A while back, I had reconfigured my oVirt engine to auth based on my
Samba AD server, and everything was working perfectly fine. oVirt
version 4.3.10.4-1.
Today, I tried to login with my account into engine and I see:
server_error: The connection reader was unable to successfully complete
TLS negotiation:
SSLHandshakeException(sun.security.validator.ValidatorException: No
trusted certificate found), ldapSDKVersion=4.0.7,
revision=b28fb50058dfe2864171df2448ad2ad2b4c2ad58
I recently added a secondary domain controller with Samba, and I realize
now that there is an error. Since I didn't pre-initialize samba with a
TLS certificate, it generated a new CA, and certificate and key for the
second server. Since I'm not using the same CA as the first server,
ovirt engine (which only has the CA of the first server) won't be able
to talk to the second server... no problem.... I will fix that eventually.
However, when I re-ran "ovirt-engine-extension-aaa-ldap-setup", and
followed the exact steps I did before, ovirt is connecting to the first
server, failing with the above error, then connecting to the second
server, and the same error. The CA hasn't changed for the first server,
nor has the certificate/key. I verified that the CA certificate that I
am giving ovirt is matching with the exact CA certificate of the first
server.
How can I debug further?
Jason.
_______________________________________________
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct:
https://www.ovirt.org/community/about/community-guidelines/
List Archives:
https://lists.ovirt.org/archives/list/users@ovirt.org/message/YL54RUH43FH64GJITZFRSZZEDIKRGIAB/
