[ovirt-users] FreeIPA with ovirt 4.1
Ondra Machacek
omachace at redhat.com
Sat Feb 4 14:35:31 UTC 2017
On Feb 4, 2017 1:21 AM, "Slava Bendersky" <volga629 at networklab.ca> wrote:
Hello Everyone,
Having trouble implement FreeIPA authentication with GSSAPI SSO and ovirt
4.1. I ran setup and it finished OK then it wrote the files bellow. Next I
log to web admin with internal user and added FeeIPA user as SuperUser
role. Also I added under System FreeIPA group authorized to login on any
attempt to login with FreeIPA credentials getting message
2017-02-04 00:03:08,464Z ERROR
[org.ovirt.engine.core.sso.servlets.InteractiveAuthServlet]
(default task-6) [] Internal Server Error: Unsupported command
2017-02-04 00:03:08,464Z ERROR [org.ovirt.engine.core.sso.utils.SsoUtils]
(default task-6) [] Unsupported command
2017-02-04 00:03:08,659Z ERROR
[org.ovirt.engine.core.aaa.servlet.SsoPostLoginServlet]
(default task-3) [] server_error: Unsupported command
Ravi, do you know what this can cause?
Also when in extensions.d directory contain the following files. If I
remove mydomain.lan-authn.properties then in web ui FreeIPA domain not
showing up in drop down list. Any http don't have influence on this.
That is correct behavior, we dont show profiles, which uses http for authn.
[root at vhe00 extensions.d]# pwd
/etc/ovirt-engine/extensions.d
[root at vhe00 extensions.d]# ls
mydomain.lan-authn.properties mydomain.lan-http-authn.properties
mydomain.lan.properties internal-authz.properties
mydomain.lan-authz.properties mydomain.lan-http-mapping.properties
internal-authn.properties
[root at vhe00 extensions.d]#
If possible clarify how it should be and what is possible issue.
Can you please take a look to /var/log/httpd/ssl_error_log if any errors
there?
Slava.
_______________________________________________
Users mailing list
Users at ovirt.org
http://lists.ovirt.org/mailman/listinfo/users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ovirt.org/pipermail/users/attachments/20170204/15330a45/attachment.html>
More information about the Users
mailing list