[Freeipa-users] Configuring RHEL 5 clients for automatic failover of servers
Dmitri Pal
dpal at redhat.com
Wed Apr 8 20:12:30 UTC 2015
On 04/08/2015 04:04 PM, Guertin, David S. wrote:
>
> I have a mixed environment of RHEL 5 and RHEL 6 clients, and three
> RHEL 7 IPA servers (one master and two duplicates). I'm trying to
> ensure that if one server goes down, the remain server(s) will still
> allow logins. With the RHEL 6 clients this is easy -- the line
>
> ipa_server = _srv_, server1.ipa.middlebury.edu
>
> in /etc/sssd/sssd.conf does this with the _srv_ entry, and everything
> is fine.
>
> But with the RHEL 5 clients, this doesn't work. If server 1 goes down,
> logins fail. Since RHEL 5 is using LDAP, I figured it was probably in
> the ldap_uri line in the sssd.conf file. I discovered that I could add
> multiple servers, which I did:
>
> ldap_uri = ldap://server1.ipa.middlebury.edu,
> ldap://server2.ipa.middlebury.edu, ldap://server3.ipa.middlebury.edu
>
> But this still failed. However, if I do something similar in
> /etc/ldap.conf:
>
> uri ldap://server1.ipa.middlebury.edu
> ldap://server2.ipa.middlebury.edu ldap://server3.ipa.middlebury.edu
>
> then logins work. In fact, I don't even need the change in sssd.conf.
> I can put that back the way it was, and logins still work. It's only
> the line in /etc/ldap.conf that seems to be necessary.
>
If that works it means that you are not using SSSD on RHEL5 clients.
Please check your nsswitch and pam.conf to see what modules are actually
used.
Which RHEL5 versions do you use?
If memory does not fail me if you have SSSD 1.5 (I think it was starting
5.8) you should be able to use ipa-client-install to configure sssd and
pass the list of the servers in the --server option.
> So, I have two questions:
>
> 1. Am I understanding this correctly?
>
> 2. If so, is there a way to automate this so that when I run
> ipa-client-install on my RHEL 5 clients, they get the correct LDAP
> settings from the beginning, and I don't have to go and manually edit
> the ldap.conf file?
>
> David Guertin
>
>
>
--
Thank you,
Dmitri Pal
Sr. Engineering Manager IdM portfolio
Red Hat, Inc.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150408/3c4dde2a/attachment.htm>
More information about the Freeipa-users
mailing list