[ovirt-users] Troubleshooting Windows SSO

Alon Bar-Lev alonbl at redhat.com
Fri Jul 24 11:33:48 UTC 2015



----- Original Message -----
> From: "Cristian Mammoli" <c.mammoli at apra.it>
> To: "Alon Bar-Lev" <alonbl at redhat.com>
> Cc: users at ovirt.org
> Sent: Friday, July 24, 2015 1:00:46 PM
> Subject: Re: [ovirt-users] Troubleshooting Windows SSO
> 
> Are you referring to this: http://www.ovirt.org/Features/AAA ?
> 
> I only configured the engine with "engine-manage-domains" isn't it enough?

engine-manage-domain is obsoleted since 3.5, please upgrade to the new provider which performs much better.

if you use this legacy provider, the name of the provider matches the name of the domain, the bug will not be manifested.

> 
> Anyway this is engine.log:
> 
> 2015-07-24 11:59:42,337 INFO
> [org.ovirt.engine.core.bll.aaa.LoginUserCommand] (ajp--127.0.0.1-8702-2)
> Running command: LoginUserCommand internal: false.
> 2015-07-24 11:59:42,348 INFO
> [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector]
> (ajp--127.0.0.1-8702-2) Correlation ID: null, Call Stack: null, Custom
> Event ID: -1, Message: User c.mammoli at apra.it logged in.
> 2015-07-24 11:59:44,364 INFO
> [org.ovirt.engine.core.bll.SetVmTicketCommand] (ajp--127.0.0.1-8702-9)
> [44b9b110] Running command: SetVmTicketCommand internal: false. Entities
> affected :  ID: 01453005-cbcf-47b1-a066-015777d158b5 Type: VMAction
> group CONNECT_TO_VM with role type USER
> 2015-07-24 11:59:44,370 INFO
> [org.ovirt.engine.core.vdsbroker.vdsbroker.SetVmTicketVDSCommand]
> (ajp--127.0.0.1-8702-9) [44b9b110] START, SetVmTicketVDSCommand(HostName
> = kvm02, HostId = 4aeb8095-1198-4afe-aab2-d9c6408c88c2,
> vmId=01453005-cbcf-47b1-a066-015777d158b5, ticket=rdFW/mdMiBxO,
> validTime=120,m userName=c.mammoli,
> userId=d69d8d20-68b7-4fed-9c08-5c2ecb257583), log id: 25c99c46
> 2015-07-24 11:59:44,412 INFO
> [org.ovirt.engine.core.vdsbroker.vdsbroker.SetVmTicketVDSCommand]
> (ajp--127.0.0.1-8702-9) [44b9b110] FINISH, SetVmTicketVDSCommand, log
> id: 25c99c46
> 2015-07-24 11:59:44,436 INFO
> [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector]
> (ajp--127.0.0.1-8702-9) [44b9b110] Correlation ID: 44b9b110, Call Stack:
> null, Custom Event ID: -1, Message: user c.mammoli at apra.it initiated
> console session for VM TestPoolMan-1
> 2015-07-24 11:59:44,610 WARN
> [org.ovirt.engine.core.dal.job.ExecutionMessageDirector]
> (ajp--127.0.0.1-8702-3) [27c3ee74] The message key VmLogon is missing
> from bundles/ExecutionMessages
> 2015-07-24 11:59:44,637 INFO [org.ovirt.engine.core.bll.VmLogonCommand]
> (ajp--127.0.0.1-8702-3) [27c3ee74] Running command: VmLogonCommand
> internal: false. Entities affected :  ID:
> 01453005-cbcf-47b1-a066-015777d158b5 Type: VMAction group CONNECT_TO_VM
> with role type USER
> 2015-07-24 11:59:44,642 INFO
> [org.ovirt.engine.core.vdsbroker.vdsbroker.VmLogonVDSCommand]
> (ajp--127.0.0.1-8702-3) [27c3ee74] START, VmLogonVDSCommand(HostName =
> kvm02, HostId = 4aeb8095-1198-4afe-aab2-d9c6408c88c2,
> vmId=01453005-cbcf-47b1-a066-015777d158b5, domain=apra.it,
> password=******, userName=c.mammoli at apra.it), log id: 6bf25e51

this^ is good, so now should provide the guest agent log.

> 2015-07-24 11:59:44,652 INFO
> [org.ovirt.engine.core.vdsbroker.vdsbroker.VmLogonVDSCommand]
> (ajp--127.0.0.1-8702-3) [27c3ee74] FINISH, VmLogonVDSCommand, log id:
> 6bf25e51
> 2015-07-24 11:59:58,888 INFO
> [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector]
> (DefaultQuartzScheduler_Worker-63) Correlation ID: null, Call Stack:
> null, Custom Event ID: -1, Message: User c.mammoli at apra.it is connected
> to VM TestPoolMan-1.
> 
> Il 24/07/2015 11:02, Alon Bar-Lev ha scritto:
> > Any log will be helpful, engine side and guest agent side.
> >
> > Also, please note this bug[1], due to incorrect assumptions in
> > implementation, your authz provider name must match the active directory
> > name in order password delegation to properly work.
> >
> > [1] https://bugzilla.redhat.com/show_bug.cgi?id=1133137
> >
> > ----- Original Message -----
> 
> 



More information about the Users mailing list