[one-users] OpenNebula and FreeIPA authentication

Mon, 08 Dec 2014 06:56:09 -0800

I am struggling a little bit with hooking my test OpenNebula in to my existing FreeIPA authentication domain.
I am currently running OpenNebula 4.10.1 running on Centos 6.5, and I am trying to connect it to my existing FreeIPA 3.0.0 server. 


I currently have three services authenticating via ldap to the IPA 
server, so I "think" that bit is right.



When I install opennebula for the first time, get everything setup, add 
the ldap authentication config, everything looks OK. I create a user in 
Sunstone, set the auth method to LDAP, and then successfully sign in to 
Sunstone. Happy face.

I change the user to oneadmin group in Sunstone.


The following day, I am no longer able to log in as that user, and no 
amount of deleting user and re-adding user seems to make any difference. 
I have also tried NOT creating the user via sunstone, and just logging 
in, same errors.



Does anybody have any idea what I might be doing wrong, or even where I 
can look to figure what is not working? Config and log files below. Many 
thanks in advance.


------------------------------
oned.conf
---------------------------
AUTH_MAD = [
    executable = "one_auth_mad",
    authn = "ssh,x509,ldap,default,server_cipher,server_x509"
]

------------------------------
ldap_auth.conf
----------------------------
server 1:
    # Ldap authentication method
    :auth_method: :simple

    # Ldap server
    :host: ipa1.lab.company.com
    :port: 389

    # Uncomment this line for tsl conections
    #:encryption: :simple_tls

    # base hierarchy where to search for users and groups
    :base: 'cn=users,cn=accounts,dc=lab,dc=company,dc=com'

    # group the users need to belong to. If not set any user will do
    #:group: 'cn=users,cn=accounts'

    # field that holds the user name, if not set 'cn' will be used
    :user_field: 'uid'

 :order:
     - server 1

------------------------------
oned.log
------------------------------
Mon Dec  8 13:24:50 2014 [Z0][ReM][D]: Req:8640 UID:-1 GroupPoolInfo invoked

Mon Dec  8 13:24:50 2014 [Z0][ReM][E]: Req:8640 UID:- GroupPoolInfo 
result FAILURE [GroupPoolInfo] User couldn't be authenticated, aborting 
call.
Mon Dec  8 13:24:50 2014 [Z0][AuM][D]: Message received: LOG I 1 Command 
execution fail: /var/lib/one/remotes/auth/ldap/authenticate peter.harris 
- ****



Mon Dec  8 13:24:50 2014 [Z0][AuM][I]: Command execution fail: 
/var/lib/one/remotes/auth/ldap/authenticate peter.harris - ****
Mon Dec  8 13:24:50 2014 [Z0][AuM][D]: Message received: LOG I 1 Trying 
server server 1


Mon Dec  8 13:24:50 2014 [Z0][AuM][I]: Trying server server 1

Mon Dec  8 13:24:50 2014 [Z0][AuM][D]: Message received: LOG I 1 
Exception raised authenticating to LDAP



Mon Dec  8 13:24:50 2014 [Z0][AuM][I]: Exception raised authenticating 
to LDAP
Mon Dec  8 13:24:50 2014 [Z0][AuM][D]: Message received: LOG I 1 
#<NoMethodError: undefined method `children' for nil:NilClass>



Mon Dec  8 13:24:50 2014 [Z0][AuM][I]: #<NoMethodError: undefined method 
`children' for nil:NilClass>
Mon Dec  8 13:24:50 2014 [Z0][AuM][D]: Message received: LOG I 1 
/usr/lib/one/ruby/opennebula/xml_element.rb:357:in `build_hash'



Mon Dec  8 13:24:50 2014 [Z0][AuM][I]: 
/usr/lib/one/ruby/opennebula/xml_element.rb:357:in `build_hash'
Mon Dec  8 13:24:50 2014 [Z0][AuM][D]: Message received: LOG I 1 
/usr/lib/one/ruby/opennebula/xml_element.rb:341:in `to_hash'



Mon Dec  8 13:24:50 2014 [Z0][AuM][I]: 
/usr/lib/one/ruby/opennebula/xml_element.rb:341:in `to_hash'
Mon Dec  8 13:24:50 2014 [Z0][AuM][D]: Message received: LOG I 1 
/usr/lib/one/ruby/opennebula/ldap_auth.rb:93:in `generate_mapping'



Mon Dec  8 13:24:50 2014 [Z0][AuM][I]: 
/usr/lib/one/ruby/opennebula/ldap_auth.rb:93:in `generate_mapping'
Mon Dec  8 13:24:50 2014 [Z0][AuM][D]: Message received: LOG I 1 
/usr/lib/one/ruby/opennebula/ldap_auth.rb:69:in `initialize'



Mon Dec  8 13:24:50 2014 [Z0][AuM][I]: 
/usr/lib/one/ruby/opennebula/ldap_auth.rb:69:in `initialize'
Mon Dec  8 13:24:50 2014 [Z0][AuM][D]: Message received: LOG I 1 
/var/lib/one/remotes/auth/ldap/authenticate:69:in `new'



Mon Dec  8 13:24:50 2014 [Z0][AuM][I]: 
/var/lib/one/remotes/auth/ldap/authenticate:69:in `new'
Mon Dec  8 13:24:50 2014 [Z0][AuM][D]: Message received: LOG I 1 
/var/lib/one/remotes/auth/ldap/authenticate:69



Mon Dec  8 13:24:50 2014 [Z0][AuM][I]: 
/var/lib/one/remotes/auth/ldap/authenticate:69
Mon Dec  8 13:24:50 2014 [Z0][AuM][D]: Message received: LOG I 1 
/var/lib/one/remotes/auth/ldap/authenticate:59:in `each'



Mon Dec  8 13:24:50 2014 [Z0][AuM][I]: 
/var/lib/one/remotes/auth/ldap/authenticate:59:in `each'
Mon Dec  8 13:24:50 2014 [Z0][AuM][D]: Message received: LOG I 1 
/var/lib/one/remotes/auth/ldap/authenticate:59



Mon Dec  8 13:24:50 2014 [Z0][AuM][I]: 
/var/lib/one/remotes/auth/ldap/authenticate:59
Mon Dec  8 13:24:50 2014 [Z0][AuM][D]: Message received: LOG I 1 Could 
not authenticate user peter.harris



Mon Dec  8 13:24:50 2014 [Z0][AuM][I]: Could not authenticate user 
peter.harris
Mon Dec  8 13:24:50 2014 [Z0][AuM][D]: Message received: LOG I 1 
ExitCode: 255


Mon Dec  8 13:24:50 2014 [Z0][AuM][I]: ExitCode: 255

Mon Dec  8 13:24:50 2014 [Z0][AuM][D]: Message received: AUTHENTICATE 
FAILURE 1 -


Mon Dec  8 13:24:50 2014 [Z0][AuM][E]: Auth Error:
Mon Dec  8 13:24:50 2014 [Z0][ReM][D]: Req:6320 UID:-1 UserInfo invoked , -1

Mon Dec  8 13:24:50 2014 [Z0][ReM][E]: Req:6320 UID:- UserInfo result 
FAILURE [UserInfo] User couldn't be authenticated, aborting call.



_______________________________________________
Users mailing list
Users@lists.opennebula.org
http://lists.opennebula.org/listinfo.cgi/users-opennebula.org






















					Reply via email to