|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [Xen-API] Authentication mismatch in API to create pool
Hi Marco, You should use the same service-name throughout the pool. You should either: - join the hosts to the pool first and only then enable the external authentication on the pool running pool-enable-external-auth once; in this case each host in the pool will have its external authentication automatically enabled (recommended) - enable the external authentication in each host with the same service-name (maybe using host-enable-external-auth), and then join the hosts to the pool After that, you can use subject-add to specify the users or groups you want to be able to log in the pool, and subject-role-add to assign roles to them (you need to have a role in order to be able to log in). Btw, the PAM auth-type doesn't need the config:user param. Cheers, > -----Original Message----- > From: xen-api-bounces@xxxxxxxxxxxxxxxxxxx [mailto:xen-api- > bounces@xxxxxxxxxxxxxxxxxxx] On Behalf Of Marco Sinhoreli > Sent: 25 November 2009 00:59 > To: xen-api > Subject: [Xen-API] Authentication mismatch in API to create pool > > Hello everybody, > > I'm trying to create a pool with PAM authentication enabled in my XCP > hosts. I have a rpm package used to configure the hosts. I'm running > these commands: > > <code> > xe pool-enable-external-auth auth-type=PAM config:user=xswm > service-name=$(hostname) > xe subject-add subject-name=xswm > subject_uuid=$(xe subject-list | awk '/^uuid/{print $5}') > role_uuid=$(xe role-list name=pool-operator params=uuid | awk > '/^uuid/{print $5}') > xe subject-role-add uuid=${subject_uuid} role-uuid=${role_uuid} > </code> > > This is configured in all hosts using the same user. Looking for code > to create pool in API, I saw this entries in file xapi_pool.ml: > > <code> > debug "Verifying if external auth configuration of > master %s (auth_type=%s service_name=%s) matches that of slave-to-be > %s (auth-type=%s servi\ > ce_name=%s)" > (Client.Host.get_name_label ~rpc ~session_id > ~self:master) master_auth_type master_auth_service_name > (Db.Host.get_name_label ~__context > ~self:slavetobe) slavetobe_auth_type slavetobe_auth_service_name; > if (slavetobe_auth_type <> master_auth_type) > || (slavetobe_auth_service_name <> master_auth_service_name) > then begin > error "Cannot join pool whose external > authentication configuration is different"; > raise > (Api_errors.Server_error(Api_errors.pool_joining_external_auth_mismatch, > [])) > end in > </code> > > This check isn't let me create the pool, is returning this message: > > <code> > Cannot join pool whose external authentication configuration is > different. > </code> > > Well, as I told, I have the same auth method in all hosts using and > connecting with the same user. Is this some routine mistake or is this > right? > > PS: I'm using in XenServer 5.0.0 a PAM user without problem. > > Cheers, > > -- > Marco Sinhoreli > > _______________________________________________ > xen-api mailing list > xen-api@xxxxxxxxxxxxxxxxxxx > http://lists.xensource.com/mailman/listinfo/xen-api _______________________________________________ xen-api mailing list xen-api@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/mailman/listinfo/xen-api
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |