[Users] engine-manage-domains can't add user , domain
T-Sinjon
tscbj1989 at gmail.com
Tue May 15 06:24:20 UTC 2012
help info like this
[root at ovirt-engine ~]# engine-manage-domains
engine-manage-domains: add/edit/delete/validate/list domains
USAGE:
engine-manage-domains -action=ACTION [-domain=DOMAIN -user=USER -passwordFile=PASSWORD_FILE -interactive -configFile=PATH] -report
Where:
ACTION action to perform (add/edit/delete/validate/list). See details below.
DOMAIN (mandatory for add, edit and delete) the domain you wish to perform the action on.
USER (optional for edit, mandatory for add) the domain user.
PASSWORD_FILE (optional for edit, mandatory for add) a file containing the password in the first line.
interactive alternative for using -passwordFile - read the password interactively.
PATH (optional) use the given alternate configuration file.
Available actions:
add
Examples:
-action=add -domain=example.com -user=admin -passwordFile=/tmp/.pwd
Add a domain called example.com, using user admin and read the password from /tmp/.pwd.
-action=edit -domain=example.com -passwordFile=/tmp/.new_password
Edit the domain example.com, using another password file.
-action=delete -domain=example.com
Delete the domain example.com.
-action=validate
Validate the current configuration (go over all the domains, try to authenticate to each domain using the configured user/password.).
-report In combination with -action=validate will report all validation error, if occured.
Default behaviour is to exit when a validation error occurs.
-action=list
Lists the current configuration.
-h
Show this help.
On 15 May, 2012, at 2:22 PM, Yair Zaslavsky wrote:
> On 05/15/2012 09:17 AM, T-Sinjon wrote:
>> Oved:
>> 1,Yes , I used RPMs
>>
>> ovirt-engine-restapi-3.0.0_0001-1.6.fc16.x86_64
>> ovirt-engine-dbscripts-3.0.0_0001-1.6.fc16.x86_64
>> ovirt-engine-notification-service-3.0.0_0001-1.6.fc16.x86_64
>> ovirt-engine-backend-3.0.0_0001-1.6.fc16.x86_64
>> ovirt-engine-jboss-deps-3.0.0_0001-1.6.fc16.x86_64
>> ovirt-engine-config-3.0.0_0001-1.6.fc16.x86_64
>> ovirt-engine-webadmin-portal-3.0.0_0001-1.6.fc16.x86_64
>> ovirt-engine-sdk-1.3-1.fc16.noarch
>> ovirt-engine-jbossas-1.2-2.fc16.x86_64
>> ovirt-engine-iso-uploader-3.0.0_0001-1.6.fc16.x86_64
>> ovirt-engine-setup-3.0.0_0001-1.6.fc16.x86_64
>> ovirt-engine-userportal-3.0.0_0001-1.6.fc16.x86_64
>> ovirt-node-2.2.2-2.fc16.noarch
>> ovirt-engine-genericapi-3.0.0_0001-1.6.fc16.x86_64
>> ovirt-engine-tools-common-3.0.0_0001-1.6.fc16.x86_64
>> ovirt-node-tools-2.2.2-2.fc16.noarch
>> ovirt-engine-log-collector-3.0.0_0001-1.6.fc16.x86_64
>> ovirt-engine-3.0.0_0001-1.6.fc16.x86_64
>>
>> 2,they are same whether use single quota or not
>>
>> [root at ovirt-engine ~]# engine-manage-domains -action=add -domain=local -user=tsinjon -passwordFile=/root/tsinjon
>> No user in Directory was found for tsinjon at LOCAL. Trying next LDAP server in list
>> Failure while testing domain local. Details: No user information was found for user
>
> When you run engine-manage-domains without parameters, what do you get?
