[Users] I don't know how to add AD users
Cristian Falcas
cristi.falcas at gmail.com
Wed Nov 21 04:40:34 UTC 2012
On Wed, Nov 21, 2012 at 5:05 AM, Yair Zaslavsky <yzaslavs at redhat.com> wrote:
>
>
> ------------------------------
>
> *From: *"Cristian Falcas" <cristi.falcas at gmail.com>
> *To: *"Itamar Heim" <iheim at redhat.com>
> *Cc: *"Yair Zaslavsky" <yzaslavs at redhat.com>, users at ovirt.org
> *Sent: *Tuesday, November 20, 2012 7:33:39 PM
>
> *Subject: *Re: [Users] I don't know how to add AD users
>
>
>
>
> On Tue, Nov 20, 2012 at 3:08 PM, Itamar Heim <iheim at redhat.com> wrote:
>
>> On 11/20/2012 03:00 PM, Cristian Falcas wrote:
>>
>>> Hi,
>>>
>>> So there is no way to use the domain I have at work, right?
>>>
>>> I will need to make a freeipa installation in order to add new users.
>>>
>>
>> there is no reason this shouldn't work with active directory 2003
>> (assuming its forest level isn't still in AD 2000 compatibility mode?).
>> tcpdump for the traffic during engine-manage-domains should help
>> diagnosing why.
>>
>>
>>> Cristian
>>>
>>>
>>> On Tue, Nov 20, 2012 at 10:11 AM, Cristian Falcas
>>> <cristi.falcas at gmail.com <mailto:cristi.falcas at gmail.**com<cristi.falcas at gmail.com>>>
>>> wrote:
>>>
>>>
>>>
>>>
>>> On Tue, Nov 20, 2012 at 9:58 AM, Itamar Heim <iheim at redhat.com
>>> <mailto:iheim at redhat.com>> wrote:
>>>
>>> On 11/20/2012 09:56 AM, Cristian Falcas wrote:
>>>
>>>
>>>
>>>
>>> On Tue, Nov 20, 2012 at 9:42 AM, Yair Zaslavsky
>>> <yzaslavs at redhat.com <mailto:yzaslavs at redhat.com>
>>> <mailto:yzaslavs at redhat.com <mailto:yzaslavs at redhat.com>>>
>>> wrote:
>>>
>>>
>>>
>>> On 11/20/2012 09:05 AM, Cristian Falcas wrote:
>>>
>>>
>>>
>>>
>>> On Tue, Nov 20, 2012 at 8:36 AM, Yair Zaslavsky
>>> <yzaslavs at redhat.com <mailto:yzaslavs at redhat.com>
>>> <mailto:yzaslavs at redhat.com <mailto:yzaslavs at redhat.com>>
>>> <mailto:yzaslavs at redhat.com
>>> <mailto:yzaslavs at redhat.com> <mailto:yzaslavs at redhat.com
>>> <mailto:yzaslavs at redhat.com>>>**> wrote:
>>>
>>>
>>>
>>> On 11/20/2012 12:39 AM, Cristian Falcas wrote:
>>>
>>>
>>>
>>> On Mon, Nov 19, 2012 at 10:53 PM, Itamar
>>> Heim
>>> <iheim at redhat.com <mailto:iheim at redhat.com>
>>> <mailto:iheim at redhat.com <mailto:iheim at redhat.com>>
>>> <mailto:iheim at redhat.com
>>> <mailto:iheim at redhat.com> <mailto:iheim at redhat.com
>>> <mailto:iheim at redhat.com>>>
>>> <mailto:iheim at redhat.com
>>> <mailto:iheim at redhat.com> <mailto:iheim at redhat.com
>>> <mailto:iheim at redhat.com>>
>>> <mailto:iheim at redhat.com <mailto:iheim at redhat.com>
>>> <mailto:iheim at redhat.com <mailto:iheim at redhat.com>>>>>
>>> wrote:
>>>
>>> On 11/19/2012 11:29 AM, Vinzenz
>>> Feenstra wrote:
>>>
>>> On 11/19/2012 10:01 AM, Cristian
>>> Falcas wrote:
>>>
>>> Hi,
>>>
>>> I'm trying to add some users
>>> to ovirt
>>> using an AD.
