[Users] ovirt kerberos/ldap

Eduardo Ramos eduardo at freedominterface.org
Thu Feb 21 11:24:26 UTC 2013 

Morning!

That's my log entry. PCAP attached.

Feb 21 08:12:57 ldap krb5kdc[4314]: AS_REQ (1 etypes {23}) 
150.163.73.78: BAD_ENCRYPTION_TYPE: admin/admin at GSR.INPE.BR for 
krbtgt/GSR.INPE.BR at GSR.INPE.BR, KDC has no support for encryption type

My /etc/krb5.conf
[libdefaults]
       default_realm = GSR.INPE.BR
       allow_weak_crypto = yes

         default_tkt_enctypes = rc4-hmac des-cbc-md5
         default_tgs_enctypes = rc4-hmac des-cbc-md5

[realms]
       GSR.INPE.BR = {
       master_kdc =  GSR.INPE.BR
       kdc = kerberos.gsr.inpe.br
       default_domain = gsr.inpe.br
       }

[domain_realm]
       .gsr.inpe.br = GSR.INPE.BR
       gsr.inpe.br = GSR.INPE.BR

[logging]
    kdc = SYSLOG:INFO

Is it sufice?

On 02/21/2013 06:48 AM, Yair Zaslavsky wrote:
> Please provide info also on the IPA server you are using (use rpm -qa for that)
>
>
> ----- Original Message -----
>> From: "Yaniv Kaul" <ykaul at redhat.com>
>> To: "Eduardo Ramos" <eduardo at freedominterface.org>
>> Cc: users at ovirt.org
>> Sent: Thursday, February 21, 2013 11:14:41 AM
>> Subject: Re: [Users] ovirt kerberos/ldap
>>
>> ----- Original Message -----
>>> Hi all!
>>>
>>> I'm trying to link a ldap/kerberos to my ovirt without success. I'm
>>> stuck with this:
>>>
>>> oVirt engine:
>>>
>>> # engine-manage-domains -action=add -domain=gsr.inpe.br
>>> -user=admin/admin -interactive -provider=IPA
>>> Enter password:
>>>
>>> Error:  exception message: KDC has no support for encryption type
>>> (14) -
>>> BAD_ENCRYPTION_TYPE
>> Please snoop the connection between the engine and the IPA server.
>> Port 88, full packets ('-s 1500' on tcpdump), into file ('-w
>> /tmp/kerb.pcap' ).
>> Y.
>>
>>> Failure while testing domain gsr.inpe.br. Details: Kerberos error.
>>> Please check log for further details.
>>>
>>> kdc log:
>>>
>>> Feb 20 18:02:55 ldap krb5kdc[4314]: AS_REQ (1 etypes {23})
>>> 150.163.73.78: BAD_ENCRYPTION_TYPE: admin/admin at GSR.INPE.BR for
>>> krbtgt/GSR.INPE.BR at GSR.INPE.BR, KDC has no support for encryption
>>> type
>>>
>>> Any sugestion?
>>> _______________________________________________
>>> Users mailing list
>>> Users at ovirt.org
>>> http://lists.ovirt.org/mailman/listinfo/users
>>>
>> _______________________________________________
>> Users mailing list
>> Users at ovirt.org
>> http://lists.ovirt.org/mailman/listinfo/users
>>

-------------- next part --------------
A non-text attachment was scrubbed...
Name: kerb.pcap
Type: application/octet-stream
Size: 1187 bytes
Desc: not available
URL: <http://lists.ovirt.org/pipermail/users/attachments/20130221/b51bc13a/attachment-0001.obj>
-------------- next part --------------
libssh2-1.2.2-11.el6_3.x86_64
setup-2.8.14-16.el6.noarch
libxml2-2.7.6-8.el6_3.4.x86_64
basesystem-10.0-4.el6.noarch
libtalloc-2.0.1-1.1.el6.x86_64
ca-certificates-2010.63-3.el6_1.5.noarch
libtdb-1.2.1-3.el6.x86_64
libcollection-0.6.0-9.el6.x86_64
nss-softokn-freebl-3.12.9-11.el6.x86_64
libldb-0.9.10-23.el6.x86_64
perl-version-0.77-127.el6.x86_64
bash-4.1.2-9.el6_2.x86_64
perl-Pod-Simple-3.13-127.el6.x86_64
libcap-2.16-5.5.el6.x86_64
perl-5.10.1-127.el6.x86_64
info-4.13a-8.el6.x86_64
perl-XML-SAX-0.96-7.el6.noarch
chkconfig-1.3.49.3-2.el6.x86_64
perl-Compress-Raw-Zlib-2.020-127.el6.x86_64
libacl-2.2.49-6.el6.x86_64
perl-URI-1.40-2.el6.noarch
audit-libs-2.2-2.el6.x86_64
perl-Compress-Zlib-2.020-127.el6.x86_64
db4-4.7.25-17.el6.x86_64
perl-Digest-SHA1-2.12-2.el6.x86_64
readline-6.0-4.el6.x86_64
perl-Convert-ASN1-0.22-1.el6.noarch
libselinux-2.0.94-5.3.el6.x86_64
perl-HTML-Parser-3.64-2.el6.x86_64
glib2-2.22.5-7.el6.x86_64
perl-Net-SSLeay-1.35-9.el6.x86_64
shadow-utils-4.1.4.2-13.el6.x86_64
perl-GSSAPI-0.26-5.el6.x86_64
perl-Text-Iconv-1.7-6.el6.x86_64
libstdc++-4.4.6-4.el6.x86_64
libpath_utils-0.2.1-9.el6.x86_64
file-libs-5.04-13.el6.x86_64
perl-libwww-perl-5.833-2.el6.noarch
libtool-ltdl-2.2.6-15.5.el6.x86_64
xz-libs-4.999.9-0.3.beta.20091007git.el6.x86_64
make-3.81-20.el6.x86_64
lua-5.1.4-4.1.el6.x86_64
libref_array-0.1.1-9.el6.x86_64
iproute-2.6.32-20.el6.x86_64
c-ares-1.7.0-6.el6.x86_64
elfutils-libelf-0.152-1.el6.x86_64
sssd-1.8.0-32.el6.x86_64
perl-LDAP-0.40-1.el6.noarch
libtirpc-0.2.1-5.el6.x86_64
vim-common-7.2.411-1.8.el6.x86_64
pcre-7.8-4.el6.x86_64
vim-enhanced-7.2.411-1.8.el6.x86_64
findutils-4.4.2-6.el6.x86_64
gpg-pubkey-0608b895-4bd22942
libselinux-utils-2.0.94-5.3.el6.x86_64
apr-1.3.9-5.el6_2.x86_64
bzip2-1.0.5-7.el6_0.x86_64
apr-util-ldap-1.3.9-3.el6_0.1.x86_64
pth-2.0.7-9.3.el6.x86_64
httpd-2.2.15-15.el6.centos.1.x86_64
expat-2.0.1-11.el6_2.x86_64
php-cli-5.3.3-14.el6_3.x86_64
dbus-glib-0.86-5.el6.x86_64
lighttpd-1.4.31-1.el6.x86_64
iptables-ipv6-1.4.7-5.1.el6_2.x86_64
upstart-0.6.5-12.el6.x86_64
xinetd-2.3.14-35.el6_3.x86_64
nss-softokn-3.12.9-11.el6.x86_64
krb5-appl-clients-1.0.1-7.el6_2.1.x86_64
libusb-0.1.12-23.el6.x86_64
