[ovirt-users] FreeIPA with ovirt 4.1
Ondra Machacek
omachace at redhat.com
Wed Feb 15 12:40:35 UTC 2017
Looking at the error message again it says 'Unsupported command',
Can you please share your properties files? I think that you have
misconfugred it, I guess you use for example AuthzExtension instead
of AuthnExtension or vice versa, maybe misconfigured mapping.
On Fri, Feb 10, 2017 at 6:28 PM, Slava Bendersky <volga629 at networklab.ca> wrote:
> Hello Ondra,
> I tried increase logging and command fail
>
> "outcome" => "failed",
> "failure-description" => "WFLYCTL0216: Management resource '[
> (\"subsystem\" => \"logging\"),
> (\"logger\" => \"org.ovirt.engine.core.sso\")
> ]' not found",
> "rolled-back" => true
> }
>
>
> Slava,
>
> ________________________________
> From: "Ondra Machacek" <omachace at redhat.com>
> To: "Slava Bendersky" <volga629 at networklab.ca>
> Cc: "users" <users at ovirt.org>
> Sent: Thursday, February 9, 2017 2:31:16 PM
>
> Subject: Re: [ovirt-users] FreeIPA with ovirt 4.1
>
> Can you please enable DEBUG log of the SSO package and try login and
> then share the logs, please?
>
> You can enable the debug log as following (use admin at internal password):
>
> /usr/share/ovirt-engine-wildfly/bin/jboss-cli.sh
> --controller=127.0.0.1:8706 --connect --user=admin at internal
> "/subsystem=logging/logger=org.ovirt.engine.core.sso:add" &&
> /usr/share/ovirt-engine-wildfly/bin/jboss-cli.sh
> --controller=127.0.0.1:8706 --connect --user=admin at internal
> "/subsystem=logging/logger=org.ovirt.engine.core.sso:write-attribute(name=level,value=DEBUG)"
>
> After tests you can disable it later as follows:
>
> $ /usr/share/ovirt-engine-wildfly/bin/jboss-cli.sh
> --controller=127.0.0.1:8706 --connect --user=admin at internal
> "/subsystem=logging/logger=org.ovirt.engine.core.sso:remove"
>
> On Thu, Feb 9, 2017 at 3:08 PM, Slava Bendersky <volga629 at networklab.ca>
> wrote:
>> Hello Everyone,
>> Anything else possible to check ?
>>
>> Slava.
>>
>> ________________________________
>> From: "Slava Bendersky" <volga629 at networklab.ca>
>> To: "Ondra Machacek" <omachace at redhat.com>
>> Cc: "users" <users at ovirt.org>
>> Sent: Saturday, February 4, 2017 2:27:31 PM
>>
>> Subject: Re: [ovirt-users] FreeIPA with ovirt 4.1
>>
>> Hello Ondra,
>> Log is empty
>>
>> [root at vhe00 ~]# ls -la /var/log/httpd/ssl_error_log
>> -rw-r--r--. 1 root root 0 Feb 2 04:45 /var/log/httpd/ssl_error_log
>>
>> Slava.
>>
>> ________________________________
>> From: "Ondra Machacek" <omachace at redhat.com>
>> To: "Slava Bendersky" <volga629 at networklab.ca>
>> Cc: "users" <users at ovirt.org>, "Ravi" <rnori at redhat.com>
>> Sent: Saturday, February 4, 2017 10:35:31 AM
>> Subject: Re: [ovirt-users] FreeIPA with ovirt 4.1
>>
>>
>>
>> On Feb 4, 2017 1:21 AM, "Slava Bendersky" <volga629 at networklab.ca> wrote:
>>
>> Hello Everyone,
>> Having trouble implement FreeIPA authentication with GSSAPI SSO and
>> ovirt
>> 4.1. I ran setup and it finished OK then it wrote the files bellow. Next I
>> log to web admin with internal user and added FeeIPA user as SuperUser
>> role.
>> Also I added under System FreeIPA group authorized to login on any attempt
>> to login with FreeIPA credentials getting message
>>
>>
>> 2017-02-04 00:03:08,464Z ERROR
>> [org.ovirt.engine.core.sso.servlets.InteractiveAuthServlet] (default
>> task-6)
>> [] Internal Server Error: Unsupported command
>> 2017-02-04 00:03:08,464Z ERROR [org.ovirt.engine.core.sso.utils.SsoUtils]
>> (default task-6) [] Unsupported command
>> 2017-02-04 00:03:08,659Z ERROR
>> [org.ovirt.engine.core.aaa.servlet.SsoPostLoginServlet] (default task-3)
>> []
>> server_error: Unsupported command
>>
>>
>> Ravi, do you know what this can cause?
>>
>>
>>
>> Also when in extensions.d directory contain the following files. If I
>> remove
>> mydomain.lan-authn.properties then in web ui FreeIPA domain not showing up
>> in drop down list. Any http don't have influence on this.
>>
>>
>> That is correct behavior, we dont show profiles, which uses http for
>> authn.
>>
>>
>> [root at vhe00 extensions.d]# pwd
>> /etc/ovirt-engine/extensions.d
>>
>> [root at vhe00 extensions.d]# ls
>> mydomain.lan-authn.properties mydomain.lan-http-authn.properties
>> mydomain.lan.properties internal-authz.properties
>> mydomain.lan-authz.properties mydomain.lan-http-mapping.properties
>> internal-authn.properties
>> [root at vhe00 extensions.d]#
>>
>>
>> If possible clarify how it should be and what is possible issue.
>>
>>
>> Can you please take a look to /var/log/httpd/ssl_error_log if any errors
>> there?
>>
>>
>>
>>
>> Slava.
>>
>> _______________________________________________
>> Users mailing list
>> Users at ovirt.org
>> http://lists.ovirt.org/mailman/listinfo/users
>>
>>
>>
>> _______________________________________________
>> Users mailing list
>> Users at ovirt.org
>> http://lists.ovirt.org/mailman/listinfo/users
More information about the Users
mailing list