[Freeipa-users] Question on AD to freeipa sync
Simo Sorce
simo at redhat.com
Tue Oct 4 15:29:31 UTC 2011
On Tue, 2011-10-04 at 09:43 -0400, Stephen Gallagher wrote:
> > sssd can not detect local site automatically in AD domain (no "DC
> > locator" implemented) /
>
> Can you provide more information here? We DO have support for
> automatic
> detection based on DNS SRV records. Does a "DC locator" use some other
> mechanism?
Windows domains list all servers in SRV records, but they have a deeper
concept called "sites", where admins can tell which subset of
controllers a client should use (local to them). In order to discover
the right site you need to do additoinal CLDAP queries to AD at startup
time to find out what is the site to use and then you can query
site-specific DNS entries to find the list of DCs.
This is more complex than what we have in current SSSD and is
implemented in Samba's Winbind for example.
Simo.
>
--
Simo Sorce * Red Hat, Inc * New York
More information about the Freeipa-users
mailing list