Dan Scott wrote: > Hi, > > On Wed, Jul 14, 2010 at 12:07, Dmitri Pal <d...@redhat.com> wrote: > >> If you use SSSD instead of pam_krb5 then kerberos configuration file is >> ignored. >> SSSD uses only the SSSD config file. >> > > Great, thanks. > > >>> The /etc/sssd/sssd.conf file contains: >>> >>> [domain/default] >>> ldap_id_use_start_tls = False >>> cache_credentials = False >>> auth_provider = krb5 >>> debug_level = 0 >>> krb5_kpasswd = ldap.example.com:749 >>> ldap_schema = rfc2307bis >>> krb5_realm = EXAMPLE.COM >>> ldap_search_base = dc=example,dc=com >>> chpass_provider = krb5 >>> id_provider = ldap >>> min_id = 500 >>> ldap_uri = ldap://ldap.example.com/ >>> krb5_kdcip = ldap.example.com:88 >>> >>> >> Shouldn't that be a fileserver1 or fileserver2? >> > > Well yes it could (should?) be, but I want 'both' so that the > redundancy works. Can I have 2 krb5_kdcip entries? If I set it to one > or the other then the redundant server won't work, will it? > > UPDATE: Have just received Jakub Hrozek email (Thanks Jakub). Adding > fileserver1, fileserver2 appears to have fixed the problem. However, > this means that I have to edit this file on all clients if I add a new > IPA server. Is there any way around this? > >
https://fedorahosted.org/sssd/ticket/367 > Thanks, > > Dan > -- Thank you, Dmitri Pal Engineering Manager IPA project, Red Hat Inc. ------------------------------- Looking to carve out IT costs? www.redhat.com/carveoutcosts/ _______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users