(please keep CC-ing the list..) On Mon, Jan 09, 2017 at 04:39:04PM +0800, Matrix wrote: > Sorry, i did not trigger authentication at all. Just to check sssd logs. > around 15 minutes later, I saw below messages shown: > > (Mon Jan 9 01:46:35 2017) [sssd[be[fwmrm.net]]] [fo_set_port_status] > (0x0100): Marking port 0 of server 'ipa02.example.com' as 'working' > > Re-check it with authentication, failover will be happened immediately.
Yes, then that is expected, the identity lookup was probably answered from the cache. > > >> No, sorry, the timeouts for switching between back up and primary > >> servers are hardcoded. > > May I know how long it will take for worst case? Seems to be 30 minutes: https://github.com/SSSD/sssd/blob/master/src/providers/data_provider_fo.c#L49 -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project