On 13/03/16 13:34, Alexander Bokovoy wrote:
On Sun, 13 Mar 2016, lejeczek wrote:
IPA install process configured in sssd.conf:
[domain/new.Domain]
cache_credentials = True
krb5_store_password_if_offline = True
ipa_domain = newDomain
id_provider = ipa
...
...
[domain/default] # < this is ldap that existed before,
kbr5 related options are new additions
autofs_provider = ldap
cache_credentials = True
krb5_realm = new.Domain
ldap_search_base = dc=old,dc=domain
id_provider = ldap
krb5_server = a.host
[sssd]
services = nss, sudo, pam, autofs, ssh
config_file_version = 2
domains =new.Domain
so here I wonder, what's the meaning of kbr5 related
options and why install process put it into default
domain which it did not include later in sssd section.
FreeIPA installer doesn't touch 'default' domain section
at all. It
always operates on the section named 'domain/<domain name>'.
It also adds 'krb5_realm' line only in case your <domain
name> and realm
are different. For example, if you have DNS domain
example.com and
Kerberos realm EXAMPLE.NET, then [domain/example.com] will
get
yes, FQDN/DNS was different, but both krb5_realm &
krb5_server was put into domain/default, I'm certain of that
cause I'm just looking at the backup copy of the config.
should these be in the domain/new.Domain which installer
created/added?
krb5_realm = EXAMPLE.NET
added to the section.
Looks like you had something previously on this machine
using SSSD and
configuring it with [domain/default] section.
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project