[Freeipa-users] Active Directory Sites and IPA-AD-Trust
wouter.hummelink at kpn.com
wouter.hummelink at kpn.com
Wed Dec 16 10:33:17 UTC 2015
Hi All,
While TCPdumping logins on an IPA client using an AD account I found out that SSSD doesn't take AD Sites into account. I see a DNS lookup for _kerberos._udp.<ad.domain> and _kerberos._tcp.<ad-domain> and then a Kerberos attempt at one or more of the AD servers (both the local and non-local ones).
While this isn't a huge problem it does delay logins where communication with the AD kdc is required.
Is there a way to get sssd to use the proper site for trusted AD domains?
Met vriendelijke groet,
Wouter Hummelink
Cloud Engineer
[Description: Beschrijving: Beschrijving: cid:image003.gif at 01CC7CE9.FCFEC140]
KPN IT Solutions
Platform Organisation Cloud Services
Mail: wouter.hummelink at kpn.com<mailto:wouter.hummelink at kpn.com>
Telefoon: +31 (0)6 1288 2447
[cid:image002.png at 01D0DA65.706AE4B0]
P Save Paper - Do you really need to print this e-mail?
*********************************************************************************************************************************************************
KPN IT SOLUTIONS is de 'handelsnaam' voor KPN Corporate Market BV, Handelsregister 52959597 Amsterdam
The information transmitted is intended only for use by the addressee and may contain confidential and/or privileged material.
Any review, re-transmission, dissemination or other use of it, or the taking of any action in reliance upon this information by persons
and/or entities other than the intended recipient is prohibited. If you received this in error, please inform the sender and/or addressee immediately
and delete the material. Thank you.
*********************************************************************************************************************************************************
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20151216/440710c2/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.gif
Type: image/gif
Size: 2045 bytes
Desc: image001.gif
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20151216/440710c2/attachment.gif>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.png
Type: image/png
Size: 49569 bytes
Desc: image002.png
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20151216/440710c2/attachment.png>
More information about the Freeipa-users
mailing list