In server mode, the discovery domain should be left unset in all cases as the DNS discovery is only driven by the AD domains.
https://fedorahosted.org/freeipa/ticket/3947 --- Pushed as a (tested) one-liner to master, ipa-3-3. Martin
From ad3bba0747c34e9e2fa75e76b733aacf2408135b Mon Sep 17 00:00:00 2001 From: Martin Kosek <mko...@redhat.com> Date: Thu, 3 Oct 2013 15:09:02 +0200 Subject: [PATCH] Do not set DNS discovery domain in server mode In server mode, the discovery domain should be left unset in all cases as the DNS discovery is only driven by the AD domains. https://fedorahosted.org/freeipa/ticket/3947 --- ipa-client/ipa-install/ipa-client-install | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/ipa-client/ipa-install/ipa-client-install b/ipa-client/ipa-install/ipa-client-install index 7e474bd59a850e12f1f9f2f72a81cf9a979f779a..fdfadee765b74a537a5872e13b5211a98e3d8865 100755 --- a/ipa-client/ipa-install/ipa-client-install +++ b/ipa-client/ipa-install/ipa-client-install @@ -1097,7 +1097,8 @@ def configure_sssd_conf(fstore, cli_realm, cli_domain, cli_server, options, clie domain.add_provider('ipa', 'id') #add discovery domain if client domain different from server domain - if cli_domain != client_domain: + #do not set this config in server mode (#3947) + if not options.on_master and cli_domain != client_domain: domain.set_option('dns_discovery_domain', cli_domain) if not options.on_master: -- 1.8.3.1
_______________________________________________ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel