[Freeipa-users] LDAP based autofs map redundancy

William Muriithi william.muriithi at gmail.com
Tue Mar 14 22:36:33 UTC 2017 

Hello,

To add to previous mail, I have noticed this:

I had two IPA, hydrogen and lithium.   lithium died and will be resetting
another soon after I find why the setup isn't redundant with one IPA.  But
this line seem to be a lead

Working:
ipa_server = _srv_, hydrogen.eng.example.com

Failing:
ipa_server = _srv_, lithium.eng.example.com

Have read on that format and seem fine from the reading.  To add on that,
DNS records seem to be fine too.


; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.47.rc1.el6_8.3 <<>> SRV _ldap._
tcp.eng.example.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 2

;; QUESTION SECTION:
;_ldap._tcp.eng.example.com.    IN      SRV

;; ANSWER SECTION:
_ldap._tcp.eng.example.com. 86400 IN    SRV     0 100 389
hydrogen.eng.example.com.
_ldap._tcp.eng.example.com. 86400 IN    SRV     0 100 389
lithium.eng.example.com.

;; AUTHORITY SECTION:
eng.example.com.        86400   IN      NS      hydrogen.eng.example.com.
eng.example.com.        86400   IN      NS      lithium.eng.example.com.

;; ADDITIONAL SECTION:
lithium.eng.example.com. 1200 IN        A       192.168.20.3
hydrogen.eng.example.com. 1200 IN       A       192.168.20.1

;; Query time: 1 msec
;; SERVER: 192.168.20.1#53(192.168.20.1)
;; WHEN: Tue Mar 14 18:32:44 2017
;; MSG SIZE  rcvd: 200


What could I be missing?

Regards,
William


On 5 March 2017 at 14:59, William Muriithi <william.muriithi at gmail.com>
wrote:

> Jakub,
>
> >>
> >> It does look though like kerberos is not affected as all systems can
> >> authenticate fine, so looks like its autofs issue alone
> >>
> >> This is the error I am noticing on the logs.
> >>
> >> Mar  2 14:18:29 platinum automount[2887]: key "brad" not found in map
> source(s).
> >> Mar  2 14:19:18 platinum automount[2887]: bind_ldap_simple:
> >> lookup(ldap): Unable to bind to the LDAP server: (default), error
> >> Can't contact LDAP server
> >> Mar  2 14:19:21 platinum automount[2887]: bind_ldap_simple:
> >> lookup(ldap): Unable to bind to the LDAP server: (default), error
> >> Can't contact LDAP server
> >
> > I guess /etc/nsswitch.conf uses ldap for automount and not sssd?
> >
> Actually no.  We are using SSSD
>
> Just checked to confirm and looks like below:
>
> services:   files sss
> netgroup:   files sss
> publickey:  nisplus
> automount: sss files
> aliases:    files nisplus
> sudoers: files sss
>
> Regards,
> William
> ***********************************
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170314/655ac45c/attachment.htm>

More information about the Freeipa-users mailing list