Hello, Im wondering how we should be handing SSSD for redundant configurations on our freeipa clients. We have three freeipa servers; how can we make SSSD check another freeipa in the event that one goes down?
It appears we can do something like the following: ipa_hostname = test-freeipa-client-1.cloud.domain.de, test-freeipa-client-2.cloud.domain.de, test-freeipa-client-3.cloud.domain.de However I thought SRV records were meant to supply the magic here? Thanks, Andrew /etc/sssd/sssd.conf [domain/cloud.domain.de] cache_credentials = True krb5_store_password_if_offline = True ipa_domain = cloud.domain.de id_provider = ipa auth_provider = ipa access_provider = ipa ipa_hostname = test-freeipa-client-2.cloud.domain.de chpass_provider = ipa ipa_dyndns_update = True ipa_server = _srv_, test-freeipa-2.cloud.domain.de ldap_tls_cacert = /etc/ipa/ca.crt # For the SUDO integration sudo_provider = ldap ldap_uri = ldap://test-freeipa-1.cloud.domain.de ldap_sudo_search_base = ou=sudoers,dc=cloud,dc=domain,dc=de ldap_sasl_mech = GSSAPI ldap_sasl_authid = host/test-freeipa-client-2.cloud.domain.de ldap_sasl_realm = CLOUD.DOMAIN.DE krb5_server = test-freeipa-2.cloud.domain.de [sssd] services = nss, pam, ssh, sudo config_file_version = 2 domains = cloud.domain.de [nss] [pam] [sudo] [autofs] [ssh] [pac]
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project