[ovirt-users] FreeIPA authentication broken
Ondra Machacek
omachace at redhat.com
Mon Apr 23 19:02:42 UTC 2018
On 04/23/2018 04:30 PM, Kristian Petersen wrote:
> Hey everyone,
>
> I had FreeIPA authentication set up on my oVirt instance and it was
> working great. Then something happened that disconnected my NFS storage
> and caused a problem with my hosted-engine. Once I got it back up and
> running again, my FreeIPA authentication was sill a choice for
> authentication, but it always rejects my password even though it is
> correct. I have tried running the setup again to no avail. Nothing
> shows up in the httpd error log when the login fails. The engine.log
> from ovirt-engine in /var/log shows the following upon attempting to
> authenticate with a user from freeIPA:
>
> 2018-04-23 08:08:24,384-06 WARN
> [org.ovirt.engineextensions.aaa.ldap.Framework] (default task-34) []
> Ignoring records from pool: 'authz'
> 2018-04-23 08:08:24,384-06 ERROR
> [org.ovirt.engine.core.sso.servlets.InteractiveAuthServlet] (default
> task-34) [] Cannot authenticate user 'nesretep at IPA' connecting from
> 'UNKNOWN': The username or password is incorrect.
Can you try to run this command:
$ ovirt-engine-extensions-tool --log-level=FINEST
--log-file=/tmp/aaa.log aaa login-user --user-name nesretep --profile IPA
and share /tmp/aaa.log?
>
> I'm not sure why 'authz' is being ignored but it is certainly why IPA
> authentication isn't working as 'username at authz' is how IPA logins show
> up in oVirt when they do work. Any ideas where to look next?
> --
> Kristian Petersen
> System Administrator
> BYU Dept. of Chemistry and Biochemistry
>
>
> _______________________________________________
> Users mailing list
> Users at ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
>
More information about the Users
mailing list