>
>>
>> On 15 May, 2012, at 1:47 PM, Oved Ourfalli wrote:
>>
>>>
>>>
>>> ----- Original Message -----
>>>> From: "Yair Zaslavsky" <yzaslavs at redhat.com>
>>>> To: "Oved Ourfalli" <ovedo at redhat.com>
>>>> Cc: "T-Sinjon" <tscbj1989 at gmail.com>, users at ovirt.org
>>>> Sent: Tuesday, May 15, 2012 8:48:26 AM
>>>> Subject: Re: [Users] engine-manage-domains can't add user , domain
>>>>
>>>> On 05/15/2012 08:35 AM, Oved Ourfalli wrote:
>>>>>
>>>>>
>>>>> ----- Original Message -----
>>>>>> From: "T-Sinjon" <tscbj1989 at gmail.com>
>>>>>> To: "Oved Ourfalli" <ovedo at redhat.com>
>>>>>> Cc: users at ovirt.org
>>>>>> Sent: Tuesday, May 15, 2012 5:53:16 AM
>>>>>> Subject: Re: [Users] engine-manage-domains can't add user , domain
>>>>>>
>>>>>> after use kinit login tsinjon , the error changes to , why this
>>>>>> happened?
>>>>>>
>>>>>> [root at ovirt-engine ~]# engine-manage-domains -action=add
>>>>>> -domain='local' -user='tsinjon' -interactive
>>>>>> Enter password:
>>>>>>
>>>>>> No user in Directory was found for tsinjon at LOCAL. Trying next LDAP
>>>>>> server in list
>>>>>> Failure while testing domain local. Details: No user information
>>>>>> was
>>>>>> found for user
>>>>>>
>>>>> Can't see why kinit matters here, but looking at your command I
>>>>> noticed you used single quotes for the user and domain name.
>>>>> I'm not sure it knows to handle this correctly.
>>>>> Did you try without the quotes?
>>>>>
>>>>> Also, what version are you working with?
>>>>> We had a problem a few weeks ago, of identifying the correct ldap
>>>>> provider. To fix that we added an option to specify the ldap
>>>>> provider type. It determines which query will be used in order to
>>>>> get the user details.
>>>>>
>>>>> cc-ing Roy, which added this. iirc it is mandatory to provide this
>>>>> option, so you probably don't have this option in your
>>>>> environment.
>>>>> Roy - is there an upstream release with this fix?
>>>>
>>>> Oved - this was merged upstream.
>>>> T-Sinjon - have you cloned the git repo and compiled or are you using
>>>> RPMs?
>>>>
>>> Yair - he is probably using the RPMs, as it is harder to run the utility from the git repo.
>>>>
>>>>>
>>>>> Regards,
>>>>> Oved
>>>>>> On 15 May, 2012, at 10:47 AM, T-Sinjon wrote:
>>>>>>
>>>>>>>
>>>>>>> I have added those SRV info into my zone file , and it did go ,
>>>>>>> the log looks fine , but engine-manage-domains still return
>>>>>>> error
>>>>>>>
>>>>>>> 2012-05-15 10:45:19,222 INFO
>>>>>>> [org.ovirt.engine.core.utils.kerberos.ManageDomains] Creating
>>>>>>> kerberos configuration for domain(s): local
>>>>>>> 2012-05-15 10:45:19,258 INFO
>>>>>>> [org.ovirt.engine.core.utils.kerberos.ManageDomains]
>>>>>>> Successfully
>>>>>>> created kerberos configuration for domain(s): local
>>>>>>> 2012-05-15 10:45:19,259 INFO
>>>>>>> [org.ovirt.engine.core.utils.kerberos.ManageDomains] Testing
>>>>>>> kerberos configuration for domain: local
>>>>>>>
>>>>>>> [root at ovirt-engine ~]# engine-manage-domains -action=add
>>>>>>> -domain='local' -user='tsinjon' -interactive
>>>>>>> Enter password:
>>>>>>>
>>>>>>> Error: exception message: Integrity check on decrypted field
>>>>>>> failed (31) - PREAUTH_FAILED
>>>>>>> Failure while testing domain local. Details: Kerberos error.
