[Freeipa-users] Configuring RHEL 5 clients for automatic failover of servers
Rob Crittenden
rcritten at redhat.com
Wed Apr 8 20:09:26 UTC 2015
Guertin, David S. wrote:
> I have a mixed environment of RHEL 5 and RHEL 6 clients, and three RHEL
> 7 IPA servers (one master and two duplicates). I'm trying to ensure that
> if one server goes down, the remain server(s) will still allow logins.
> With the RHEL 6 clients this is easy -- the line
>
>
>
> ipa_server = _srv_, server1.ipa.middlebury.edu
>
>
>
> in /etc/sssd/sssd.conf does this with the _srv_ entry, and everything is
> fine.
>
>
>
> But with the RHEL 5 clients, this doesn't work. If server 1 goes down,
> logins fail. Since RHEL 5 is using LDAP, I figured it was probably in
> the ldap_uri line in the sssd.conf file. I discovered that I could add
> multiple servers, which I did:
>
>
>
> ldap_uri = ldap://server1.ipa.middlebury.edu,
> ldap://server2.ipa.middlebury.edu, ldap://server3.ipa.middlebury.edu
>
>
>
> But this still failed. However, if I do something similar in /etc/ldap.conf:
>
>
>
> uri ldap://server1.ipa.middlebury.edu
> ldap://server2.ipa.middlebury.edu ldap://server3.ipa.middlebury.edu
>
>
>
> then logins work. In fact, I don't even need the change in sssd.conf. I
> can put that back the way it was, and logins still work. It's only the
> line in /etc/ldap.conf that seems to be necessary.
>
>
>
> So, I have two questions:
>
>
>
> 1. Am I understanding this correctly?
>
>
>
> 2. If so, is there a way to automate this so that when I run
> ipa-client-install on my RHEL 5 clients, they get the correct LDAP
> settings from the beginning, and I don't have to go and manually edit
> the ldap.conf file?
I think the SSSD guys are going to want to see your full sssd.conf.
An ipaclient-install.log for one of these clients might be handy too so
we can discern how you are configuring the client.
rob
More information about the Freeipa-users
mailing list