Bug 1273297 - [engine-backend] After fresh installation, admin user cannot login, the account is reported as expired
[engine-backend] After fresh installation, admin user cannot login, the accou...
Status: CLOSED NOTABUG
Product: ovirt-engine
Classification: oVirt
Component: BLL.Infra (Show other bugs)
3.6.0.1
x86_64 Unspecified
unspecified Severity high (vote)
: ---
: ---
Assigned To: Oved Ourfali
Pavel Stehlik
infra
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2015-10-20 03:30 EDT by Elad
Modified: 2016-02-10 14:22 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2015-10-20 04:58:11 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: Infra
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
ebenahar: planning_ack?
ebenahar: devel_ack?
ebenahar: testing_ack?


Attachments (Terms of Use)
engine.log and /etc/ovirt-engine dir (6.81 MB, application/x-gzip)
2015-10-20 03:30 EDT, Elad
no flags Details

  None (edit)
Description Elad 2015-10-20 03:30:59 EDT
Created attachment 1084639 [details]
engine.log and /etc/ovirt-engine dir

Description of problem:
Installed rhevm over a freshly installed RHEL6.7 machine and attempted to access the webadmin portal using admin user. I got denied from accessing with the following message:

2015-10-20 04:00:52,927 WARN  [org.ovirt.engine.core.bll.aaa.LoginAdminUserCommand] (ajp-/127.0.0.1:8702-9) [] CanDoAction of action 'LoginAdminUser' failed for user admin@internal. Reas
ons: USER_ACCOUNT_EXPIRED


Version-Release number of selected component (if applicable):
rhevm-3.6.0.1-0.1.el6.noarch

How reproducible:
Always

Steps to Reproduce:
1. After a clean RHEVM installation, try to access webadmin portal using admin user


Actual results:
Access is denied

Expected results:
Admin user should be able to access, the account should not be expired.

Additional info:
engine.log and /etc/ovirt-engine dir
Comment 1 Elad 2015-10-20 04:11:08 EDT
The date/time on the engine machine was late by 6 hours. Fixed it and now access using admin user is allowed.

[root@elad-he ~]# ovirt-aaa-jdbc-tool user show admin
-- User admin(7d39616b-1110-4ccf-ae54-8fbc68077da0) --
Namespace: *
Name: admin
ID: 7d39616b-1110-4ccf-ae54-8fbc68077da0
Display Name: 
Email: 
First Name: admin
Last Name: 
Department: 
Title: 
Description: 
Account Disabled: false
Account Unlocked At: 1970-01-01 00:00:00Z
Account Valid From: 2015-10-20 03:39:28Z
Account Valid To: 2215-10-20 03:39:28Z
Account Without Password: false
Last successful Login At: 2015-10-20 08:04:13Z
Last unsuccessful Login At: 2015-10-20 01:00:47Z
Password Valid To: 2215-09-02 03:39:29Z
Comment 2 Elad 2015-10-20 04:58:11 EDT
Closing as NOTABUG as this is a configuration issue. 
Filed https://bugzilla.redhat.com/show_bug.cgi?id=1273331 for mentioning the date/time subject in the engine best practices documentation.

Note You need to log in before you can comment on or make changes to this bug.