So it really get posted where I didn't mean to. I wanted to answer this: https://www.redhat.com/archives/freeipa-users/2014-January/msg00234.html
Digest mode off, so no problems inf future (hopefully). S. On 02/25/2014 10:28 AM, Stanislav Zidek wrote: >> Date: Fri, 17 Jan 2014 09:46:08 -0500 >> From: Dmitri Pal <[email protected]> >> To: [email protected] >> Subject: Re: [Freeipa-users] SSSD Failover does not work >> Message-ID: <[email protected]> >> Content-Type: text/plain; charset=ISO-8859-1 >> >> You would need to up the debug_level to 6 on SSSD, restart it, then >> simulate the situation and provide sanitized logs and sssd configuration >> file. > > Hi and sorry for late reply, I've been ill and then lots of work waited > for me ;) > > I tried to further debug the issue and I was able to make it work by > adding the second ipa server also to directives ldap_uri and krb5_server > (it was probably my mistake to put it only to ipa_server) - of course in > /etc/sssd/sssd.conf > > Here is my working /etc/sssd/sssd.conf in case anyone finds it useful > (or someone has a comment - feel free to tell me how to make things better): > > [domain/kajot.cz] > > cache_credentials = True > krb5_store_password_if_offline = True > ipa_domain = kajot.cz > id_provider = ipa > auth_provider = ipa > access_provider = ipa > ldap_tls_cacert = /etc/ipa/ca.crt > ipa_hostname = <<<SERVER NAME>>> > chpass_provider = ipa > ipa_server = id1.kajot.cz, id2.kajot.cz > > # For the SUDO integration > sudo_provider = ldap > ldap_uri = ldap://id1.kajot.cz, ldap://id2.kajot.cz > ldap_sudo_search_base = ou=sudoers,dc=kajot,dc=cz > ldap_sasl_mech = GSSAPI > ldap_sasl_authid = host/redmine.kajot.cz > ldap_sasl_realm = KAJOT.CZ > krb5_server = id1.kajot.cz, id2.kajot.cz > > > ldap_sudo_smart_refresh_interval = 120 > ldap_sudo_full_refresh_interval = 300 > > [sssd] > services = nss, pam, ssh, sudo > config_file_version = 2 > > domains = kajot.cz > > [nss] > > [pam] > > [sudo] > > [autofs] > > [ssh] > > [pac] > > > P.S. I hope it gets posted to the right place, Thunderbird and digest > mode is probably not very good combination.. If it goes wrong, sorry in > advance. > > S. > > -- > Stanislav Židek > Bezpečnostní konzultant/analytik > Security Consultant/Analyst > > Technické oddělení on-line systémy > Sekce - bezpečnost > C.S.G. Software Group Limited > organizační složka > Kaštanová 64, 620 00 BRNO, CZ > IČ:27741362 DIČ:CZ27741362 > > Office : KAJOT Technology Center > Kaštanová 64, 620 00 BRNO, CZ > tlf: +420 515 535 134 fax: +420 515 535 134 > gsm: +420 724 951 702 > > e-mail : [email protected] > www.kajot.com > > _______________________________________________ > Freeipa-users mailing list > [email protected] > https://www.redhat.com/mailman/listinfo/freeipa-users > -- Stanislav Židek Bezpečnostní konzultant/analytik Security Consultant/Analyst Technické oddělení on-line systémy Sekce - bezpečnost C.S.G. Software Group Limited organizační složka Kaštanová 64, 620 00 BRNO, CZ IČ:27741362 DIČ:CZ27741362 Office : KAJOT Technology Center Kaštanová 64, 620 00 BRNO, CZ tlf: +420 515 535 134 fax: +420 515 535 134 gsm: +420 724 951 702 e-mail : [email protected] www.kajot.com _______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
