[Users] I don't know how to add AD users

Cristian Falcas cristi.falcas at gmail.com
Mon Nov 19 22:39:29 UTC 2012 

On Mon, Nov 19, 2012 at 10:53 PM, Itamar Heim <iheim at redhat.com> wrote:

> On 11/19/2012 11:29 AM, Vinzenz Feenstra wrote:
>
>> On 11/19/2012 10:01 AM, Cristian Falcas wrote:
>>
>>> Hi,
>>>
>>> I'm trying to add some users to ovirt using an AD.
>>>
>>> This is the configuration I used for a mediawiki site, which is
>>> working correctly:
>>> $wgAuth = new LdapAuthenticationPlugin();
>>> $wgLDAPUseLocal = true;
>>> $wgLDAPDomainNames = array( "a_domain");
>>> $wgLDAPServerNames = array( "a_domain"=>"site.example.com
>>> <http://site.example.com>");
>>>
>>> $wgLDAPEncryptionType = array( "a_domain"=>"clear");
>>> $wgLDAPSearchStrings = array( "a_domain"=>"rom_domain\\USER-**NAME");
>>> $wgLDAPBaseDNs = array( "a_domain"=>"dc=company,dc=**com");
>>>
>>> Those are the commands I tried using:
>>> engine-manage-domains -action=add -domain=site.example.com
>>> <http://site.example.com> -provider=ActiveDirectory -user=user.name
>>> <http://user.name> -interactive
>>>
>>>
>>> engine-manage-domains -action=add -domain=a_domain
>>> -provider=ActiveDirectory -user=user.name at company.com
>>> <mailto:user.name at company.com> -interactive
>>>
>>>
>>> engine-manage-domains -action=add -domain=a_domain
>>> -provider=ActiveDirectory -user=user.name at site.example.**com<user.name at site.example.com>
>>> <mailto:user.name at site.**example.com <user.name at site.example.com>>
>>> -interactive
>>>
>>>
>>>  You don't add an user this way. You add the domain. You have to pass the
>> domain admin user and the domain admin password.
>>
>
> any domain user will do, doesn't have to be an admin.
> what does the log say?
>
>
>  Then you can use the domain within the engine. e.g. search users, add
>> access rights for vms etc.
>> Even login to the engine and assigning rights within the engine you can
>> handle from the engine itself.
>>
>> Regards,
>>
>>> And the output on all tries:
>>> Enter password:
>>>
>>> Error: Authentication Failed. Please verify the fully qualified domain
>>> name that is used for authentication is correct.. Problematic domain
>>> is: domain_used_in_command
>>> Failure while applying Kerberos configuration. Details: Authentication
>>> Failed. Please verify the fully qualified domain name that is used for
>>> authentication is correct.
>>>
>>> Can someone help me with the correct parameters?
>>>
>>>
>>> Best regards,
>>> Cristian Falcas
>>>
>>>
>>> ______________________________**_________________
>>> Users mailing list
>>> Users at ovirt.org
>>> http://lists.ovirt.org/**mailman/listinfo/users<http://lists.ovirt.org/mailman/listinfo/users>
>>>
>>
>>
>> --
>> Regards,
>>
>> Vinzenz Feenstra | Senior Software Engineer
>> RedHat Engineering Virtualization R & D
>> Phone: +420 532 294 625
>> IRC: vfeenstr or evilissimo
>>
>> Better technology. Faster innovation. Powered by community collaboration.
>> See how it works at redhat.com
>>
>>
>>
>> ______________________________**_________________
>> Users mailing list
>> Users at ovirt.org
>> http://lists.ovirt.org/**mailman/listinfo/users<http://lists.ovirt.org/mailman/listinfo/users>
>>
>>
>
> ______________________________**_________________
> Users mailing list
> Users at ovirt.org
> http://lists.ovirt.org/**mailman/listinfo/users<http://lists.ovirt.org/mailman/listinfo/users>
>



Hi,

This is the command I used (the same error is with -interactive parameter):

engine-manage-domains -action=add
-domain=example.com-provider=ActiveDirectory
-user=user.name at a_domain-passwordFile=/tmp/pass

[root at localhost ~]# cat /tmp/pass
qwerty[root at localhost ~]#

This is the log:

2012-11-20 00:30:40,443 INFO
[org.ovirt.engine.core.utils.kerberos.ManageDomains] Creating kerberos
configuration for domain(s): example.com
2012-11-20 00:30:40,525 INFO
[org.ovirt.engine.core.utils.kerberos.ManageDomains] Successfully created
kerberos configuration for domain(s): example.com
2012-11-20 00:30:40,526 INFO
[org.ovirt.engine.core.utils.kerberos.ManageDomains] Testing kerberos
configuration for domain: example.com
2012-11-20 00:30:40,830 ERROR
[org.ovirt.engine.core.utils.kerberos.KerberosConfigCheck] Error:
exception message: Cannot locate KDC
2012-11-20 00:30:40,851 ERROR
[org.ovirt.engine.core.utils.kerberos.ManageDomains] Failure while testing
domain example.com. Details: Kerberos error. Please check log for further
details.

This is the ldapsearch command that works (it retrieves users) from the
same machine:

ldapsearch -H ldap://example.com -b dc=example,dc=com -D
user.name at a_domain-w qwerty


Best regards,
Cristian Falcas
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ovirt.org/pipermail/users/attachments/20121120/33bf4c6e/attachment-0001.html>

More information about the Users mailing list