[Users] tool engine-manage-domains
Yair Zaslavsky
yzaslavs at redhat.com
Tue Dec 18 11:05:48 UTC 2012
----- Original Message -----
> From: "victor nunes" <victor.rebli at gmail.com>
> To: "pstehlik" <pstehlik at redhat.com>
> Cc: "Yair Zaslavsky" <yzaslavs at redhat.com>, users at ovirt.org, "Oved
> Ourfalli" <oourfali at redhat.com>
> Sent: Tuesday, December 18, 2012 12:39:35 PM
> Subject: Re: [Users] tool engine-manage-domains
> In fact, I just created the user in FreeIPA, added and gave
> permission for the user in oVirt, and tried to login with it.
> Att,
> Look at Pavel's comment -
> This is indeed the problem. We do not support password change via
> oVirt - you must set a proper policy via freeIPA.
> 2012/12/18 pstehlik < pstehlik at redhat.com >
> > Hi,
>
> > indeed, looks like that. It can be easily checked by 'kinit
> > my-user at domain' from IPA machine (or any client which uses correct
> > settings in /etc/krb5.conf). In case you create user in ipa it's
> > default policy will ask you for pwd change when auth performs for
> > 1st time.
>
> > P.
>
> > On Tuesday 18 of December 2012 01:30:26 Yair Zaslavsky wrote:
>
> > No,
>
> > Have you tried to perform authentication using this user regardless
> > of oVirt?
>
> > My speculation (Pavel, Oved , can you approve?)
>
> > it seems like your password policy might require to change the
> > password at first login (I saw such password policy at
> > ActiveDirectory ).
>
> > Yair
>
> > From: "victor nunes" < victor.rebli at gmail.com >
>
> > To: "Yair Zaslavsky" < yzaslavs at redhat.com >
>
> > Cc: users at ovirt.org
>
> > Sent: Tuesday, December 18, 2012 3:36:15 AM
>
> > Subject: Re: [Users] tool engine-manage-domains
>
> > So returning.
>
> > I got a machine, I installed Fedora 17 on it.
>
> > With that I managed to install FreeIPA.
>
> > FreeIPA configured, and managed to add the domain with the tool
>
> > "oVirt-manage-domains".
>
> > Created in FreeIPA users, set their passwords.
>
> > I gave permission for them.
>
> > However, I can only login with the admin user in the new domain.
>
> > With users that I created, is giving the following message:
>
> > Can not Login. User Password has expired, Please change your
> > password.
>
> > So, I need to give any more permission for users to login?
>
> > Att,
>
> > 2012/12/6 Yair Zaslavsky < yzaslavs at redhat.com >
>
> > From: "victor nunes" < victor.rebli at gmail.com >
>
> > To: "Yair Zaslavsky" < yzaslavs at redhat.com >
>
> > Cc: users at ovirt.org , "Itamar Heim" < iheim at redhat.com >
>
> > Sent: Thursday, December 6, 2012 2:14:49 AM
>
> > Subject: Re: [Users] tool engine-manage-domains
>
> > Hello,
>
> > I'm going to do all these tests, but a question.
>
> > I need to configure Kerberos on the server LDAP?
>
> > Att,
>
> > Yes.
>
> > 2012/12/4 Yair Zaslavsky < yzaslavs at redhat.com >
>
> > Hi,
>
> > Several things -
>
> > a. I think logging at this point should be improved
>
> > b. Since the log is not informative enough, please try the
> > following:
>
> > 1. Check that your credentials are correct
>
> > 2. Check you have no clock skew issue (the time difference between
> > the machine running manage-domains and your ldap server should be
> > less or equal to 5 minutes).
>
> > 3. Connection refused so there is some connectivity issue -
>
> > please query your ldap SRV records for the domain (IMHO dig SRV
> > _ldap._tcp. viperde.com.br should do the trick)
>
> > please try to connect to these ldap servers manually -
>
> > For example, if the returned host from the dig SRV query is
>
> > aaa.viperde.com.br
>
> > perform:
>
> > telnet aaa.viperde.com.br 389
>
> > Turns out that I did not have telnet installed on my fc17 machine -
>
> > I used yum install telnet to install it.
>
> > Kind regards,
>
> > Yair
>
> > From: "victor nunes" < victor.rebli at gmail.com >
>
> > To: "Itamar Heim" < iheim at redhat.com >
>
> > Cc: "Yair Zaslavsky" < yzaslavs at redhat.com >, users at ovirt.org
>
> > Sent: Tuesday, December 4, 2012 3:28:56 AM
>
> > Subject: Re: [Users] tool engine-manage-domains
>
> > Thanks for the reply.
