[Freeipa-users] IPA server failover
Andy Thompson
Andy.Thompson at e-tcc.com
Wed Sep 23 21:56:10 UTC 2015
I've got all of my environments setup with two IPA servers. I'm fighting intermittent problems with krb5kdc crashing on them in all of my environments and I've opened a ticket with Redhat on that. What I can't figure out though is why the clients will not fail over to the second functioning server in the domain
My sssd.conf files are all pretty generic from the install with minimal modification to add a couple settings.
[domain/mhbe.lin]
cache_credentials = True
krb5_store_password_if_offline = True
ipa_domain = mhbe.lin
id_provider = ipa
auth_provider = ipa
access_provider = ipa
ipa_hostname = mdhixproddb01.mhbe.lin
chpass_provider = ipa
ipa_server = _srv_, mdhixprodipa01.mhbe.lin
ldap_tls_cacert = /etc/ipa/ca.crt
[sssd]
default_domain_suffix = mhbe.local
services = nss, sudo, pam, ssh
config_file_version = 2
domains = mhbe.lin
[nss]
default_shell = /bin/bash
homedir_substring = /home
debug_level = 7
[pam]
[sudo]
[autofs]
[ssh]
[pac]
[ifp]
I thought the _srv_ would force it to use dns and both servers are round robined when digging the _kerberos records from DNS. So I don't understand why it's not working
Thanks
-andy
*** This communication may contain privileged and/or confidential information. It is intended solely for the use of the addressee. If you are not the intended recipient, you are strictly prohibited from disclosing, copying, distributing or using any of this information. If you received this communication in error, please contact the sender immediately and destroy the material in its entirety, whether electronic or hard copy. ***
More information about the Freeipa-users
mailing list