On to, 12 heinä 2018, Jakub Hrozek via FreeIPA-users wrote:
On Thu, Jul 12, 2018 at 10:21:24AM +0300, Petros Triantafyllidis via
FreeIPA-users wrote:
Hi all,
I have a small setup with two masters and several clients at one location.
I have noticed that when the first master goes down for maintenance or
failure, the other server is unable to authenticate users. Is there a
setting that needs to be made in order to achieve this as long as the first
master is off? Shouldn't this be taken care of automatically?
That depends on how the clients are configured. You'll want
"ipa_server" option is set to "_srv_, $ipaserver", then sssd on the
client would expand the _srv_ keyword with hostnames resolved using the
DNS SRV query and should fail over between them.
... and make sure you *don't* do that on IPA masters themselves. These
*must* always point to themselves, with no _srv_ keyword.
--
/ Alexander Bokovoy
Sr. Principal Software Engineer
Security / Identity Management Engineering
Red Hat Limited, Finland
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/freeipa-users@lists.fedorahosted.org/message/XYN2TXAPOQHMVCZCDUJ6KS4CF5632JWD/
