[Users] Free IPA + oVirt setup fails

i iordanov iiordanov at gmail.com
Sat Nov 23 16:36:02 UTC 2013


Hi guys,

I'm trying to work around the impossibility of adding local users into
oVirt by setting up a FreeIPA server for my test rig... :(

Everything is Fedora 19 and whatever package versions come with it.

1) I have an A-record, a PTR-record and the necessary SRV records for my
server in dnsmasq on my OpenWRT router:
ptr-record=60.2.168.192.in-addr.arpa,"freeipa.iiordanov.com"
srv-host=_kerberos-master._tcp,freeipa.iiordanov.com,88,0,100
srv-host=_kerberos-master._udp,freeipa.iiordanov.com,88,0,100
srv-host=_kerberos._tcp,freeipa.iiordanov.com,88,0,100
srv-host=_kerberos._udp,freeipa.iiordanov.com,88,0,100
srv-host=_kpasswd._tcp,freeipa.iiordanov.com,464,0,100
srv-host=_kpasswd._udp,freeipa.iiordanov.com,464,0,100
srv-host=_ldap._tcp,freeipa.iiordanov.com,389,0,100

2) I have run ipa-server-install and everything completed without error.
I've disabled the firewall on the server completely and the iptables chains
are all clean. I've rebooted the server just in case.

3) When I try to add the IPA server to oVirt, I get a nasty error!

# engine-manage-domains -action=add -domain=iiordanov.com -user=admin
-provider=ipa -interactive
Enter password:

General error has occurednull
java.lang.NegativeArraySizeException
    at
sun.security.jgss.krb5.CipherHelper.aes256Encrypt(CipherHelper.java:1367)
    at
sun.security.jgss.krb5.CipherHelper.encryptData(CipherHelper.java:722)
    at sun.security.jgss.krb5.WrapToken_v2.<init>(WrapToken_v2.java:200)
    at sun.security.jgss.krb5.Krb5Context.wrap(Krb5Context.java:861)
    at sun.security.jgss.GSSContextImpl.wrap(GSSContextImpl.java:385)
    at com.sun.security.sasl.gsskerb.GssKrb5Base.wrap(GssKrb5Base.java:104)
    at
com.sun.jndi.ldap.sasl.SaslOutputStream.write(SaslOutputStream.java:89)
    at com.sun.jndi.ldap.Connection.writeRequest(Connection.java:430)
    at com.sun.jndi.ldap.LdapClient.search(LdapClient.java:555)
    at com.sun.jndi.ldap.LdapCtx.doSearch(LdapCtx.java:1985)
    at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1847)
    at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1772)
    at
com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:386)
    at
com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:356)
    at
com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:339)
    at
javax.naming.directory.InitialDirContext.search(InitialDirContext.java:267)
    at org.ovirt.engine.core.ldap.RootDSEData.<init>(RootDSEData.java:52)
    at
org.ovirt.engine.core.utils.kerberos.JndiAction.getDomainDN(JndiAction.java:257)
    at
org.ovirt.engine.core.utils.kerberos.JndiAction.run(JndiAction.java:87)
    at java.security.AccessController.doPrivileged(Native Method)
    at javax.security.auth.Subject.doAs(Subject.java:356)
    at
org.ovirt.engine.core.utils.kerberos.KerberosConfigCheck.promptSuccessfulAuthentication(KerberosConfigCheck.java:174)
    at
org.ovirt.engine.core.utils.kerberos.KerberosConfigCheck.validateKerberosInstallation(KerberosConfigCheck.java:150)
    at
org.ovirt.engine.core.utils.kerberos.KerberosConfigCheck.checkInstallation(KerberosConfigCheck.java:135)
    at
org.ovirt.engine.core.domains.ManageDomains.checkKerberosConfiguration(ManageDomains.java:746)
    at
org.ovirt.engine.core.domains.ManageDomains.testConfiguration(ManageDomains.java:917)
    at
org.ovirt.engine.core.domains.ManageDomains.addDomain(ManageDomains.java:539)
    at
org.ovirt.engine.core.domains.ManageDomains.runCommand(ManageDomains.java:311)
    at
org.ovirt.engine.core.domains.ManageDomains.main(ManageDomains.java:206)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
    at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:606)
    at org.jboss.modules.Module.run(Module.java:260)
    at org.jboss.modules.Main.main(Main.java:291)
Failure while testing domain %1$s. Details: %2$s: One of the parameters for
this error is null and no default message to show


Can anybody spot the trouble here? Any help is appreciated!

Many thanks!
iordan

-- 
The conscious mind has only one thread of execution.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ovirt.org/pipermail/users/attachments/20131123/7937f3a1/attachment-0001.html>


More information about the Users mailing list