[Freeipa-users] FreeIPA redundant server login problems
Dmitri Pal
dpal at redhat.com
Wed Jul 14 17:43:52 UTC 2010
Dan Scott wrote:
> Hi,
>
> On Wed, Jul 14, 2010 at 12:07, Dmitri Pal <dpal at redhat.com> wrote:
>
>> If you use SSSD instead of pam_krb5 then kerberos configuration file is
>> ignored.
>> SSSD uses only the SSSD config file.
>>
>
> Great, thanks.
>
>
>>> The /etc/sssd/sssd.conf file contains:
>>>
>>> [domain/default]
>>> ldap_id_use_start_tls = False
>>> cache_credentials = False
>>> auth_provider = krb5
>>> debug_level = 0
>>> krb5_kpasswd = ldap.example.com:749
>>> ldap_schema = rfc2307bis
>>> krb5_realm = EXAMPLE.COM
>>> ldap_search_base = dc=example,dc=com
>>> chpass_provider = krb5
>>> id_provider = ldap
>>> min_id = 500
>>> ldap_uri = ldap://ldap.example.com/
>>> krb5_kdcip = ldap.example.com:88
>>>
>>>
>> Shouldn't that be a fileserver1 or fileserver2?
>>
>
> Well yes it could (should?) be, but I want 'both' so that the
> redundancy works. Can I have 2 krb5_kdcip entries? If I set it to one
> or the other then the redundant server won't work, will it?
>
> UPDATE: Have just received Jakub Hrozek email (Thanks Jakub). Adding
> fileserver1, fileserver2 appears to have fixed the problem. However,
> this means that I have to edit this file on all clients if I add a new
> IPA server. Is there any way around this?
>
>
https://fedorahosted.org/sssd/ticket/367
> Thanks,
>
> Dan
>
--
Thank you,
Dmitri Pal
Engineering Manager IPA project,
Red Hat Inc.
-------------------------------
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
More information about the Freeipa-users
mailing list