xz-4.999.9-0.3.beta.20091007git.el6.x86_64
grubby-7.0.15-3.el6.x86_64
man-1.6f-30.el6.x86_64
libutempter-1.1.5-4.1.el6.x86_64
strace-4.5.19-1.11.el6_3.2.x86_64
tar-1.23-7.el6.x86_64
nmap-5.51-2.el6.x86_64
krb5-libs-1.9-33.el6_3.3.x86_64
e2fsprogs-libs-1.41.12-12.el6.x86_64
krb5-appl-servers-1.0.1-7.el6_2.1.x86_64
pinentry-0.7.6-6.el6.x86_64
krb5-workstation-1.9-33.el6_3.3.x86_64
m4-1.4.13-5.el6.x86_64
diffutils-2.8.1-28.el6.x86_64
libedit-2.11-4.20080712cvs.1.el6.x86_64
groff-1.18.1.4-21.el6.x86_64
coreutils-libs-8.4-19.el6.x86_64
cracklib-2.8.16-4.el6.x86_64
coreutils-8.4-19.el6.x86_64
hwdata-0.233-7.8.el6.noarch
rpcbind-0.2.0-9.el6.x86_64
libhbalinux-1.0.13-1.el6.x86_64
fipscheck-1.2.0-7.el6.x86_64
gnupg2-2.0.14-4.el6.x86_64
curl-7.19.7-26.el6_2.4.x86_64
rpm-4.8.0-27.el6.x86_64
libuser-0.56.13-5.el6.x86_64
gdbm-1.8.0-36.el6.x86_64
pciutils-libs-3.1.4-11.el6.x86_64
ethtool-2.6.33-0.3.el6.x86_64
libcap-ng-0.6.4-3.el6_0.1.x86_64
python-iniparse-0.3.1-2.1.el6.noarch
python-urlgrabber-3.9.1-8.el6.noarch
pygpgme-0.1-18.20090824bzr68.el6.x86_64
yum-plugin-fastestmirror-1.1.30-14.el6.noarch
slang-2.2.1-1.el6.x86_64
newt-python-0.52.11-3.el6.x86_64
libsemanage-2.0.43-4.1.el6.x86_64
libnl-1.1-14.el6.x86_64
libaio-0.3.107-10.el6.x86_64
centos-release-6-3.el6.centos.9.x86_64
policycoreutils-2.0.83-19.24.el6.x86_64
nfs-utils-lib-1.1.5-4.el6.x86_64
kbd-misc-1.15-11.el6.noarch
libdrm-2.4.25-2.el6.x86_64
kernel-2.6.32-279.el6.x86_64
fcoe-utils-1.0.22-3.el6.x86_64
cryptsetup-luks-1.2.0-7.el6.x86_64
bfa-firmware-3.0.0.0-1.el6.noarch
libcgroup-0.37-4.el6.x86_64
yum-presto-0.6.2-1.el6.noarch
system-config-firewall-base-1.2.27-5.el6.noarch
passwd-0.77-4.el6_2.2.x86_64
e2fsprogs-1.41.12-12.el6.x86_64
vim-minimal-7.2.411-1.8.el6.x86_64
attr-2.4.44-7.el6.x86_64
ql2500-firmware-5.06.05-1.el6.noarch
ql2200-firmware-2.02.08-3.1.el6.noarch
ql23xx-firmware-3.03.27-3.1.el6.noarch
tzdata-2012j-1.el6.noarch
glibc-common-2.12-1.80.el6_3.7.x86_64
nss-util-3.13.6-1.el6_3.x86_64
nss-sysinit-3.13.6-2.el6_3.x86_64
libuuid-2.17.2-12.7.el6_3.x86_64
libblkid-2.17.2-12.7.el6_3.x86_64
initscripts-9.03.31-2.el6.centos.1.x86_64
device-mapper-libs-1.02.74-10.el6_3.3.x86_64
device-mapper-event-libs-1.02.74-10.el6_3.3.x86_64
openssh-5.3p1-81.el6_3.x86_64
device-mapper-event-1.02.74-10.el6_3.3.x86_64
kpartx-0.4.9-56.el6_3.1.x86_64
python-2.6.6-29.el6_3.3.x86_64
cyrus-sasl-lib-2.1.23-13.el6_3.1.x86_64
dhcp-common-4.1.1-31.0.1.P1.el6.centos.1.x86_64
