On Thu, 2011-08-18 at 12:48 +0200, Ondrej Valousek wrote: > > > Let's identify it and get it filed. > > > > Can you paste the relevant part of your config file? Feel free to > > sanitize sensitive parts like hostnames, etc. What is the desired order > > of resolving? SRV first, then hardcoded host name? > > Ok, I can not replicate the problem - my bad. However I have > discovered something else. When doing the SRV lookup, a multiple > servers are returned. It would be good if we prefer the one in the > same subnet (i.e. something like DC locator function in Samba). Now > what happens is, that a server on a different continent is happily > used which is probably not a best thing to do...
We use the SRV lookup for load-balancing, so you should have your DNS server configured to return values with appropriately weighted results. This way, it will prefer the nearer server. I'm not sure we want to assign servers by subnet, as it still may not be the fastest server (consider a VPN). > It should not be necessary to specify krb5_realm. Let's assume > krb5_realm = dns_discovery_domain (if not specified explicitly of > course). What do you think? That won't work simply, because we'll have case-sensitivity issues here.
signature.asc
Description: This is a digitally signed message part
_______________________________________________ sssd-devel mailing list [email protected] https://fedorahosted.org/mailman/listinfo/sssd-devel
