[ovirt-users] oVirt 3.5 and FreeIpa

Alon Bar-Lev alonbl at redhat.com
Wed Oct 29 18:17:14 UTC 2014 

Hi,

Can you please enable snapshots repository and checkout the new ldap provider[1][2]?

This should be the new support for ldap, and much more efficient than what we had so far.

Thanks,
Alon

[1] ovirt-engine-extension-aaa-ldap
[2] http://gerrit.ovirt.org/gitweb?p=ovirt-engine-extension-aaa-ldap.git;a=blob;f=README;hb=HEAD

----- Original Message -----
> From: "Marcelo Donato" <donato at din.uem.br>
> To: users at ovirt.org
> Sent: Wednesday, October 29, 2014 7:49:31 PM
> Subject: [ovirt-users] oVirt 3.5 and FreeIpa
> 
> 
> 
> Below are the details of my installation, both without firewall and selinux
> disabled.
> 
> ####################################### IPA SERVER
> Hostname: ipa1.din.intranet
> IP Addr: 10.30.0.25
> Release: CentOS release 6.6 (Final) x86_64
> ###################################### oVirt Engine Version: 3.5.0.1-1.el6
> Hostname: sequoia.din.intranet
> IP Addr: 10.30.0.27
> Release: CentOS release 6.6 (Final) x86_64
> 
> ######################################
> [root at sequoia ~]# host -t SRV _ldap._tcp.din.intranet
> _ldap._tcp.din.intranet has SRV record 0 100 389 ipa1.din.intranet.
> [root at sequoia ~]# host -t SRV _kerberos._tcp.din.intranet
> _kerberos._tcp.din.intranet has SRV record 0 100 88 ipa1.din.intranet.
> [root at sequoia ~]# host -t SRV _kerberos._udp.din.intranet
> _kerberos._udp.din.intranet has SRV record 0 100 88 ipa1.din.intranet.
> [root at sequoia ~]# host -t SRV _kpasswd._udp.din.intranet
> _kpasswd._udp.din.intranet has SRV record 0 100 464 ipa1.din.intranet.
> [root at sequoia ~]# host -t A ipa1.din.intranet
> ipa1.din.intranet has address 10.30.0.25
> [root at sequoia ~]# ldapsearch -x -b "dc=din, dc=intranet" uid=admin
> extended LDIF
> LDAPv3
> base <dc=din, dc=intranet> with scope subtree
> filter: uid=admin
> requesting: ALL
> admin, users, compat, din.intranet
> dn: uid=admin,cn=users,cn=compat,dc=din,dc=intranet
> admin, users, accounts, din.intranet
> dn: uid=admin,cn=users,cn=accounts,dc=din,dc=intranet
> uid: admin
> krbPrincipalName: admin at DIN.INTRANET
> cn: Administrator
> sn: Administrator
> uidNumber: 1250800000
> gidNumber: 1250800000
> homeDirectory: /home/admin
> loginShell: /bin/bash
> gecos: Administrator
> search result
> search: 2
> result: 0 Success
> numResponses: 3
> numEntries: 2
> [root at sequoia ~]# getent passwd admin
> admin:*:1250800000:1250800000:Administrator:/home/admin:/bin/bash
> [root at sequoia ~]# klist
> Ticket cache: FILE:/tmp/krb5cc_0
> Default principal: admin at DIN.INTRANET
> Valid starting Expires Service principal
> 10/29/14 15:37:46 10/30/14 15:37:45 krbtgt/DIN.INTRANET at DIN.INTRANET
> [root at sequoia ~]# engine-manage-domains add --domain=din.intranet
> --provider=ipa --user=admin
> Enter password:
> Error: exception message: ipa1.din.intranet.
> Failure while testing domain din.intranet. Details: Kerberos error. Please
> check log for further details.
> ######################################
> [root at ipa1 ~]# tail -f /var/log/krb5kdc.log
> 
> Oct 29 15:25:22 ipa1.din.intranet krb5kdc[2007](info): AS_REQ (4 etypes {18
> 17 16 23}) 10.30.0.27 : NEEDED_PREAUTH: host/sequoia.din.uem.br at DIN.INTRANET
> for krbtgt/DIN.INTRANET at DIN.INTRANET, Additional pre-authentication required
> Oct 29 15:25:22 ipa1.din.intranet krb5kdc[2006](info): AS_REQ (4 etypes {18
> 17 16 23}) 10.30.0.27 : ISSUE: authtime 1414603522, etypes {rep=18 tkt=18
> ses=18}, host/sequoia.din.uem.br at DIN.INTRANET for
> krbtgt/DIN.INTRANET at DIN.INTRANET
> Oct 29 15:25:22 ipa1.din.intranet krb5kdc[2007](info): TGS_REQ (4 etypes {18
> 17 16 23}) 10.30.0.27 : ISSUE: authtime 1414603522, etypes {rep=18 tkt=18
> ses=18}, host/sequoia.din.uem.br at DIN.INTRANET for
> ldap/ipa1.din.intranet at DIN.INTRANET
> ######################################
> Why engine-manage-domains does not work?
> 
> 
> 
> --
> Ao encaminhar esta mensagem, por favor:
> 1. Apague o meu e-mail e o meu nome.
> 2. Apague também os endereços dos amigos antes de reenviar
> 3. Use Cco ou Bcc para enviar mensagens!
> Dificulte a disseminação de vírus e spam.
> 
> _______________________________________________
> Users mailing list
> Users at ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
>

More information about the Users mailing list