>>>
>>> This is the configuration I
>>> used for a
>>> mediawiki
>>> site, which is
>>> working correctly:
>>> $wgAuth = new
>>> LdapAuthenticationPlugin();
>>> $wgLDAPUseLocal = true;
>>> $wgLDAPDomainNames = array(
>>> "a_domain");
>>> $wgLDAPServerNames = array(
>>> "a_domain"=>"site.example.com
>>> <http://site.example.com> <http://site.example.com>
>>> <http://site.example.com>
>>> <http://site.example.com>
>>> <http://site.example.com>");
>>>
>>> $wgLDAPEncryptionType = array(
>>> "a_domain"=>"clear");
>>> $wgLDAPSearchStrings = array(
>>>
>>> "a_domain"=>"rom_domain\\USER-**________NAME");
>>> $wgLDAPBaseDNs = array(
>>> "a_domain"=>"dc=company,dc=___**
>>> _____com");
>>>
>>>
>>>
>>>
>>>
>>> Those are the commands I
>>> tried using:
>>> engine-manage-domains
>>> -action=add
>>> -domain=site.example.com
>>> <http://site.example.com> <http://site.example.com>
>>> <http://site.example.com>
>>> <http://site.example.com>
>>> <http://site.example.com>
>>> -provider=ActiveDirectory
>>> -user=user.name
>>> <http://user.name> <http://user.name>
>>> <http://user.name> <http://user.name>
>>> <http://user.name>
>>> -interactive
>>>
>>>
>>> engine-manage-domains
>>> -action=add
>>> -domain=a_domain
>>> -provider=ActiveDirectory
>>> -user=user.name at company.com
>>> <mailto:user.name at company.com>
>>> <mailto:user.name at company.com
>>> <mailto:user.name at company.com>**>
>>> <mailto:user.name at company.com <mailto:user.name at company.com>
>>> <mailto:user.name at company.com
>>> <mailto:user.name at company.com>**>__>
>>> <mailto:user.name at company.com
>>> <mailto:user.name at company.com>
>>> <mailto:user.name at company.com
>>> <mailto:user.name at company.com>**>
>>> <mailto:user.name at company.com
>>> <mailto:user.name at company.com>
>>> <mailto:user.name at company.com
>>> <mailto:user.name at company.com>**>__>__>
>>> <mailto:user.name at company.com
>>> <mailto:user.name at company.com>
>>> <mailto:user.name at company.com
>>> <mailto:user.name at company.com>**>
>>> <mailto:user.name at company.com
>>> <mailto:user.name at company.com>
>>> <mailto:user.name at company.com
>>> <mailto:user.name at company.com>**>__>
>>>
>>> <mailto:user.name at company.com
>>> <mailto:user.name at company.com>
>>> <mailto:user.name at company.com
>>> <mailto:user.name at company.com>**>
>>> <mailto:user.name at company.com
>>> <mailto:user.name at company.com>
>>> <mailto:user.name at company.com
>>> <mailto:user.name at company.com>**>__>__>__> -interactive
>>>
>>>
>>> engine-manage-domains
>>> -action=add
>>> -domain=a_domain
>>> -provider=ActiveDirectory
>>> -user=user.name at site.example._**_______com
>>>
>>>
>>> <mailto:user.name at site
>>> <mailto:user.name at site>.
>>> <mailto:user.name at site
>>> <mailto:user.name at site>.>__exa**m__p__le.com<http://exam__p__le.com>
>>> <http://examp__le.com> <http://example.com>
>>> <mailto:user.name at site.
>>> <mailto:user.name at site.>__exam**p__le.com<http://examp__le.com><
>>> http://example.com>
>>> <mailto:user.name at site.__examp**le.com<http://example.com>
>>> <mailto:user.name at site.**example.com<user.name at site.example.com>
>>> >>>>
>>> <mailto:user.name at site
>>> <mailto:user.name at site>
>>>
>>> <mailto:user.name at site <mailto:user.name at site>>.
