[ovirt-users] Troubleshooting Windows SSO

Cristian Mammoli c.mammoli at apra.it
Fri Jul 24 23:16:27 UTC 2015


Hi, again. I'm new to ovirt so please tell me what logs do you need. 
Where is the agent log? I see nothing in the windows security log. And 
the vdsm log? In the host where the vm is running?

Ty

Il 24/07/2015 13:43, Vinzenz Feenstra ha scritto:
> On 07/24/2015 01:33 PM, Alon Bar-Lev wrote:
>>
>> ----- Original Message -----
>>> From: "Cristian Mammoli" <c.mammoli at apra.it>
>>> To: "Alon Bar-Lev" <alonbl at redhat.com>
>>> Cc: users at ovirt.org
>>> Sent: Friday, July 24, 2015 1:00:46 PM
>>> Subject: Re: [ovirt-users] Troubleshooting Windows SSO
>>>
>>> Are you referring to this: http://www.ovirt.org/Features/AAA ?
>>>
>>> I only configured the engine with "engine-manage-domains" isn't it 
>>> enough?
>> engine-manage-domain is obsoleted since 3.5, please upgrade to the 
>> new provider which performs much better.
>>
>> if you use this legacy provider, the name of the provider matches the 
>> name of the domain, the bug will not be manifested.
>>
>>> Anyway this is engine.log:
>>>
>>> 2015-07-24 11:59:42,337 INFO
>>> [org.ovirt.engine.core.bll.aaa.LoginUserCommand] 
>>> (ajp--127.0.0.1-8702-2)
>>> Running command: LoginUserCommand internal: false.
>>> 2015-07-24 11:59:42,348 INFO
>>> [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector]
>>> (ajp--127.0.0.1-8702-2) Correlation ID: null, Call Stack: null, Custom
>>> Event ID: -1, Message: User c.mammoli at apra.it logged in.
>>> 2015-07-24 11:59:44,364 INFO
>>> [org.ovirt.engine.core.bll.SetVmTicketCommand] (ajp--127.0.0.1-8702-9)
>>> [44b9b110] Running command: SetVmTicketCommand internal: false. 
>>> Entities
>>> affected :  ID: 01453005-cbcf-47b1-a066-015777d158b5 Type: VMAction
>>> group CONNECT_TO_VM with role type USER
>>> 2015-07-24 11:59:44,370 INFO
>>> [org.ovirt.engine.core.vdsbroker.vdsbroker.SetVmTicketVDSCommand]
>>> (ajp--127.0.0.1-8702-9) [44b9b110] START, 
>>> SetVmTicketVDSCommand(HostName
>>> = kvm02, HostId = 4aeb8095-1198-4afe-aab2-d9c6408c88c2,
>>> vmId=01453005-cbcf-47b1-a066-015777d158b5, ticket=rdFW/mdMiBxO,
>>> validTime=120,m userName=c.mammoli,
>>> userId=d69d8d20-68b7-4fed-9c08-5c2ecb257583), log id: 25c99c46
>>> 2015-07-24 11:59:44,412 INFO
>>> [org.ovirt.engine.core.vdsbroker.vdsbroker.SetVmTicketVDSCommand]
>>> (ajp--127.0.0.1-8702-9) [44b9b110] FINISH, SetVmTicketVDSCommand, log
>>> id: 25c99c46
>>> 2015-07-24 11:59:44,436 INFO
>>> [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector]
>>> (ajp--127.0.0.1-8702-9) [44b9b110] Correlation ID: 44b9b110, Call 
>>> Stack:
>>> null, Custom Event ID: -1, Message: user c.mammoli at apra.it initiated
>>> console session for VM TestPoolMan-1
>>> 2015-07-24 11:59:44,610 WARN
>>> [org.ovirt.engine.core.dal.job.ExecutionMessageDirector]
>>> (ajp--127.0.0.1-8702-3) [27c3ee74] The message key VmLogon is missing
>>> from bundles/ExecutionMessages
>>> 2015-07-24 11:59:44,637 INFO [org.ovirt.engine.core.bll.VmLogonCommand]
>>> (ajp--127.0.0.1-8702-3) [27c3ee74] Running command: VmLogonCommand
>>> internal: false. Entities affected :  ID:
>>> 01453005-cbcf-47b1-a066-015777d158b5 Type: VMAction group CONNECT_TO_VM
>>> with role type USER
>>> 2015-07-24 11:59:44,642 INFO
>>> [org.ovirt.engine.core.vdsbroker.vdsbroker.VmLogonVDSCommand]
>>> (ajp--127.0.0.1-8702-3) [27c3ee74] START, VmLogonVDSCommand(HostName =
>>> kvm02, HostId = 4aeb8095-1198-4afe-aab2-d9c6408c88c2,
>>> vmId=01453005-cbcf-47b1-a066-015777d158b5, domain=apra.it,
>>> password=******, userName=c.mammoli at apra.it), log id: 6bf25e51
>> this^ is good, so now should provide the guest agent log.
> I am not sure that this is good, the userName contains here also the 
> domain, and the domain separately.
> I am curious about the VDSM logs here as well.
>
> I would assume that the result of this would be something like: 
> apra.it\c.mammoli at apra.it in Windows which does seem wrong to me.
>
>>
>>> 2015-07-24 11:59:44,652 INFO
>>> [org.ovirt.engine.core.vdsbroker.vdsbroker.VmLogonVDSCommand]
>>> (ajp--127.0.0.1-8702-3) [27c3ee74] FINISH, VmLogonVDSCommand, log id:
>>> 6bf25e51
>>> 2015-07-24 11:59:58,888 INFO
>>> [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector]
>>> (DefaultQuartzScheduler_Worker-63) Correlation ID: null, Call Stack:
>>> null, Custom Event ID: -1, Message: User c.mammoli at apra.it is connected
>>> to VM TestPoolMan-1.
>>>
>>> Il 24/07/2015 11:02, Alon Bar-Lev ha scritto:
>>>> Any log will be helpful, engine side and guest agent side.
>>>>
>>>> Also, please note this bug[1], due to incorrect assumptions in
>>>> implementation, your authz provider name must match the active 
>>>> directory
>>>> name in order password delegation to properly work.
>>>>
>>>> [1] https://bugzilla.redhat.com/show_bug.cgi?id=1133137
>>>>
>>>> ----- Original Message -----
>>>
>
>

-- 
Mammoli Cristian
System administrator
T. +39 0731 22911
Via Brodolini 6 | 60035 Jesi (an)




More information about the Users mailing list