| Summary: | [ovirt-guest-agent] The following users are allowed to connect: [0] is blurry message | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Red Hat Enterprise Virtualization Manager | Reporter: | Jiri Belka <jbelka> | ||||
| Component: | ovirt-guest-agent | Assignee: | Vinzenz Feenstra [evilissimo] <vfeenstr> | ||||
| Status: | CLOSED NOTABUG | QA Contact: | Pavel Stehlik <pstehlik> | ||||
| Severity: | high | Docs Contact: | |||||
| Priority: | unspecified | ||||||
| Version: | 3.3.0 | CC: | acathrow, iheim, michal.skrivanek, mkenneth, yeylon | ||||
| Target Milestone: | --- | ||||||
| Target Release: | 3.5.0 | ||||||
| Hardware: | Unspecified | ||||||
| OS: | Unspecified | ||||||
| Whiteboard: | virt | ||||||
| Fixed In Version: | Doc Type: | Bug Fix | |||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2014-02-28 09:33:17 UTC | Type: | Bug | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Attachments: |
|
||||||
(In reply to Jiri Belka from comment #0) > Created attachment 821588 [details] > ovirt-guest-agent.log > > Description of problem: > > logging is sooooo blurry... I'm unable to see in agent's log why SSO did not > work for a disabled account. > > * OK account: > > -%- > Dummy-1::DEBUG::2013-11-08 13:28:07,802::OVirtAgentLogic::201::root::User > log-in (credentials = > '\x00\x00\x00(vdcadmin.lab.eng.brq.redhat.com********\ > x00') > Dummy-1::INFO::2013-11-08 13:28:07,802::CredServer::207::root::The following > users are allowed to connect: [0] > Dummy-1::DEBUG::2013-11-08 13:28:07,802::CredServer::272::root::Token: 141319 > Dummy-1::INFO::2013-11-08 13:28:07,802::CredServer::273::root::Opening > credentials channel... > Dummy-1::INFO::2013-11-08 13:28:07,803::CredServer::132::root::Emitting user > authenticated signal (141319). > CredChannel::DEBUG::2013-11-08 > 13:28:07,931::CredServer::166::root::Receiving user's credential ret = 2 > errno = 0 > CredChannel::DEBUG::2013-11-08 13:28:07,931::CredServer::177::root::cmsgp: > len=28 level=1 type=2 > CredChannel::INFO::2013-11-08 13:28:07,931::CredServer::225::root::Incomming > connection from user: 0 process: 2756 > CredChannel::INFO::2013-11-08 13:28:07,931::CredServer::232::root::Sending > user's credential (token: 141319) > Dummy-1::INFO::2013-11-08 13:28:07,931::CredServer::277::root::Credentials > channel was closed. > -%- > > So what is the meaning of: > > -%- > The following users are allowed to connect: [0] > -%- > > Should it be something like this? > > -%- > The following users are allowed to connect: > vdcadmin.lab.eng.brq.redhat.com > -%- > > How did I discover this? I have a user which got its account disabled after > he logged into User Portal. He cannot do SSO (good!) but I could not find > any difference in agent's log. > > * For 'disabled' user: > > -%- > Dummy-1::DEBUG::2013-11-08 13:28:44,236::OVirtAgentLogic::201::root::User > log-in (credentials = > '\x00\x00\x00(disabled.lab.eng.brq.redhat.com********\x00') > Dummy-1::INFO::2013-11-08 13:28:44,236::CredServer::207::root::The following > users are allowed to connect: [0] > Dummy-1::DEBUG::2013-11-08 13:28:44,237::CredServer::272::root::Token: 410829 > Dummy-1::INFO::2013-11-08 13:28:44,237::CredServer::273::root::Opening > credentials channel... > Dummy-1::INFO::2013-11-08 13:28:44,237::CredServer::132::root::Emitting user > authenticated signal (410829). > CredChannel::DEBUG::2013-11-08 > 13:28:44,368::CredServer::166::root::Receiving user's credential ret = 2 > errno = 0 > CredChannel::DEBUG::2013-11-08 13:28:44,368::CredServer::177::root::cmsgp: > len=28 level=1 type=2 > CredChannel::INFO::2013-11-08 13:28:44,368::CredServer::225::root::Incomming > connection from user: 0 process: 3090 > CredChannel::INFO::2013-11-08 13:28:44,368::CredServer::232::root::Sending > user's credential (token: 410829) > Dummy-1::INFO::2013-11-08 13:28:44,368::CredServer::277::root::Credentials > channel was closed. > -%- > > Version-Release number of selected component (if applicable): > is21 > > How reproducible: > 100% > > Steps to Reproduce: > 1. login into User Portal > 2. make the user disabled in AD > 3. try SSO opening console > > Actual results: > user is not logged (OK!) but log is blurry > > Expected results: > there should be a msg in the log which would state why the username/account > could not do 'log-in'. Maybe - Failed log-in for disabled user $user... ?? > > Additional info: Actually the 0 is the UID and only root is allowed to connect to the UNIX Domain socket. This has nothing to do with the 'user' which is trying to connect to the machine. |
Created attachment 821588 [details] ovirt-guest-agent.log Description of problem: logging is sooooo blurry... I'm unable to see in agent's log why SSO did not work for a disabled account. * OK account: -%- Dummy-1::DEBUG::2013-11-08 13:28:07,802::OVirtAgentLogic::201::root::User log-in (credentials = '\x00\x00\x00(vdcadmin.lab.eng.brq.redhat.com********\ x00') Dummy-1::INFO::2013-11-08 13:28:07,802::CredServer::207::root::The following users are allowed to connect: [0] Dummy-1::DEBUG::2013-11-08 13:28:07,802::CredServer::272::root::Token: 141319 Dummy-1::INFO::2013-11-08 13:28:07,802::CredServer::273::root::Opening credentials channel... Dummy-1::INFO::2013-11-08 13:28:07,803::CredServer::132::root::Emitting user authenticated signal (141319). CredChannel::DEBUG::2013-11-08 13:28:07,931::CredServer::166::root::Receiving user's credential ret = 2 errno = 0 CredChannel::DEBUG::2013-11-08 13:28:07,931::CredServer::177::root::cmsgp: len=28 level=1 type=2 CredChannel::INFO::2013-11-08 13:28:07,931::CredServer::225::root::Incomming connection from user: 0 process: 2756 CredChannel::INFO::2013-11-08 13:28:07,931::CredServer::232::root::Sending user's credential (token: 141319) Dummy-1::INFO::2013-11-08 13:28:07,931::CredServer::277::root::Credentials channel was closed. -%- So what is the meaning of: -%- The following users are allowed to connect: [0] -%- Should it be something like this? -%- The following users are allowed to connect: vdcadmin.lab.eng.brq.redhat.com -%- How did I discover this? I have a user which got its account disabled after he logged into User Portal. He cannot do SSO (good!) but I could not find any difference in agent's log. * For 'disabled' user: -%- Dummy-1::DEBUG::2013-11-08 13:28:44,236::OVirtAgentLogic::201::root::User log-in (credentials = '\x00\x00\x00(disabled.lab.eng.brq.redhat.com********\x00') Dummy-1::INFO::2013-11-08 13:28:44,236::CredServer::207::root::The following users are allowed to connect: [0] Dummy-1::DEBUG::2013-11-08 13:28:44,237::CredServer::272::root::Token: 410829 Dummy-1::INFO::2013-11-08 13:28:44,237::CredServer::273::root::Opening credentials channel... Dummy-1::INFO::2013-11-08 13:28:44,237::CredServer::132::root::Emitting user authenticated signal (410829). CredChannel::DEBUG::2013-11-08 13:28:44,368::CredServer::166::root::Receiving user's credential ret = 2 errno = 0 CredChannel::DEBUG::2013-11-08 13:28:44,368::CredServer::177::root::cmsgp: len=28 level=1 type=2 CredChannel::INFO::2013-11-08 13:28:44,368::CredServer::225::root::Incomming connection from user: 0 process: 3090 CredChannel::INFO::2013-11-08 13:28:44,368::CredServer::232::root::Sending user's credential (token: 410829) Dummy-1::INFO::2013-11-08 13:28:44,368::CredServer::277::root::Credentials channel was closed. -%- Version-Release number of selected component (if applicable): is21 How reproducible: 100% Steps to Reproduce: 1. login into User Portal 2. make the user disabled in AD 3. try SSO opening console Actual results: user is not logged (OK!) but log is blurry Expected results: there should be a msg in the log which would state why the username/account could not do 'log-in'. Maybe - Failed log-in for disabled user $user... ?? Additional info: