Hi i am new to oVirt so i think i am missing something. I my case ovirt-engine-extension-aaa-ldap-setup did not work and i am not a domain administrator so i had to set it up by hand I can login with my AD user into the VM portal but SSO to a windows 7 machine does not happen Thks for your help rgds Harry my files: in /etc/ovirt-engine/aaa/zkf200mut.prd.properties vars.user = CN=HARRY (Adm),OU=Administrative Accounts,OU=Operations,OU=203,DC=zkf200mut,DC=prd vars.password = password pool.default.auth.simple.bindDN = ${global:vars.user} pool.default.auth.simple.password = ${global:vars.password}
pool.default.serverset.type = single pool.default.serverset.single.server = 10.63.123.22 pool.default.dc-resolve.default.serverset.type = single pool.default.dc-resolve.serverset.single.server = 10.63.123.22 pool.default.socketfactory.type = java /etc/ovirt-engine/extensions.d/zkf200mut.prd-authn.properties ovirt.engine.extension.name = zkf200mut.prd-authn ovirt.engine.extension.bindings.method = jbossmodule ovirt.engine.extension.binding.jbossmodule.module = org.ovirt.engine-extensions.aaa.ldap ovirt.engine.extension.binding.jbossmodule.class = org.ovirt.engineextensions.aaa.ldap.AuthnExtension ovirt.engine.extension.provides = org.ovirt.engine.api.extensions.aaa.Authn ovirt.engine.aaa.authn.profile.name = zkf200mut.prd ovirt.engine.aaa.authn.authz.plugin = zkf200mut.prd config.profile.file.1 = ../aaa/zkf200mut.prd.properties /etc/ovirt-engine/extensions.d/zkf200mut.prd.properties ovirt.engine.extension.name = zkf200mut.prd ovirt.engine.extension.bindings.method = jbossmodule ovirt.engine.extension.binding.jbossmodule.module = org.ovirt.engine-extensions.aaa.ldap ovirt.engine.extension.binding.jbossmodule.class = org.ovirt.engineextensions.aaa.ldap.AuthzExtension ovirt.engine.extension.provides = org.ovirt.engine.api.extensions.aaa.Authz config.profile.file.1 = ../aaa/zkf200mut.prd.properties engine.log -> when i login and click on the console of the VM 2019-06-04 12:24:30,442+02 INFO [org.ovirt.engine.core.bll.aaa.TerminateSessionsForTokenCommand] (default task-8) [354a4756] Running command: TerminateSessionsForTokenCommand internal: true. 2019-06-04 12:24:46,247+02 INFO [org.ovirt.engine.core.sso.utils.AuthenticationUtils] (default task-7) [] User m203h...@zkf200mut.prd successfully logged in with scopes: ovirt-app-admin ovirt-app-api ovirt-app-portal ovirt-ext=auth:sequence-priority=~ ovirt-ext=revoke:revoke-all ovirt-ext=token-info:authz-search ovirt-ext=token-info:public-authz-search ovirt-ext=token-info:validate ovirt-ext=token:password-access 2019-06-04 12:24:46,316+02 INFO [org.ovirt.engine.core.bll.aaa.CreateUserSessionCommand] (default task-7) [d7805c4] Running command: CreateUserSessionCommand internal: false. 2019-06-04 12:24:46,331+02 INFO [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] (default task-7) [d7805c4] EVENT_ID: USER_VDC_LOGIN(30), User m203h...@zkf200mut.prd@zkf200mut.prd connecting from '10.63.120.199' using session 'CGIKs/CP4HQdLoUhWAzsq996BKkMcKDrqdfHT1x/kIBzixxbNl/hle8BZCZmS2L/ehVZdoStH2JByXragQxeqw==' logged in. 2019-06-04 12:24:47,015+02 ERROR [org.ovirt.engine.core.bll.GetPermissionsForObjectQuery] (default task-3) [1e271632-b9f4-4bcc-8205-ccd8ff1421f6] Query execution failed due to insufficient permissions. 2019-06-04 12:24:47,017+02 ERROR [org.ovirt.engine.api.restapi.resource.AbstractBackendResource] (default task-3) [] Operation Failed: query execution failed due to insufficient permissions. 2019-06-04 12:24:50,106+02 INFO [org.ovirt.engine.core.bll.SetVmTicketCommand] (default task-8) [6f85887f] Running command: SetVmTicketCommand internal: false. Entities affected : ID: 3985528e-5bd3-4d87-b766-361c7985788f Type: VMAction group CONNECT_TO_VM with role type USER 2019-06-04 12:24:50,118+02 INFO [org.ovirt.engine.core.vdsbroker.vdsbroker.SetVmTicketVDSCommand] (default task-8) [6f85887f] START, SetVmTicketVDSCommand(HostName = ovirtServer1.zkf200mut.prd, SetVmTicketVDSCommandParameters:{hostId='d28491ac-2c3b-4462-b24b-1c673155c644', vmId='3985528e-5bd3-4d87-b766-361c7985788f', protocol='SPICE', ticket='PzMAJhjN75ij', validTime='120', userName='m203h...@zkf200mut.prd', userId='12f092ed-db4c-4ed0-b4bb-f3051c4fc677', disconnectAction='LOCK_SCREEN'}), log id: 103ea2 2019-06-04 12:24:50,150+02 INFO [org.ovirt.engine.core.vdsbroker.vdsbroker.SetVmTicketVDSCommand] (default task-8) [6f85887f] FINISH, SetVmTicketVDSCommand, return: , log id: 103ea2 2019-06-04 12:24:50,168+02 INFO [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] (default task-8) [6f85887f] EVENT_ID: VM_SET_TICKET(164), User m203h...@zkf200mut.prd@zkf200mut.prd initiated console session for VM W203YZ001V _______________________________________________ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/site/privacy-policy/ oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/SOJMZ74JNVNVCHM3KZHYOHBOHTMI4N66/