Hi, On Wed, Jul 14, 2010 at 12:07, Dmitri Pal <[email protected]> wrote: > If you use SSSD instead of pam_krb5 then kerberos configuration file is > ignored. > SSSD uses only the SSSD config file.
Great, thanks. >> The /etc/sssd/sssd.conf file contains: >> >> [domain/default] >> ldap_id_use_start_tls = False >> cache_credentials = False >> auth_provider = krb5 >> debug_level = 0 >> krb5_kpasswd = ldap.example.com:749 >> ldap_schema = rfc2307bis >> krb5_realm = EXAMPLE.COM >> ldap_search_base = dc=example,dc=com >> chpass_provider = krb5 >> id_provider = ldap >> min_id = 500 >> ldap_uri = ldap://ldap.example.com/ >> krb5_kdcip = ldap.example.com:88 >> > > Shouldn't that be a fileserver1 or fileserver2? Well yes it could (should?) be, but I want 'both' so that the redundancy works. Can I have 2 krb5_kdcip entries? If I set it to one or the other then the redundant server won't work, will it? UPDATE: Have just received Jakub Hrozek email (Thanks Jakub). Adding fileserver1, fileserver2 appears to have fixed the problem. However, this means that I have to edit this file on all clients if I add a new IPA server. Is there any way around this? Thanks, Dan _______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
