[Freeipa-users] krb5_server in sssd.conf after ipa-server-install
Alexander Bokovoy
abokovoy at redhat.com
Sun Mar 13 13:34:27 UTC 2016
On Sun, 13 Mar 2016, lejeczek wrote:
>IPA install process configured in sssd.conf:
>[domain/new.Domain]
>cache_credentials = True
>krb5_store_password_if_offline = True
>ipa_domain = newDomain
>id_provider = ipa
>...
>...
>[domain/default] # < this is ldap that existed before, kbr5 related
>options are new additions
>autofs_provider = ldap
>cache_credentials = True
>krb5_realm = new.Domain
>ldap_search_base = dc=old,dc=domain
>id_provider = ldap
>krb5_server = a.host
>
>[sssd]
>services = nss, sudo, pam, autofs, ssh
>config_file_version = 2
>domains =new.Domain
>
>so here I wonder, what's the meaning of kbr5 related options and why
>install process put it into default domain which it did not include
>later in sssd section.
FreeIPA installer doesn't touch 'default' domain section at all. It
always operates on the section named 'domain/<domain name>'.
It also adds 'krb5_realm' line only in case your <domain name> and realm
are different. For example, if you have DNS domain example.com and
Kerberos realm EXAMPLE.NET, then [domain/example.com] will get
krb5_realm = EXAMPLE.NET
added to the section.
Looks like you had something previously on this machine using SSSD and
configuring it with [domain/default] section.
--
/ Alexander Bokovoy
More information about the Freeipa-users
mailing list