[ovirt-users] FreeIPA with ovirt 4.1

Ondra Machacek omachace at redhat.com
Thu Feb 9 18:31:16 UTC 2017 

Can you please enable DEBUG log of the SSO package and try login and
then share the logs, please?

You can enable the debug log as following (use admin at internal password):

/usr/share/ovirt-engine-wildfly/bin/jboss-cli.sh
--controller=127.0.0.1:8706 --connect --user=admin at internal
"/subsystem=logging/logger=org.ovirt.engine.core.sso:add" &&
/usr/share/ovirt-engine-wildfly/bin/jboss-cli.sh
--controller=127.0.0.1:8706 --connect --user=admin at internal
"/subsystem=logging/logger=org.ovirt.engine.core.sso:write-attribute(name=level,value=DEBUG)"

After tests you can disable it later as follows:

 $ /usr/share/ovirt-engine-wildfly/bin/jboss-cli.sh
--controller=127.0.0.1:8706 --connect --user=admin at internal
"/subsystem=logging/logger=org.ovirt.engine.core.sso:remove"

On Thu, Feb 9, 2017 at 3:08 PM, Slava Bendersky <volga629 at networklab.ca> wrote:
> Hello Everyone,
> Anything else possible to check ?
>
> Slava.
>
> ________________________________
> From: "Slava Bendersky" <volga629 at networklab.ca>
> To: "Ondra Machacek" <omachace at redhat.com>
> Cc: "users" <users at ovirt.org>
> Sent: Saturday, February 4, 2017 2:27:31 PM
>
> Subject: Re: [ovirt-users] FreeIPA with ovirt 4.1
>
> Hello Ondra,
> Log is empty
>
> [root at vhe00 ~]# ls -la  /var/log/httpd/ssl_error_log
> -rw-r--r--. 1 root root 0 Feb  2 04:45 /var/log/httpd/ssl_error_log
>
> Slava.
>
> ________________________________
> From: "Ondra Machacek" <omachace at redhat.com>
> To: "Slava Bendersky" <volga629 at networklab.ca>
> Cc: "users" <users at ovirt.org>, "Ravi" <rnori at redhat.com>
> Sent: Saturday, February 4, 2017 10:35:31 AM
> Subject: Re: [ovirt-users] FreeIPA with ovirt 4.1
>
>
>
> On Feb 4, 2017 1:21 AM, "Slava Bendersky" <volga629 at networklab.ca> wrote:
>
> Hello Everyone,
> Having trouble implement  FreeIPA authentication with GSSAPI SSO  and ovirt
> 4.1. I ran setup and it finished OK then it wrote the files bellow. Next I
> log to web admin with internal user and added FeeIPA user as SuperUser role.
> Also I added under System FreeIPA group authorized to login on any attempt
> to login with FreeIPA credentials getting message
>
>
> 2017-02-04 00:03:08,464Z ERROR
> [org.ovirt.engine.core.sso.servlets.InteractiveAuthServlet] (default task-6)
> [] Internal Server Error: Unsupported command
> 2017-02-04 00:03:08,464Z ERROR [org.ovirt.engine.core.sso.utils.SsoUtils]
> (default task-6) [] Unsupported command
> 2017-02-04 00:03:08,659Z ERROR
> [org.ovirt.engine.core.aaa.servlet.SsoPostLoginServlet] (default task-3) []
> server_error: Unsupported command
>
>
> Ravi, do you know what this can cause?
>
>
>
> Also when in extensions.d directory contain the following files. If I remove
> mydomain.lan-authn.properties then in web ui FreeIPA domain not showing up
> in drop down list. Any http don't have influence on this.
>
>
> That is correct behavior, we dont show profiles, which uses http for authn.
>
>
> [root at vhe00 extensions.d]# pwd
> /etc/ovirt-engine/extensions.d
>
> [root at vhe00 extensions.d]# ls
> mydomain.lan-authn.properties mydomain.lan-http-authn.properties
> mydomain.lan.properties      internal-authz.properties
> mydomain.lan-authz.properties mydomain.lan-http-mapping.properties
> internal-authn.properties
> [root at vhe00 extensions.d]#
>
>
> If possible clarify how it should be and what is possible issue.
>
>
> Can you please take a look to /var/log/httpd/ssl_error_log if any errors
> there?
>
>
>
>
> Slava.
>
> _______________________________________________
> Users mailing list
> Users at ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
>
>
>
> _______________________________________________
> Users mailing list
> Users at ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users

More information about the Users mailing list