[Users] engine-manage-domains can't add user , domain

Roy Golan rgolan at redhat.com
Tue May 22 07:04:28 UTC 2012


On 05/22/2012 08:34 AM, Oved Ourfalli wrote:
>
> ----- Original Message -----
>> From: "T-Sinjon"<tscbj1989 at gmail.com>
>> To: "Roy Golan"<rgolan at redhat.com>
>> Cc: "Oved Ourfalli"<ovedo at redhat.com>, users at ovirt.org
>> Sent: Tuesday, May 22, 2012 5:33:06 AM
>> Subject: Re: [Users] engine-manage-domains can't add user , domain
>>
>> HI, Roy
>>
>> I have update my engine to newest use ' rpm -Uvh ' -
>>
>> I used rpms from
>> http://jenkins.ovirt.org/view/ovirt_engine/job/ovirt_engine_create_rpms/
>>   .
>>
>> [root at ovirt-engine ~]# rpm -qa | grep ovirt-engine
>> ovirt-engine-dbscripts-3.1.0_0001-1.8.fc16.x86_64
>> ovirt-engine-config-3.1.0_0001-1.8.fc16.x86_64
>> ovirt-engine-log-collector-3.1.0_0001-1.8.fc16.x86_64
>> ovirt-engine-3.1.0_0001-1.8.fc16.x86_64
>> ovirt-engine-image-uploader-3.1.0_0001-1.8.fc16.x86_64
>> ovirt-engine-restapi-3.1.0_0001-1.8.fc16.x86_64
>> ovirt-engine-sdk-1.3-1.fc16.noarch
>> ovirt-engine-tools-common-3.1.0_0001-1.8.fc16.x86_64
>> ovirt-engine-backend-3.1.0_0001-1.8.fc16.x86_64
>> ovirt-engine-jbossas-1.2-2.fc16.x86_64
>> ovirt-engine-iso-uploader-3.1.0_0001-1.8.fc16.x86_64
>> ovirt-engine-setup-3.1.0_0001-1.8.fc16.x86_64
>> ovirt-engine-userportal-3.1.0_0001-1.8.fc16.x86_64
>> ovirt-engine-jboss-deps-3.1.0_0001-1.8.fc16.x86_64
>> ovirt-engine-webadmin-portal-3.1.0_0001-1.8.fc16.x86_64
>> ovirt-engine-genericapi-3.1.0_0001-1.8.fc16.x86_64
>> ovirt-engine-notification-service-3.1.0_0001-1.8.fc16.x86_64
>>
>> and now I add domain again , it still have error and there's no log
>> can find from engine-manage-domains.log, what should i do now ?
>>
>> [root at ovirt-engine ~]# engine-manage-domains -action=add
>> -domain=local -user=admin -provider=IPA -interactive
>> Failed reading current configuration. Details: Error "Error fetching
>> LDAPProviderTypes value: no such entry with version 'general'."
>> while reading configuration value LDAPProviderTypes.
>>
> Looks like your database isn't updated.
> I'm not sure whether a database upgrade is run automatically when you update the RPMs, but according to the error you get it is probably isn't.
if rpm -Uvh didn't fire the upgrade script its a bug.
pls attach /var/log/ovirt-engine/ovirt-engine-upgrade.log to see if 
something went wrong
> In the RPM ovirt-engine-dbscripts-3.1.0_0001-1.8.fc16.x86_64 you should have an upgrade script.
> (use rpm -qil on ovirt-engine-dbscripts-3.1.0_0001-1.8.fc16.x86_64 to find out where it is, as I'm not sure exactly where it's installed).
>
> Run it using the command" ./upgrade.sh -u postgres
> It will upgrade your database.
>
> Oved
>> On 15 May, 2012, at 5:10 PM, Roy Golan wrote:
>>
>>> On 05/15/2012 08:48 AM, Yair Zaslavsky wrote:
>>>> On 05/15/2012 08:35 AM, Oved Ourfalli wrote:
>>>>> ----- Original Message -----
>>>>>> From: "T-Sinjon"<tscbj1989 at gmail.com>
>>>>>> To: "Oved Ourfalli"<ovedo at redhat.com>
>>>>>> Cc: users at ovirt.org
>>>>>> Sent: Tuesday, May 15, 2012 5:53:16 AM
>>>>>> Subject: Re: [Users] engine-manage-domains can't add user ,
>>>>>> domain
>>>>>>
>>>>>> after use kinit login tsinjon ,  the error changes to , why this
>>>>>> happened?
>>>>>>
>>>>>> [root at ovirt-engine ~]# engine-manage-domains -action=add
>>>>>> -domain='local' -user='tsinjon' -interactive
>>>>>> Enter password:
>>>>>>
>>>>>> No user in Directory was found for tsinjon at LOCAL. Trying next
>>>>>> LDAP
>>>>>> server in list
>>>>>> Failure while testing domain local. Details: No user information
>>>>>> was
>>>>>> found for user
>>>>>>
>>>>> Can't see why kinit matters here, but looking at your command I
>>>>> noticed you used single quotes for the user and domain name.
>>>>> I'm not sure it knows to handle this correctly.
>>>>> Did you try without the quotes?
>>>>>
>>>>> Also, what version are you working with?
>>>>> We had a problem a few weeks ago, of identifying the correct ldap
>>>>> provider. To fix that we added an option to specify the ldap
>>>>> provider type. It determines which query will be used in order
>>>>> to get the user details.
>>>>>
>>>>> cc-ing Roy, which added this. iirc it is mandatory to provide
>>>>> this option, so you probably don't have this option in your
>>>>> environment.
>>>>> Roy - is there an upstream release with this fix?
>>>> Oved - this was merged upstream.
