[Freeipa-users] FreeIPA redundant server login problems
Jakub Hrozek
jhrozek at redhat.com
Wed Jul 14 16:10:17 UTC 2010
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 07/14/2010 05:45 PM, Dan Scott wrote:
> [domain/default]
> ldap_id_use_start_tls = False
> cache_credentials = False
> auth_provider = krb5
> debug_level = 0
> krb5_kpasswd = ldap.example.com:749
> ldap_schema = rfc2307bis
> krb5_realm = EXAMPLE.COM
> ldap_search_base = dc=example,dc=com
> chpass_provider = krb5
> id_provider = ldap
> min_id = 500
> ldap_uri = ldap://ldap.example.com/
> krb5_kdcip = ldap.example.com:88
> ldap_tls_cacertdir = /etc/openldap/cacerts
>
> where ldap.example.com resolves to both fileserver1 and fileserver2 in
> a round-robin.
>
That sounds like https://fedorahosted.org/sssd/ticket/552 to me. Since
you have two KDCs running, can you try putting:
krb5_kdcip = fileserver1.example.com, fileserver2.example.com
into SSSD config file instead and restarting the sssd service? We don't
support fail over on multiple A records for the same hostname.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAkw94WkACgkQHsardTLnvCXLTACbBB3I23RNMyP09snSz8noHL4p
RfAAoM/5hop+X2boP8nWfyXZJTfBcDat
=hU70
-----END PGP SIGNATURE-----
More information about the Freeipa-users
mailing list