[Users] Ovirt 3.1 and Samba4 AD

Yair Zaslavsky yzaslavs at redhat.com
Tue Nov 13 15:15:24 UTC 2012 

Hi ALejandro,
Officially we're not supporting Sambra4rc5, but I talked with Alon 
Bar-Lev (CC'ed) and he explained me Sambra4rc5 is 2003 AD compliant.


On 11/13/2012 03:53 PM, Alejandro wrote:
> I'm triing to use Samba4rc5 like autenticator for Ovirt 3.1.0-3.26
>
> First problem is Ovirt is user usernameprincipal  (login at domain in place
> of login) to autenticate with Samba4, But samba4 don't use it.
>
> I use
> engine-manage-domains -action=add -domain=DOMAINFQDN -user=LOGIN
> -provider=ActiveDirectory -interactive -addPermissions
> And the result is:
>
> No user in Directory was found for LOGIN at DOMAINFQDN. Trying next LDAP
> server in list
> Failure while testing domain DOMAINFQDN. Details: No user information
> was found for user
>
>
> And the Samba4 give me:
> filter=(&(sAMAccountType=805306368)(userPrincipalName=LOGIN at DOMAINFQDN))
>
> But no userPrincipalName is configured in any user.
>
>
> Actual Solution: I add a userPrincipalName LOGIN at DOMAINFQDN in the LOGIN
> account (using a ldap tool) and add the ovirt machine to the domain.

Not sure I fully understood your solution - does this mean you added 
this, was this added to the user objects on your ldap server?
There is a reason why we query for userPrincipalName so it has to 
include this information.

>
> After restart the ovirt engine I go to the UserPortal.
>
> I find now other problem, the user isn't search by the Common Name (cn),
> a example of search
> filter=(&(sAMAccountType=805306368)(|(givenname=TESTLOGIN)(sn=TESTLOGIN)(samaccountname=TESTLOGIN)(userPrincipalName=TESTLOGIN)))
>
> must be
> filter=(&(sAMAccountType=805306368)(|(givenname=TESTLOGIN)(cn=TESTLOGIN)(sn=TESTLOGIN)(samaccountname=TESTLOGIN)(userPrincipalName=TESTLOGIN)))

I am not sure why you had to add the cn part, can you elaborate?

>
>
> Thanks for all
>
> --
> Alejandro Escanero Blanco
> Consultor de sistemas basados en fuentes abiertas
> Desarrollador de FusionDirectory (http://www.fusiondirectory.org)
> Blog: http://www.disasterproject.com
> Jabber: blainett at jabberes.com <mailto:blainett at jabberes.com>
>
>
>
> _______________________________________________
> Users mailing list
> Users at ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
>

More information about the Users mailing list