>>>> T-Sinjon - have you cloned the git repo and compiled or are you
>>>> using RPMs?
>>> T-Sinjon - once your updated you'll be able to specify the which
>>> type is your LDAP server and overcome this problem.
>>>
>>> e.g.
>>> engine-manage-domains -action=add -domain='local' -provider=ipa
>>> -user='tsinjon' -interactive
>>>
>>>
>>>>
>>>>> Regards,
>>>>> Oved
>>>>>> On 15 May, 2012, at 10:47 AM, T-Sinjon wrote:
>>>>>>
>>>>>>> I have added those SRV info into my zone file , and it did go ,
>>>>>>>   the log looks fine , but engine-manage-domains still return
>>>>>>>   error
>>>>>>>
>>>>>>> 2012-05-15 10:45:19,222 INFO
>>>>>>>   [org.ovirt.engine.core.utils.kerberos.ManageDomains] Creating
>>>>>>> kerberos configuration for domain(s): local
>>>>>>> 2012-05-15 10:45:19,258 INFO
>>>>>>>   [org.ovirt.engine.core.utils.kerberos.ManageDomains]
>>>>>>>   Successfully
>>>>>>> created kerberos configuration for domain(s): local
>>>>>>> 2012-05-15 10:45:19,259 INFO
>>>>>>>   [org.ovirt.engine.core.utils.kerberos.ManageDomains] Testing
>>>>>>> kerberos configuration for domain: local
>>>>>>>
>>>>>>> [root at ovirt-engine ~]# engine-manage-domains -action=add
>>>>>>> -domain='local' -user='tsinjon' -interactive
>>>>>>> Enter password:
>>>>>>>
>>>>>>> Error:  exception message: Integrity check on decrypted field
>>>>>>> failed (31) - PREAUTH_FAILED
>>>>>>> Failure while testing domain local. Details: Kerberos error.
>>>>>>> Please
>>>>>>> check log for further details.
>>>>>>>
>>>>>>>
>>>>>>> On 14 May, 2012, at 10:12 PM, Oved Ourfalli wrote:
>>>>>>>
>>>>>>>> ----- Original Message -----
>>>>>>>>> From: "T-Sinjon"<tscbj1989 at gmail.com>
>>>>>>>>> To: users at ovirt.org
>>>>>>>>> Sent: Monday, May 14, 2012 5:07:46 PM
>>>>>>>>> Subject: [Users] engine-manage-domains can't add user ,
>>>>>>>>> domain
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> I use FreeIPA to authenticate users,  ipa user-add has no
>>>>>>>>> problem,
>>>>>>>>> but when i do :
>>>>>>>>>
>>>>>>>>> [root at ovirt-engine ~]# engine-manage-domains -action=add
>>>>>>>>> -domain='local' -user='tsinjon' -interactive
>>>>>>>>>
>>>>>>>>> Error: Authentication Failed. Please verify the fully
>>>>>>>>> qualified
>>>>>>>>> domain name that is used for authentication is correct..
>>>>>>>>> Problematic
>>>>>>>>> domain is: local
>>>>>>>>> Failure while applying Kerberos configuration. Details:
>>>>>>>>> Authentication Failed. Please verify the fully qualified
>>>>>>>>> domain
>>>>>>>>> name
>>>>>>>>> that is used for authentication is correct.
>>>>>>>>>
>>>>>>>>> and log from engine-manage-domains.log :
>>>>>>>>>
>>>>>>>>> 2012-05-14 21:58:47,892 INFO
>>>>>>>>> [org.ovirt.engine.core.utils.kerberos.ManageDomains] Creating
>>>>>>>>> kerberos configuration for domain(s): local
>>>>>>>>> 2012-05-14 21:58:47,923 ERROR
>>>>>>>>> [org.ovirt.engine.core.dns.DnsSRVLocator] Error in getting
>>>>>>>>> SRV
>>>>>>>>> list
>>>>>>>>> for protocol _tcp and domain LOCAL Exception message is DNS
>>>>>>>>> name
>>>>>>>>> not
>>>>>>>>> found [response code 3]
>>>>>>>>>
>>>>>>>>> my domain is 'local'   , like ovirt-engine.local
>>>>>>>>> 、ovirt-node-1.local
>>>>>>>>> …etc
>>>>>>>>>
>>>>>>>>> What can i do to get through it?
>>>>>>>>>
>>>>>>>> The utility (and also the ovirt engine) are relying on DNS SRV
>>>>>>>> records in order to find LDAP and kerberos servers (supporting
>>>>>>>> Active directory, IPA or RHDS).
>>>>>>>> So, in order to work with it you must have the following in
>>>>>>>> the
>>>>>>>> DNS
>>>>>>>> 1. PTR record for your LDAP server
>>>>>>>> 2. LDAP SRV record for your LDAP server
>>>>>>>> 3. LDAP kerberos record for your LDAP server
>>>>>>>>
>>>>>>>> If you don't really have access to the DNS you can install a
>>>>>>>> package called "dnsmasq", and perform this changes by yourself
>>>>>>>> in
>>>>>>>> its config file.
>>>>>>>>
>>>>>>>> Oved
>>>>>>>>> _______________________________________________
>>>>>>>>> Users mailing list
>>>>>>>>> Users at ovirt.org
>>>>>>>>> http://lists.ovirt.org/mailman/listinfo/users
>>>>>>>>>
>>>>> _______________________________________________
>>>>> Users mailing list
>>>>> Users at ovirt.org
>>>>> http://lists.ovirt.org/mailman/listinfo/users
>> _______________________________________________
>> Users mailing list
>> Users at ovirt.org
>> http://lists.ovirt.org/mailman/listinfo/users
>>




More information about the Users mailing list