From: [email protected] [mailto:[email protected]] On Behalf Of Andrew Holway Sent: Wednesday, March 18, 2015 9:40 AM To: [email protected] Subject: [Freeipa-users] SSSD in redundant configuration
Hello, Im wondering how we should be handing SSSD for redundant configurations on our freeipa clients. We have three freeipa servers; how can we make SSSD check another freeipa in the event that one goes down? It appears we can do something like the following: ipa_hostname = test-freeipa-client-1.cloud.domain.de<http://test-freeipa-client-1.cloud.domain.de>, test-freeipa-client-2.cloud.domain.de<http://test-freeipa-client-2.cloud.domain.de>, test-freeipa-client-3.cloud.domain.de<http://test-freeipa-client-3.cloud.domain.de> However I thought SRV records were meant to supply the magic here? Thanks, Andrew /etc/sssd/sssd.conf [domain/cloud.domain.de<http://cloud.domain.de>] cache_credentials = True krb5_store_password_if_offline = True ipa_domain = cloud.domain.de<http://cloud.domain.de> id_provider = ipa auth_provider = ipa access_provider = ipa ipa_hostname = test-freeipa-client-2.cloud.domain.de<http://test-freeipa-client-2.cloud.domain.de> chpass_provider = ipa ipa_dyndns_update = True ipa_server = _srv_, test-freeipa-2.cloud.domain.de<http://test-freeipa-2.cloud.domain.de> ldap_tls_cacert = /etc/ipa/ca.crt # For the SUDO integration sudo_provider = ldap ldap_uri = ldap://test-freeipa-1.cloud.domain.de<http://test-freeipa-1.cloud.domain.de> ldap_sudo_search_base = ou=sudoers,dc=cloud,dc=domain,dc=de ldap_sasl_mech = GSSAPI ldap_sasl_authid = host/test-freeipa-client-2.cloud.domain.de<http://test-freeipa-client-2.cloud.domain.de> ldap_sasl_realm = CLOUD.DOMAIN.DE<http://CLOUD.DOMAIN.DE> krb5_server = test-freeipa-2.cloud.domain.de<http://test-freeipa-2.cloud.domain.de> [sssd] services = nss, pam, ssh, sudo config_file_version = 2 domains = cloud.domain.de<http://cloud.domain.de> [nss] [pam] [sudo] [autofs] [ssh] [pac] I think the magic you are looking for is in /etc/sssd/sssd.conf where you have… ipa_server = _srv_, test-freeipa-2.cloud.domain.de<http://test-freeipa-2.cloud.domain.de> and all you need is… ipa_server = _srv_ for magic Craig
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
