On 08/16/2011 10:29 AM, Jakub Hrozek wrote: > On Tue, Aug 16, 2011 at 03:56:48PM +0200, Ondrej Valousek wrote: >> Hi list, >> Ok here is the list of issues I discovered while configuring sssd against >> Win2008 AD & rfc2307bis schema: >> 1. If I specify both dns_discovery_domain and ldap_uri parameters >> then what happens is that dns srv discovery returns a list of ldap >> servers. Now if the first one found is not working, others are not >> tried. I have to comment out the 'ldap_uri' parameter to make it >> working correctly. > Can you paste how exactly the ldap_uri line looks? I presume you would > like to try the service discovery first and if that fails, fall back to > a hardcoded hostname. In that case, ldap_uri should say: > > ldap_uri = _srv_, adserver.example.com > > That should work. > >> 2. SSSD is unable to detect default Kerberos realm as per /etc/krb5.conf - I >> have to configure it manually >> >> 3. Why do we actually need to specify Kerberos realm and KDC? Isn't >> /etc/krb5.conf supposed to record these kind of parameters? > I think this has both historical (we used to say you don't need > /etc/krb5.conf at all with SSSD) and practical reasons - there can be more > SSSD domains with different realms and KDCs at the same time. > >> 4. authconfig is unable to configure sssd to use IPA backend provider >> > This was supposedly done to avoid people using authconfig-gtk to > configure clients against IPAv1, but I don't remember the exact reason.
Historically when the authconfig design was done there was no released IPA product of the v2 level in Fedora or RHEL. I thought 6.1 authconfig was enhance to configure sssd but AFAIR Kerberos and LDAP not IPA. If this is the case we need to file an ER. > Maybe someone else does? > > _______________________________________________ > Freeipa-users mailing list > Freeipafirstname.lastname@example.org > https://www.redhat.com/mailman/listinfo/freeipa-users -- Thank you, Dmitri Pal Sr. Engineering Manager IPA project, Red Hat Inc. ------------------------------- Looking to carve out IT costs? www.redhat.com/carveoutcosts/ _______________________________________________ Freeipa-users mailing list Freeipaemail@example.com https://www.redhat.com/mailman/listinfo/freeipa-users