<div dir="ltr"><div>Thanks Matthieu for reply,</div><div> I added swift role under Roles, after this error message changed to </div><div>Jun 12 03:18:30 node1 proxy-server: Authorization failed for token d2285b87bb950a416c17cccc61d5b6d4</div>
<div>Jun 12 03:18:30 node1 proxy-server: Invalid user token - deferring reject downstream</div><div>Jun 12 03:18:31 node1 proxy-server: Authorization failed for token 48c7d3e10a1ee23caea2b72a752132ba</div><div>Jun 12 03:18:31 node1 proxy-server: Invalid user token - deferring reject downstream</div>
<div>Jun 12 03:18:41 node1 proxy-server: Authorization failed for token 1f174dbadfab030ad970cc247b4fa392</div><div>Jun 12 03:18:41 node1 proxy-server: Invalid user token - deferring reject downstream</div><div>Jun 12 03:18:42 node1 proxy-server: Authorization failed for token e2e6e8b09916ac22dd714e3dbc155902</div>
<div>Jun 12 03:18:42 node1 proxy-server: Invalid user token - deferring reject downstream</div><div>now sure what is missing now ? </div></div><div class="gmail_extra"><br><br><div class="gmail_quote">On Thu, Jun 12, 2014 at 1:20 PM, Matthieu Huin <span dir="ltr"><<a href="mailto:matthieu.huin@enovance.com" target="_blank">matthieu.huin@enovance.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hello,<br>
<br>
I assume you're using Icehouse, and you configured keystone's assignment backend<br>
to use Active Directory with the ldap driver. You can either:<br>
<br>
* Create the missing roles needed by swift in AD (how to do this will depend on<br>
the schema you chose)<br>
* switch back to the default mysql backend for assignment, since this is purely<br>
specific to Openstack<br>
<br>
<br>
Matthieu Huin<br>
<br>
<a href="mailto:mhu@enovance.com">mhu@enovance.com</a><br>
<div><div class="h5"><br>
----- Original Message -----<br>
> From: "Deepak G" <<a href="mailto:deepakrghuge@gmail.com">deepakrghuge@gmail.com</a>><br>
> To: <a href="mailto:openstack@lists.openstack.org">openstack@lists.openstack.org</a><br>
> Sent: Thursday, June 12, 2014 7:46:17 AM<br>
> Subject: [Openstack] issue with swift and keystone (Active directory)<br>
><br>
> Hello,<br>
> I have configured swift with keystone (Active directory).<br>
> While creating container in swift i am getting following error.<br>
><br>
> #swift post CONTAINER_4_admin1<br>
> Container POST failed:<br>
> <a href="http://controller:8080/v1/AUTH_admin/CONTAINER_4_admin1" target="_blank">http://controller:8080/v1/AUTH_admin/CONTAINER_4_admin1</a> 401 Unauthorized<br>
> [first 60 chars of response] <html><h1>Unauthorized</h1><p>This server could<br>
> not verify t<br>
><br>
><br>
> Message in sysylog:<br>
> Jun 11 22:52:36 node1 proxy-server: Unexpected response from keystone<br>
> service: {u'error': {u'message': u'Could not find role, swift.', u'code':<br>
> 404, u'title': u'Not Found'}}<br>
> Jun 11 22:52:36 node1 proxy-server: Authorization failed for token<br>
> 9ece2e7637704563fc61eff8d53e0508<br>
> Jun 11 22:52:36 node1 proxy-server: Invalid user token - deferring reject<br>
> downstream<br>
><br>
> Am i missing anything in setup ?<br>
><br>
> - Thanks<br>
> DEEP<br>
><br>
</div></div>> _______________________________________________<br>
> Mailing list: <a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack</a><br>
> Post to : <a href="mailto:openstack@lists.openstack.org">openstack@lists.openstack.org</a><br>
> Unsubscribe : <a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack</a><br>
><br>
</blockquote></div><br></div>