Im wondering how we should be handing SSSD for redundant configurations on
our freeipa clients. We have three freeipa servers; how can we make SSSD
check another freeipa in the event that one goes down?

It appears we can do something like the following:

ipa_hostname = test-freeipa-client-1.cloud.domain.de,
test-freeipa-client-2.cloud.domain.de, test-freeipa-client-3.cloud.domain.de

However I thought SRV records were meant to supply the magic here?





cache_credentials = True

krb5_store_password_if_offline = True

ipa_domain = cloud.domain.de

id_provider = ipa

auth_provider = ipa

access_provider = ipa

ipa_hostname = test-freeipa-client-2.cloud.domain.de

chpass_provider = ipa

ipa_dyndns_update = True

ipa_server = _srv_, test-freeipa-2.cloud.domain.de

ldap_tls_cacert = /etc/ipa/ca.crt

# For the SUDO integration

sudo_provider = ldap

ldap_uri = ldap://test-freeipa-1.cloud.domain.de

ldap_sudo_search_base = ou=sudoers,dc=cloud,dc=domain,dc=de

ldap_sasl_mech = GSSAPI

ldap_sasl_authid = host/test-freeipa-client-2.cloud.domain.de

ldap_sasl_realm = CLOUD.DOMAIN.DE

krb5_server = test-freeipa-2.cloud.domain.de


services = nss, pam, ssh, sudo

config_file_version = 2

domains = cloud.domain.de






Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project

Reply via email to