[Users] engine-manage-domains can't add user , domain

T-Sinjon tscbj1989 at gmail.com
Tue May 15 02:53:16 UTC 2012


after use kinit login tsinjon ,  the error changes to , why this happened?

[root at ovirt-engine ~]# engine-manage-domains -action=add -domain='local' -user='tsinjon' -interactive
Enter password:

No user in Directory was found for tsinjon at LOCAL. Trying next LDAP server in list
Failure while testing domain local. Details: No user information was found for user

On 15 May, 2012, at 10:47 AM, T-Sinjon wrote:

> 
> I have added those SRV info into my zone file , and it did go ,  the log looks fine , but engine-manage-domains still return error 
> 
> 2012-05-15 10:45:19,222 INFO  [org.ovirt.engine.core.utils.kerberos.ManageDomains] Creating kerberos configuration for domain(s): local
> 2012-05-15 10:45:19,258 INFO  [org.ovirt.engine.core.utils.kerberos.ManageDomains] Successfully created kerberos configuration for domain(s): local
> 2012-05-15 10:45:19,259 INFO  [org.ovirt.engine.core.utils.kerberos.ManageDomains] Testing kerberos configuration for domain: local
> 
> [root at ovirt-engine ~]# engine-manage-domains -action=add -domain='local' -user='tsinjon' -interactive
> Enter password:
> 
> Error:  exception message: Integrity check on decrypted field failed (31) - PREAUTH_FAILED
> Failure while testing domain local. Details: Kerberos error. Please check log for further details.
> 
> 
> On 14 May, 2012, at 10:12 PM, Oved Ourfalli wrote:
> 
>> 
>> 
>> ----- Original Message -----
>>> From: "T-Sinjon" <tscbj1989 at gmail.com>
>>> To: users at ovirt.org
>>> Sent: Monday, May 14, 2012 5:07:46 PM
>>> Subject: [Users] engine-manage-domains can't add user , domain
>>> 
>>> 
>>> I use FreeIPA to authenticate users,  ipa user-add has no problem,
>>> but when i do :
>>> 
>>> [root at ovirt-engine ~]# engine-manage-domains -action=add
>>> -domain='local' -user='tsinjon' -interactive
>>> 
>>> Error: Authentication Failed. Please verify the fully qualified
>>> domain name that is used for authentication is correct.. Problematic
>>> domain is: local
>>> Failure while applying Kerberos configuration. Details:
>>> Authentication Failed. Please verify the fully qualified domain name
>>> that is used for authentication is correct.
>>> 
>>> and log from engine-manage-domains.log :
>>> 
>>> 2012-05-14 21:58:47,892 INFO
>>> [org.ovirt.engine.core.utils.kerberos.ManageDomains] Creating
>>> kerberos configuration for domain(s): local
>>> 2012-05-14 21:58:47,923 ERROR
>>> [org.ovirt.engine.core.dns.DnsSRVLocator] Error in getting SRV list
>>> for protocol _tcp and domain LOCAL Exception message is DNS name not
>>> found [response code 3]
>>> 
>>> my domain is 'local'   , like ovirt-engine.local 、ovirt-node-1.local
>>> …etc
>>> 
>>> What can i do to get through it?
>>> 
>> The utility (and also the ovirt engine) are relying on DNS SRV records in order to find LDAP and kerberos servers (supporting Active directory, IPA or RHDS).
>> So, in order to work with it you must have the following in the DNS
>> 1. PTR record for your LDAP server
>> 2. LDAP SRV record for your LDAP server
>> 3. LDAP kerberos record for your LDAP server
>> 
>> If you don't really have access to the DNS you can install a package called "dnsmasq", and perform this changes by yourself in its config file.
>> 
>> Oved
>>> 
>>> _______________________________________________
>>> Users mailing list
>>> Users at ovirt.org
>>> http://lists.ovirt.org/mailman/listinfo/users
>>> 
> 




More information about the Users mailing list