[Users] engine-manage-domains can't add user , domain
T-Sinjon
tscbj1989 at gmail.com
Tue May 15 02:53:16 UTC 2012
after use kinit login tsinjon , the error changes to , why this happened?
[root at ovirt-engine ~]# engine-manage-domains -action=add -domain='local' -user='tsinjon' -interactive
Enter password:
No user in Directory was found for tsinjon at LOCAL. Trying next LDAP server in list
Failure while testing domain local. Details: No user information was found for user
On 15 May, 2012, at 10:47 AM, T-Sinjon wrote:
>
> I have added those SRV info into my zone file , and it did go , the log looks fine , but engine-manage-domains still return error
>
> 2012-05-15 10:45:19,222 INFO [org.ovirt.engine.core.utils.kerberos.ManageDomains] Creating kerberos configuration for domain(s): local
> 2012-05-15 10:45:19,258 INFO [org.ovirt.engine.core.utils.kerberos.ManageDomains] Successfully created kerberos configuration for domain(s): local
> 2012-05-15 10:45:19,259 INFO [org.ovirt.engine.core.utils.kerberos.ManageDomains] Testing kerberos configuration for domain: local
>
> [root at ovirt-engine ~]# engine-manage-domains -action=add -domain='local' -user='tsinjon' -interactive
> Enter password:
>
> Error: exception message: Integrity check on decrypted field failed (31) - PREAUTH_FAILED
> Failure while testing domain local. Details: Kerberos error. Please check log for further details.
>
>
> On 14 May, 2012, at 10:12 PM, Oved Ourfalli wrote:
>
>>
>>
>> ----- Original Message -----
>>> From: "T-Sinjon" <tscbj1989 at gmail.com>
>>> To: users at ovirt.org
>>> Sent: Monday, May 14, 2012 5:07:46 PM
>>> Subject: [Users] engine-manage-domains can't add user , domain
>>>
>>>
>>> I use FreeIPA to authenticate users, ipa user-add has no problem,
>>> but when i do :
>>>
>>> [root at ovirt-engine ~]# engine-manage-domains -action=add
>>> -domain='local' -user='tsinjon' -interactive
>>>
>>> Error: Authentication Failed. Please verify the fully qualified
>>> domain name that is used for authentication is correct.. Problematic
>>> domain is: local
>>> Failure while applying Kerberos configuration. Details:
>>> Authentication Failed. Please verify the fully qualified domain name
>>> that is used for authentication is correct.
>>>
>>> and log from engine-manage-domains.log :
>>>
>>> 2012-05-14 21:58:47,892 INFO
>>> [org.ovirt.engine.core.utils.kerberos.ManageDomains] Creating
>>> kerberos configuration for domain(s): local
>>> 2012-05-14 21:58:47,923 ERROR
>>> [org.ovirt.engine.core.dns.DnsSRVLocator] Error in getting SRV list
>>> for protocol _tcp and domain LOCAL Exception message is DNS name not
>>> found [response code 3]
>>>
>>> my domain is 'local' , like ovirt-engine.local 、ovirt-node-1.local
>>> …etc
>>>
>>> What can i do to get through it?
>>>
>> The utility (and also the ovirt engine) are relying on DNS SRV records in order to find LDAP and kerberos servers (supporting Active directory, IPA or RHDS).
>> So, in order to work with it you must have the following in the DNS
>> 1. PTR record for your LDAP server
>> 2. LDAP SRV record for your LDAP server
>> 3. LDAP kerberos record for your LDAP server
>>
>> If you don't really have access to the DNS you can install a package called "dnsmasq", and perform this changes by yourself in its config file.
>>
>> Oved
>>>
>>> _______________________________________________
>>> Users mailing list
>>> Users at ovirt.org
>>> http://lists.ovirt.org/mailman/listinfo/users
>>>
>
More information about the Users
mailing list