[Users] ActiveDirectory problems
Joop
jvdwege at xs4all.nl
Fri Sep 14 22:07:06 UTC 2012
Hi List,
I have been reading the list for quite sometime and I have a question
because I can't find the problem myself.
I have an oVirt-3.1 setup with 3 nodes (Fed17 install from LiveCD +
vdsm) and an engine install. Sofar this all works. Can create VM's, can
migrate them, no problems ( well one but thats for another post, vdsmd
doesn't start at system start).
Version of oVirt thats installed:
Installed Packages
ovirt-engine.noarch 3.1.0-2.fc17 @ovirt-beta
ovirt-engine-backend.noarch 3.1.0-2.fc17
@ovirt-beta
ovirt-engine-cli.noarch 3.1.0.6-1.fc17 @ovirt-beta
ovirt-engine-config.noarch 3.1.0-2.fc17
@ovirt-beta
ovirt-engine-dbscripts.noarch 3.1.0-2.fc17
@ovirt-beta
ovirt-engine-genericapi.noarch 3.1.0-2.fc17
@ovirt-beta
ovirt-engine-notification-service.noarch
3.1.0-2.fc17 @ovirt-beta
ovirt-engine-restapi.noarch 3.1.0-2.fc17
@ovirt-beta
ovirt-engine-sdk.noarch 3.1.0.4-1.fc17 @ovirt-beta
ovirt-engine-setup.noarch 3.1.0-2.fc17 @ovirt-beta
ovirt-engine-tools-common.noarch 3.1.0-2.fc17
@ovirt-beta
ovirt-engine-userportal.noarch 3.1.0-2.fc17
@ovirt-beta
ovirt-engine-webadmin-portal.noarch
3.1.0-2.fc17 @ovirt-beta
ovirt-image-uploader.noarch 3.1.0-0.git9c42c8.fc17
@ovirt-beta
ovirt-iso-uploader.noarch 3.1.0-0.git1841d9.fc17 @ovirt-beta
ovirt-log-collector.noarch 3.1.0-0.git10d719.fc17
@ovirt-beta
Next step is integrating with our AD setup. Ran engine-manage-domains
-action=add -provider=ActiveDirectory -domain=nieuwland.local
-user=admin -interactive
Message is:
WARNING: No permissions were added to the Engine. Login either with the
internal admin user or with another configured user
Successfully added domain nieuwland.local. oVirt Engine restart is
required in order for the changes to take place (service
Manage Domains completed successfully
The specified admin is an DomainAdministrator.
The logfile in /var/log/engine/engine-manage-domains also says OK. The
resulting krb5.conf in /etc/ovirt-engine looks also OK. The AD servers
are resolvable forward and backward.
Then I'm lost because when I log into the Admin portal with the internal
admin account and goto the Users tab and want to add a user from the
nieuwland.local, myself (jvandewege) realm it won't work and I get the
following in engine.log
2012-09-14 12:55:26,104 ERROR
[org.ovirt.engine.core.bll.adbroker.DirectorySearcher]
(ajp--0.0.0.0-8009-12) Failed ldap search server
LDAP://digit.nieuwland.local:389 due to java.lang.NullPointerException.
We should try the next server: java.lang.NullPointerException
at
org.ovirt.engine.core.bll.adbroker.ADRootDSE.<init>(ADRootDSE.java:26)
[engine-bll.jar:]
at
org.ovirt.engine.core.bll.adbroker.RootDSEFactory.get(RootDSEFactory.java:14)
[engine-bll.jar:]
at
org.ovirt.engine.core.bll.adbroker.GetRootDSETask.setRootDSE(GetRootDSETask.java:97)
[engine-bll.jar:]
at
org.ovirt.engine.core.bll.adbroker.GetRootDSETask.call(GetRootDSETask.java:68)
[engine-bll.jar:]
at
org.ovirt.engine.core.bll.adbroker.DirectorySearcher.find(DirectorySearcher.java:91)
[engine-bll.jar:]
at
org.ovirt.engine.core.bll.adbroker.DirectorySearcher.FindOne(DirectorySearcher.java:39)
[engine-bll.jar:]
at
org.ovirt.engine.core.bll.adbroker.LdapAuthenticateUserCommand.executeQuery(LdapAuthenticateUserCommand.java:44)
[engine-bll.jar:]
at
org.ovirt.engine.core.bll.adbroker.LdapBrokerCommandBase.Execute(LdapBrokerCommandBase.java:68)
[engine-bll.jar:]
at
org.ovirt.engine.core.bll.adbroker.LdapBrokerBase.RunAdAction(LdapBrokerBase.java:18)
[engine-bll.jar:]
at
org.ovirt.engine.core.bll.LoginUserCommand.authenticateUser(LoginUserCommand.java:30)
[engine-bll.jar:]
at
org.ovirt.engine.core.bll.LoginBaseCommand.isUserCanBeAuthenticated(LoginBaseCommand.java:177)
[engine-bll.jar:]
at
org.ovirt.engine.core.bll.LoginAdminUserCommand.canDoAction(LoginAdminUserCommand.java:14)
[engine-bll.jar:]
at
org.ovirt.engine.core.bll.CommandBase.InternalCanDoAction(CommandBase.java:486)
[engine-bll.jar:]
at
org.ovirt.engine.core.bll.CommandBase.ExecuteAction(CommandBase.java:261)
