|
|
|
|
|
|
|
|
|
|
xen-api
RE: [Xen-API] Authentication mismatch in API to create pool
Hi Marco,
You should use the same service-name throughout the pool. You should either:
- join the hosts to the pool first and only then enable the external
authentication on the pool running pool-enable-external-auth once; in this case
each host in the pool will have its external authentication automatically
enabled (recommended)
- enable the external authentication in each host with the same service-name
(maybe using host-enable-external-auth), and then join the hosts to the pool
After that, you can use subject-add to specify the users or groups you want to
be able to log in the pool, and subject-role-add to assign roles to them (you
need to have a role in order to be able to log in).
Btw, the PAM auth-type doesn't need the config:user param.
Cheers,
> -----Original Message-----
> From: xen-api-bounces@xxxxxxxxxxxxxxxxxxx [mailto:xen-api-
> bounces@xxxxxxxxxxxxxxxxxxx] On Behalf Of Marco Sinhoreli
> Sent: 25 November 2009 00:59
> To: xen-api
> Subject: [Xen-API] Authentication mismatch in API to create pool
>
> Hello everybody,
>
> I'm trying to create a pool with PAM authentication enabled in my XCP
> hosts. I have a rpm package used to configure the hosts. I'm running
> these commands:
>
> <code>
> xe pool-enable-external-auth auth-type=PAM config:user=xswm
> service-name=$(hostname)
> xe subject-add subject-name=xswm
> subject_uuid=$(xe subject-list | awk '/^uuid/{print $5}')
> role_uuid=$(xe role-list name=pool-operator params=uuid | awk
> '/^uuid/{print $5}')
> xe subject-role-add uuid=${subject_uuid} role-uuid=${role_uuid}
> </code>
>
> This is configured in all hosts using the same user. Looking for code
> to create pool in API, I saw this entries in file xapi_pool.ml:
>
> <code>
> debug "Verifying if external auth configuration of
> master %s (auth_type=%s service_name=%s) matches that of slave-to-be
> %s (auth-type=%s servi\
> ce_name=%s)"
> (Client.Host.get_name_label ~rpc ~session_id
> ~self:master) master_auth_type master_auth_service_name
> (Db.Host.get_name_label ~__context
> ~self:slavetobe) slavetobe_auth_type slavetobe_auth_service_name;
> if (slavetobe_auth_type <> master_auth_type)
> || (slavetobe_auth_service_name <> master_auth_service_name)
> then begin
> error "Cannot join pool whose external
> authentication configuration is different";
> raise
> (Api_errors.Server_error(Api_errors.pool_joining_external_auth_mismatch,
> []))
> end in
> </code>
>
> This check isn't let me create the pool, is returning this message:
>
> <code>
> Cannot join pool whose external authentication configuration is
> different.
> </code>
>
> Well, as I told, I have the same auth method in all hosts using and
> connecting with the same user. Is this some routine mistake or is this
> right?
>
> PS: I'm using in XenServer 5.0.0 a PAM user without problem.
>
> Cheers,
>
> --
> Marco Sinhoreli
>
> _______________________________________________
> xen-api mailing list
> xen-api@xxxxxxxxxxxxxxxxxxx
> http://lists.xensource.com/mailman/listinfo/xen-api
_______________________________________________
xen-api mailing list
xen-api@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/mailman/listinfo/xen-api
|
|
|
|
|