[ovirt-users] User admin at internal can't login in oVirt 3.6
Julián Tete
danteconrad14 at gmail.com
Mon Jun 20 16:36:26 UTC 2016
oVirt: 3.6.2
Trying to use:
https://github.com/machacekondra/ovirt-engine-kerbldap-migration
First use:
engine-manage-domains add --domain=udistritaloas.edu.co --provider=ipa
--user=admin --ldap-servers=freeipa.udistritaloas.edu.co
The domain was added, but a I can't access to the webadmin portal :/
I get the message:
"User is not authorized to perform this action."
In ovirt-cli
[401] - Unauthorized
tail -n 5000 /var/log/ovirt-engine/engine.log | grep admin at internal
2016-06-20 10:52:22,835 ERROR
[org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector]
(default task-32) [] Correlation ID: null, Call Stack: null, Custom Event
ID: -1, Message: User admin at internal failed to log in.
2016-06-20 10:52:22,836 WARN
[org.ovirt.engine.core.bll.aaa.LoginAdminUserCommand] (default task-32) []
CanDoAction of action 'LoginAdminUser' failed for user admin at internal.
Reasons: USER_NOT_AUTHORIZED_TO_PERFORM_ACTION
2016-06-20 11:00:37,679 ERROR
[org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector]
(default task-3) [] Correlation ID: null, Call Stack: null, Custom Event
ID: -1, Message: User admin at internal failed to log in.
2016-06-20 11:00:37,679 WARN
[org.ovirt.engine.core.bll.aaa.LoginUserCommand] (default task-3) []
CanDoAction of action 'LoginUser' failed for user admin at internal. Reasons:
USER_NOT_AUTHORIZED_TO_PERFORM_ACTION
2016-06-20 11:01:04,016 ERROR
[org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector]
(default task-4) [] Correlation ID: null, Call Stack: null, Custom Event
ID: -1, Message: User admin at internal failed to log in.
2016-06-20 11:01:04,016 WARN
[org.ovirt.engine.core.bll.aaa.LoginUserCommand] (default task-4) []
CanDoAction of action 'LoginUser' failed for user admin at internal. Reasons:
USER_NOT_AUTHORIZED_TO_PERFORM_ACTION
Properties of Internal domain:
cat /etc/ovirt-engine/aaa/internal.properties
ovirt.engine.extension.name = internal-authn
ovirt.engine.extension.bindings.method = jbossmodule
ovirt.engine.extension.binding.jbossmodule.module =
org.ovirt.engine.extension.aaa.jdbc
ovirt.engine.extension.binding.jbossmodule.class =
org.ovirt.engine.extension.aaa.jdbc.binding.api.AuthnExtension
ovirt.engine.extension.provides = org.ovirt.engine.api.extensions.aaa.Authn
ovirt.engine.aaa.authn.profile.name = internal
ovirt.engine.aaa.authn.authz.plugin = internal-authz
config.datasource.file = /etc/ovirt-engine/aaa/internal.properties
cat /etc/ovirt-engine/extensions.d/internal-authn.properties
ovirt.engine.extension.name = internal-authn
ovirt.engine.extension.bindings.method = jbossmodule
ovirt.engine.extension.binding.jbossmodule.module =
org.ovirt.engine.extension.aaa.jdbc
ovirt.engine.extension.binding.jbossmodule.class =
org.ovirt.engine.extension.aaa.jdbc.binding.api.AuthnExtension
ovirt.engine.extension.provides = org.ovirt.engine.api.extensions.aaa.Authn
ovirt.engine.aaa.authn.profile.name = internal
ovirt.engine.aaa.authn.authz.plugin = internal-authz
config.datasource.file = /etc/ovirt-engine/aaa/internal.properties
cat /etc/ovirt-engine/extensions.d/internal-authz.properties
ovirt.engine.extension.name = internal-authz
ovirt.engine.extension.bindings.method = jbossmodule
ovirt.engine.extension.binding.jbossmodule.module =
org.ovirt.engine.extension.aaa.jdbc
ovirt.engine.extension.binding.jbossmodule.class =
org.ovirt.engine.extension.aaa.jdbc.binding.api.AuthzExtension
ovirt.engine.extension.provides = org.ovirt.engine.api.extensions.aaa.Authz
config.datasource.file = /etc/ovirt-engine/aaa/internal.properties
Properties of admin at internal user:
ovirt-aaa-jdbc-tool user show admin
-- User admin(fdfc627c-d875-11e0-90f0-83df133b58cc) --
Namespace: *
Name: admin
ID: fdfc627c-d875-11e0-90f0-83df133b58cc
Display Name:
Email:
First Name: admin
Last Name:
Department:
Title:
Description:
Account Disabled: false
Account Unlocked At: 1970-01-01 00:00:00Z
Account Valid From: 2015-10-01 00:00:00Z
Account Valid To: 2100-01-01 00:00:00Z
Account Without Password: false
Last successful Login At: 2016-06-20 16:01:03Z
Last unsuccessful Login At: 2016-06-19 16:53:07Z
Password Valid To: 2100-01-01 00:00:00Z
¿ Can I assign privilegies to the user ? ¿ Any idea ?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ovirt.org/pipermail/users/attachments/20160620/96d9ee53/attachment-0001.html>
More information about the Users
mailing list