[Users] engine-manage-domains can't add user , domain

Yair Zaslavsky yzaslavs at redhat.com
Tue May 15 06:22:27 UTC 2012 

On 05/15/2012 09:17 AM, T-Sinjon wrote:
> Oved:
> 1,Yes , I used RPMs 
> 
> ovirt-engine-restapi-3.0.0_0001-1.6.fc16.x86_64
> ovirt-engine-dbscripts-3.0.0_0001-1.6.fc16.x86_64
> ovirt-engine-notification-service-3.0.0_0001-1.6.fc16.x86_64
> ovirt-engine-backend-3.0.0_0001-1.6.fc16.x86_64
> ovirt-engine-jboss-deps-3.0.0_0001-1.6.fc16.x86_64
> ovirt-engine-config-3.0.0_0001-1.6.fc16.x86_64
> ovirt-engine-webadmin-portal-3.0.0_0001-1.6.fc16.x86_64
> ovirt-engine-sdk-1.3-1.fc16.noarch
> ovirt-engine-jbossas-1.2-2.fc16.x86_64
> ovirt-engine-iso-uploader-3.0.0_0001-1.6.fc16.x86_64
> ovirt-engine-setup-3.0.0_0001-1.6.fc16.x86_64
> ovirt-engine-userportal-3.0.0_0001-1.6.fc16.x86_64
> ovirt-node-2.2.2-2.fc16.noarch
> ovirt-engine-genericapi-3.0.0_0001-1.6.fc16.x86_64
> ovirt-engine-tools-common-3.0.0_0001-1.6.fc16.x86_64
> ovirt-node-tools-2.2.2-2.fc16.noarch
> ovirt-engine-log-collector-3.0.0_0001-1.6.fc16.x86_64
> ovirt-engine-3.0.0_0001-1.6.fc16.x86_64
> 
> 2,they are same whether use single quota or not 
> 
> [root at ovirt-engine ~]# engine-manage-domains -action=add -domain=local -user=tsinjon -passwordFile=/root/tsinjon 
> No user in Directory was found for tsinjon at LOCAL. Trying next LDAP server in list
> Failure while testing domain local. Details: No user information was found for user

When you run engine-manage-domains without parameters, what do you get?

