-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 07/14/2010 05:45 PM, Dan Scott wrote:
> [domain/default]
> ldap_id_use_start_tls = False
> cache_credentials = False
> auth_provider = krb5
> debug_level = 0
> krb5_kpasswd = ldap.example.com:749
> ldap_schema = rfc2307bis
> krb5_realm = EXAMPLE.COM
> ldap_search_base = dc=example,dc=com
> chpass_provider = krb5
> id_provider = ldap
> min_id = 500
> ldap_uri = ldap://ldap.example.com/
> krb5_kdcip = ldap.example.com:88
> ldap_tls_cacertdir = /etc/openldap/cacerts
> 
> where ldap.example.com resolves to both fileserver1 and fileserver2 in
> a round-robin.
> 

That sounds like https://fedorahosted.org/sssd/ticket/552 to me. Since
you have two KDCs running, can you try putting:

krb5_kdcip = fileserver1.example.com, fileserver2.example.com

into SSSD config file instead and restarting the sssd service? We don't
support fail over on multiple A records for the same hostname.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAkw94WkACgkQHsardTLnvCXLTACbBB3I23RNMyP09snSz8noHL4p
RfAAoM/5hop+X2boP8nWfyXZJTfBcDat
=hU70
-----END PGP SIGNATURE-----

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to