[Users] engine-manage-domains can't add user , domain

T-Sinjon tscbj1989 at gmail.com
Tue May 15 02:47:30 UTC 2012


I have added those SRV info into my zone file , and it did go ,  the log looks fine , but engine-manage-domains still return error 

2012-05-15 10:45:19,222 INFO  [org.ovirt.engine.core.utils.kerberos.ManageDomains] Creating kerberos configuration for domain(s): local
2012-05-15 10:45:19,258 INFO  [org.ovirt.engine.core.utils.kerberos.ManageDomains] Successfully created kerberos configuration for domain(s): local
2012-05-15 10:45:19,259 INFO  [org.ovirt.engine.core.utils.kerberos.ManageDomains] Testing kerberos configuration for domain: local

[root at ovirt-engine ~]# engine-manage-domains -action=add -domain='local' -user='tsinjon' -interactive
Enter password:

Error:  exception message: Integrity check on decrypted field failed (31) - PREAUTH_FAILED
Failure while testing domain local. Details: Kerberos error. Please check log for further details.


On 14 May, 2012, at 10:12 PM, Oved Ourfalli wrote:

> 
> 
> ----- Original Message -----
>> From: "T-Sinjon" <tscbj1989 at gmail.com>
>> To: users at ovirt.org
>> Sent: Monday, May 14, 2012 5:07:46 PM
>> Subject: [Users] engine-manage-domains can't add user , domain
>> 
>> 
>> I use FreeIPA to authenticate users,  ipa user-add has no problem,
>> but when i do :
>> 
>> [root at ovirt-engine ~]# engine-manage-domains -action=add
>> -domain='local' -user='tsinjon' -interactive
>> 
>> Error: Authentication Failed. Please verify the fully qualified
>> domain name that is used for authentication is correct.. Problematic
>> domain is: local
>> Failure while applying Kerberos configuration. Details:
>> Authentication Failed. Please verify the fully qualified domain name
>> that is used for authentication is correct.
>> 
>> and log from engine-manage-domains.log :
>> 
>> 2012-05-14 21:58:47,892 INFO
>> [org.ovirt.engine.core.utils.kerberos.ManageDomains] Creating
>> kerberos configuration for domain(s): local
>> 2012-05-14 21:58:47,923 ERROR
>> [org.ovirt.engine.core.dns.DnsSRVLocator] Error in getting SRV list
>> for protocol _tcp and domain LOCAL Exception message is DNS name not
>> found [response code 3]
>> 
>> my domain is 'local'   , like ovirt-engine.local 、ovirt-node-1.local
>> …etc
>> 
>> What can i do to get through it?
>> 
> The utility (and also the ovirt engine) are relying on DNS SRV records in order to find LDAP and kerberos servers (supporting Active directory, IPA or RHDS).
> So, in order to work with it you must have the following in the DNS
> 1. PTR record for your LDAP server
> 2. LDAP SRV record for your LDAP server
> 3. LDAP kerberos record for your LDAP server
> 
> If you don't really have access to the DNS you can install a package called "dnsmasq", and perform this changes by yourself in its config file.
> 
> Oved
>> 
>> _______________________________________________
>> Users mailing list
>> Users at ovirt.org
>> http://lists.ovirt.org/mailman/listinfo/users
>> 




More information about the Users mailing list