Re: [Freeipa-users] sssd.conf question
On Mon, Nov 24, 2014 at 07:57:01PM +, Craig White wrote: > You can do that, but why switch the order? Isn't it better to let SSSD > autodiscover the serves with SRV records? > > Sure but it seems that a specific entry is auto-created on each of the > machines joined to IPA like this one-line clip from sssd.conf > > ipa_server = _srv_, ipa01.stt.local > > Should I just have _srv_ and not any specific ipa servers listed there? Depends on what do you want the clients to do :-) What the directive says is: 1. _srv_ -- autodiscover the servers using DNS SRV records 2 ipa01.stt.local -- if that fails, connect directly to this server Hopefully the 'failover' sections in sssd man pages are also helpful. -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project
Re: [Freeipa-users] sssd.conf question
-Original Message- From: freeipa-users-boun...@redhat.com [mailto:freeipa-users-boun...@redhat.com] On Behalf Of Jakub Hrozek Sent: Monday, November 24, 2014 12:44 PM To: freeipa-users@redhat.com Subject: Re: [Freeipa-users] sssd.conf question On Mon, Nov 24, 2014 at 07:27:50PM +, Craig White wrote: > Starting to look at managing IPA requisites from Puppet - especially because > I have seen SSSD silently quit. Are there any errors in either the sssd logs or the syslog? Haven't checked yet - it's only happened a few times. One of the things that I can accomplish with puppet is to ensure the SSSD service is running (restarted if it quits). > > So if I manage /etc/sssd/sssd.conf file with puppet, I have 2 IPA servers > (with what appears to be a fully functioning MMR), 01 and 02. Can I > arbitrarily change the 'ipa_server' listed in sssd.conf? Restart SSSD if I > touch the file with puppet? Anything else I should know? You can do that, but why switch the order? Isn't it better to let SSSD autodiscover the serves with SRV records? Sure but it seems that a specific entry is auto-created on each of the machines joined to IPA like this one-line clip from sssd.conf ipa_server = _srv_, ipa01.stt.local Should I just have _srv_ and not any specific ipa servers listed there? Thanks Craig -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project
Re: [Freeipa-users] sssd.conf question
On Mon, Nov 24, 2014 at 07:27:50PM +, Craig White wrote: > Starting to look at managing IPA requisites from Puppet - especially because > I have seen SSSD silently quit. Are there any errors in either the sssd logs or the syslog? > > So if I manage /etc/sssd/sssd.conf file with puppet, I have 2 IPA servers > (with what appears to be a fully functioning MMR), 01 and 02. Can I > arbitrarily change the 'ipa_server' listed in sssd.conf? Restart SSSD if I > touch the file with puppet? Anything else I should know? You can do that, but why switch the order? Isn't it better to let SSSD autodiscover the serves with SRV records? -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project
