So it really get posted where I didn't mean to. I wanted to answer this:
https://www.redhat.com/archives/freeipa-users/2014-January/msg00234.html

Digest mode off, so no problems inf future (hopefully).

S.

On 02/25/2014 10:28 AM, Stanislav Zidek wrote:
>> Date: Fri, 17 Jan 2014 09:46:08 -0500
>> From: Dmitri Pal <d...@redhat.com>
>> To: freeipa-users@redhat.com
>> Subject: Re: [Freeipa-users] SSSD Failover does not work
>> Message-ID: <52d94230.6080...@redhat.com>
>> Content-Type: text/plain; charset=ISO-8859-1
>>
>> You would need to up the debug_level to 6 on SSSD, restart it, then
>> simulate the situation and provide sanitized logs and sssd configuration
>> file.
> 
> Hi and sorry for late reply, I've been ill and then lots of work waited
> for me ;)
> 
> I tried to further debug the issue and I was able to make it work by
> adding the second ipa server also to directives ldap_uri and krb5_server
> (it was probably my mistake to put it only to ipa_server) - of course in
> /etc/sssd/sssd.conf
> 
> Here is my working /etc/sssd/sssd.conf in case anyone finds it useful
> (or someone has a comment - feel free to tell me how to make things better):
> 
> [domain/kajot.cz]
> 
> cache_credentials = True
> krb5_store_password_if_offline = True
> ipa_domain = kajot.cz
> id_provider = ipa
> auth_provider = ipa
> access_provider = ipa
> ldap_tls_cacert = /etc/ipa/ca.crt
> ipa_hostname = <<<SERVER NAME>>>
> chpass_provider = ipa
> ipa_server = id1.kajot.cz, id2.kajot.cz
> 
> # For the SUDO integration
> sudo_provider = ldap
> ldap_uri = ldap://id1.kajot.cz, ldap://id2.kajot.cz
> ldap_sudo_search_base = ou=sudoers,dc=kajot,dc=cz
> ldap_sasl_mech = GSSAPI
> ldap_sasl_authid = host/redmine.kajot.cz
> ldap_sasl_realm = KAJOT.CZ
> krb5_server = id1.kajot.cz, id2.kajot.cz
> 
> 
> ldap_sudo_smart_refresh_interval = 120
> ldap_sudo_full_refresh_interval = 300
> 
> [sssd]
> services = nss, pam, ssh, sudo
> config_file_version = 2
> 
> domains = kajot.cz
> 
> [nss]
> 
> [pam]
> 
> [sudo]
> 
> [autofs]
> 
> [ssh]
> 
> [pac]
> 
> 
> P.S. I hope it gets posted to the right place, Thunderbird and digest
> mode is probably not very good combination.. If it goes wrong, sorry in
> advance.
> 
> S.
> 
> --
> Stanislav Židek
> Bezpečnostní konzultant/analytik
> Security Consultant/Analyst
> 
> Technické oddělení on-line systémy
> Sekce - bezpečnost
> C.S.G. Software Group Limited
> organizační složka
> Kaštanová 64, 620 00 BRNO, CZ
> IČ:27741362 DIČ:CZ27741362
> 
> Office : KAJOT Technology Center
> Kaštanová 64, 620 00 BRNO, CZ
> tlf: +420 515 535 134 fax: +420 515 535 134
> gsm: +420 724 951 702
> 
> e-mail : zi...@kajot.cz
> www.kajot.com
> 
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users@redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users
> 

-- 
Stanislav Židek
Bezpečnostní konzultant/analytik
Security Consultant/Analyst

Technické oddělení on-line systémy
Sekce - bezpečnost
C.S.G. Software Group Limited
organizační složka
Kaštanová 64, 620 00 BRNO, CZ
IČ:27741362 DIČ:CZ27741362

Office : KAJOT Technology Center
Kaštanová 64, 620 00 BRNO, CZ
tlf: +420 515 535 134 fax: +420 515 535 134
gsm: +420 724 951 702

e-mail : zi...@kajot.cz
www.kajot.com

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to