[Philipp Kern] > I do see (3) "adhere to standards and prefer SRV records, requiring > manual configurations on sites that screwed up".
This is really false dichtonomy, as it is not a question of adhering to standards, but which setup should have priority regarding these standards. For uio.no, Windows and Active Directory got priority for the SRV records, and Linux machines can not use these to locate the LDAP and Kerberos servers. IF they try, they get the AD LDAP server and the AD Kerberos server, and the AD LDAP server do not contain the required LDAP objects needed by NSS. This will be the case for many sites, as most sites have more Windows clients than Linux clients. Windows got the SRV records in DNS, and Linux machines will not get them if they tried. So a different alternative is needed to be able to automatically configure both Linux and Windows clients, I choose to use the setup currently in place here at the university of Oslo, where Linux machines got DNS CNAMEs and AD got SRV records. > Could you enlighten me how this affects Debian Edu in general? I do > realize that uio.no might not work with this setup. The sssd package for Debian Edu will probably work with both if the main-server is Squeeze based, but will not work if the server is Lenny based, as some of the SRV records were not present or incorrect (unused, untested, bug discovered while working on the Squeeze version) in Lenny. Happy hacking, -- Petter Reinholdtsen -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]
