> Date: Fri, 17 Jan 2014 09:46:08 -0500 > From: Dmitri Pal <d...@redhat.com> > To: freeipa-users@redhat.com > Subject: Re: [Freeipa-users] SSSD Failover does not work > Message-ID: <52d94230.6080...@redhat.com> > Content-Type: text/plain; charset=ISO-8859-1 > > You would need to up the debug_level to 6 on SSSD, restart it, then > simulate the situation and provide sanitized logs and sssd configuration > file.
Hi and sorry for late reply, I've been ill and then lots of work waited for me ;) I tried to further debug the issue and I was able to make it work by adding the second ipa server also to directives ldap_uri and krb5_server (it was probably my mistake to put it only to ipa_server) - of course in /etc/sssd/sssd.conf Here is my working /etc/sssd/sssd.conf in case anyone finds it useful (or someone has a comment - feel free to tell me how to make things better): [domain/kajot.cz] cache_credentials = True krb5_store_password_if_offline = True ipa_domain = kajot.cz id_provider = ipa auth_provider = ipa access_provider = ipa ldap_tls_cacert = /etc/ipa/ca.crt ipa_hostname = <<<SERVER NAME>>> chpass_provider = ipa ipa_server = id1.kajot.cz, id2.kajot.cz # For the SUDO integration sudo_provider = ldap ldap_uri = ldap://id1.kajot.cz, ldap://id2.kajot.cz ldap_sudo_search_base = ou=sudoers,dc=kajot,dc=cz ldap_sasl_mech = GSSAPI ldap_sasl_authid = host/redmine.kajot.cz ldap_sasl_realm = KAJOT.CZ krb5_server = id1.kajot.cz, id2.kajot.cz ldap_sudo_smart_refresh_interval = 120 ldap_sudo_full_refresh_interval = 300 [sssd] services = nss, pam, ssh, sudo config_file_version = 2 domains = kajot.cz [nss] [pam] [sudo] [autofs] [ssh] [pac] P.S. I hope it gets posted to the right place, Thunderbird and digest mode is probably not very good combination.. If it goes wrong, sorry in advance. S. -- Stanislav Židek Bezpečnostní konzultant/analytik Security Consultant/Analyst Technické oddělení on-line systémy Sekce - bezpečnost C.S.G. Software Group Limited organizační složka Kaštanová 64, 620 00 BRNO, CZ IČ:27741362 DIČ:CZ27741362 Office : KAJOT Technology Center Kaštanová 64, 620 00 BRNO, CZ tlf: +420 515 535 134 fax: +420 515 535 134 gsm: +420 724 951 702 e-mail : zi...@kajot.cz www.kajot.com _______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users