[Freeipa-users] SSSD in redundant configuration
Craig White
CWhite at skytouchtechnology.com
Wed Mar 18 17:04:18 UTC 2015
From: freeipa-users-bounces at redhat.com [mailto:freeipa-users-bounces at redhat.com] On Behalf Of Andrew Holway
Sent: Wednesday, March 18, 2015 9:40 AM
To: freeipa-users at redhat.com
Subject: [Freeipa-users] SSSD in redundant configuration
Hello,
Im wondering how we should be handing SSSD for redundant configurations on our freeipa clients. We have three freeipa servers; how can we make SSSD check another freeipa in the event that one goes down?
It appears we can do something like the following:
ipa_hostname = test-freeipa-client-1.cloud.domain.de<http://test-freeipa-client-1.cloud.domain.de>, test-freeipa-client-2.cloud.domain.de<http://test-freeipa-client-2.cloud.domain.de>, test-freeipa-client-3.cloud.domain.de<http://test-freeipa-client-3.cloud.domain.de>
However I thought SRV records were meant to supply the magic here?
Thanks,
Andrew
/etc/sssd/sssd.conf
[domain/cloud.domain.de<http://cloud.domain.de>]
cache_credentials = True
krb5_store_password_if_offline = True
ipa_domain = cloud.domain.de<http://cloud.domain.de>
id_provider = ipa
auth_provider = ipa
access_provider = ipa
ipa_hostname = test-freeipa-client-2.cloud.domain.de<http://test-freeipa-client-2.cloud.domain.de>
chpass_provider = ipa
ipa_dyndns_update = True
ipa_server = _srv_, test-freeipa-2.cloud.domain.de<http://test-freeipa-2.cloud.domain.de>
ldap_tls_cacert = /etc/ipa/ca.crt
# For the SUDO integration
sudo_provider = ldap
ldap_uri = ldap://test-freeipa-1.cloud.domain.de<http://test-freeipa-1.cloud.domain.de>
ldap_sudo_search_base = ou=sudoers,dc=cloud,dc=domain,dc=de
ldap_sasl_mech = GSSAPI
ldap_sasl_authid = host/test-freeipa-client-2.cloud.domain.de<http://test-freeipa-client-2.cloud.domain.de>
ldap_sasl_realm = CLOUD.DOMAIN.DE<http://CLOUD.DOMAIN.DE>
krb5_server = test-freeipa-2.cloud.domain.de<http://test-freeipa-2.cloud.domain.de>
[sssd]
services = nss, pam, ssh, sudo
config_file_version = 2
domains = cloud.domain.de<http://cloud.domain.de>
[nss]
[pam]
[sudo]
[autofs]
[ssh]
[pac]
I think the magic you are looking for is in /etc/sssd/sssd.conf where you have…
ipa_server = _srv_, test-freeipa-2.cloud.domain.de<http://test-freeipa-2.cloud.domain.de>
and all you need is…
ipa_server = _srv_
for magic
Craig
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150318/258565ca/attachment.htm>
More information about the Freeipa-users
mailing list