[Users] engine-manage-domains can't add user , domain

T-Sinjon tscbj1989 at gmail.com
Tue May 22 02:33:06 UTC 2012


HI, Roy

I have update my engine to newest use ' rpm -Uvh ' - 

I used rpms from http://jenkins.ovirt.org/view/ovirt_engine/job/ovirt_engine_create_rpms/  .

[root at ovirt-engine ~]# rpm -qa | grep ovirt-engine
ovirt-engine-dbscripts-3.1.0_0001-1.8.fc16.x86_64
ovirt-engine-config-3.1.0_0001-1.8.fc16.x86_64
ovirt-engine-log-collector-3.1.0_0001-1.8.fc16.x86_64
ovirt-engine-3.1.0_0001-1.8.fc16.x86_64
ovirt-engine-image-uploader-3.1.0_0001-1.8.fc16.x86_64
ovirt-engine-restapi-3.1.0_0001-1.8.fc16.x86_64
ovirt-engine-sdk-1.3-1.fc16.noarch
ovirt-engine-tools-common-3.1.0_0001-1.8.fc16.x86_64
ovirt-engine-backend-3.1.0_0001-1.8.fc16.x86_64
ovirt-engine-jbossas-1.2-2.fc16.x86_64
ovirt-engine-iso-uploader-3.1.0_0001-1.8.fc16.x86_64
ovirt-engine-setup-3.1.0_0001-1.8.fc16.x86_64
ovirt-engine-userportal-3.1.0_0001-1.8.fc16.x86_64
ovirt-engine-jboss-deps-3.1.0_0001-1.8.fc16.x86_64
ovirt-engine-webadmin-portal-3.1.0_0001-1.8.fc16.x86_64
ovirt-engine-genericapi-3.1.0_0001-1.8.fc16.x86_64
ovirt-engine-notification-service-3.1.0_0001-1.8.fc16.x86_64

and now I add domain again , it still have error and there's no log can find from engine-manage-domains.log, what should i do now ?

[root at ovirt-engine ~]# engine-manage-domains -action=add -domain=local -user=admin -provider=IPA -interactive
Failed reading current configuration. Details: Error "Error fetching LDAPProviderTypes value: no such entry with version 'general'." while reading configuration value LDAPProviderTypes.

On 15 May, 2012, at 5:10 PM, Roy Golan wrote:

> On 05/15/2012 08:48 AM, Yair Zaslavsky wrote:
>> On 05/15/2012 08:35 AM, Oved Ourfalli wrote:
>>> 
>>> ----- Original Message -----
>>>> From: "T-Sinjon"<tscbj1989 at gmail.com>
>>>> To: "Oved Ourfalli"<ovedo at redhat.com>
>>>> Cc: users at ovirt.org
>>>> Sent: Tuesday, May 15, 2012 5:53:16 AM
>>>> Subject: Re: [Users] engine-manage-domains can't add user , domain
>>>> 
>>>> after use kinit login tsinjon ,  the error changes to , why this
>>>> happened?
>>>> 
>>>> [root at ovirt-engine ~]# engine-manage-domains -action=add
>>>> -domain='local' -user='tsinjon' -interactive
>>>> Enter password:
>>>> 
>>>> No user in Directory was found for tsinjon at LOCAL. Trying next LDAP
>>>> server in list
>>>> Failure while testing domain local. Details: No user information was
>>>> found for user
>>>> 
>>> Can't see why kinit matters here, but looking at your command I noticed you used single quotes for the user and domain name.
>>> I'm not sure it knows to handle this correctly.
>>> Did you try without the quotes?
>>> 
>>> Also, what version are you working with?
>>> We had a problem a few weeks ago, of identifying the correct ldap provider. To fix that we added an option to specify the ldap provider type. It determines which query will be used in order to get the user details.
>>> 
>>> cc-ing Roy, which added this. iirc it is mandatory to provide this option, so you probably don't have this option in your environment.
>>> Roy - is there an upstream release with this fix?
>> Oved - this was merged upstream.
>> T-Sinjon - have you cloned the git repo and compiled or are you using RPMs?
> T-Sinjon - once your updated you'll be able to specify the which type is your LDAP server and overcome this problem.
> 
> e.g.
> engine-manage-domains -action=add -domain='local' -provider=ipa -user='tsinjon' -interactive
> 
> 
>> 
>> 
>>> Regards,
>>> Oved
>>>> On 15 May, 2012, at 10:47 AM, T-Sinjon wrote:
>>>> 
>>>>> I have added those SRV info into my zone file , and it did go ,
>>>>>  the log looks fine , but engine-manage-domains still return error
>>>>> 
>>>>> 2012-05-15 10:45:19,222 INFO
>>>>>  [org.ovirt.engine.core.utils.kerberos.ManageDomains] Creating
>>>>> kerberos configuration for domain(s): local
>>>>> 2012-05-15 10:45:19,258 INFO
>>>>>  [org.ovirt.engine.core.utils.kerberos.ManageDomains] Successfully
>>>>> created kerberos configuration for domain(s): local
>>>>> 2012-05-15 10:45:19,259 INFO
>>>>>  [org.ovirt.engine.core.utils.kerberos.ManageDomains] Testing
>>>>> kerberos configuration for domain: local
>>>>> 
>>>>> [root at ovirt-engine ~]# engine-manage-domains -action=add
>>>>> -domain='local' -user='tsinjon' -interactive
>>>>> Enter password:
>>>>> 
>>>>> Error:  exception message: Integrity check on decrypted field
>>>>> failed (31) - PREAUTH_FAILED
>>>>> Failure while testing domain local. Details: Kerberos error. Please
>>>>> check log for further details.
>>>>> 
>>>>> 
>>>>> On 14 May, 2012, at 10:12 PM, Oved Ourfalli wrote:
>>>>> 
>>>>>> 
>>>>>> ----- Original Message -----
>>>>>>> From: "T-Sinjon"<tscbj1989 at gmail.com>
>>>>>>> To: users at ovirt.org
>>>>>>> Sent: Monday, May 14, 2012 5:07:46 PM
>>>>>>> Subject: [Users] engine-manage-domains can't add user , domain
>>>>>>> 
>>>>>>> 
>>>>>>> I use FreeIPA to authenticate users,  ipa user-add has no
>>>>>>> problem,
>>>>>>> but when i do :
>>>>>>> 
>>>>>>> [root at ovirt-engine ~]# engine-manage-domains -action=add
>>>>>>> -domain='local' -user='tsinjon' -interactive
>>>>>>> 
>>>>>>> Error: Authentication Failed. Please verify the fully qualified
>>>>>>> domain name that is used for authentication is correct..
>>>>>>> Problematic
>>>>>>> domain is: local
>>>>>>> Failure while applying Kerberos configuration. Details:
>>>>>>> Authentication Failed. Please verify the fully qualified domain
>>>>>>> name
>>>>>>> that is used for authentication is correct.
>>>>>>> 
>>>>>>> and log from engine-manage-domains.log :
>>>>>>> 
>>>>>>> 2012-05-14 21:58:47,892 INFO
>>>>>>> [org.ovirt.engine.core.utils.kerberos.ManageDomains] Creating
>>>>>>> kerberos configuration for domain(s): local
>>>>>>> 2012-05-14 21:58:47,923 ERROR
>>>>>>> [org.ovirt.engine.core.dns.DnsSRVLocator] Error in getting SRV
>>>>>>> list
>>>>>>> for protocol _tcp and domain LOCAL Exception message is DNS name
>>>>>>> not
>>>>>>> found [response code 3]
>>>>>>> 
>>>>>>> my domain is 'local'   , like ovirt-engine.local
>>>>>>> 、ovirt-node-1.local
>>>>>>> …etc
>>>>>>> 
>>>>>>> What can i do to get through it?
>>>>>>> 
>>>>>> The utility (and also the ovirt engine) are relying on DNS SRV
>>>>>> records in order to find LDAP and kerberos servers (supporting
>>>>>> Active directory, IPA or RHDS).
>>>>>> So, in order to work with it you must have the following in the
>>>>>> DNS
>>>>>> 1. PTR record for your LDAP server
>>>>>> 2. LDAP SRV record for your LDAP server
>>>>>> 3. LDAP kerberos record for your LDAP server
>>>>>> 
>>>>>> If you don't really have access to the DNS you can install a
>>>>>> package called "dnsmasq", and perform this changes by yourself in
>>>>>> its config file.
>>>>>> 
>>>>>> Oved
>>>>>>> _______________________________________________
>>>>>>> Users mailing list
>>>>>>> Users at ovirt.org
>>>>>>> http://lists.ovirt.org/mailman/listinfo/users
>>>>>>> 
>>>> 
>>> _______________________________________________
>>> Users mailing list
>>> Users at ovirt.org
>>> http://lists.ovirt.org/mailman/listinfo/users
> 




More information about the Users mailing list