On Thu, Jul 12, 2018 at 10:21:24AM +0300, Petros Triantafyllidis via 
FreeIPA-users wrote:
> Hi all,
>   I have a small setup with two masters and several clients at one location.
> I have noticed that when the first master goes down for maintenance or
> failure, the other server is unable to authenticate users. Is there a
> setting that needs to be made in order to achieve this as long as the first
> master is off? Shouldn't this be taken care of automatically?

That depends on how the clients are configured. You'll want 
"ipa_server" option is set to "_srv_, $ipaserver", then sssd on the
client would expand the _srv_ keyword with hostnames resolved using the
DNS SRV query and should fail over between them.

If that doesn't happen, the logs should be inspected..
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/freeipa-users@lists.fedorahosted.org/message/FO3HWS22HQJRLLEFOBDF6A77MRGEGLPT/

Reply via email to