[ovirt-users] admin account constantly gets locked

Martin Perina mperina at redhat.com
Thu Apr 12 11:04:51 UTC 2018 

On Thu, Apr 12, 2018 at 12:44 PM, Eitan Raviv <eraviv at redhat.com> wrote:

> The recurring denied access for every SyncNetworkProvider might be because
> you changed the admin password on the engine but not on the provider.
>
> Dominik, will updating to the same password on the provider solve the
> denied access?
> Martin, does the engine lock out the admin user for failed retries?
>

​Of course, after 5 incorrect logins the account is locked. But I looked at
logs and I can't see any login errors, so currently trying to reproduce to
find out what's going on ...
​


>
>
> HTH
>
>
> On Thu, Apr 12, 2018 at 12:29 PM, Käfer Marcel <marcel.kaefer at putzbrunn.de
> > wrote:
>
>> Here are the logfiles…
>>
>>
>>
>> Thanks
>>
>>
>>
>> *Von:* Eitan Raviv [mailto:eraviv at redhat.com]
>> *Gesendet:* Donnerstag, 12. April 2018 11:12
>> *An:* Käfer Marcel
>> *Cc:* users at ovirt.org; Martin Perina
>> *Betreff:* Re: [ovirt-users] admin account constantly gets locked
>>
>>
>>
>> The sync network command is probably unrelated.
>>
>> Can you attach the full engine and the setup logs?
>>
>> Martin, this looks a bit like [1]. Any idea?
>>
>> Thanks
>>
>>
>>
>> [1] https://bugzilla.redhat.com/show_bug.cgi?id=1410955
>>
>>
>>
>> On Thu, Apr 12, 2018 at 10:22 AM, Käfer Marcel <
>> marcel.kaefer at putzbrunn.de> wrote:
>>
>> Hello,
>>
>> a few days ago I installed an ovirt-engine 4.2.2.6 following the steps of
>> the documentation. After the installation I logged in to the admin page,
>> configured a datadomain and changed the admin password. After a few hours I
>> tried to login again, using the new password and got "Unable to log in
>> because the user account is disabled or locked. Contact the system
>> administrator." So I unlocked the admin account from the shell using
>> "ovirt-aaa-jdbc-tool user unlock admin" which worked fine and I was able to
>> continue working till the next login.
>>
>> I traced the /var/log/ovirt-engine/engine.log and found this after
>> unlocking the admin account again.
>>
>> 2018-04-12 09:06:19,984+02 INFO  [org.ovirt.engine.core.bll.pro
>> vider.network.SyncNetworkProviderCommand] (EE-ManagedThreadFactory-engineScheduled-Thread-87)
>> [2ed5aa42] Lock Acquired to object 'EngineLock:{exclusiveLocks='[
>> e37c0b9e-09bc-4893-9b0c-c70f56d6ecfc=PROVIDER]', sharedLocks=''}'
>> 2018-04-12 09:06:19,991+02 INFO  [org.ovirt.engine.core.bll.pro
>> vider.network.SyncNetworkProviderCommand] (EE-ManagedThreadFactory-engineScheduled-Thread-87)
>> [2ed5aa42] Running command: SyncNetworkProviderCommand internal: true.
>> 2018-04-12 09:06:20,102+02 INFO  [org.ovirt.engine.extension.aaa.jdbc.core.Authentication]
>> (default task-239) [] locking user: admin due to interval failures
>> 2018-04-12 09:06:25,046+02 ERROR [org.ovirt.engine.core.sso.utils.SsoUtils]
>> (default task-239) [] OAuthException access_denied: Cannot authenticate
>> user 'admin at internal': The username or password is incorrect..
>> 2018-04-12 09:06:25,049+02 ERROR [org.ovirt.engine.core.bll.pro
>> vider.network.SyncNetworkProviderCommand] (EE-ManagedThreadFactory-engineScheduled-Thread-87)
>> [2ed5aa42] Command 'org.ovirt.engine.core.bll.pro
>> vider.network.SyncNetworkProviderCommand' failed: EngineException:
>> (Failed with error Unauthorized and code 5050)
>> 2018-04-12 09:06:25,050+02 INFO  [org.ovirt.engine.core.bll.pro
>> vider.network.SyncNetworkProviderCommand] (EE-ManagedThreadFactory-engineScheduled-Thread-87)
>> [2ed5aa42] Lock freed to object 'EngineLock:{exclusiveLocks='[
>> e37c0b9e-09bc-4893-9b0c-c70f56d6ecfc=PROVIDER]', sharedLocks=''}'
>>
>> It seems like the SyncNetworkProviderCommand is somehow locking the admin
>> account. I already restarted the whole machine but it didn't help.
>>
>> Can someone please point me in the right direction, where to find the
>> error?
>>
>> Thanks in advance
>>
>>
>> _______________________________________________
>> Users mailing list
>> Users at ovirt.org
>> http://lists.ovirt.org/mailman/listinfo/users
>>
>>
>>
>>
>> --
>>
>> Eitan Raviv
>> IRC: erav (#ovirt #vdsm #devel #rhev-dev)
>>
>
>
>
> --
> Eitan Raviv
> IRC: erav (#ovirt #vdsm #devel #rhev-dev)
>



-- 
Martin Perina
Associate Manager, Software Engineering
Red Hat Czech s.r.o.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ovirt.org/pipermail/users/attachments/20180412/a033d60b/attachment.html>

More information about the Users mailing list