----- Original Message ----- > From: "Keith Mitchell" <kami...@cisco.com> > To: "Itamar Heim" <ih...@redhat.com> > Cc: users@ovirt.org, "Juan Antonio Hernandez Fernandez" > <jhern...@redhat.com>, "Yair Zaslavsky" <yzasl...@redhat.com> > Sent: Sunday, March 3, 2013 7:15:16 AM > Subject: Re: [Users] webadmin login issues with AD > > On 3/2/13 11:57 PM, Itamar Heim wrote: > > On 03/03/2013 06:41, Keith Mitchell wrote: > >> On 3/2/13 2:51 PM, Itamar Heim wrote: > >>> On 01/03/2013 18:54, Keith Mitchell wrote: > >>>> > >>>> I'm trying to get rhevm 3.1 (which seems to be pretty much ovirt > >>>> 3.1 > >>>> from what I can tell) authenticating against our active > >>>> directory > >>>> infrastructure bu am having some difficulty that I don't quite > >>>> understand and was hoping someone may know what is happening. > >>>> > >>>> The server where rhevm/ovirt is running is a RHEL6 based server > >>>> that has > >>>> NIS configured (with user home directories mounted via > >>>> nfs/automounter). The userids in nis match the userids in our > >>>> ActiveDirectory server (in fact the passwords should match too > >>>> since > >>>> there is a sync between the two). > >>>> > >>>> I added the Activedirectory server into ovirt (through > >>>> rhevm-manage-domains) and it is added/validated successfully. As > >>>> the > >>>> local admin user I can go in and search agains the active > >>>> directory, add > >>>> permissions, etc. > >>>> > >>>> But... If I try to log into the webadmin/user portals with one > >>>> of the > >>>> active directory accounts it seems to hang... and I noticed that > >>>> it > >>>> seems to be trying to mount the home directory of a bunch of > >>>> users via > >>>> the automounter (perhaps its trying to mount everyones home > >>>> directory... > >>>> can't tell). This takes a super long time since the home > >>>> directories > >>>> are all across the world and nfs access to some of these > >>>> filesystems is > >>>> really slow... i'm not sure it will ever complete... certainly > >>>> not > >>>> before the user gives up.
Hi, Currently, both search of users in specific domain + login perform both authentication + authorization check + running ldap queries ( authorization is a part of the login). It seems really odd to me that login takes you quite some time, and search of users/groups does not. What other info can you provide about the user you try to login to? Did you give permissions to many entities? > >>>> > >>>> Anyone know what would cause this? I wouldn't think this should > >>>> happen. I was thinking it should just authenticate the password > >>>> and > >>>> then look at the permissions granted inside overt/rhevm. > >>> > >>> there is no need for the engine (rhev) machine to be part of the > >>> AD > >>> domain for AD authentication to work, and i don't see why this > >>> should > >>> happen. > >>> yair/juan - thoughts? > >>> > >> Turns out the home directory mounting thing had nothing to do with > >> my > >> login issues or ovirt... The home directory issue was due to an > >> issue > >> with mod_dnssd (part of apache) in RHEL6. > >> > >> But even after fixing that, I still have login issues. Whenever I > >> try > >> to authenticate against active directory the webadmin/user gui > >> seems to > >> hang. I've looked at the network trace and it looks like the > >> active > >> directory authentication succeeded without issue, but the login > >> screen > >> just hangs. > >> > >> I can log in with the local admin user fine and I don't see > >> anything in > >> the engine.log files. Perhaps there may be some debug I can turn > >> on to > >> help identify what it is doing? > >> > >> > >> > > > > does the rest api works for an AD user? > > (user@domain is the user name format. url is http://xxx/api) > That seems to hang too. > > _______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users