[Freeipa-users] SSSD Failover does not work
Stanislav Zidek
zidek at kajot.cz
Tue Feb 25 09:28:19 UTC 2014
> Date: Fri, 17 Jan 2014 09:46:08 -0500
> From: Dmitri Pal <dpal at redhat.com>
> To: freeipa-users at redhat.com
> Subject: Re: [Freeipa-users] SSSD Failover does not work
> Message-ID: <52D94230.6080108 at redhat.com>
> Content-Type: text/plain; charset=ISO-8859-1
>
> You would need to up the debug_level to 6 on SSSD, restart it, then
> simulate the situation and provide sanitized logs and sssd configuration
> file.
Hi and sorry for late reply, I've been ill and then lots of work waited
for me ;)
I tried to further debug the issue and I was able to make it work by
adding the second ipa server also to directives ldap_uri and krb5_server
(it was probably my mistake to put it only to ipa_server) - of course in
/etc/sssd/sssd.conf
Here is my working /etc/sssd/sssd.conf in case anyone finds it useful
(or someone has a comment - feel free to tell me how to make things better):
[domain/kajot.cz]
cache_credentials = True
krb5_store_password_if_offline = True
ipa_domain = kajot.cz
id_provider = ipa
auth_provider = ipa
access_provider = ipa
ldap_tls_cacert = /etc/ipa/ca.crt
ipa_hostname = <<<SERVER NAME>>>
chpass_provider = ipa
ipa_server = id1.kajot.cz, id2.kajot.cz
# For the SUDO integration
sudo_provider = ldap
ldap_uri = ldap://id1.kajot.cz, ldap://id2.kajot.cz
ldap_sudo_search_base = ou=sudoers,dc=kajot,dc=cz
ldap_sasl_mech = GSSAPI
ldap_sasl_authid = host/redmine.kajot.cz
ldap_sasl_realm = KAJOT.CZ
krb5_server = id1.kajot.cz, id2.kajot.cz
ldap_sudo_smart_refresh_interval = 120
ldap_sudo_full_refresh_interval = 300
[sssd]
services = nss, pam, ssh, sudo
config_file_version = 2
domains = kajot.cz
[nss]
[pam]
[sudo]
[autofs]
[ssh]
[pac]
P.S. I hope it gets posted to the right place, Thunderbird and digest
mode is probably not very good combination.. If it goes wrong, sorry in
advance.
S.
--
Stanislav Židek
Bezpečnostní konzultant/analytik
Security Consultant/Analyst
Technické oddělení on-line systémy
Sekce - bezpečnost
C.S.G. Software Group Limited
organizační složka
Kaštanová 64, 620 00 BRNO, CZ
IČ:27741362 DIČ:CZ27741362
Office : KAJOT Technology Center
Kaštanová 64, 620 00 BRNO, CZ
tlf: +420 515 535 134 fax: +420 515 535 134
gsm: +420 724 951 702
e-mail : zidek at kajot.cz
www.kajot.com
More information about the Freeipa-users
mailing list