Hash: SHA1

On 04/04/2011 03:52 PM, Sigbjorn Lie wrote:
> On 04/04/2011 09:36 PM, Stephen Gallagher wrote:
>> Hash: SHA1
>> On 04/04/2011 03:06 PM, Dmitri Pal wrote:
>>> On 04/04/2011 03:01 PM, Sigbjorn Lie wrote:
>>>> I also noticed that in /etc/sssd/sssd.conf the ipa server is specified
>>>> with:
>>>> ipa_server = _srv_, ipa01.ix.test.com
>>>> sssd doesn't resolve anything from IPA until I remove "_srv_,"
>>> Stephen, was there a recent bug on this matter in SSSD?
>> The purpose of _srv_ is to check DNS for IPA server addresses first. The
>> idea is that if you have more than one IPA server in service, then you
>> can use DNS to list all of them. Otherwise, the ipa-client-install can
>> only specify a static list of servers at the time of install. This would
>> mean that if the IPA servers changed IP addresses or new ones entered
>> production, it would be necessary to change all of the client
>> configuration files.
>> I'm puzzled why you would need to remove this, unless your DNS server is
>> returning something other than FreeIPA servers for a SRV request
>> directed at _ldap.tcp
> I have verfied that the _ldap._tcp is resolving correctly. DNS was set
> up using "ipa-server-install --setup-dns". I discovered this at the IPA
> server. This is a newly installed IPA server at RH 6.1 beta installed a
> few hours ago. No IP addresses changed.
> #  host -t srv _ldap._tcp
> _ldap._tcp.ix.test.com has SRV record 0 100 389 ipa01.ix.test.com.

Is the domain part of the client machine also ix.test.com?

The way we determine which SRV record to use is as follows:
1) If dns_discovery_domain exists in the config file, it is always used.
2) If not, first try the domain part of the machine's hostname (aka
hostname -d)
3) If that fails, try the name of the SSSD domain (in sssd.conf

IIRC ipa-client-install should set [domain/<IPA domain name>] so if
that's not the same as your DNS domain, we could be having problems.

Can we see your sssd.conf please? (feel free to sanitize as needed)

- -- 
Stephen Gallagher
RHCE 804006346421761

Delivering value year after year.
Red Hat ranks #1 in value among software vendors.
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/


Freeipa-users mailing list

Reply via email to