[ovirt-users] oVirt 4.0.4 and Active Directory Kerberos SSO for Administration/User Portal. Troubleshooting

aleksey.maksimov at it-kb.ru aleksey.maksimov at it-kb.ru
Fri Sep 30 13:34:50 UTC 2016

# kinit -V -k -t /etc/httpd/s-oVirt-Krb.keytab HTTP/kom-ad01-ovirt1.ad.holding.com

Using existing cache: persistent:0:0
Using principal: HTTP/kom-ad01-ovirt1.ad.holding.com at AD.HOLDING.COM
Using keytab: /etc/httpd/s-oVirt-Krb.keytab
Authenticated to Kerberos v5

# klist

Ticket cache: KEYRING:persistent:0:0
Default principal: HTTP/kom-ad01-ovirt1.ad.holding.com at AD.HOLDING.COM

Valid starting       Expires              Service principal
09/30/2016 16:28:02  10/01/2016 02:28:02  krbtgt/AD.HOLDING.COM at AD.HOLDING.COM
        renew until 10/07/2016 16:28:02

# curl --negotiate -u : -X GET -H "Accept: application/xml" -k https://kom-ad01-ovirt1.ad.holding.com/ovirt-engine/api


However, if I open this URL (https://kom-ad01-ovirt1.ad.holding.com/ovirt-engine/api) in browser it opens without errors and authorization requests

# tail -f  /var/log/httpd/ssl_error_log
# tail -f  /var/log/ovirt-engine/engine.log

In the logs nothing in that moment when I open the portal in the browser.

30.09.2016, 15:52, "Ondra Machacek" <omachace at redhat.com>:

> So if you run kinit and then:
>   $ curl --negotiate -u : -X GET -H "Accept: application/xml" -k
> https://fqdn/ovirt-engine/api
> It's fine?
>>  Please tell me how to find the cause of the problem. What are the steps to troubleshooting to do?
> On oVirt engine check:
>   /var/log/httpd/ssl_error_log
>   /var/log/ovirt-engine/engine.log
> On AD check kerberos log.
>>  _______________________________________________
>>  Users mailing list
>>  Users at ovirt.org
>>  http://lists.ovirt.org/mailman/listinfo/users

More information about the Users mailing list