>>>>>>> Please
>>>>>>> check log for further details.
>>>>>>>
>>>>>>>
>>>>>>> On 14 May, 2012, at 10:12 PM, Oved Ourfalli wrote:
>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> ----- Original Message -----
>>>>>>>>> From: "T-Sinjon" <tscbj1989 at gmail.com>
>>>>>>>>> To: users at ovirt.org
>>>>>>>>> Sent: Monday, May 14, 2012 5:07:46 PM
>>>>>>>>> Subject: [Users] engine-manage-domains can't add user , domain
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> I use FreeIPA to authenticate users, ipa user-add has no
>>>>>>>>> problem,
>>>>>>>>> but when i do :
>>>>>>>>>
>>>>>>>>> [root at ovirt-engine ~]# engine-manage-domains -action=add
>>>>>>>>> -domain='local' -user='tsinjon' -interactive
>>>>>>>>>
>>>>>>>>> Error: Authentication Failed. Please verify the fully qualified
>>>>>>>>> domain name that is used for authentication is correct..
>>>>>>>>> Problematic
>>>>>>>>> domain is: local
>>>>>>>>> Failure while applying Kerberos configuration. Details:
>>>>>>>>> Authentication Failed. Please verify the fully qualified domain
>>>>>>>>> name
>>>>>>>>> that is used for authentication is correct.
>>>>>>>>>
>>>>>>>>> and log from engine-manage-domains.log :
>>>>>>>>>
>>>>>>>>> 2012-05-14 21:58:47,892 INFO
>>>>>>>>> [org.ovirt.engine.core.utils.kerberos.ManageDomains] Creating
>>>>>>>>> kerberos configuration for domain(s): local
>>>>>>>>> 2012-05-14 21:58:47,923 ERROR
>>>>>>>>> [org.ovirt.engine.core.dns.DnsSRVLocator] Error in getting SRV
>>>>>>>>> list
>>>>>>>>> for protocol _tcp and domain LOCAL Exception message is DNS
>>>>>>>>> name
>>>>>>>>> not
>>>>>>>>> found [response code 3]
>>>>>>>>>
>>>>>>>>> my domain is 'local' , like ovirt-engine.local
>>>>>>>>> 、ovirt-node-1.local
>>>>>>>>> …etc
>>>>>>>>>
>>>>>>>>> What can i do to get through it?
>>>>>>>>>
>>>>>>>> The utility (and also the ovirt engine) are relying on DNS SRV
>>>>>>>> records in order to find LDAP and kerberos servers (supporting
>>>>>>>> Active directory, IPA or RHDS).
>>>>>>>> So, in order to work with it you must have the following in the
>>>>>>>> DNS
>>>>>>>> 1. PTR record for your LDAP server
>>>>>>>> 2. LDAP SRV record for your LDAP server
>>>>>>>> 3. LDAP kerberos record for your LDAP server
>>>>>>>>
>>>>>>>> If you don't really have access to the DNS you can install a
>>>>>>>> package called "dnsmasq", and perform this changes by yourself
>>>>>>>> in
>>>>>>>> its config file.
>>>>>>>>
>>>>>>>> Oved
>>>>>>>>>
>>>>>>>>> _______________________________________________
>>>>>>>>> Users mailing list
>>>>>>>>> Users at ovirt.org
>>>>>>>>> http://lists.ovirt.org/mailman/listinfo/users
>>>>>>>>>
>>>>>>>
>>>>>>
>>>>>>
>>>>> _______________________________________________
>>>>> Users mailing list
>>>>> Users at ovirt.org
>>>>> http://lists.ovirt.org/mailman/listinfo/users
>>>>
>>>> _______________________________________________
>>>> Users mailing list
>>>> Users at ovirt.org
>>>> http://lists.ovirt.org/mailman/listinfo/users
>>>>
>>
>
More information about the Users
mailing list