Hello Everyone, I've configured IPA Locations for all our sites and added site specific IPA servers to each one. I've also configured the first few IPA clients to use only the IPA DNS servers that are in the same location as the IPA clients.
These are the three pertinant options set on the IPA clients (I left out the rest): [domain/idm.tld.com] dns_discovery_domain = idm.tld.com ipa_server = _srv_, ala-p1idma02.idm.tld.com ipa_enable_dns_sites = True The issue is that when I check which IPA server the IPA client in "ala" is connected to, it's invariably talking to one that's far away: ~$ ss -t -r state established | grep ldap 0 0 ala-ntp.tld.com:42456 ism-p1idma01.idm.tld.com:ldap If I restart sssd on the client or on the IPA server it's communicating with, the client switches to an IPA server that is in its location. However, after some time, the client once again returns to the old, far away IPA server. I've run DNS queries to confirm that location based records are being returned properly: ~$ dig -t SRV +short _ldap._tcp.idm.tld.com | sort -k 4,4n 0 100 389 ala-p1idma01.idm.tld.com. 0 100 389 ala-p1idma02.idm.tld.com. 0 100 389 ala-p1idma03.idm.tld.com. 0 100 389 ala-p1idmc01.idm.tld.com. 50 100 389 arn-p1idma01.idm.tld.com. 50 100 389 arn-p1idma02.idm.tld.com. 50 100 389 ctu-p1idma01.idm.tld.com. 50 100 389 ctu-p1idma02.idm.tld.com. 50 100 389 ism-p1idma01.idm.tld.com. 50 100 389 ism-p1idma02.idm.tld.com. 50 100 389 otp-p1idma01.idm.tld.com. 50 100 389 otp-p1idma02.idm.tld.com. 50 100 389 pek-p1idma01.idm.tld.com. 50 100 389 pek-p1idma02.idm.tld.com. 50 100 389 san-p1idma01.idm.tld.com. 50 100 389 san-p1idma02.idm.tld.com. 50 100 389 sel-p1idma01.idm.tld.com. 50 100 389 sel-p1idma02.idm.tld.com. 50 100 389 sjo-p1idma01.idm.tld.com. 50 100 389 sjo-p1idma02.idm.tld.com. 50 100 389 tok-p1idma01.idm.tld.com. 50 100 389 tok-p1idma02.idm.tld.com. 50 100 389 yow-p1idma01.idm.tld.com. 50 100 389 yow-p1idma02.idm.tld.com. 50 100 389 yow-p1idma03.idm.tld.com. 50 100 389 yow-p1idmc01.idm.tld.com. _ldap._tcp.ala._locations.idm.tld.com. Note: some clients are not in the same dns domain as the ipa domain. That's why the config snippet above had the "dns_discovery_domain" set. What I am I doing incorrectly? Why won't the IPA client machine "stay" in its location? -- Ranbir _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