>
> > I do not have another machine to the power configuar FreeIPA.
>
> > I have a machine, I do not have access, which is an LDAP server
> > installed on it.
>
> > I configured a machine that is oVirt-manage as ldap client, I
> > configured the dns, but in time to include the domain happens the
> > following error:
>
> > Error: exception message: Connection refused
>
> > Failure while testing domain viprede.com.br . Details: Kerberos
> > error. Please check log for further Top details.
>
> > in the logs, I have the following lines:
>
> > 03/12/2012 20:25:26,390 INFO
> > [org.ovirt.engine.core.utils.kerberos.ManageDomains] Creating
> > kerberos configuration for domain (s): viprede.com.br
>
> > 03/12/2012 20:25:26,422 INFO
> > [org.ovirt.engine.core.utils.kerberos.ManageDomains] Successfully
> > created kerberos configuration for domain (s): viprede.com.br
>
> > 03/12/2012 20:25:26,422 INFO
> > [org.ovirt.engine.core.utils.kerberos.ManageDomains] Testing
> > kerberos configuration for domain: viprede.com.br .
>
> > So what could be this error?
>
> > 2012/11/29 Itamar Heim < iheim at redhat.com >
>
> > On 11/29/2012 05:58 AM, victor nunes wrote:
>
> > 2012/11/29 Yair Zaslavsky < yzaslavs at redhat.com <mailto:
> > yzaslavs at redhat.com >>
>
> > Hi,
>
> > Can you redirect your question to users at ovirt.org
>
> > <mailto: users at ovirt.org >?
>
> > I think others will help you to forward your question to relevant
>
> > people here (not sure I can provide a good answer).
>
> > On 11/29/2012 03:26 AM, victor nunes wrote:
>
> > So I'm trying to install FreeIPA on the same machine that
>
> > oVirt-manage,
>
> > but at the time of installation, the following error occurs:
>
> > FreeIPA-server conflicts with 1: mod_ssl-2.2.22-4.fc17.x86_64
>
> > Looking for a solution to the problem, I discovered that this is
>
> > a bug
>
> > reported by others.
>
> > Follow the link to the bug reported:
>
> > https://bugzilla.redhat.com/__show_bug.cgi?id=840098
>
> > < https://bugzilla.redhat.com/show_bug.cgi?id=840098 >
>
> > Then, using oo FreeIPA not be possible, which otherwise I have
>
> > to add
>
> > new domains and users?
>
> > Em 8 de novembro de 2012 02:41, Yair Zaslavsky
>
> > < yzaslavs at redhat.com <mailto: yzaslavs at redhat.com >
>
> > <mailto: yzaslavs at redhat.com <mailto: yzaslavs at redhat.com >>>
> > escreveu:
>
> > Hi,
>
> > You cannot create new users for the internal domain.
>
> > The internal domain was developed for quick POC, just to
>
> > allow login
>
> > to the system without the need for ldap provider.
>
> > I recommend you install some ldap server (i.e - free IPA)
>
> > and try to
>
> > work with it.
>
> > On 11/08/2012 01:08 AM, victor nunes wrote:
>
> > Sorry.
>
> > Att,
>
> > 2012/11/7 victor nunes < victor.rebli at gmail.com
>
> > <mailto: victor.rebli at gmail.com >
>
> > <mailto: victor.rebli at gmail.com
>
> > <mailto: victor.rebli at gmail.com >__>
>
> > <mailto: victor.rebli at gmail.com
>
> > <mailto: victor.rebli at gmail.com > <mailto: victor.rebli at gmail.com
>
> > <mailto: victor.rebli at gmail.com >__>__>>
>
> > Thanks for the reply.
>
> > As the command "engine-manage-domains" works with
>
> > ldap, how
>
> > can I
>
> > create another user in the field "internal", and user
>
> > "admin" that
>
> > is created when you installed the engine-setup?
>
> > 2012/11/4 Yair Zaslavsky < yzaslavs at redhat.com
>
> > <mailto: yzaslavs at redhat.com >
>
> > <mailto: yzaslavs at redhat.com <mailto: yzaslavs at redhat.com >>
>
> > <mailto: yzaslavs at redhat.com
>
> > <mailto: yzaslavs at redhat.com > <mailto: yzaslavs at redhat.com
>
> > <mailto: yzaslavs at redhat.com >>>>
>
> > Hi,
>
> > The specified tool handle only ldap domains,
>
> > and not the
>
> > internal domain.
>
> > What would you like to change at the internal
>
> > domain?
>
> > I suggest you try to use engine-config for this.
>
> > ------------------------------____----------------------------__--__------------
>
> > *From: *"victor nunes"
>
> > < victor.rebli at gmail.com <mailto: victor.rebli at gmail.com >
>
> > <mailto: victor.rebli at gmail.com
>
> > <mailto: victor.rebli at gmail.com >__>
>
> > <mailto: victor.rebli at gmail.com
>
> > <mailto: victor.rebli at gmail.com >
>
> > <mailto: victor.rebli at gmail.com
>
> > <mailto: victor.rebli at gmail.com >__>__>>
>
> > *To: * users at ovirt.org
>
> > <mailto: users at ovirt.org > <mailto: users at ovirt.org
>
> > <mailto: users at ovirt.org >>
>
> > <mailto: users at ovirt.org <mailto: users at ovirt.org >
>
> > <mailto: users at ovirt.org <mailto: users at ovirt.org >>>
>
> > *Sent: *Sunday, November 4, 2012 12:18:55 AM
>
> > *Subject: *[Users] tool engine-manage-domains
>
> > I'm trying to change the default domain, the
>
> > "internal" with
>
> > the following command:
>
> > engine-manage-domains -action=edit
>
> > -domain=internal
>
> > However, i am getting the following message:
>
> > "Domain internal doesn't exist int the
>
> > configuration"
>
> > This is my domain admin user that is
>
> > configured in the
>
> > installation ovirt-setup.
>
> > So, how can i fix it to include a user in
>
> > this domain?
>
> > Att,
>
> > --
>
> > “Encarada do ponto de vista da juventude,
>
> > a vida
>
> > parece um
>
> > futuro
>
> > indefinidamente longo, ao passo que, na
>
> > velhice,
>
> > ela parece
>
> > um passado
>
> > deveras curto. Assim, a vida no seu início se
>
> > apresenta do
>
> > mesmo modo
>
> > que as coisas quando as olhamos através de um
>
> > binóculo usado
>
> > ao contrário; mas, ao
>
> > seu final, ela se parece com as coisas
>
> > tal qual
>
> > são vistas
>
> > quando o binóculo
>
> > é usado de modo normal. Um homem precisa ter
>
> > envelhecido e
>
> > vivido
>
> > bastante para perceber como a vida é curta”.
>
> > (Poema de Arthur Schopenhauer)
>
> > ___________________________________________________
>
> > Users mailing list
>
> > Users at ovirt.org <mailto: Users at ovirt.org > <mailto: Users at ovirt.org
>
> > <mailto: Users at ovirt.org >> <mailto: Users at ovirt.org
>
> > <mailto: Users at ovirt.org >
>
> > <mailto: Users at ovirt.org <mailto: Users at ovirt.org >>>
>
> > http://lists.ovirt.org/____mailman/listinfo/users
>
> > < http://lists.ovirt.org/__mailman/listinfo/users >
>
> > < http://lists.ovirt.org/__mailman/listinfo/users
>
> > < http://lists.ovirt.org/mailman/listinfo/users >>
>
> > --
>
> > “Encarada do ponto de vista da juventude, a vida
>
> > parece um
>
> > futuro
>
> > indefinidamente longo, ao passo que, na velhice,
>
> > ela parece
>
> > um passado
>
> > deveras curto. Assim, a vida no seu início se
>
> > apresenta do
>
> > mesmo modo
>
> > que as coisas quando as olhamos através de um
>
> > binóculo usado ao
>
> > contrário; mas, ao
>
> > seu final, ela se parece com as coisas tal qual
>
> > são vistas
>
> > quando o
>
> > binóculo
>
> > é usado de modo normal. Um homem precisa ter
>
> > envelhecido e
>
> > vivido
>
> > bastante para perceber como a vida é curta”.
>
> > (Poema de Arthur Schopenhauer)
>
> > --
>
> > “Encarada do ponto de vista da juventude, a vida parece
>
> > um futuro
>
> > indefinidamente longo, ao passo que, na velhice, ela
>
> > parece um
>
> > passado
>
> > deveras curto. Assim, a vida no seu início se apresenta
>
> > do mesmo
>
> > modo
>
> > que as coisas quando as olhamos através de um binóculo
>
> > usado ao
>
> > contrário; mas, ao
>
> > seu final, ela se parece com as coisas tal qual são
>
> > vistas quando o
>
> > binóculo
>
> > é usado de modo normal. Um homem precisa ter
>
> > envelhecido e vivido
>
> > bastante para perceber como a vida é curta”.
