On masters configure sssd to only talk to the local master rather than
having _srv_ as well. If we use _srv_ and a remote master is down the
local master will have problems as well.
ticket https://fedorahosted.org/freeipa/ticket/1187
rob
>From 994e916edf2b6206bc430ec1233578f3b1c4b753 Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcrit...@redhat.com>
Date: Mon, 20 Jun 2011 15:39:25 -0400
Subject: [PATCH] On a master configure sssd to only talk to the local master.
Otherwise it is possible for sssd to pick a different master to
communicate with via the DNS SRV records and if the remote master
goes down the local one will have problems as well.
ticket https://fedorahosted.org/freeipa/ticket/1187
---
ipa-client/ipa-install/ipa-client-install | 6 +++++-
1 files changed, 5 insertions(+), 1 deletions(-)
diff --git a/ipa-client/ipa-install/ipa-client-install b/ipa-client/ipa-install/ipa-client-install
index 3b6385e..db0970a 100755
--- a/ipa-client/ipa-install/ipa-client-install
+++ b/ipa-client/ipa-install/ipa-client-install
@@ -528,7 +528,11 @@ def configure_sssd_conf(fstore, cli_realm, cli_domain, cli_server, options):
domain = sssdconfig.new_domain(cli_domain)
domain.add_provider('ipa', 'id')
- domain.set_option('ipa_server', '_srv_, %s' % cli_server)
+ if not options.on_master:
+ domain.set_option('ipa_server', '_srv_, %s' % cli_server)
+ else:
+ # the master should only use itself for Kerberos
+ domain.set_option('ipa_server', cli_server)
domain.set_option('ipa_domain', cli_domain)
if options.hostname:
domain.set_option('ipa_hostname', options.hostname)
--
1.7.4
_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