>>> <mailto:user.name at site <mailto:
>>> user.name at site>
>>> <mailto:user.name at site
>>> <mailto:user.name at site>>.>__ex**a__m__p__le.com<http://exa__m__p__le.com>
>>> <http://exam__p__le.com>
>>>
>>> <http://examp__le.com> <http://example.com>
>>>
>>>
>>>
>>> <mailto:user.name at site
>>> <mailto:user.name at site>.
>>> <mailto:user.name at site
>>> <mailto:user.name at site>.>__exa**m__p__le.com<http://exam__p__le.com>
>>> <http://examp__le.com> <http://example.com>
>>> <mailto:user.name at site.
>>> <mailto:user.name at site.>__exam**p__le.com<http://examp__le.com><
>>> http://example.com>
>>> <mailto:user.name at site.__examp**le.com<http://example.com>
>>> <mailto:user.name at site.**example.com<user.name at site.example.com>>>>>>
>>> -interactive
>>>
>>>
>>> You don't add an user this way.
>>> You add the
>>> domain. You
>>> have to
>>> pass the
>>> domain admin user and the domain
>>> admin password.
>>>
>>>
>>> any domain user will do, doesn't have
>>> to be an admin.
>>> what does the log say?
>>>
>>>
>>> Then you can use the domain
>>> within the engine.
>>> e.g. search
>>> users, add
>>> access rights for vms etc.
>>> Even login to the engine and
>>> assigning rights
>>> within
>>> the engine
>>> you can
>>> handle from the engine itself.
>>>
>>> Regards,
>>>
>>> And the output on all tries:
>>> Enter password:
>>>
>>> Error: Authentication Failed.
>>> Please
>>> verify the fully
>>> qualified domain
>>> name that is used for
>>> authentication is
>>> correct..
>>> Problematic domain
>>> is: domain_used_in_command
>>> Failure while applying
>>> Kerberos
>>> configuration. Details:
>>> Authentication
>>> Failed. Please verify the
>>> fully qualified
>>> domain
>>> name that
>>> is used for
>>> authentication is correct.
>>>
>>> Can someone help me with the
>>> correct
>>> parameters?
>>>
>>>
>>> Best regards,
>>> Cristian Falcas
>>>
>>>
>>>
>>>
>>> ______________________________**_________________________
>>>
>>>
>>> Users mailing list
>>> Users at ovirt.org <mailto:Users at ovirt.org>
>>> <mailto:Users at ovirt.org <mailto:Users at ovirt.org>>
>>> <mailto:Users at ovirt.org <mailto:Users at ovirt.org>
>>> <mailto:Users at ovirt.org <mailto:Users at ovirt.org>>>
>>> <mailto:Users at ovirt.org <mailto:Users at ovirt.org>
>>> <mailto:Users at ovirt.org <mailto:Users at ovirt.org>>
>>> <mailto:Users at ovirt.org
>>> <mailto:Users at ovirt.org> <mailto:Users at ovirt.org
>>> <mailto:Users at ovirt.org>>>>
>>> http://lists.ovirt.org/_______**_mailman/listinfo/users<http://lists.ovirt.org/________mailman/listinfo/users>
>>> <http://lists.ovirt.org/______**mailman/listinfo/users<http://lists.ovirt.org/______mailman/listinfo/users>
>>> >
>>>
>>>
>>> <http://lists.ovirt.org/______**mailman/listinfo/users<http://lists.ovirt.org/______mailman/listinfo/users>
>>> <http://lists.ovirt.org/____**mailman/listinfo/users<http://lists.ovirt.org/____mailman/listinfo/users>
>>> >>
>>>
>>>
>>> <http://lists.ovirt.org/______**mailman/listinfo/users<http://lists.ovirt.org/______mailman/listinfo/users>
>>> <http://lists.ovirt.org/____**mailman/listinfo/users<http://lists.ovirt.org/____mailman/listinfo/users>
>>> >
>>> <http://lists.ovirt.org/____**
>>> mailman/listinfo/users<http://lists.ovirt.org/____mailman/listinfo/users>
>>> <http://lists.ovirt.org/__**mailman/listinfo/users<http://lists.ovirt.org/__mailman/listinfo/users>
>>> >>>
>>>
>>>
>>>
>>>
>>> <http://lists.ovirt.org/______**mailman/listinfo/users<http://lists.ovirt.org/______mailman/listinfo/users>
>>> <http://lists.ovirt.org/____**mailman/listinfo/users<http://lists.ovirt.org/____mailman/listinfo/users>
>>> >
>>> <http://lists.ovirt.org/____**
>>> mailman/listinfo/users<http://lists.ovirt.org/____mailman/listinfo/users>
>>> <http://lists.ovirt.org/__**mailman/listinfo/users<http://lists.ovirt.org/__mailman/listinfo/users>
>>> >>
>>>
>>> <http://lists.ovirt.org/____**mailman/listinfo/users<http://lists.ovirt.org/____mailman/listinfo/users>
>>> <http://lists.ovirt.org/__**mailman/listinfo/users<http://lists.ovirt.org/__mailman/listinfo/users>
>>> >
>>> <http://lists.ovirt.org/__**mailman/listinfo/users<http://lists.ovirt.org/__mailman/listinfo/users>
>>> <http://lists.ovirt.org/**mailman/listinfo/users<http://lists.ovirt.org/mailman/listinfo/users>
>>> >>>>
>>>
>>>
>>>
>>> --
>>> Regards,
>>>
>>> Vinzenz Feenstra | Senior
>>> Software Engineer
>>> RedHat Engineering Virtualization
>>> R & D
>>> Phone: +420 532 294 625
>>> <tel:%2B420%20532%20294%20625>
>>> <tel:%2B420%20532%20294%20625>
>>> <tel:%2B420%20532%20294%20625>
>>> <tel:%2B420%20532%20294%20625>
>>>
>>> IRC: vfeenstr or evilissimo
>>>
>>> Better technology. Faster
>>> innovation. Powered
>>> by community
>>> collaboration.
>>> See how it works at redhat.com
>>> <http://redhat.com>
>>> <http://redhat.com> <http://redhat.com>
>>> <http://redhat.com>
>>>
>>>
>>>
>>>
>>>
>>> ______________________________**_________________________
>>>
>>>
>>> Users mailing list
>>> Users at ovirt.org <mailto:Users at ovirt.org>
>>> <mailto:Users at ovirt.org <mailto:Users at ovirt.org>>
>>> <mailto:Users at ovirt.org <mailto:Users at ovirt.org>
>>> <mailto:Users at ovirt.org <mailto:Users at ovirt.org>>>
>>> <mailto:Users at ovirt.org <mailto:Users at ovirt.org>
>>> <mailto:Users at ovirt.org <mailto:Users at ovirt.org>>
>>> <mailto:Users at ovirt.org
>>> <mailto:Users at ovirt.org> <mailto:Users at ovirt.org
>>> <mailto:Users at ovirt.org>>>>
>>> http://lists.ovirt.org/_______**_mailman/listinfo/users<http://lists.ovirt.org/________mailman/listinfo/users>
>>> <http://lists.ovirt.org/______**mailman/listinfo/users<http://lists.ovirt.org/______mailman/listinfo/users>
>>> >
>>>
>>>
>>> <http://lists.ovirt.org/______**mailman/listinfo/users<http://lists.ovirt.org/______mailman/listinfo/users>
>>> <http://lists.ovirt.org/____**mailman/listinfo/users<http://lists.ovirt.org/____mailman/listinfo/users>
>>> >>
>>>
>>>
>>> <http://lists.ovirt.org/______**mailman/listinfo/users<http://lists.ovirt.org/______mailman/listinfo/users>
