On Tue, Oct 4, 2016 at 5:16 PM, wrote:
> Martin, thanks for the help. It works.
>
Glad to hear that, thanks.
Martin
>
> 03.10.2016, 15:01, "Martin Perina" :
> > Ahh, this is the issue. Above configuration is valid for oVirt 3.x, but
> in 4.0 we have quite new OAuth base SSO, so you need t
Martin, thanks for the help. It works.
03.10.2016, 15:01, "Martin Perina" :
> Ahh, this is the issue. Above configuration is valid for oVirt 3.x, but in
> 4.0 we have quite new OAuth base SSO, so you need to use following
> configuration:
>
> ^/ovirt-engine/sso/(interactive-login-negotiate|oau
Hi,
please take a look at inline comments:
On Mon, Oct 3, 2016 at 9:15 AM, wrote:
> Yes. Of course. Here are my configs.
>
>
> =
> # cat /etc/ovirt-engine/aaa/ovirt-sso.conf
>
>
>
> RewriteEngine on
Yes. Of course. Here are my configs.
=
# cat /etc/ovirt-engine/aaa/ovirt-sso.conf
RewriteEngine on
RewriteCond %{LA-U:REMOTE_USER} ^(.*)$
RewriteRule ^(.*)$ - [L,NS,P,E=REMOTE_USER:%1]
On Mon, Oct 3, 2016 at 8:52 AM, wrote:
> > network.negotiate-auth.delegation-uris = .ad.holding.com
> > network.negotiate-auth.trusted-uris = .ad.holding.com
>
> Yes. Configured
>
> The URL https://kom-ad01-ovirt1.ad.holding.com/ovirt-engine/api in IE and
> Firefox opens without problems and wi
> network.negotiate-auth.delegation-uris = .ad.holding.com > network.negotiate-auth.trusted-uris = .ad.holding.com Yes. Configured The URL https://kom-ad01-ovirt1.ad.holding.com/ovirt-engine/api in IE and Firefox opens without problems and without password prompts But when opening links from start
On Mon, Oct 3, 2016 at 8:18 AM, wrote:
>
> Hello, Martin
>
> Before I wrote: Kerberos authentication FOR WINDOWS WEB SERVERS working
> successfully from Internet Explorer & Forefox.
> Kerberos authentication NOT working with oVirt Web-Portals.
>
> I expect that the users opening the oVirt web por
Hello, Martin Before I wrote: Kerberos authentication FOR WINDOWS WEB SERVERS working successfully from Internet Explorer & Forefox.Kerberos authentication NOT working with oVirt Web-Portals. I expect that the users opening the oVirt web portal in the browser did not enter a password, and used ins
Hi Aleksey,
in your last email you wrote that everything works (at least that's my
understanding, email pasted below). So what exactly doesn't work for you?
Regards
Martin Perina
> # kinit aleksey
>
> Password for alek...@ad.holding.com: ***
>
> # klist
>
> Ticket cache: KEYRING:persistent:0:k
Up
30.09.2016, 18:55, "aleksey.maksi...@it-kb.ru" :
> Any other ideas?
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users
Any other ideas?
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users
# kinit aleksey
Password for alek...@ad.holding.com: ***
# klist
Ticket cache: KEYRING:persistent:0:krb_ccache_9W86VN9
Default principal: alek...@ad.holding.com
Valid starting Expires Service principal
09/30/2016 16:50:32 10/01/2016 02:50:32 krbtgt/ad.holding@ad.holding
'/etc/httpd/s-oVirt-Krb.keytab' is apache keytab, you can't try to test
login with it. You should try something like `kinit myuser` and then
curl. And be sure that 'myuser' has appropriate permissions in oVirt.
Do you have properly setup your browser and enabled negotiation (for
example for firef
# kinit -V -k -t /etc/httpd/s-oVirt-Krb.keytab
HTTP/kom-ad01-ovirt1.ad.holding.com
Using existing cache: persistent:0:0
Using principal: HTTP/kom-ad01-ovirt1.ad.holding@ad.holding.com
Using keytab: /etc/httpd/s-oVirt-Krb.keytab
Authenticated to Kerberos v5
# klist
Ticket cache: KEYRING:pers
On 09/30/2016 02:44 PM, aleksey.maksi...@it-kb.ru wrote:
Hello oVirt guru`s!
I set up oVirt integration with Active Directory LDAP according to the manual:
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Virtualization/3.6/html/Administration_Guide/sect-Configuring_an_External_L
Hello oVirt guru`s!
I set up oVirt integration with Active Directory LDAP according to the manual:
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Virtualization/3.6/html/Administration_Guide/sect-Configuring_an_External_LDAP_Provider.html#Configuring_an_External_LDAP_Provider_Man
16 matches
Mail list logo