I've got all of my environments setup with two IPA servers.  I'm fighting 
intermittent problems with krb5kdc crashing on them in all of my environments 
and I've opened a ticket with Redhat on that.  What I can't figure out though 
is why the clients will not fail over to the second functioning server in the 
domain

My sssd.conf files are all pretty generic from the install with minimal 
modification to add a couple settings.

[domain/mhbe.lin]

cache_credentials = True
krb5_store_password_if_offline = True
ipa_domain = mhbe.lin
id_provider = ipa
auth_provider = ipa
access_provider = ipa
ipa_hostname = mdhixproddb01.mhbe.lin
chpass_provider = ipa
ipa_server = _srv_, mdhixprodipa01.mhbe.lin
ldap_tls_cacert = /etc/ipa/ca.crt
[sssd]
default_domain_suffix = mhbe.local
services = nss, sudo, pam, ssh
config_file_version = 2

domains = mhbe.lin
[nss]
default_shell = /bin/bash
homedir_substring = /home
debug_level = 7
[pam]

[sudo]

[autofs]

[ssh]

[pac]

[ifp]

I thought the _srv_  would force it to use dns and both servers are round 
robined when digging the _kerberos records from DNS.  So I don't understand why 
it's not working


Thanks

-andy



*** This communication may contain privileged and/or confidential information. 
It is intended solely for the use of the addressee. If you are not the intended 
recipient, you are strictly prohibited from disclosing, copying, distributing 
or using any of this information. If you received this communication in error, 
please contact the sender immediately and destroy the material in its entirety, 
whether electronic or hard copy. ***


-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to