[Freeipa-users] SSSD in redundant configuration
Andrew Holway
andrew.holway at gmail.com
Thu Mar 19 14:51:48 UTC 2015
I am having problems with sudo and using _srv_ in the sssd config.
This works:
# For the SUDO integration
sudo_provider = ldap
ldap_uri = ldap://test-freeipa-1.cloud.domain.de
ldap_sudo_search_base = ou=sudoers,dc=cloud,dc=native-instruments,dc=de
ldap_sasl_mech = GSSAPI
ldap_sasl_authid = host/test-freeipa-client-3.cloud.domain.de
ldap_sasl_realm = CLOUD.DOMAIN.DE
krb5_server = test-freeipa-2.cloud.domain.de
This does not work:
# For the SUDO integration
sudo_provider = ldap
ldap_uri = _srv_
ldap_sudo_search_base = ou=sudoers,dc=cloud,dc=domain,dc=de
ldap_sasl_mech = GSSAPI
ldap_sasl_authid = host/test-freeipa-client-3.cloud.domain.de
ldap_sasl_realm = CLOUD.DOMAIN.DE
krb5_server = _srv_
Thanks,
Andrew
On 19 March 2015 at 10:29, Jakub Hrozek <jhrozek at redhat.com> wrote:
> On Thu, Mar 19, 2015 at 08:42:42AM +0100, Andrew Holway wrote:
> > Cool stuff. Thanks.
> >
> > I had a look at our SRV records and found the following:
> > _kerberos-master._tcp
> > _kerberos-master._udp
> > _kerberos._tcp
> > _kerberos._udp
> > _kpasswd._tcp
> > _kpasswd._udp
> > _ldap._tcp
> > _ntp._udp
> >
> > No mention of and ipa srv records. Does sssd use _ldap._tcp?
>
> Yes, for the IPA back end it does.
>
> For the AD back end we use the special MS records for looking up sites
> or Global Catalog servers, but for IPA we stick to the standard
> services.
>
> --
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150319/78e7fa4b/attachment.htm>
More information about the Freeipa-users
mailing list