> 
> On 15 May, 2012, at 1:47 PM, Oved Ourfalli wrote:
> 
>>
>>
>> ----- Original Message -----
>>> From: "Yair Zaslavsky" <yzaslavs at redhat.com>
>>> To: "Oved Ourfalli" <ovedo at redhat.com>
>>> Cc: "T-Sinjon" <tscbj1989 at gmail.com>, users at ovirt.org
>>> Sent: Tuesday, May 15, 2012 8:48:26 AM
>>> Subject: Re: [Users] engine-manage-domains can't add user , domain
>>>
>>> On 05/15/2012 08:35 AM, Oved Ourfalli wrote:
>>>>
>>>>
>>>> ----- Original Message -----
>>>>> From: "T-Sinjon" <tscbj1989 at gmail.com>
>>>>> To: "Oved Ourfalli" <ovedo at redhat.com>
>>>>> Cc: users at ovirt.org
>>>>> Sent: Tuesday, May 15, 2012 5:53:16 AM
>>>>> Subject: Re: [Users] engine-manage-domains can't add user , domain
>>>>>
>>>>> after use kinit login tsinjon ,  the error changes to , why this
>>>>> happened?
>>>>>
>>>>> [root at ovirt-engine ~]# engine-manage-domains -action=add
>>>>> -domain='local' -user='tsinjon' -interactive
>>>>> Enter password:
>>>>>
>>>>> No user in Directory was found for tsinjon at LOCAL. Trying next LDAP
>>>>> server in list
>>>>> Failure while testing domain local. Details: No user information
>>>>> was
>>>>> found for user
>>>>>
>>>> Can't see why kinit matters here, but looking at your command I
>>>> noticed you used single quotes for the user and domain name.
>>>> I'm not sure it knows to handle this correctly.
>>>> Did you try without the quotes?
>>>>
>>>> Also, what version are you working with?
>>>> We had a problem a few weeks ago, of identifying the correct ldap
>>>> provider. To fix that we added an option to specify the ldap
>>>> provider type. It determines which query will be used in order to
>>>> get the user details.
>>>>
>>>> cc-ing Roy, which added this. iirc it is mandatory to provide this
>>>> option, so you probably don't have this option in your
>>>> environment.
>>>> Roy - is there an upstream release with this fix?
>>>
>>> Oved - this was merged upstream.
>>> T-Sinjon - have you cloned the git repo and compiled or are you using
>>> RPMs?
>>>
>> Yair - he is probably using the RPMs, as it is harder to run the utility from the git repo.
>>>
>>>>
>>>> Regards,
>>>> Oved
>>>>> On 15 May, 2012, at 10:47 AM, T-Sinjon wrote:
>>>>>
>>>>>>
>>>>>> I have added those SRV info into my zone file , and it did go ,
>>>>>> the log looks fine , but engine-manage-domains still return
>>>>>> error
>>>>>>
>>>>>> 2012-05-15 10:45:19,222 INFO
>>>>>> [org.ovirt.engine.core.utils.kerberos.ManageDomains] Creating
>>>>>> kerberos configuration for domain(s): local
>>>>>> 2012-05-15 10:45:19,258 INFO
>>>>>> [org.ovirt.engine.core.utils.kerberos.ManageDomains]
>>>>>> Successfully
>>>>>> created kerberos configuration for domain(s): local
>>>>>> 2012-05-15 10:45:19,259 INFO
>>>>>> [org.ovirt.engine.core.utils.kerberos.ManageDomains] Testing
>>>>>> kerberos configuration for domain: local
>>>>>>
>>>>>> [root at ovirt-engine ~]# engine-manage-domains -action=add
>>>>>> -domain='local' -user='tsinjon' -interactive
>>>>>> Enter password:
>>>>>>
>>>>>> Error:  exception message: Integrity check on decrypted field
>>>>>> failed (31) - PREAUTH_FAILED
>>>>>> Failure while testing domain local. Details: Kerberos error.
>>>>>> Please
>>>>>> check log for further details.
>>>>>>
>>>>>>
>>>>>> On 14 May, 2012, at 10:12 PM, Oved Ourfalli wrote:
>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> ----- Original Message -----
>>>>>>>> From: "T-Sinjon" <tscbj1989 at gmail.com>
>>>>>>>> To: users at ovirt.org
>>>>>>>> Sent: Monday, May 14, 2012 5:07:46 PM
>>>>>>>> Subject: [Users] engine-manage-domains can't add user , domain
>>>>>>>>
>>>>>>>>
>>>>>>>> I use FreeIPA to authenticate users,  ipa user-add has no
>>>>>>>> problem,
>>>>>>>> but when i do :
>>>>>>>>
>>>>>>>> [root at ovirt-engine ~]# engine-manage-domains -action=add
>>>>>>>> -domain='local' -user='tsinjon' -interactive
>>>>>>>>
>>>>>>>> Error: Authentication Failed. Please verify the fully qualified
>>>>>>>> domain name that is used for authentication is correct..
>>>>>>>> Problematic
>>>>>>>> domain is: local
>>>>>>>> Failure while applying Kerberos configuration. Details:
>>>>>>>> Authentication Failed. Please verify the fully qualified domain
>>>>>>>> name
>>>>>>>> that is used for authentication is correct.
>>>>>>>>
>>>>>>>> and log from engine-manage-domains.log :
>>>>>>>>
>>>>>>>> 2012-05-14 21:58:47,892 INFO
>>>>>>>> [org.ovirt.engine.core.utils.kerberos.ManageDomains] Creating
>>>>>>>> kerberos configuration for domain(s): local
>>>>>>>> 2012-05-14 21:58:47,923 ERROR
>>>>>>>> [org.ovirt.engine.core.dns.DnsSRVLocator] Error in getting SRV
>>>>>>>> list
>>>>>>>> for protocol _tcp and domain LOCAL Exception message is DNS
>>>>>>>> name
>>>>>>>> not
>>>>>>>> found [response code 3]
>>>>>>>>
>>>>>>>> my domain is 'local'   , like ovirt-engine.local
>>>>>>>> 、ovirt-node-1.local
>>>>>>>> …etc
>>>>>>>>
>>>>>>>> What can i do to get through it?
>>>>>>>>
>>>>>>> The utility (and also the ovirt engine) are relying on DNS SRV
>>>>>>> records in order to find LDAP and kerberos servers (supporting
>>>>>>> Active directory, IPA or RHDS).
>>>>>>> So, in order to work with it you must have the following in the
>>>>>>> DNS
>>>>>>> 1. PTR record for your LDAP server
>>>>>>> 2. LDAP SRV record for your LDAP server
>>>>>>> 3. LDAP kerberos record for your LDAP server
>>>>>>>
>>>>>>> If you don't really have access to the DNS you can install a
>>>>>>> package called "dnsmasq", and perform this changes by yourself
>>>>>>> in
>>>>>>> its config file.
>>>>>>>
>>>>>>> Oved
>>>>>>>>
>>>>>>>> _______________________________________________
>>>>>>>> Users mailing list
>>>>>>>> Users at ovirt.org
>>>>>>>> http://lists.ovirt.org/mailman/listinfo/users
>>>>>>>>
>>>>>>
>>>>>
>>>>>
>>>> _______________________________________________
>>>> Users mailing list
>>>> Users at ovirt.org
>>>> http://lists.ovirt.org/mailman/listinfo/users
>>>
>>> _______________________________________________
>>> Users mailing list
>>> Users at ovirt.org
>>> http://lists.ovirt.org/mailman/listinfo/users
>>>
>

More information about the Users mailing list