>>> <http://lists.ovirt.org/____**mailman/listinfo/users<http://lists.ovirt.org/____mailman/listinfo/users>
>>> >
>>> <http://lists.ovirt.org/____**
>>> mailman/listinfo/users<http://lists.ovirt.org/____mailman/listinfo/users>
>>> <http://lists.ovirt.org/__**mailman/listinfo/users<http://lists.ovirt.org/__mailman/listinfo/users>
>>> >>>
>>>
>>>
>>> <http://lists.ovirt.org/______**mailman/listinfo/users<http://lists.ovirt.org/______mailman/listinfo/users>
>>> <http://lists.ovirt.org/____**mailman/listinfo/users<http://lists.ovirt.org/____mailman/listinfo/users>
>>> >
>>> <http://lists.ovirt.org/____**
>>> mailman/listinfo/users<http://lists.ovirt.org/____mailman/listinfo/users>
>>> <http://lists.ovirt.org/__**mailman/listinfo/users<http://lists.ovirt.org/__mailman/listinfo/users>
>>> >>
>>>
>>> <http://lists.ovirt.org/____**mailman/listinfo/users<http://lists.ovirt.org/____mailman/listinfo/users>
>>> <http://lists.ovirt.org/__**mailman/listinfo/users<http://lists.ovirt.org/__mailman/listinfo/users>
>>> >
>>> <http://lists.ovirt.org/__**mailman/listinfo/users<http://lists.ovirt.org/__mailman/listinfo/users>
>>> <http://lists.ovirt.org/**mailman/listinfo/users<http://lists.ovirt.org/mailman/listinfo/users>
>>> >>>>
>>>
>>>
>>>
>>>
>>> ______________________________**_________________________
>>>
>>>
>>> Users mailing list
>>> Users at ovirt.org <mailto:Users at ovirt.org>
>>> <mailto:Users at ovirt.org <mailto:Users at ovirt.org>>
>>> <mailto:Users at ovirt.org <mailto:Users at ovirt.org>
>>> <mailto:Users at ovirt.org <mailto:Users at ovirt.org>>>
>>> <mailto:Users at ovirt.org <mailto:Users at ovirt.org>
>>> <mailto:Users at ovirt.org <mailto:Users at ovirt.org>>
>>> <mailto:Users at ovirt.org
>>> <mailto:Users at ovirt.org> <mailto:Users at ovirt.org
>>> <mailto:Users at ovirt.org>>>>
>>> http://lists.ovirt.org/_______**_mailman/listinfo/users<http://lists.ovirt.org/________mailman/listinfo/users>
>>> <http://lists.ovirt.org/______**mailman/listinfo/users<http://lists.ovirt.org/______mailman/listinfo/users>
>>> >
>>>
>>>
>>> <http://lists.ovirt.org/______**mailman/listinfo/users<http://lists.ovirt.org/______mailman/listinfo/users>
>>> <http://lists.ovirt.org/____**mailman/listinfo/users<http://lists.ovirt.org/____mailman/listinfo/users>
>>> >>
>>>
>>> <http://lists.ovirt.org/______**mailman/listinfo/users<http://lists.ovirt.org/______mailman/listinfo/users>
>>> <http://lists.ovirt.org/____**mailman/listinfo/users<http://lists.ovirt.org/____mailman/listinfo/users>
>>> >
>>> <http://lists.ovirt.org/____**
>>> mailman/listinfo/users<http://lists.ovirt.org/____mailman/listinfo/users>
>>> <http://lists.ovirt.org/__**mailman/listinfo/users<http://lists.ovirt.org/__mailman/listinfo/users>
>>> >>>
>>>
>>>
>>>
>>> <http://lists.ovirt.org/______**mailman/listinfo/users<http://lists.ovirt.org/______mailman/listinfo/users>
>>> <http://lists.ovirt.org/____**mailman/listinfo/users<http://lists.ovirt.org/____mailman/listinfo/users>
