[ovirt-users] oVirt AD integration problems

Ondra Machacek omachace at redhat.com
Thu Sep 29 06:31:13 UTC 2016

On 09/28/2016 05:14 PM, cmc wrote:
> Hi,
> I'm trying to use the directory services provided by the
> ovirt-engine-extension-aaa-ldap, and I can get it to successfully login
> when I run the tests in the setup script, but when I login via the GUI,
> it gives me:
> unexpected error was encountered during validation processing:
> javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated'
> and fails login. It looks a bit like it is expecting to already be
> joined to the domain, so I tried doing that manually via realmd and
> sssd. It involved installing a lot of packages, such as kerberos and
> samba, which I am nervous about on an engine host. Anyway, once I was
> joined, it still gives me the same 'peer not authenticated' message.
> Does it need to be separately bound to the domain, i.e., do you need all
> the other stuff installed and running for it to work, or is the
> ovirt-engine-extension-aaa-ldap package all that is needed?

Not really. aaa-ldap by default uses just simple bind, no gssapi.
If you have any problems with certificate I would suggest you to check 
if you are using the correct one, correctly. More info for it can be
found here:


> Anyway, I ran the ovirt-engine-extensions-tool --log-level=FINEST
> --log-file=/tmp/aaa.log aaa search --extension-name=domain-authz command
> suggested in an earlier post, and it only gave me one exception, which was:
> 2016-09-28 16:08:15 SEVERE  Extension domain-authz could not be found
> 2016-09-28 16:08:15 FINE    Exception:
> org.ovirt.engine.core.extensions.mgr.ConfigurationException: Extension
> domain-authz could not be found

Well, you need to replace 'domain-authz', with your real authz-name to
see any reasonable results.

> Thanks for any help,
> Cam
> _______________________________________________
> Users mailing list
> Users at ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users

More information about the Users mailing list