selinux-policy-3.7.19-155.el6_3.14.noarch
kernel-2.6.32-279.22.1.el6.x86_64
selinux-policy-targeted-3.7.19-155.el6_3.14.noarch
device-mapper-multipath-0.4.9-56.el6_3.1.x86_64
lvm2-2.02.95-10.el6_3.3.x86_64
openssh-server-5.3p1-81.el6_3.x86_64
libgcc-4.4.6-4.el6.x86_64
dbus-libs-1.2.24-7.el6_3.x86_64
filesystem-2.4.30-3.el6.x86_64
redhat-logos-60.0.14-12.el6.centos.noarch
libtevent-0.9.8-8.el6.x86_64
ncurses-base-5.7-3.20090208.el6.x86_64
libunistring-0.9.3-5.el6.x86_64
libipa_hbac-1.8.0-32.el6.x86_64
perl-Pod-Escapes-1.04-127.el6.x86_64
ncurses-libs-5.7-3.20090208.el6.x86_64
perl-Module-Pluggable-3.90-127.el6.x86_64
libattr-2.4.44-7.el6.x86_64
perl-libs-5.10.1-127.el6.x86_64
zlib-1.2.3-27.el6.x86_64
perl-XML-NamespaceSupport-1.10-3.el6.noarch
popt-1.13-7.el6.x86_64
perl-XML-LibXML-1.70-5.el6.x86_64
libcom_err-1.41.12-12.el6.x86_64
perl-IO-Compress-Base-2.020-127.el6.x86_64
perl-IO-Compress-Zlib-2.020-127.el6.x86_64
bzip2-libs-1.0.5-7.el6_0.x86_64
perl-XML-Filter-BufferText-1.01-8.el6.noarch
perl-Digest-HMAC-1.01-22.el6.noarch
libsepol-2.0.41-4.el6.x86_64
perl-HTML-Tagset-3.20-4.el6.noarch
gamin-0.1.10-9.el6.x86_64
perl-Net-LibIDN-0.12-3.el6.x86_64
sed-4.2.1-10.el6.x86_64
perl-IO-Socket-SSL-1.31-2.el6.noarch
gawk-3.1.7-9.el6.x86_64
perl-Authen-SASL-2.13-2.el6.noarch
perl-XML-SAX-Writer-0.50-8.el6.noarch
sqlite-3.6.20-1.el6.x86_64
mailcap-2.1.31-2.el6.noarch
libgpg-error-1.7-4.el6.x86_64
cyrus-sasl-gssapi-2.1.23-13.el6_3.1.x86_64
tcp_wrappers-libs-7.6-57.el6.x86_64
portreserve-0.0.4-9.el6.x86_64
sssd-client-1.8.0-32.el6.x86_64
iptables-1.4.7-5.1.el6_2.x86_64
libini_config-0.6.1-9.el6.x86_64
libidn-1.18-2.el6.x86_64
libdhash-0.4.2-9.el6.x86_64
keyutils-libs-1.4-4.el6.x86_64
openldap-servers-2.4.23-26.el6_3.2.x86_64
libgssglue-0.1-11.el6.x86_64
openldap-clients-2.4.23-26.el6_3.2.x86_64
libgcrypt-1.4.5-9.el6_2.2.x86_64
gpm-libs-1.20.6-12.el6.x86_64
grep-2.6.3-3.el6.x86_64
epel-release-6-8.noarch
net-tools-1.60-110.el6_2.x86_64
php-common-5.3.3-14.el6_3.x86_64
checkpolicy-2.0.22-1.el6.x86_64
apr-util-1.3.9-3.el6_0.1.x86_64
httpd-tools-2.2.15-15.el6.centos.1.x86_64
sysvinit-tools-2.87-4.dsf.el6.x86_64
php-ldap-5.3.3-14.el6_3.x86_64
libhbaapi-2.2-14.el6.x86_64
php-5.3.3-14.el6_3.x86_64
keyutils-1.4-4.el6.x86_64
phpldapadmin-1.2.3-1.el6.noarch
libnih-1.0.1-7.el6.x86_64
file-5.04-13.el6.x86_64
gmp-4.3.1-7.el6_2.2.x86_64
bash-completion-1.3-5.el6.noarch
libconfig-1.3.2-1.1.el6.x86_64
xz-lzma-compat-4.999.9-0.3.beta.20091007git.el6.x86_64
MAKEDEV-3.24-6.el6.x86_64
