[Freeipa-users] FreeIPA redundant server login problems
Dan Scott
danieljamesscott at gmail.com
Wed Jul 14 16:17:38 UTC 2010
Hi,
On Wed, Jul 14, 2010 at 12:07, Dmitri Pal <dpal at redhat.com> wrote:
> If you use SSSD instead of pam_krb5 then kerberos configuration file is
> ignored.
> SSSD uses only the SSSD config file.
Great, thanks.
>> The /etc/sssd/sssd.conf file contains:
>>
>> [domain/default]
>> ldap_id_use_start_tls = False
>> cache_credentials = False
>> auth_provider = krb5
>> debug_level = 0
>> krb5_kpasswd = ldap.example.com:749
>> ldap_schema = rfc2307bis
>> krb5_realm = EXAMPLE.COM
>> ldap_search_base = dc=example,dc=com
>> chpass_provider = krb5
>> id_provider = ldap
>> min_id = 500
>> ldap_uri = ldap://ldap.example.com/
>> krb5_kdcip = ldap.example.com:88
>>
>
> Shouldn't that be a fileserver1 or fileserver2?
Well yes it could (should?) be, but I want 'both' so that the
redundancy works. Can I have 2 krb5_kdcip entries? If I set it to one
or the other then the redundant server won't work, will it?
UPDATE: Have just received Jakub Hrozek email (Thanks Jakub). Adding
fileserver1, fileserver2 appears to have fixed the problem. However,
this means that I have to edit this file on all clients if I add a new
IPA server. Is there any way around this?
Thanks,
Dan
More information about the Freeipa-users
mailing list