>>> >
>>> <http://lists.ovirt.org/____**
>>> mailman/listinfo/users<http://lists.ovirt.org/____mailman/listinfo/users>
>>> <http://lists.ovirt.org/__**mailman/listinfo/users<http://lists.ovirt.org/__mailman/listinfo/users>
>>> >>
>>>
>>> <http://lists.ovirt.org/____**mailman/listinfo/users<http://lists.ovirt.org/____mailman/listinfo/users>
>>> <http://lists.ovirt.org/__**mailman/listinfo/users<http://lists.ovirt.org/__mailman/listinfo/users>
>>> >
>>> <http://lists.ovirt.org/__**mailman/listinfo/users<http://lists.ovirt.org/__mailman/listinfo/users>
>>> <http://lists.ovirt.org/**mailman/listinfo/users<http://lists.ovirt.org/mailman/listinfo/users>
>>> >>>>
>>>
>>>
>>>
>>>
>>> Hi,
>>>
>>> This is the command I used (the same error
>>> is with
>>> -interactive
>>> parameter):
>>>
>>> engine-manage-domains -action=add
>>> -domain=example.com <http://example.com>
>>> <http://example.com>
>>> <http://example.com>
>>> <http://example.com>
>>> -provider=ActiveDirectory
>>> -user=user.name at a_domain
>>>
>>> -passwordFile=/tmp/pass
>>>
>>> [root at localhost ~]# cat /tmp/pass
>>> qwerty[root at localhost ~]#
>>>
>>> This is the log:
>>>
>>> 2012-11-20 00:30:40,443 INFO
>>>
>>>
>>> [org.ovirt.engine.core.utils._**_____kerberos.ManageDomains]
>>>
>>> Creating
>>>
>>>
>>> kerberos
>>> configuration for domain(s): example.com
>>> <http://example.com>
>>> <http://example.com> <http://example.com>
>>> <http://example.com>
>>>
>>> 2012-11-20 00:30:40,525 INFO
>>>
>>>
>>> [org.ovirt.engine.core.utils._**_____kerberos.ManageDomains]
>>>
>>>
>>> Successfully
>>>
>>> created kerberos configuration for
>>> domain(s):
>>> example.com <http://example.com> <http://example.com>
>>> <http://example.com>
>>> <http://example.com>
>>>
>>> 2012-11-20 00:30:40,526 INFO
>>>
>>>
>>> [org.ovirt.engine.core.utils._**_____kerberos.ManageDomains]
>>>
>>> Testing
>>>
>>>
>>> kerberos
>>> configuration for domain: example.com
>>> <http://example.com>
>>> <http://example.com> <http://example.com>
>>> <http://example.com>
>>>
>>> 2012-11-20 00:30:40,830 ERROR
>>>
>>>
>>> [org.ovirt.engine.core.utils._**_____kerberos.__**
>>> KerberosConfigCheck]
>>>
>>>
>>> Error:
>>>
>>> exception message: Cannot locate KDC
>>> 2012-11-20 00:30:40,851 ERROR
>>>
>>>
>>> [org.ovirt.engine.core.utils._**_____kerberos.ManageDomains]
>>>
>>> Failure
>>>
>>> while
>>>
>>> testing domain example.com
>>> <http://example.com> <http://example.com>
>>> <http://example.com>
>>> <http://example.com>. Details: Kerberos
>>>
>>> error. Please check log for further
>>> details.
>>>
>>>
>>> Hi, the error indicates you don't have
>>> kerberos configured.
>>> manage-domains validates by default using
>>> GSSAPI/Kerberos (if I
>>> understand correctly, this is equivalent to
>>> run ldapsearch
>>> with -Y
>>> gssapi option).
>>> I wonder if -x (simple authentication) will
>>> work for you as
>>> well (as
>>> manage-domains contains code for simple
>>> authentication as
>>> well).
