Description of problem: It seems engine sends empty password for an AD user when desktopLogin is invoken, ie. the AD user is logged into User Portal and opens console of his-assigned VM (User Role). The AD users instead of having working VM desktop env just sees locked screen dialog. engine.log: ~~~ # tail -f /var/log/ovirt-engine/engine.log | grep -i desktopLogin {"jsonrpc":"2.0","method":"VM.desktopLogin","params":{"vmID":"cb8b1462-3cb6-4bf0-b7e4-28be5702b6ac","domain":"ad-w2k8r2.example.com","username":"user2","password":""},"id":"edf2144b-e37d-4a03-9cdd-6f174c0217cc"} ^^^ suspicious <JsonRpcRequest id: "edf2144b-e37d-4a03-9cdd-6f174c0217cc", method: VM.desktopLogin, params: {vmID=cb8b1462-3cb6-4bf0-b7e4-28be5702b6ac, domain=ad-w2k8r2.example.com, username=user2, password=*****}> ^^^^^ it would be nice to see if SENSITIVE_KEYS are empty ~~~ vdsm.log ~~~ [root@dell-r210ii-13 ~]# grep -i 'XXX desktoplogin' /var/log/vdsm/vdsm.log Thread-55::DEBUG::2016-10-04 16:09:18,769::guestagent::465::virt.vm::(desktopLogin) vmId=`cb8b1462-3cb6-4bf0-b7e4-28be5702b6ac`::XXX desktopLogin called: Heslo123 ^^^ above was invoked manually via vdsclient desktopLogin command, an example with little bit modified /usr/lib/python2.7/site-packages/vdsm/virt/guestagent.py [root@dell-r210ii-13 ~]# tail -f /var/log/vdsm/vdsm.log | grep 'XXX desktopLogin' jsonrpc.Executor/2::DEBUG::2016-10-04 16:10:09,625::guestagent::465::virt.vm::(desktopLogin) vmId=`cb8b1462-3cb6-4bf0-b7e4-28be5702b6ac`::XXX desktopLogin called: jsonrpc.Executor/7::DEBUG::2016-10-04 16:19:18,764::guestagent::465::virt.vm::(desktopLogin) vmId=`cb8b1462-3cb6-4bf0-b7e4-28be5702b6ac`::XXX desktopLogin called: ^^^ there were caught via normal desktopLogin (clicking on icon in User Portal) ~~~ Version-Release number of selected component (if applicable): ovirt-engine-4.0.5-0.1.el7ev.noarch How reproducible: 100% Steps to Reproduce: 1. have AD configured as auth backend, have a VM (win7 64bit) with AD working and GA installed 2. login to User Portal as an AD user which got a VM assigned with User Role 3. (start and) open console Actual results: the AD user doesn't see working desktop but ctrl-alt-del screen Expected results: the AD user should be logged in automatically and see working desktop Additional info:
Target release should be placed once a package build is known to fix a issue. Since this bug is not modified, the target version has been reset. Please use target milestone to plan a fix for a oVirt release.
ok, sso works again. <JsonRpcRequest id: "9c9fb07a-8650-4b2c-a09f-09e8dd8c3b17", method: VM.desktopLogin, params: {vmID=cb8b1462-3cb6-4bf0-b7e4-28be5702b6ac, domain=ad-w2k8r2.example.com, username=user2, password=*****}>