[ovirt-users] ovirt 3.4 and FreeIPA authentication
I have just create an oVirt 3.4 server as part of my test environment prior to moving from my production 3.3 environment. I authenticate against FreeIPA 3.0.0 I generally add a group in IPA, add the permissions in ovirt against the group, and then add/remove users from the groups in IPA. With oVirt3.4, I have justed added my vmadmin IPA group to ovirt, and given it the SuperUser role. I try to log in to oVirt 3.4 as myself (I am in the vmadmin group), and I can authenticate fine, but I do not have SuperUser privileges. If I log in to my live Ovirt (3.3), I do have SuperUser privileges. Has something changed? Or is there an extra step I have to take that I have missed to propogate privileges. Thanks Peter P.S. All work done in the ovirt Admin portal gui so far, not tried the CLI yet. ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] ovirt 3.4 and FreeIPA authentication
Hi, I recall there where some bugs which didn't propagate the correct rights inherited by group membership to all group members, maybe that's related? There are some BZ's for it, I don't know atm if this was resolved for 3.4.1 ? HTH -- Mit freundlichen Grüßen / Regards Sven Kieske Systemadministrator Mittwald CM Service GmbH Co. KG Königsberger Straße 6 32339 Espelkamp T: +49-5772-293-100 F: +49-5772-293-333 https://www.mittwald.de Geschäftsführer: Robert Meyer St.Nr.: 331/5721/1033, USt-IdNr.: DE814773217, HRA 6640, AG Bad Oeynhausen Komplementärin: Robert Meyer Verwaltungs GmbH, HRB 13260, AG Bad Oeynhausen ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] ovirt 3.4 and FreeIPA authentication
As mentioned by Sven, As far as I know all these bugs were solved for 3.4.1 However, if possible, I would like to get the following information - a. select user_id, username, group_ids from users where username = 'THE_USER_YOU_TRIED_TO_LOGIN_WITH'; b. select id, name from ad_groups; - Original Message - From: Peter Harris doilooksensi...@gmail.com To: Users@ovirt.org Sent: Wednesday, April 30, 2014 11:55:04 AM Subject: [ovirt-users] ovirt 3.4 and FreeIPA authentication I have just create an oVirt 3.4 server as part of my test environment prior to moving from my production 3.3 environment. I authenticate against FreeIPA 3.0.0 I generally add a group in IPA, add the permissions in ovirt against the group, and then add/remove users from the groups in IPA. With oVirt3.4, I have justed added my vmadmin IPA group to ovirt, and given it the SuperUser role. I try to log in to oVirt 3.4 as myself (I am in the vmadmin group), and I can authenticate fine, but I do not have SuperUser privileges. If I log in to my live Ovirt (3.3), I do have SuperUser privileges. Has something changed? Or is there an extra step I have to take that I have missed to propogate privileges. Thanks Peter P.S. All work done in the ovirt Admin portal gui so far, not tried the CLI yet. ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] ovirt 3.4 and FreeIPA authentication
- Original Message - From: Yair Zaslavsky yzasl...@redhat.com To: Peter Harris doilooksensi...@gmail.com Cc: Users@ovirt.org, Sven Kieske s.kie...@mittwald.de Sent: Wednesday, April 30, 2014 12:19:57 PM Subject: Re: [ovirt-users] ovirt 3.4 and FreeIPA authentication As mentioned by Sven, As far as I know all these bugs were solved for 3.4.1 However, if possible, I would like to get the following information - a. select user_id, username, group_ids from users where username = 'THE_USER_YOU_TRIED_TO_LOGIN_WITH'; b. select id, name from ad_groups; of course this should be collected from the database. - Original Message - From: Peter Harris doilooksensi...@gmail.com To: Users@ovirt.org Sent: Wednesday, April 30, 2014 11:55:04 AM Subject: [ovirt-users] ovirt 3.4 and FreeIPA authentication I have just create an oVirt 3.4 server as part of my test environment prior to moving from my production 3.3 environment. I authenticate against FreeIPA 3.0.0 I generally add a group in IPA, add the permissions in ovirt against the group, and then add/remove users from the groups in IPA. With oVirt3.4, I have justed added my vmadmin IPA group to ovirt, and given it the SuperUser role. I try to log in to oVirt 3.4 as myself (I am in the vmadmin group), and I can authenticate fine, but I do not have SuperUser privileges. If I log in to my live Ovirt (3.3), I do have SuperUser privileges. Has something changed? Or is there an extra step I have to take that I have missed to propogate privileges. Thanks Peter P.S. All work done in the ovirt Admin portal gui so far, not tried the CLI yet. ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users