(Openstack-Keystone)Regarding Authentication issue of one user while login to Open Stack using AD password
Adivya Singh
adivya1.singh at gmail.com
Wed Nov 9 03:28:01 UTC 2022
Hi Eugen,
There is a user whose attributes got changed in AD because of Last Name
change, but the AD domain name remains the name, that triggered the issue
i think deleting from the Database will have no issue, but i will check it
down
Regards
Adivya Singh
On Tue, Nov 8, 2022 at 8:07 PM Eugen Block <eblock at nde.ag> wrote:
> That table is populated by keystone, I'm not sure if modifying the
> database is the right approach here. If you check
>
> control01:~ # openstack user list --long --domain <DOMAIN>
>
> you should see the affected (non-local) user there, correct? I'm not
> sure if it's a good idea and what the consequences would be if you
> tried to delete the user with the openstack cli. Depending on the
> configs keystone could actually delete it from the AD backend, but as
> I said, I'm not sure what will happen, so be careful. Just to compare,
> what do your keystone configs look like, especially these two sections:
>
> [assignment]
> [identity]
>
> We use LDAP as backend for non-local users (but I'm not an admin) so
> it should be a similar setup. Our identity section looks like this:
>
> [identity]
> domain_specific_drivers_enabled = true
> domain_configurations_from_database = true
> driver = sql
>
> and this is the assignment section:
>
> [assignment]
> driver = sql
>
> Do you know any history with this specific user why it stopped working?
>
>
> Zitat von Adivya Singh <adivya1.singh at gmail.com>:
>
> > hi Eugen,
> >
> > I checked and I did not find a duplicate entry from the AD side.
> >
> > What i tried, was delete all the resources which are with the user, and
> > delete the project id and re register the user again, but it does not
> work
> >
> > Also i tried to delete the project for the user id, and try to login for
> > that user name but same error
> >
> > What i found is still there is a entry in Keystone Database , in a
> non_user
> > local table for the user.
> >
> > Can i manually delete from the Database, or is there any way from Open
> > stack to delete a non_local user
> >
> > Regards
> > Adivya Singh
> >
> > On Mon, Nov 7, 2022 at 8:16 PM Adivya Singh <adivya1.singh at gmail.com>
> wrote:
> >
> >> Ok, I will check.
> >>
> >> On Sat, Nov 5, 2022 at 12:33 AM Eugen Block <eblock at nde.ag> wrote:
> >>
> >>> I know nothing about AD, I’m afraid. But where exactly do you see that
> >>> message? Is it in keystone or AD? Anyway, you seem to have a duplicate
> >>> entry (somewhere), so check the keystone database and the AD entries
> >>> and compare (with working users).
> >>>
> >>> Zitat von Adivya Singh <adivya1.singh at gmail.com>:
> >>>
> >>> > Hi Eugen,
> >>> >
> >>> > I see the below error while authenticating
> >>> > Conflict occurred attempting to store nonlocal_user - Duplicate entry
> >>> found
> >>> > with name <userid> at domain ID
> >>> >
> >>> > How can we fix this?
> >>> >
> >>> > Regards
> >>> > Adivya Singh
> >>> >
> >>> > On Fri, Nov 4, 2022 at 6:13 PM Adivya Singh <adivya1.singh at gmail.com
> >
> >>> wrote:
> >>> >
> >>> >> Hi Eugen,
> >>> >>
> >>> >> All the users are AD based authentication, but this user only
> facing a
> >>> >> problem
> >>> >> Trying to Find out the AD Team , what happened all of a sudden for
> this
> >>> >> user
> >>> >>
> >>> >> Regards
> >>> >> Adivya Singh
> >>> >>
> >>> >> R
> >>> >>
> >>> >>
> >>> >> On Fri, Nov 4, 2022 at 2:06 PM Eugen Block <eblock at nde.ag> wrote:
> >>> >>
> >>> >>> I assume this isn't the only user trying to login from AD, correct?
> >>> >>> Then compare the properties/settings between a working and the
> >>> >>> non-working user, you should probably find something. Also enable
> >>> >>> debug logs in keystone to find more details. And by "all of a
> sudden"
> >>> >>> you mean that it worked before? So what changed between then and
> now?
> >>> >>>
> >>> >>> Zitat von Adivya Singh <adivya1.singh at gmail.com>:
> >>> >>>
> >>> >>> > Hi Team,
> >>> >>> >
> >>> >>> > There is one issue , where a user is getting " Authenticated
> >>> Failure"
> >>> >>> all
> >>> >>> > of a sudden, and this user is the only user who is facing this
> >>> problem.
> >>> >>> >
> >>> >>> > I tried to disable and enable the project if, Check the logs but
> do
> >>> not
> >>> >>> > found anything related to Keystone authentication
> >>> >>> >
> >>> >>> > Delete the Project id and Create it again , Results are same ,
> Any
> >>> >>> insights
> >>> >>> > what i can do more to fix this issue
> >>> >>> >
> >>> >>> > Regards
> >>> >>> > Adivya Singh
> >>> >>>
> >>> >>>
> >>> >>>
> >>> >>>
> >>> >>>
> >>>
> >>>
> >>>
> >>>
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.openstack.org/pipermail/openstack-discuss/attachments/20221109/945b41c9/attachment.htm>
More information about the openstack-discuss
mailing list