On Mon, 2015-12-14 at 19:32 +0100, Karl Forner wrote:
> Hello,
> >From what I understood, a freeipa replica server is a kind of backup of
> another freeipa server.
> Both are usable by clients, and they will dynamically update their
> information.
> But I do not understand how a client will make use of the replica if the
> master server is down.

SSSD mostly manages discovery of servers, it is normally configure with
the name _srv_ + an actual name as fallback.
SSSD also feeds the information to kerberos libraries via a plugin.

If you are using another client yuou must make sure it is capable of
discovering servers via SRV records, or you have to configure the
various servers explicitly.

> Naively I would imagine, that like for DNS servers, that you configure a
> main freeipa server, and a secondary one in case the main one does not
> respond, but I can not find how to do it.
> Is this happening automagically ?

Yes, if you use ipa-client-install and do not force to use a specific

> Or this is not the way it is supposed to be used ?

This is what replicas are for, redundancy, and load sharing.


Simo Sorce * Red Hat, Inc * New York

Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project

Reply via email to