[Freeipa-users] Setting up clients to use replica server

Megan . nagemnna at gmail.com
Fri Nov 21 01:07:05 UTC 2014 

Good Evening!

We are using 3.0.0-42 on Centos 6.6.  I am not using NTP or DNS (we
are not allowed to run these services in our environment.)

I configured the replica using the directions at
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Identity_Management_Guide/installing-replica.html


I'm trying to configure my clients to failover to the replica.  I
believe I have my sssd.conf correct but i can't figure out the proper
syntax for the krb5.conf.  Is there documentation somewhere that I can
use?  I tried placing to kdc =  in the file with dir1 and dir2, but it
didn't work.  Any help is greatly appreciated.


My sssd.conf

[domain/MYDOMAIN.COM]
cache_credentials = True
krb5_store_password_if_offline = True
ipa_domain = MYDOMAIN.COM
id_provider = ipa
auth_provider = ipa
access_provider = ipa
ldap_tls_cacert = /etc/ipa/ca.crt
ipa_hostname = db2-uat.mydomain.com
chpass_provider = ipa
ipa_server = _srv_, dir1.mydomain.com, dir2.mydomain.com
dns_discovery_domain = MYDOMAIN.COM
sudo_provider = ldap
ldap_uri = ldap://dir1.mydomain.com, ldap://dir2.mydomain.com
ldap_sudo_search_base = ou=sudoers,dc=mydomain,dc=com
ldap_sasl_mech = GSSAPI
ldap_sasl_authid = host/db2-uat.mydomain.com
ldap_sasl_realm = MYDOMAIN.COM
krb5_server = dir1.mydomain.com, dir2.mydomain.com
[sssd]
services = nss, pam, ssh, sudo
config_file_version = 2
domains = MYDOMAIN.COM
[nss]
[pam]
[sudo]
debug_level = 5
[autofs]
[ssh]
[pac]






my krb5.conf

includedir /var/lib/sss/pubconf/krb5.include.d/
[logging]
 default = FILE:/var/log/krb5libs.log
 kdc = FILE:/var/log/krb5kdc.log
 admin_server = FILE:/var/log/kadmind.log

[libdefaults]
 default_realm = MYDOMAIN.COM
 dns_lookup_realm = false
 dns_lookup_kdc = true
 rdns = false
 ticket_lifetime = 24h
 forwardable = yes

[realms]
 MYDOMAIN.COM = {
  kdc = dir1.mydomain.com:88
  master_kdc = dir1.mydomain.com:88
  admin_server = dir1.mydomain.com:749
  default_domain = mydomain.com
  pkinit_anchors = FILE:/etc/ipa/ca.crt

}

[domain_realm]
 .mydomain.com = MYDOMAIN.COM
 mydomain.com = MYDOMAIN.COM

[dbmodules]
  MYDOMAIN.COM = {
    db_library = ipadb.so
  }

More information about the Freeipa-users mailing list