Red Hat Bugzilla – Bug 835980
Change to IPA server in RHEL 6.3 appears to break rhevm-manage-domains IPA autodetection logic?
Last modified: 2015-09-22 09:10 EDT
Sanatized summary (original description contains internal only machine addresses):
I've been trying to run up a RHEV environment here in Toronto for the local engineering teams and run into an issue which I think relates to a change made to IPA in RHEL 6.3. I have installed RHEVM on a RHEL 6.3 machine, and IPA server on another RHEL 6.3 machine. When I do rhevm-manage-domains I get the following response (note I do have PTR and SRV records even though it's a usersys address, I'm providing them locally using dnsmasq)
No user in Directory was found for admin@<snip>. Trying next LDAP server in list
Failure while testing domain <snip>. Details: No user information was found for user
The log does not provide much insight:
2012-06-27 13:22:07,635 INFO [org.ovirt.engine.core.utils.kerberos.ManageDomains] Successfully created kerberos configuration for domain(s): <snip>
2012-06-27 13:22:07,635 INFO [org.ovirt.engine.core.utils.kerberos.ManageDomains] Testing kerberos configuration for domain: <snip>
I did find a docspace article in my travels that suggested that perhaps the UPN in IPA didn't match what rhevm-manage-domains expects but that doesn't appear to be the case here, I am able to kinit as the given UPN. I did a bit more searching and came across this:
Essentially it appears a change in FreeIPA (yes, which I know we don't support, stay with me here) throws off the logic in rhevm-manage-domains that autodetects whether IPA or AD is in use, causing the error that I am running into. Clicking through that discussion to the FreeIPA ticket, and then to a RHEL bugzilla you end up here:
To me it looks like this change to ipa-server, known to break rhevm-manage-domains, was deployed as part of RHEL 6.3? Has anyone successfully used rhevm-manage-domains to add an IPA domain that is hosted on a RHEL 6.3 box?
Should also note I did come across and follow the steps here:
As I said though I get to the end of this and can still kinit as the given user@domain so not sure this is the issue.
I've since installed a RHEL 6.2 VM and pointed the DNS entries at it (my IPA instances are VMs), ran ipa-server-install, and was able to successfully add the domain using rhevm-manage-domains. This definitely looks like it was introduced in RHEL 6.3 to me.
RHEL 6.2: ipa server-2.1.3-9.el6.x86_64
RHEL 6.3: ipa-server-2.2.0-16.el6.x86_64
*** This bug has been marked as a duplicate of bug 808129 ***