>
> > (Poema de Arthur Schopenhauer)
>
> > --
>
> > “Encarada do ponto de vista da juventude, a vida parece um futuro
>
> > indefinidamente longo, ao passo que, na velhice, ela parece um
>
> > passado
>
> > deveras curto. Assim, a vida no seu início se apresenta do mesmo
>
> > modo
>
> > que as coisas quando as olhamos através de um binóculo usado ao
>
> > contrário; mas, ao
>
> > seu final, ela se parece com as coisas tal qual são vistas quando o
>
> > binóculo
>
> > é usado de modo normal. Um homem precisa ter envelhecido e vivido
>
> > bastante para perceber como a vida é curta”.
>
> > (Poema de Arthur Schopenhauer)
>
> > --
>
> > “Encarada do ponto de vista da juventude, a vida parece um futuro
>
> > indefinidamente longo, ao passo que, na velhice, ela parece um
> > passado
>
> > deveras curto. Assim, a vida no seu início se apresenta do mesmo
> > modo
>
> > que as coisas quando as olhamos através de um binóculo usado ao
>
> > contrário; mas, ao
>
> > seu final, ela se parece com as coisas tal qual são vistas quando o
>
> > binóculo
>
> > é usado de modo normal. Um homem precisa ter envelhecido e vivido
>
> > bastante para perceber como a vida é curta”.
>
> > (Poema de Arthur Schopenhauer)
>
> > _______________________________________________
>
> > Users mailing list
>
> > Users at ovirt.org
>
> > http://lists.ovirt.org/mailman/listinfo/users
>
> > there are three issues with installing freeipa on same machine as
> > ovirt:
>
> > 1. the mod_ssl, which is solvable, but requires some work on our
> > side.
>
> > 2. we faced some upgrade issues around this use case, though non
> > are
> > relevant right now iirc.
>
> > 3. freeipa will override the default apache homepage redirection
> > ovirt placed.
>
> > have you considered running freeipa in a guest? you can still use
> > admin at internal for issues with that guest if needed.
>
> > --
>
> > “Encarada do ponto de vista da juventude, a vida parece um futuro
>
> > indefinidamente longo, ao passo que, na velhice, ela parece um
> > passado
>
> > deveras curto. Assim, a vida no seu início se apresenta do mesmo
> > modo
>
> > que as coisas quando as olhamos através de um binóculo usado ao
> > contrário; mas, ao
>
> > seu final, ela se parece com as coisas tal qual são vistas quando o
> > binóculo
>
> > é usado de modo normal. Um homem precisa ter envelhecido e vivido
>
> > bastante para perceber como a vida é curta”.
>
> > (Poema de Arthur Schopenhauer)
>
> > --
>
> > “Encarada do ponto de vista da juventude, a vida parece um futuro
>
> > indefinidamente longo, ao passo que, na velhice, ela parece um
> > passado
>
> > deveras curto. Assim, a vida no seu início se apresenta do mesmo
> > modo
>
> > que as coisas quando as olhamos através de um binóculo usado ao
> > contrário; mas, ao
>
> > seu final, ela se parece com as coisas tal qual são vistas quando o
> > binóculo
>
> > é usado de modo normal. Um homem precisa ter envelhecido e vivido
>
> > bastante para perceber como a vida é curta”.
>
> > (Poema de Arthur Schopenhauer)
>
> > --
>
> > “Encarada do ponto de vista da juventude, a vida parece um futuro
>
> > indefinidamente longo, ao passo que, na velhice, ela parece um
> > passado
>
> > deveras curto. Assim, a vida no seu início se apresenta do mesmo
> > modo
>
> > que as coisas quando as olhamos através de um binóculo usado ao
> > contrário; mas, ao
>
> > seu final, ela se parece com as coisas tal qual são vistas quando o
> > binóculo
>
> > é usado de modo normal. Um homem precisa ter envelhecido e vivido
>
> > bastante para perceber como a vida é curta”.
>
> > (Poema de Arthur Schopenhauer)
>
> --
> “Encarada do ponto de vista da juventude, a vida parece um futuro
> indefinidamente longo, ao passo que, na velhice, ela parece um
> passado
> deveras curto. Assim, a vida no seu início se apresenta do mesmo modo
> que as coisas quando as olhamos através de um binóculo usado ao
> contrário; mas, ao
> seu final, ela se parece com as coisas tal qual são vistas quando o
> binóculo
> é usado de modo normal. Um homem precisa ter envelhecido e vivido
> bastante para perceber como a vida é curta”.
> (Poema de Arthur Schopenhauer)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ovirt.org/pipermail/users/attachments/20121218/e3806a7c/attachment-0001.html>
More information about the Users
mailing list