- Original Message -
From: Grzegorz Szypa grzegorz.sz...@gmail.com
To: Martin Perina mper...@redhat.com, users@ovirt.org
Sent: Wednesday, September 24, 2014 11:19:27 AM
Subject: Re: [ovirt-users] [ovirt 3.4.3] No KDC can be obtained for domain...
after using engine-manage-domains edit
Hi.
It's a little strange, because I can easily attach clients (VMs) to the
Microsoft AD domain. Only sometimes there are problems with connectivity,
but I will solve this in two ways: add the DNS suffix or adds a static
primary DNS, which indicates domain.
/etc/resolv.conf
nameserver 172.30.30.253# DNS and AD server
nameserver 172.30.30.1# Router - DHCP
search szypa.net
By the way, is also one strange thing:
Every time when I inserted record nameserver 172.30.30.253 to file
resolv.conf from time to time the file is overwritten / changed (I have
no idea how) and record nameserver 172.30.30.253 disappears (just as you
would in general not been added).
It depends what is your network configuration. If you are using static IP,
then network configuration is defined in
/etc/sysconfig/network-scripts/ifcfg-XXX
(XXX is the name of device) using DNSx params. In you case
DNS1=172.30.30.25
DNS2=172.30.30.1
If you are using DHCP, then /etc/resolv.conf is usually altered on IP address
renewal.
*And in all this is the cause that generates the problem.*
*So I think that the problem are solved, but i do not know how to resolve a
problem with hidding configuration in /etc/resolv.conf*
Regards,
*Grzegorz Szypa*
2014-09-24 8:03 GMT+02:00 Martin Perina mper...@redhat.com:
Hi,
I looked at the logs and you have serious DNS problems:
2014-09-24 07:32:24,984 ERROR
[org.ovirt.engine.core.bll.adbroker.GetRootDSE]
(DefaultQuartzScheduler_Worker-15) Failed to query rootDSE for LDAP server
ldap://szypa.net:389 due to szypa.net:389
2014-09-24 07:32:24,984 ERROR
[org.ovirt.engine.core.bll.adbroker.DirectorySearcher]
(DefaultQuartzScheduler_Worker-15) Failed ldap search server ldap://
szypa.net:389 using user ov...@szypa.net due to
javax.naming.CommunicationException: szypa.net:389 [Root exception is
java.net.UnknownHostException: szypa.net]. We should try the next server
You cannot authenticate your users, because LDAP server ldap://
szypa.net:389
cannot be resolved. Are you able to resolve szypa.net on you engine host?
- Original Message -
From: Grzegorz Szypa grzegorz.sz...@gmail.com
To: Martin Perina mper...@redhat.com, users@ovirt.org
Sent: Wednesday, September 24, 2014 7:32:56 AM
Subject: Re: [ovirt-users] [ovirt 3.4.3] No KDC can be obtained for
domain... after using engine-manage-domains edit
; DiG 9.8.2rc1-RedHat-9.8.2-0.23.rc1.el6_5.1 SRV _kerberos._
tcp.szypa.net
;; global options: +cmd
;; Got answer:
;; -HEADER- opcode: QUERY, status: NXDOMAIN, id: 65248
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;_kerberos._tcp.szypa.net. IN SRV
;; AUTHORITY SECTION:
net.890 IN SOA a.gtld-servers.net.
nstld.verisign-grs.com. 1411536712 1800 900 604800 86400
;; Query time: 28 msec
;; SERVER: 172.30.30.1#53(172.30.30.1)
;; WHEN: Wed Sep 24 07:32:23 2014
;; MSG SIZE rcvd: 115
This looks like that szypa.net domain doesn't exist at all. Do you really
have
correct DNS configuration on engine host?
2014-09-24 7:06 GMT+02:00 Martin Perina mper...@redhat.com:
Hi,
the error message mean, that we cannot find any KDC servers
in DNS. Could you please post results of the following command:
dig SRV _kerberos._tcp.szypa.net
Regarding the errors after oVirt restart, could you please post
your engine.log?
Thanks
Martin Perina
- Original Message -
From: Grzegorz Szypa grzegorz.sz...@gmail.com
To: fkob...@redhat.com, users@ovirt.org
Sent: Tuesday, September 23, 2014 3:41:02 PM
Subject: [ovirt-users] [ovirt 3.4.3] No KDC can be obtained for
domain... after using engine-manage-domains edit
Hi.
I have a problem with losting connetction to Windows Active
Directory.
Normaly I connect ovirt with AD like this:
engine-manage-domains add --domain= szypa.net --provider=ad
--user=ovirt
--add-permissions
After period time, example when i restart ovirt, connection is lost
becouse i
cannot add new user created in AD, so i thinking that i refresh conf.
connection to ad:
engine-manage-domains edit --domain= szypa.net --provider=ad
--user=ovirt
--add-permissions
and i get this error:
No KDC can be obtained for domain szypa.net
have any idea?
I read that this problem is resolved in previous ovirt version
--
G.Sz