psmisc-22.6-15.el6_0.1.x86_64
libpcap-1.0.0-6.20091201git117cb5.el6.x86_64
procps-3.2.8-23.el6.x86_64
db4-utils-4.7.25-17.el6.x86_64
krb5-server-1.9-33.el6_3.3.x86_64
libss-1.41.12-12.el6.x86_64
tcpdump-4.0.0-3.20090921gitdf3cb4.2.el6.x86_64
binutils-2.20.51.0.2-5.34.el6.x86_64
which-2.19-6.el6.x86_64
ncurses-5.7-3.20090208.el6.x86_64
less-436-10.el6.x86_64
gzip-1.3.12-18.el6.x86_64
cracklib-dicts-2.8.16-4.el6.x86_64
pam-1.1.1-10.el6_2.1.x86_64
module-init-tools-3.9-20.el6.x86_64
plymouth-scripts-0.8.3-24.el6.centos.x86_64
libpciaccess-0.12.1-1.el6.x86_64
fipscheck-lib-1.2.0-7.el6.x86_64
libcurl-7.19.7-26.el6_2.4.x86_64
gpgme-1.1.8-3.el6.x86_64
rpm-libs-4.8.0-27.el6.x86_64
deltarpm-3.5-0.5.20090913git.el6.x86_64
logrotate-3.7.8-15.el6.x86_64
mingetty-1.08-5.el6.x86_64
plymouth-core-libs-0.8.3-24.el6.centos.x86_64
dash-0.5.5.1-3.1.el6.x86_64
libffi-3.0.5-3.2.el6.x86_64
python-pycurl-7.19.0-8.el6.x86_64
yum-metadata-parser-1.1.2-16.el6.x86_64
rpm-python-4.8.0-27.el6.x86_64
yum-3.2.29-30.el6.centos.noarch
newt-0.52.11-3.el6.x86_64
ustr-1.0.4-9.1.el6.x86_64
bridge-utils-1.2-9.el6.x86_64
libevent-1.4.13-4.el6.x86_64
iputils-20071127-16.el6.x86_64
nfs-utils-1.2.3-26.el6.x86_64
cryptsetup-luks-libs-1.2.0-7.el6.x86_64
iscsi-initiator-utils-6.2.0.872-41.el6.x86_64
kbd-1.15-11.el6.x86_64
plymouth-0.8.3-24.el6.centos.x86_64
aic94xx-firmware-30-2.el6.noarch
rsyslog-5.8.10-2.el6.x86_64
authconfig-6.1.12-10.el6.x86_64
grub-0.97-77.el6.x86_64
efibootmgr-0.5.4-10.el6.x86_64
audit-2.2-2.el6.x86_64
xfsprogs-3.1.1-7.el6.x86_64
acl-2.2.49-6.el6.x86_64
ql2100-firmware-1.19.38-3.1.el6.noarch
ql2400-firmware-5.06.05-1.el6.noarch
rootfiles-8.1-6.1.el6.noarch
gpg-pubkey-c105b9de-4e0fd3a3
glibc-2.12-1.80.el6_3.7.x86_64
nspr-4.9.2-0.el6_3.1.x86_64
nss-3.13.6-2.el6_3.x86_64
libudev-147-2.42.el6.x86_64
openssl-1.0.0-25.el6_3.1.x86_64
cpio-2.10-11.el6_3.x86_64
util-linux-ng-2.17.2-12.7.el6_3.x86_64
udev-147-2.42.el6.x86_64
device-mapper-1.02.74-10.el6_3.3.x86_64
dracut-004-284.el6_3.1.noarch
dracut-kernel-004-284.el6_3.1.noarch
lvm2-libs-2.02.95-10.el6_3.3.x86_64
python-libs-2.6.6-29.el6_3.3.x86_64
nss-tools-3.13.6-2.el6_3.x86_64
device-mapper-multipath-libs-0.4.9-56.el6_3.1.x86_64
dhclient-4.1.1-31.0.1.P1.el6.centos.1.x86_64
kernel-firmware-2.6.32-279.22.1.el6.noarch
lldpad-0.9.43-20.el6_3.x86_64
dracut-network-004-284.el6_3.1.noarch
openldap-2.4.23-26.el6_3.2.x86_64
openssh-clients-5.3p1-81.el6_3.x86_64

More information about the Users mailing list