On Sun, Mar 13, 2016 at 03:34:27PM +0200, Alexander Bokovoy wrote: > On Sun, 13 Mar 2016, lejeczek wrote: > >IPA install process configured in sssd.conf: > >[domain/new.Domain] > >cache_credentials = True > >krb5_store_password_if_offline = True > >ipa_domain = newDomain > >id_provider = ipa > >... > >... > >[domain/default] # < this is ldap that existed before, kbr5 related > >options are new additions > >autofs_provider = ldap > >cache_credentials = True > >krb5_realm = new.Domain > >ldap_search_base = dc=old,dc=domain > >id_provider = ldap > >krb5_server = a.host > > > >[sssd] > >services = nss, sudo, pam, autofs, ssh > >config_file_version = 2 > >domains =new.Domain > > > >so here I wonder, what's the meaning of kbr5 related options and why > >install process put it into default domain which it did not include later > >in sssd section. > FreeIPA installer doesn't touch 'default' domain section at all. It > always operates on the section named 'domain/<domain name>'.
Actually, that does not seem what I experience. On RHEL 6.7 and RHEL 7.2, I've tried to start with sssd.conf containing [domain/default] autofs_provider = ldap cache_credentials = True ldap_search_base = dc=old,dc=domain id_provider = ldap I tried ipa-server-install and I tried ipa-client-install. In both cases, the resulting sssd.conf had the [domain/default] section removed. So something in the process seems to care about that section -- maybe not the installer, maybe authconfig or something else. On the other hand, I was not able to reproduce the chaneg to the content of the domain/default section that lejeczek reports. I guess we will need more detailed steps to reproduce, including the exact original sssd.conf and versions of relevant packages. -- Jan Pazdziora Senior Principal Software Engineer, Identity Management Engineering, Red Hat -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project