-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 07/14/2010 05:45 PM, Dan Scott wrote: > [domain/default] > ldap_id_use_start_tls = False > cache_credentials = False > auth_provider = krb5 > debug_level = 0 > krb5_kpasswd = ldap.example.com:749 > ldap_schema = rfc2307bis > krb5_realm = EXAMPLE.COM > ldap_search_base = dc=example,dc=com > chpass_provider = krb5 > id_provider = ldap > min_id = 500 > ldap_uri = ldap://ldap.example.com/ > krb5_kdcip = ldap.example.com:88 > ldap_tls_cacertdir = /etc/openldap/cacerts > > where ldap.example.com resolves to both fileserver1 and fileserver2 in > a round-robin. >
That sounds like https://fedorahosted.org/sssd/ticket/552 to me. Since you have two KDCs running, can you try putting: krb5_kdcip = fileserver1.example.com, fileserver2.example.com into SSSD config file instead and restarting the sssd service? We don't support fail over on multiple A records for the same hostname. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAkw94WkACgkQHsardTLnvCXLTACbBB3I23RNMyP09snSz8noHL4p RfAAoM/5hop+X2boP8nWfyXZJTfBcDat =hU70 -----END PGP SIGNATURE----- _______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
