Good afternoon. In each region, I have a couple of controllers (windows and ipa). With the authorization server in the logs ipa (sssd log) I find that the request is not for the neighbor by location windows server, and randomly throughout the forest. Tell me is there a way to explicitly specify the IPA server on windows DC. Logs attached. there somewhere documentation about?
next to the IPA server pk529ad-dc01.sys.local IPA server and knocks pk429ad-dc01.sys.local to another region
[sssd[be[ipa.sys.local]]] [be_get_account_info] (0x0100): Got request for [4097][1][name=vccs] [sssd[be[ipa.sys.local]]] [fo_resolve_service_send] (0x0100): Trying to resolve service 'sys.local' [sssd[be[ipa.sys.local]]] [resolve_srv_send] (0x0200): The status of SRV lookup is neutral [sssd[be[ipa.sys.local]]] [resolv_getsrv_send] (0x0100): Trying to resolve SRV record of '_ldap._tcp.sys.local' [sssd[be[ipa.sys.local]]] [resolv_gethostbyname_files_send] (0x0100): Trying to resolve A record of 'pk429ad-dc01.sys.local' in files [sssd[be[ipa.sys.local]]] [resolv_gethostbyname_files_send] (0x0100): Trying to resolve AAAA record of 'pk429ad-dc01.sys.local' in files [sssd[be[ipa.sys.local]]] [resolv_gethostbyname_next] (0x0200): No more address families to retry [sssd[be[ipa.sys.local]]] [resolv_gethostbyname_dns_query] (0x0100): Trying to resolve A record of 'pk429ad-dc01.sys.local' in DNS [sssd[be[ipa.sys.local]]] [fo_resolve_service_timeout] (0x0080): Service resolving timeout reached [sssd[be[ipa.sys.local]]] [sdap_id_op_connect_done] (0x0020): Failed to connect, going offline (5 [Input/output error]) [sssd[be[ipa.sys.local]]] [be_run_offline_cb] (0x0080): Going offline. Running callbacks. [sssd[be[ipa.sys.local]]] [ipa_get_ad_acct_ad_part_done] (0x0040): AD lookup failed: 11 [sssd[be[ipa.sys.local]]] [ipa_account_info_error_text] (0x0020): Bug: dp_error is OK on failed request [sssd[be[ipa.sys.local]]] [acctinfo_callback] (0x0100): Request processed. Returned 3,11,Account info lookup failed [sssd[be[ipa.sys.local]]] [remove_krb5_info_files] (0x0200): Could not remove [/var/lib/sss/pubconf/kpasswdinfo.IPA.SYS.LOCAL], [2][No such file or directory]
WINDOWS [root@pk529ipa01 ~]# dig SRV _ldap._tcp.sys.local ; <<>> DiG 9.9.3-rl.13207.22-P2-RedHat-9.9.3-5.P2.fc19 <<>> SRV _ldap._tcp.sys.l ocal ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30812 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 14, AUTHORITY: 0, ADDITIONAL: 15 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4000 ;; QUESTION SECTION: ;_ldap._tcp.sys.local. IN SRV ;; ANSWER SECTION: _ldap._tcp.sys.local. 600 IN SRV 0 100 389 pk529ad-dc02.sys.local . _ldap._tcp.sys.local. 600 IN SRV 0 100 389 pk329ad-dc02.sys.local . _ldap._tcp.sys.local. 600 IN SRV 0 100 389 p0029ad-dc02.sys.local . _ldap._tcp.sys.local. 600 IN SRV 0 100 389 pk529ad-dc01.sys.local . _ldap._tcp.sys.local. 600 IN SRV 0 100 389 pk229ad-dc01.sys.local . _ldap._tcp.sys.local. 600 IN SRV 0 100 389 pk429ad-dc02.sys.local . _ldap._tcp.sys.local. 600 IN SRV 0 100 389 pk329ad-dc01.sys.local . _ldap._tcp.sys.local. 600 IN SRV 0 100 389 pk629ad-dc01.sys.local . _ldap._tcp.sys.local. 600 IN SRV 0 100 389 p0029ad-dc01.sys.local . _ldap._tcp.sys.local. 600 IN SRV 0 100 389 pk729ad-dc01.sys.local . _ldap._tcp.sys.local. 600 IN SRV 0 100 389 pk729ad-dc02.sys.local . _ldap._tcp.sys.local. 600 IN SRV 0 100 389 pk629ad-dc02.sys.local . _ldap._tcp.sys.local. 600 IN SRV 0 100 389 pk429ad-dc01.sys.local . _ldap._tcp.sys.local. 600 IN SRV 0 100 389 pk229ad-dc02.sys.local . ;; ADDITIONAL SECTION: pk529ad-dc02.sys.local. 3600 IN A 172.21.167.135 pk329ad-dc02.sys.local. 1200 IN A 172.21.71.135 p0029ad-dc02.sys.local. 3600 IN A 192.168.226.61 pk529ad-dc01.sys.local. 3600 IN A 172.21.167.134 pk229ad-dc01.sys.local. 3600 IN A 172.21.7.134 pk429ad-dc02.sys.local. 3600 IN A 172.21.135.135 pk329ad-dc01.sys.local. 3600 IN A 172.21.71.134 pk629ad-dc01.sys.local. 3600 IN A 172.21.39.134 p0029ad-dc01.sys.local. 3600 IN A 192.168.226.60 pk729ad-dc01.sys.local. 3600 IN A 172.21.103.134 pk729ad-dc02.sys.local. 3600 IN A 172.21.103.135 pk629ad-dc02.sys.local. 3600 IN A 172.21.39.135 pk429ad-dc01.sys.local. 3600 IN A 172.21.135.134 pk229ad-dc02.sys.local. 3600 IN A 172.21.7.135 ;; Query time: 8 msec ;; SERVER: 172.21.167.134#53(172.21.167.134) ;; WHEN: Fri Oct 11 13:21:05 MSK 2013 ;; MSG SIZE rcvd: 861 IPA [root@pk529ipa01 ~]# dig SRV _ldap._tcp.ipa.sys.local ; <<>> DiG 9.9.3-rl.13207.22-P2-RedHat-9.9.3-5.P2.fc19 <<>> SRV _ldap._tcp.ipa.sys.local ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22486 ;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 5 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4000 ;; QUESTION SECTION: ;_ldap._tcp.ipa.sys.local. IN SRV ;; ANSWER SECTION: _ldap._tcp.ipa.sys.local. 77052 IN SRV 0 100 389 p0129ipa02.ipa.sys.local. _ldap._tcp.ipa.sys.local. 77052 IN SRV 0 100 389 p0029ipa01.ipa.sys.local. _ldap._tcp.ipa.sys.local. 77052 IN SRV 0 100 389 p0129ipa01.ipa.sys.local. _ldap._tcp.ipa.sys.local. 77052 IN SRV 0 100 389 p0029ipa02.ipa.sys.local. ;; ADDITIONAL SECTION: p0129ipa02.ipa.sys.local. 1182 IN A 10.65.1.199 p0029ipa01.ipa.sys.local. 1182 IN A 192.168.226.62 p0129ipa01.ipa.sys.local. 1182 IN A 10.65.1.198 p0029ipa02.ipa.sys.local. 1182 IN A 192.168.226.63 ;; Query time: 5 msec ;; SERVER: 172.21.167.134#53(172.21.167.134) ;; WHEN: Fri Oct 11 13:21:39 MSK 2013 ;; MSG SIZE rcvd: 293
_______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users