[engine-bll.jar:]
at org.ovirt.engine.core.bll.Backend.Login(Backend.java:481)
[engine-bll.jar:]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
[rt.jar:1.7.0_05-icedtea]
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
[rt.jar:1.7.0_05-icedtea]
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
[rt.jar:1.7.0_05-icedtea]
at java.lang.reflect.Method.invoke(Method.java:601)
[rt.jar:1.7.0_05-icedtea]
at
org.jboss.as.ee.component.ManagedReferenceMethodInterceptorFactory$ManagedReferenceMethodInterceptor.processInvocation(ManagedReferenceMethodInterceptorFactory.java:72)
[jboss-as-ee-7.1.1.Final.jar:7.1.1.Final]
at
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
[jboss-invocation.jar:1.1.1.Final]
at
org.jboss.invocation.InterceptorContext$Invocation.proceed(InterceptorContext.java:374)
[jboss-invocation.jar:1.1.1.Final]
at
org.ovirt.engine.core.utils.ThreadLocalSessionCleanerInterceptor.injectWebContextToThreadLocal(ThreadLocalSessionCleanerInterceptor.java:11)
[engine-utils.jar:]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
[rt.jar:1.7.0_05-icedtea]
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
[rt.jar:1.7.0_05-icedtea]
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
[rt.jar:1.7.0_05-icedtea]
at java.lang.reflect.Method.invoke(Method.java:601)
[rt.jar:1.7.0_05-icedtea]
at
org.jboss.as.ee.component.ManagedReferenceLifecycleMethodInterceptorFactory$ManagedReferenceLifecycleMethodInterceptor.processInvocation(ManagedReferenceLifecycleMethodInterceptorFactory.java:123)
[jboss-as-ee-7.1.1.Final.jar:7.1.1.Final]
at
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
[jboss-invocation.jar:1.1.1.Final]
at
org.jboss.invocation.WeavedInterceptor.processInvocation(WeavedInterceptor.java:53)
[jboss-invocation.jar:1.1.1.Final]
at
org.jboss.as.ee.component.interceptors.UserInterceptorFactory$1.processInvocation(UserInterceptorFactory.java:36)
[jboss-as-ee-7.1.1.Final.jar:7.1.1.Final]
at
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
[jboss-invocation.jar:1.1.1.Final]
at
org.jboss.invocation.InitialInterceptor.processInvocation(InitialInterceptor.java:21)
[jboss-invocation.jar:1.1.1.Final]
at
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
[jboss-invocation.jar:1.1.1.Final]
at
org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61)
[jboss-invocation.jar:1.1.1.Final]
at
org.jboss.as.ee.component.interceptors.ComponentDispatcherInterceptor.processInvocation(ComponentDispatcherInterceptor.java:53)
[jboss-as-ee-7.1.1.Final.jar:7.1.1.Final]
at
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
[jboss-invocation.jar:1.1.1.Final]
at
org.jboss.as.ejb3.component.singleton.SingletonComponentInstanceAssociationInterceptor.processInvocation(SingletonComponentInstanceAssociationInterceptor.java:53)
[jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final]
at
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
[jboss-invocation.jar:1.1.1.Final]
at
org.jboss.as.ejb3.tx.CMTTxInterceptor.invokeInNoTx(CMTTxInterceptor.java:211)
[jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final]
at
org.jboss.as.ejb3.tx.CMTTxInterceptor.supports(CMTTxInterceptor.java:363)
[jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final]
at
org.jboss.as.ejb3.tx.CMTTxInterceptor.processInvocation(CMTTxInterceptor.java:194)
[jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final]
at
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
[jboss-invocation.jar:1.1.1.Final]
at
org.jboss.as.ejb3.component.interceptors.CurrentInvocationContextInterceptor.processInvocation(CurrentInvocationContextInterceptor.java:41)
[jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final]
at
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
[jboss-invocation.jar:1.1.1.Final]
at
org.jboss.as.ejb3.component.interceptors.LoggingInterceptor.processInvocation(LoggingInterceptor.java:59)
[jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final]
at
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
[jboss-invocation.jar:1.1.1.Final]
at
