[Users] engine-manage-domains can't add user , domain
T-Sinjon
tscbj1989 at gmail.com
Tue May 15 02:47:30 UTC 2012
I have added those SRV info into my zone file , and it did go , the log looks fine , but engine-manage-domains still return error
2012-05-15 10:45:19,222 INFO [org.ovirt.engine.core.utils.kerberos.ManageDomains] Creating kerberos configuration for domain(s): local
2012-05-15 10:45:19,258 INFO [org.ovirt.engine.core.utils.kerberos.ManageDomains] Successfully created kerberos configuration for domain(s): local
2012-05-15 10:45:19,259 INFO [org.ovirt.engine.core.utils.kerberos.ManageDomains] Testing kerberos configuration for domain: local
[root at ovirt-engine ~]# engine-manage-domains -action=add -domain='local' -user='tsinjon' -interactive
Enter password:
Error: exception message: Integrity check on decrypted field failed (31) - PREAUTH_FAILED
Failure while testing domain local. Details: Kerberos error. Please check log for further details.
On 14 May, 2012, at 10:12 PM, Oved Ourfalli wrote:
>
>
> ----- Original Message -----
>> From: "T-Sinjon" <tscbj1989 at gmail.com>
>> To: users at ovirt.org
>> Sent: Monday, May 14, 2012 5:07:46 PM
>> Subject: [Users] engine-manage-domains can't add user , domain
>>
>>
>> I use FreeIPA to authenticate users, ipa user-add has no problem,
>> but when i do :
>>
>> [root at ovirt-engine ~]# engine-manage-domains -action=add
>> -domain='local' -user='tsinjon' -interactive
>>
>> Error: Authentication Failed. Please verify the fully qualified
>> domain name that is used for authentication is correct.. Problematic
>> domain is: local
>> Failure while applying Kerberos configuration. Details:
>> Authentication Failed. Please verify the fully qualified domain name
>> that is used for authentication is correct.
>>
>> and log from engine-manage-domains.log :
>>
>> 2012-05-14 21:58:47,892 INFO
>> [org.ovirt.engine.core.utils.kerberos.ManageDomains] Creating
>> kerberos configuration for domain(s): local
>> 2012-05-14 21:58:47,923 ERROR
>> [org.ovirt.engine.core.dns.DnsSRVLocator] Error in getting SRV list
>> for protocol _tcp and domain LOCAL Exception message is DNS name not
>> found [response code 3]
>>
>> my domain is 'local' , like ovirt-engine.local 、ovirt-node-1.local
>> …etc
>>
>> What can i do to get through it?
>>
> The utility (and also the ovirt engine) are relying on DNS SRV records in order to find LDAP and kerberos servers (supporting Active directory, IPA or RHDS).
> So, in order to work with it you must have the following in the DNS
> 1. PTR record for your LDAP server
> 2. LDAP SRV record for your LDAP server
> 3. LDAP kerberos record for your LDAP server
>
> If you don't really have access to the DNS you can install a package called "dnsmasq", and perform this changes by yourself in its config file.
>
> Oved
>>
>> _______________________________________________
>> Users mailing list
>> Users at ovirt.org
>> http://lists.ovirt.org/mailman/listinfo/users
>>
More information about the Users
mailing list