Good Evening! We are using 3.0.0-42 on Centos 6.6. I am not using NTP or DNS (we are not allowed to run these services in our environment.)
I configured the replica using the directions at https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Identity_Management_Guide/installing-replica.html I'm trying to configure my clients to failover to the replica. I believe I have my sssd.conf correct but i can't figure out the proper syntax for the krb5.conf. Is there documentation somewhere that I can use? I tried placing to kdc = in the file with dir1 and dir2, but it didn't work. Any help is greatly appreciated. My sssd.conf [domain/MYDOMAIN.COM] cache_credentials = True krb5_store_password_if_offline = True ipa_domain = MYDOMAIN.COM id_provider = ipa auth_provider = ipa access_provider = ipa ldap_tls_cacert = /etc/ipa/ca.crt ipa_hostname = db2-uat.mydomain.com chpass_provider = ipa ipa_server = _srv_, dir1.mydomain.com, dir2.mydomain.com dns_discovery_domain = MYDOMAIN.COM sudo_provider = ldap ldap_uri = ldap://dir1.mydomain.com, ldap://dir2.mydomain.com ldap_sudo_search_base = ou=sudoers,dc=mydomain,dc=com ldap_sasl_mech = GSSAPI ldap_sasl_authid = host/db2-uat.mydomain.com ldap_sasl_realm = MYDOMAIN.COM krb5_server = dir1.mydomain.com, dir2.mydomain.com [sssd] services = nss, pam, ssh, sudo config_file_version = 2 domains = MYDOMAIN.COM [nss] [pam] [sudo] debug_level = 5 [autofs] [ssh] [pac] my krb5.conf includedir /var/lib/sss/pubconf/krb5.include.d/ [logging] default = FILE:/var/log/krb5libs.log kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind.log [libdefaults] default_realm = MYDOMAIN.COM dns_lookup_realm = false dns_lookup_kdc = true rdns = false ticket_lifetime = 24h forwardable = yes [realms] MYDOMAIN.COM = { kdc = dir1.mydomain.com:88 master_kdc = dir1.mydomain.com:88 admin_server = dir1.mydomain.com:749 default_domain = mydomain.com pkinit_anchors = FILE:/etc/ipa/ca.crt } [domain_realm] .mydomain.com = MYDOMAIN.COM mydomain.com = MYDOMAIN.COM [dbmodules] MYDOMAIN.COM = { db_library = ipadb.so } -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project
