Hello ,
I think I resolved this issue. It is dig response when resolving the domain
name!
CentOS-7 - bind-utils-9.11.4-16.P2.el7_8.6.x86_64; Windows AD level 2008R2; in
my case dig returns answer with
;; ANSWER SECTION:
mb118.local. 600 IN A 192.168.1.7
IP address returned is address of DC
CentOS-8 - bind-utils-9.11.20-5.el8.x86_64; Same Domain Controller; dig returns
answer without ;;ANSWER SECTION e.g. IP address of DC cannot be identified.
The solution is to add directive '+nocookie', after '+tcp' in the file
/usr/share/ovirt-engine-extension-aaa-ldap/setup/plugins/ovirt-engine-extension-aaa-ldap/ldap/common.py
The section starts at line 144:
@staticmethod
def _resolver(plugin, record, what):
rc, stdout, stderr = plugin.execute(
args=(
(
plugin.command.get('dig'),
'+noall',
'+answer',
'+tcp',
'+nocookie',
what,
record
)
),
)
return stdout
With this change execution of ovirt-engine-extension-aaa-ldap-setup completes
successfully and joins fresh install of oVirt 4.4 to Active Directory.
If level of AD is 2016 '+nocookie' change is not needed.
Happy holydays to all of you!
Stay safe!
Thank you!
Best,
Latcho
From: Latchezar Filtchev
Sent: Tuesday, November 24, 2020 10:31 AM
To: users@ovirt.org
Subject: oVirt 4.4 and Active directory
Hello All,
Fresh standalone installation of oVirt 4.3 (CentOS 7) . Execution of
ovirt-engine-extension-aaa-ldap-setup completes normally and DC is connected to
AD (Domain functional level: Windows Server 2008 ).
On the same hardware fresh standalone installation of oVirt 4.4.
Installation of engine completed with warning:
2020-11-23 14:50:46,159+0200 WARNING
otopi.plugins.ovirt_engine_common.base.network.hostname
hostname._validateFQDNresolvability:308 Failed to resolve 44-8.mb118.local
using DNS, it can be resolved only locally
Despite warning engine portal is resolvable after installation.
Execution of ovirt-engine-extension-aaa-ldap-setup ends with:
[ INFO ] Stage: Environment customization
Welcome to LDAP extension configuration program
Available LDAP implementations:
1 - 389ds
2 - 389ds RFC-2307 Schema
3 - Active Directory
4 - IBM Security Directory Server
5 - IBM Security Directory Server RFC-2307 Schema
6 - IPA
7 - Novell eDirectory RFC-2307 Schema
8 - OpenLDAP RFC-2307 Schema
9 - OpenLDAP Standard Schema
10 - Oracle Unified Directory RFC-2307 Schema
11 - RFC-2307 Schema (Generic)
12 - RHDS
13 - RHDS RFC-2307 Schema
14 - iPlanet
Please select: 3
Please enter Active Directory Forest name: mb118.local
[ INFO ] Resolving Global Catalog SRV record for mb118.local
[WARNING] Cannot resolve Global Catalog SRV record for mb118.local. Please
check you have entered correct Active Directory forest name and check that
forest is resolvable by your system DNS servers
[ ERROR ] Failed to execute stage 'Environment customization': Active Directory
forest is not resolvable, please make sure you've entered correct forest name.
If for some reason you can't use forest and you need some special configuration
instead, please refer to examples directory provided by
ovirt-engine-extension-aaa-ldap package.
[ INFO ] Stage: Clean up
Log file is available at
/tmp/ovirt-engine-extension-aaa-ldap-setup-20201123113909-bj749k.log:
[ INFO ] Stage: Pre-termination
[ INFO ] Stage: Termination
Can someone advise on this?
Thank you!
Best,
Latcho
_______________________________________________
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct:
https://www.ovirt.org/community/about/community-guidelines/
List Archives:
https://lists.ovirt.org/archives/list/users@ovirt.org/message/XLPLDG4SH7HDY2F5C62ILUZX5ZDTGKEA/
