On Sun, Mar 13, 2016 at 03:34:27PM +0200, Alexander Bokovoy wrote:
> On Sun, 13 Mar 2016, lejeczek wrote:
> >IPA install process configured in sssd.conf:
> >[domain/new.Domain]
> >cache_credentials = True
> >krb5_store_password_if_offline = True
> >ipa_domain = newDomain
> >id_provider = ipa
> >...
> >...
> >[domain/default]  # < this is ldap that existed before, kbr5 related
> >options are new additions
> >autofs_provider = ldap
> >cache_credentials = True
> >krb5_realm = new.Domain
> >ldap_search_base = dc=old,dc=domain
> >id_provider = ldap
> >krb5_server = a.host
> >
> >[sssd]
> >services = nss, sudo, pam, autofs, ssh
> >config_file_version = 2
> >domains =new.Domain
> >
> >so here I wonder, what's the meaning of kbr5 related options and why
> >install process put it into default domain which it did not include later
> >in sssd section.
> FreeIPA installer doesn't touch 'default' domain section at all. It
> always operates on the section named 'domain/<domain name>'.

Actually, that does not seem what I experience.

On RHEL 6.7 and RHEL 7.2, I've tried to start with sssd.conf

        autofs_provider = ldap
        cache_credentials = True
        ldap_search_base = dc=old,dc=domain
        id_provider = ldap

I tried ipa-server-install and I tried ipa-client-install. In both
cases, the resulting sssd.conf had the [domain/default] section
removed. So something in the process seems to care about that section
-- maybe not the installer, maybe authconfig or something else.

On the other hand, I was not able to reproduce the chaneg to the
content of the domain/default section that lejeczek reports. I guess
we will need more detailed steps to reproduce, including the exact
original sssd.conf and versions of relevant packages.

Jan Pazdziora
Senior Principal Software Engineer, Identity Management Engineering, Red Hat

Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project

Reply via email to