On Tue, Aug 16, 2011 at 03:56:48PM +0200, Ondrej Valousek wrote: > Hi list, > Ok here is the list of issues I discovered while configuring sssd against > Win2008 AD & rfc2307bis schema: > 1. If I specify both dns_discovery_domain and ldap_uri parameters > then what happens is that dns srv discovery returns a list of ldap > servers. Now if the first one found is not working, others are not > tried. I have to comment out the 'ldap_uri' parameter to make it > working correctly.
Can you paste how exactly the ldap_uri line looks? I presume you would like to try the service discovery first and if that fails, fall back to a hardcoded hostname. In that case, ldap_uri should say: ldap_uri = _srv_, adserver.example.com That should work. > > 2. SSSD is unable to detect default Kerberos realm as per /etc/krb5.conf - I > have to configure it manually > > 3. Why do we actually need to specify Kerberos realm and KDC? Isn't > /etc/krb5.conf supposed to record these kind of parameters? I think this has both historical (we used to say you don't need /etc/krb5.conf at all with SSSD) and practical reasons - there can be more SSSD domains with different realms and KDCs at the same time. > 4. authconfig is unable to configure sssd to use IPA backend provider > This was supposedly done to avoid people using authconfig-gtk to configure clients against IPAv1, but I don't remember the exact reason. Maybe someone else does? _______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
