim, a vida no seu início se apresenta
> do mesmo
> modo
> que as coisas quando as olhamos através de um binóculo
> usado ao
> contrário; mas, ao
> seu final, ela se parece com as coisas tal qual são
> vistas quando o
> binóculo
> é usado de modo normal. Um homem precisa ter
> envelhecido e vivido
> bastante para perceber como a vida é curta”.
>
> (Poema de Arthur Schopenhauer)
>
>
>
>
> --
> “Encarada do ponto de vista da juventude, a vida parece um futuro
> indefinidamente longo, ao passo que, na velhice, ela parece um
> passado
> deveras curto. Assim, a vida no seu início se apresenta do mesmo
> modo
> que as coisas quando as olhamos através de um binóculo usado ao
> contrário; mas, ao
> seu final, ela se parece com as coisas tal qual são vistas quando
> o
> binóculo
> é usado de modo normal. Um homem precisa ter envelhecido e vivido
> bastante para perceber como a vida é curta”.
>
> (Poema de Arthur Schopenhauer)
>
>
>
>
> --
> “Encarada do ponto de vista da juventude, a vida parece um futuro
> indefinidamente longo, ao passo que, na velhice, ela parece um passado
> deveras curto. Assim, a vida no seu início se apresenta do mesmo modo
> que as coisas quando as olhamos através de um binóculo usado ao
> contrário; mas, ao
> seu final, ela se parece com as coisas tal qual são vistas quando o
> binóculo
> é usado de modo normal. Um homem precisa ter envelhecido e vivido
> bastante para perceber como a vida é curta”.
>
> (Poema de Arthur Schopenhauer)
>
>
> _______________________________________________
> Users mailing list
> Users at ovirt.org
>
> http://lists.ovirt.org/mailman/listinfo/users
>
>
> there are three issues with installing freeipa on same machine as ovirt:
> 1. the mod_ssl, which is solvable, but requires some work on our side.
> 2. we faced some upgrade issues around this use case, though non are
> relevant right now iirc.
> 3. freeipa will override the default apache homepage redirection ovirt
> placed.
>
> have you considered running freeipa in a guest? you can still use
> admin at internal for issues with that guest if needed.
>
>
>
>
> --
> “Encarada do ponto de vista da juventude, a vida parece um futuro
> indefinidamente longo, ao passo que, na velhice, ela parece um passado
> deveras curto. Assim, a vida no seu início se apresenta do mesmo modo
> que as coisas quando as olhamos através de um binóculo usado ao contrário;
> mas, ao
> seu final, ela se parece com as coisas tal qual são vistas quando o
> binóculo
> é usado de modo normal. Um homem precisa ter envelhecido e vivido
> bastante para perceber como a vida é curta”.
>
> (Poema de Arthur Schopenhauer)
>
>
>
>
>
> --
> “Encarada do ponto de vista da juventude, a vida parece um futuro
> indefinidamente longo, ao passo que, na velhice, ela parece um passado
> deveras curto. Assim, a vida no seu início se apresenta do mesmo modo
> que as coisas quando as olhamos através de um binóculo usado ao contrário;
> mas, ao
> seu final, ela se parece com as coisas tal qual são vistas quando o
> binóculo
> é usado de modo normal. Um homem precisa ter envelhecido e vivido
> bastante para perceber como a vida é curta”.
>
> (Poema de Arthur Schopenhauer)
>
>
>
>
>
> --
> “Encarada do ponto de vista da juventude, a vida parece um futuro
> indefinidamente longo, ao passo que, na velhice, ela parece um passado
> deveras curto. Assim, a vida no seu início se apresenta do mesmo modo
> que as coisas quando as olhamos através de um binóculo usado ao contrário;
> mas, ao
> seu final, ela se parece com as coisas tal qual são vistas quando o
> binóculo
> é usado de modo normal. Um homem precisa ter envelhecido e vivido
> bastante para perceber como a vida é curta”.
>
> (Poema de Arthur Schopenhauer)
>
>
>
>
>
--
“Encarada do ponto de vista da juventude, a vida parece um futuro
indefinidamente longo, ao passo que, na velhice, ela parece um passado
deveras curto. Assim, a vida no seu início se apresenta do mesmo modo
que as coisas quando as olhamos através de um binóculo usado ao contrário;
mas, ao
seu final, ela se parece com as coisas tal qual são vistas quando o
binóculo
é usado de modo normal. Um homem precisa ter envelhecido e vivido
bastante para perceber como a vida é curta”.
(Poema de Arthur Schopenhauer)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ovirt.org/pipermail/users/attachments/20121218/50de47fe/attachment-0001.html>
More information about the Users
mailing list