>
> Unfortunately it is, it is a bug in the way we update the krb5 libraries
> to point to a KDC.
>
> SSSD updates this information in a file under /var/lib/sss/pubconf and
> krb5 libraries read from it, however kinit cannot force sssd to
> re-evaluate if the file needs updating.
>
Is there a work
On Wed, 16 Dec 2015, Karl Forner wrote:
If you do a local login instead of a kinit, you will see that SSSD will
switch to the new server and subsequent kinit will start using it.
Ok, I checked and it works just fine for me, thanks.
This dynamic discovery of freeipa servers by sssd is very el
>
> If you do a local login instead of a kinit, you will see that SSSD will
> switch to the new server and subsequent kinit will start using it.
>
Ok, I checked and it works just fine for me, thanks.
This dynamic discovery of freeipa servers by sssd is very elegant and
smart;
but I still do not u
On Wed, 2015-12-16 at 18:34 +0100, Karl Forner wrote:
> > SSSD mostly manages discovery of servers, it is normally configure with
> > the name _srv_ + an actual name as fallback.
> > SSSD also feeds the information to kerberos libraries via a plugin.
>
> ok, I have this line in my /etc/sssd/sssd.c
> SSSD mostly manages discovery of servers, it is normally configure with
> the name _srv_ + an actual name as fallback.
> SSSD also feeds the information to kerberos libraries via a plugin.
ok, I have this line in my /etc/sssd/sssd.conf:
ipa_server = _srv_, ipa.example.com
How do I check the cur
On Mon, 2015-12-14 at 19:32 +0100, Karl Forner wrote:
> Hello,
>
> >From what I understood, a freeipa replica server is a kind of backup of
> another freeipa server.
> Both are usable by clients, and they will dynamically update their
> information.
>
> But I do not understand how a client will m
On 15.12.2015 13:33, Karl Forner wrote:
>> All replicas should be listed in SRV records in DNS so clients will find them
>> automatically.
>
> But then I must add the freeIPA DNS of the master AND the replica in
> resolv.conf ?
No, it is not necessary as long as you follow usual DNS rules - add a
>All replicas should be listed in SRV records in DNS so clients will find them
>automatically.
But then I must add the freeIPA DNS of the master AND the replica in
resolv.conf ?
Thanks,
Karl
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/
On 14.12.2015 19:32, Karl Forner wrote:
> Hello,
>
>>From what I understood, a freeipa replica server is a kind of backup of
> another freeipa server.
> Both are usable by clients, and they will dynamically update their
> information.
>
> But I do not understand how a client will make use of the
