[Freeipa-users] SSSD in redundant configuration - part 2
Andrew Holway
andrew.holway at gmail.com
Fri Mar 20 15:05:56 UTC 2015
Hi,
I am having one of those really annoying pesky troubles.
I add clients to freeipa but the first time I am logging in and trying to
sudo with my freeipa credentials the sudo is not working. If I restart the
SSSD process this usually fixes it but not always. Im going to try and do
some systematic tests and collect some logs but I thought someone might
have a clue.
I noticed that when I was using "ldap_uri = _srv_" vs "ldap_uri =
ldap://address" I was getting the same problem so I am thinking its a DNS
lookup glitch?
Cheers,
Andrew
[domain/cloud.domain.de]
cache_credentials = True
krb5_store_password_if_offline = True
ipa_domain = cloud.domain.de
id_provider = ipa
auth_provider = ipa
access_provider = ipa
ipa_hostname = test-freeipa-client-3.cloud.domain.de
chpass_provider = ipa
ipa_dyndns_update = True
#check DNS SRV record for ipa service location.
ipa_server = _srv_
ldap_tls_cacert = /etc/ipa/ca.crt
# For the SUDO integration
sudo_provider = ipa
#ldap_uri = _srv_
#ldap_sudo_search_base = ou=sudoers,dc=cloud,dc=domain,dc=de
#ldap_sasl_mech = GSSAPI
#ldap_sasl_authid = host/test-freeipa-client-3.cloud.domain.de
#ldap_sasl_realm = CLOUD.DOMAIN.DE
#krb5_server = _srv_
debug_level = 9
[sssd]
services = nss, pam, ssh, sudo
config_file_version = 2
domains = cloud.domain.de
debug_level = 9
[nss]
[pam]
[sudo]
[autofs]
[ssh]
[pac]
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150320/78760a2d/attachment.htm>
More information about the Freeipa-users
mailing list