I am having problems with sudo and using _srv_ in the sssd config. This works:
# For the SUDO integration sudo_provider = ldap ldap_uri = ldap://test-freeipa-1.cloud.domain.de ldap_sudo_search_base = ou=sudoers,dc=cloud,dc=native-instruments,dc=de ldap_sasl_mech = GSSAPI ldap_sasl_authid = host/test-freeipa-client-3.cloud.domain.de ldap_sasl_realm = CLOUD.DOMAIN.DE krb5_server = test-freeipa-2.cloud.domain.de This does not work: # For the SUDO integration sudo_provider = ldap ldap_uri = _srv_ ldap_sudo_search_base = ou=sudoers,dc=cloud,dc=domain,dc=de ldap_sasl_mech = GSSAPI ldap_sasl_authid = host/test-freeipa-client-3.cloud.domain.de ldap_sasl_realm = CLOUD.DOMAIN.DE krb5_server = _srv_ Thanks, Andrew On 19 March 2015 at 10:29, Jakub Hrozek <[email protected]> wrote: > On Thu, Mar 19, 2015 at 08:42:42AM +0100, Andrew Holway wrote: > > Cool stuff. Thanks. > > > > I had a look at our SRV records and found the following: > > _kerberos-master._tcp > > _kerberos-master._udp > > _kerberos._tcp > > _kerberos._udp > > _kpasswd._tcp > > _kpasswd._udp > > _ldap._tcp > > _ntp._udp > > > > No mention of and ipa srv records. Does sssd use _ldap._tcp? > > Yes, for the IPA back end it does. > > For the AD back end we use the special MS records for looking up sites > or Global Catalog servers, but for IPA we stick to the standard > services. > > -- > Manage your subscription for the Freeipa-users mailing list: > https://www.redhat.com/mailman/listinfo/freeipa-users > Go to http://freeipa.org for more info on the project >
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