org.jboss.as.ee.component.NamespaceContextInterceptor.processInvocation(NamespaceContextInterceptor.java:50)
[jboss-as-ee-7.1.1.Final.jar:7.1.1.Final]
at
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
[jboss-invocation.jar:1.1.1.Final]
at
org.jboss.as.ee.component.TCCLInterceptor.processInvocation(TCCLInterceptor.java:45)
[jboss-as-ee-7.1.1.Final.jar:7.1.1.Final]
at
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
[jboss-invocation.jar:1.1.1.Final]
at
org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61)
[jboss-invocation.jar:1.1.1.Final]
at
org.jboss.as.ee.component.ViewService$View.invoke(ViewService.java:165)
[jboss-as-ee-7.1.1.Final.jar:7.1.1.Final]
at
org.jboss.as.ee.component.ViewDescription$1.processInvocation(ViewDescription.java:173)
[jboss-as-ee-7.1.1.Final.jar:7.1.1.Final]
at
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
[jboss-invocation.jar:1.1.1.Final]
at
org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61)
[jboss-invocation.jar:1.1.1.Final]
at
org.jboss.as.ee.component.ProxyInvocationHandler.invoke(ProxyInvocationHandler.java:72)
[jboss-as-ee-7.1.1.Final.jar:7.1.1.Final]
at
org.ovirt.engine.core.common.interfaces.BackendLocal$$$view9.Login(Unknown
Source) [engine-common.jar:]
at
org.ovirt.engine.ui.frontend.server.gwt.GenericApiGWTServiceImpl.Login(GenericApiGWTServiceImpl.java:157)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
[rt.jar:1.7.0_05-icedtea]
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
[rt.jar:1.7.0_05-icedtea]
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
[rt.jar:1.7.0_05-icedtea]
at java.lang.reflect.Method.invoke(Method.java:601)
[rt.jar:1.7.0_05-icedtea]
at com.google.gwt.rpc.server.RPC.invokeAndStreamResponse(RPC.java:196)
at
com.google.gwt.rpc.server.RpcServlet.processCall(RpcServlet.java:161)
at
com.google.gwt.rpc.server.RpcServlet.processPost(RpcServlet.java:222)
at
com.google.gwt.user.server.rpc.AbstractRemoteServiceServlet.doPost(AbstractRemoteServiceServlet.java:62)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:754)
[jboss-servlet-3.0-api.jar:1.0.1.Final]
at javax.servlet.http.HttpServlet.service(HttpServlet.java:847)
[jboss-servlet-3.0-api.jar:1.0.1.Final]
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:329)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:275)
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:161)
at
org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityContextAssociationValve.java:153)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:155)
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
at org.jboss.web.rewrite.RewriteValve.invoke(RewriteValve.java:466)
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:368)
at org.apache.coyote.ajp.AjpProcessor.process(AjpProcessor.java:505)
at
org.apache.coyote.ajp.AjpProtocol$AjpConnectionHandler.process(AjpProtocol.java:445)
at
org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:930)
at java.lang.Thread.run(Thread.java:722) [rt.jar:1.7.0_05-icedtea]
2012-09-14 12:55:26,124 ERROR
[org.ovirt.engine.core.bll.adbroker.LdapAuthenticateUserCommand]
(ajp--0.0.0.0-8009-12) Failed authenticating user: admin to domain
nieuwland.local. Ldap Query Type is getUserByName
2012-09-14 12:55:26,125 ERROR
[org.ovirt.engine.core.bll.LoginAdminUserCommand] (ajp--0.0.0.0-8009-12)
USER_FAILED_TO_AUTHENTICATE : admin
2012-09-14 12:55:26,125 WARN
[org.ovirt.engine.core.bll.LoginAdminUserCommand] (ajp--0.0.0.0-8009-12)
CanDoAction of action LoginAdminUser failed.
Reasons:USER_FAILED_TO_AUTHENTICATE
2012-09-14 12:57:07,027 INFO
[org.ovirt.engine.core.bll.LoginAdminUserCommand] (ajp--0.0.0.0-8009-5)
Checking if user admin at internal is an admin, result true
2012-09-14 12:57:07,029 INFO
[org.ovirt.engine.core.bll.LoginAdminUserCommand] (ajp--0.0.0.0-8009-5)
Running command: LoginAdminUserCommand internal: false.
Using Wireshark I don't see what I expected namely a well formed ldap
search and a result. Can provide the dmp if needed.
Anyone had any luck and is willing to help me out?
Thanks in advance,
Joop
More information about the Users
mailing list