>>>
>>>
>>>
>>> This is the ldapsearch command that works
>>> (it retrieves
>>> users)
>>> from the
>>> same machine:
>>>
>>>
>>>
>>> ldapsearch -H ldap://example.com
>>> <http://example.com> <http://example.com>
>>> <http://example.com>
>>> <http://example.com> -b
>>>
>>> dc=example,dc=com -D user.name at a_domain -w
>>> qwerty
>>>
>>>
>>> Best regards,
>>> Cristian Falcas
>>>
>>>
>>>
>>>
>>> ______________________________**_______________________
>>> Users mailing list
>>> Users at ovirt.org <mailto:Users at ovirt.org>
>>> <mailto:Users at ovirt.org <mailto:Users at ovirt.org>>
>>> <mailto:Users at ovirt.org <mailto:Users at ovirt.org>
>>> <mailto:Users at ovirt.org <mailto:Users at ovirt.org>>>
>>> http://lists.ovirt.org/______**mailman/listinfo/users<http://lists.ovirt.org/______mailman/listinfo/users>
>>> <http://lists.ovirt.org/____**mailman/listinfo/users<http://lists.ovirt.org/____mailman/listinfo/users>
>>> >
>>> <http://lists.ovirt.org/____**
>>> mailman/listinfo/users<http://lists.ovirt.org/____mailman/listinfo/users>
>>> <http://lists.ovirt.org/__**mailman/listinfo/users<http://lists.ovirt.org/__mailman/listinfo/users>
>>> >>
>>>
>>> <http://lists.ovirt.org/____**mailman/listinfo/users<http://lists.ovirt.org/____mailman/listinfo/users>
>>> <http://lists.ovirt.org/__**mailman/listinfo/users<http://lists.ovirt.org/__mailman/listinfo/users>
>>> >
>>> <http://lists.ovirt.org/__**mailman/listinfo/users<http://lists.ovirt.org/__mailman/listinfo/users>
>>> <http://lists.ovirt.org/**mailman/listinfo/users<http://lists.ovirt.org/mailman/listinfo/users>
>>> >>>
>>>
>>>
>>>
>>>
>>> Hi,
>>>
>>> I used "-x" for ldapsearch and the result is the
>>> same: list
>>> retrieved.
>>> Is there any equivalent for engine-manage-domains?
>>>
>>> Cristian
>>>
>>> Hi Christian, there is no code allowing to add
>>> simple-authentication
>>> domains to Manage-Domains.
>>> In the past we did have the ability to do that, but
>>> there are
>>> several problematic issues.
>>> What ldap server are you working against? Maybe I
>>> missed that
>>>
>>>
>>>
>>>
>>> Hi,
>>>
>>> The server is a Microfost AD 2003.
>>>
>>> Best regards,
>>> Cristian Falcas
>>>
>>>
>>> this should work, is the AD also the DNS server for the ovirt
>>> engine machine?
>>>
>>>
>>>
>>> yes
>>>
>>>
>>>
>>
>>
> Could you take a look at the tcp dump? There are only 2 messages relevant
> to this (let me know if you want the full dump):
>
> - 2091 12.423634 10.0.0.xx 10.0.0.yyy DNS 87 Standard
> query SRV _kerberos._tcp.EXAMPLE.COM
> - 2092 12.424357 10.0.0.yyy 10.0.0.xx DNS 245 Standard
> query response SRV 0 100 88 site1.example.com SRV 0 100 88
> site2.example.com SRV 0 100 88 site3.example.com
>
> Also, I tries to run ldapsearch with -Y gssapi:
> ldap_sasl_interactive_bind_s: Unknown authentication method (-6)
> additional info: SASL(-4): no mechanism available: No worthy mechs
> found
>
> Best regards,
> Cristian Falcas
>
> The SRV records look fine.
> If I remember correctly, your DNS should have a reverse-resolve PTR record
> to your engine machine. Does it exists?
>
>
I don't think so (10.0.0.xx is engine machine, 10.0.0.yyy is dns):
[root at localhost ~]# nslookup 10.0.0.xx
Server: 10.0.0.yyy
Address: 10.0.0.yyy#53
** server can't find xx.0.0.10.in-addr.arpa.: NXDOMAIN
[root at localhost ~]# host 10.0.0.xx
Host xx.0.0.10.in-addr.arpa. not found: 3(NXDOMAIN)
I will ask them to add a DNS record for the machine.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ovirt.org/pipermail/users/attachments/20121121/7013e4e9/attachment-0001.html>
More information about the Users
mailing list