[Freeipa-users] Configuring RHEL 5 clients for automatic failover of servers
Guertin, David S.
guertin at middlebury.edu
Wed Apr 8 20:04:33 UTC 2015
I have a mixed environment of RHEL 5 and RHEL 6 clients, and three RHEL 7 IPA servers (one master and two duplicates). I'm trying to ensure that if one server goes down, the remain server(s) will still allow logins. With the RHEL 6 clients this is easy -- the line
ipa_server = _srv_, server1.ipa.middlebury.edu
in /etc/sssd/sssd.conf does this with the _srv_ entry, and everything is fine.
But with the RHEL 5 clients, this doesn't work. If server 1 goes down, logins fail. Since RHEL 5 is using LDAP, I figured it was probably in the ldap_uri line in the sssd.conf file. I discovered that I could add multiple servers, which I did:
ldap_uri = ldap://server1.ipa.middlebury.edu, ldap://server2.ipa.middlebury.edu, ldap://server3.ipa.middlebury.edu
But this still failed. However, if I do something similar in /etc/ldap.conf:
uri ldap://server1.ipa.middlebury.edu ldap://server2.ipa.middlebury.edu ldap://server3.ipa.middlebury.edu
then logins work. In fact, I don't even need the change in sssd.conf. I can put that back the way it was, and logins still work. It's only the line in /etc/ldap.conf that seems to be necessary.
So, I have two questions:
1. Am I understanding this correctly?
2. If so, is there a way to automate this so that when I run ipa-client-install on my RHEL 5 clients, they get the correct LDAP settings from the beginning, and I don't have to go and manually edit the ldap.conf file?
David Guertin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150408/8b9f06ff/attachment.htm>
More information about the Freeipa-users
mailing list