Bug 835980
| Summary: | Change to IPA server in RHEL 6.3 appears to break rhevm-manage-domains IPA autodetection logic? | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Virtualization Manager | Reporter: | Stephen Gordon <sgordon> |
| Component: | ovirt-engine | Assignee: | Nobody's working on this, feel free to take it <nobody> |
| Status: | CLOSED DUPLICATE | QA Contact: | |
| Severity: | high | Docs Contact: | |
| Priority: | high | ||
| Version: | 3.0.0 | CC: | dyasny, gspurgeon, iheim, lpeer, Rhev-m-bugs, yeylon, ykaul |
| Target Milestone: | --- | Keywords: | Regression |
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2012-06-28 01:37:59 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
Should also note I did come across and follow the steps here: https://access.redhat.com/knowledge/ko/node/70496 As I said though I get to the end of this and can still kinit as the given user@domain so not sure this is the issue. I've since installed a RHEL 6.2 VM and pointed the DNS entries at it (my IPA instances are VMs), ran ipa-server-install, and was able to successfully add the domain using rhevm-manage-domains. This definitely looks like it was introduced in RHEL 6.3 to me. RHEL 6.2: ipa server-2.1.3-9.el6.x86_64 RHEL 6.3: ipa-server-2.2.0-16.el6.x86_64 *** This bug has been marked as a duplicate of bug 808129 *** |
Sanatized summary (original description contains internal only machine addresses): I've been trying to run up a RHEV environment here in Toronto for the local engineering teams and run into an issue which I think relates to a change made to IPA in RHEL 6.3. I have installed RHEVM on a RHEL 6.3 machine, and IPA server on another RHEL 6.3 machine. When I do rhevm-manage-domains I get the following response (note I do have PTR and SRV records even though it's a usersys address, I'm providing them locally using dnsmasq) No user in Directory was found for admin@<snip>. Trying next LDAP server in list Failure while testing domain <snip>. Details: No user information was found for user The log does not provide much insight: 2012-06-27 13:22:07,635 INFO [org.ovirt.engine.core.utils.kerberos.ManageDomains] Successfully created kerberos configuration for domain(s): <snip> 2012-06-27 13:22:07,635 INFO [org.ovirt.engine.core.utils.kerberos.ManageDomains] Testing kerberos configuration for domain: <snip> I did find a docspace article in my travels that suggested that perhaps the UPN in IPA didn't match what rhevm-manage-domains expects but that doesn't appear to be the case here, I am able to kinit as the given UPN. I did a bit more searching and came across this: https://access.redhat.com/discussion/freeipa-integration-problem Essentially it appears a change in FreeIPA (yes, which I know we don't support, stay with me here) throws off the logic in rhevm-manage-domains that autodetects whether IPA or AD is in use, causing the error that I am running into. Clicking through that discussion to the FreeIPA ticket, and then to a RHEL bugzilla you end up here: https://bugzilla.redhat.com/show_bug.cgi?id=766322 To me it looks like this change to ipa-server, known to break rhevm-manage-domains, was deployed as part of RHEL 6.3? Has anyone successfully used rhevm-manage-domains to add an IPA domain that is hosted on a RHEL 6.3 box?