On 13/03/16 13:34, Alexander Bokovoy wrote:
On Sun, 13 Mar 2016, lejeczek wrote:
IPA install process configured in sssd.conf:
cache_credentials = True
krb5_store_password_if_offline = True
ipa_domain = newDomain
id_provider = ipa
[domain/default] # < this is ldap that existed before, kbr5 related options are new additions
autofs_provider = ldap
cache_credentials = True
krb5_realm = new.Domain
ldap_search_base = dc=old,dc=domain
id_provider = ldap
krb5_server = a.host

services = nss, sudo, pam, autofs, ssh
config_file_version = 2
domains =new.Domain

so here I wonder, what's the meaning of kbr5 related options and why install process put it into default domain which it did not include later in sssd section.
FreeIPA installer doesn't touch 'default' domain section at all. It
always operates on the section named 'domain/<domain name>'.

It also adds 'krb5_realm' line only in case your <domain name> and realm are different. For example, if you have DNS domain example.com and Kerberos realm EXAMPLE.NET, then [domain/example.com] will get

yes, FQDN/DNS was different, but both krb5_realm & krb5_server was put into domain/default, I'm certain of that cause I'm just looking at the backup copy of the config. should these be in the domain/new.Domain which installer created/added?
 krb5_realm = EXAMPLE.NET

added to the section.

Looks like you had something previously on this machine using SSSD and
configuring it with [domain/default] section.

Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project

Reply via email to