Cannot login to RHEV as AD/IPA user even though rhevm-manage-domains reports everything is OK
Issue
- AD/IPA users cannot login via the RHEV-M UI. They get "Login failed. Please verify your login information or contact the system administrator."
engine.log
reports this:
2014-06-19 10:42:25,005 ERROR [org.ovirt.engine.core.bll.adbroker.GSSAPIDirContextAuthenticationStrategy] (ajp-/127.0.0.1:8702-9) Kerberos error: Cannot locate default realm
2014-06-19 10:42:25,006 ERROR [org.ovirt.engine.core.bll.adbroker.DirectorySearcher] (ajp-/127.0.0.1:8702-9) Failed ldap search server ldap://ipa.example.org:389 using user admin@EXAMPLE.ORG due to Kerberos error. Please check log for further details.. We should not try the next server
rhevm-manage-domains
reports the domain is valid:
# engine-manage-domains -action=validate
Domain example.org is valid.
The configured user for domain example.org is admin@EXAMPLE.ORG
Manage Domains completed successfully
Environment
- Red Hat Enterprise Virtualization (RHEV) 3.x
- AD/IPA Authentication
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.