On 5/19/2017 12:20 PM, Sumit Bose wrote:
On Fri, May 19, 2017 at 10:22:35AM -0400, TomK wrote:
Hey Guy's,
Cluster VIP for LDAP hosts.
Does SSSD support this now? Or should it still be a comma seperated list?
Have a Windows AD DC cluster made up of 8 servers. Would be handy to use
that (ie company-dom.com) instead of the individual hosts that make this up.
I would recommend to use DNS SRV lookups instead. With AD this should
return the same list of DCs as the special company-dom.com. You can
check with
dig SRV _ldap._tcp.company-dom.com
If you use the SSSD AD provider and either call the domain in sssd.conf
company-dom.com or set ad_domain to company-dom.com and not set any
ad_server SSSD will automatically use the SRV record.
The issue with just using company-dom.com as ad_server is
GSSAPI/Kerberos authentication. Here the specific names of the DCs are
needed to be able to request a proper service ticket.
HTH
bye,
Sumit
In case the AD / DC team removes hosts from a cluster, we would not need to
update anything on our end if we were using just the domain.
--
Cheers,
Tom K.
-------------------------------------------------------------------------------------
Living on earth is expensive, but it includes a free trip around the sun.
_______________________________________________
sssd-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
_______________________________________________
sssd-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Kool, thanks Sumit.
--
Cheers,
Tom K.
-------------------------------------------------------------------------------------
Living on earth is expensive, but it includes a free trip around the sun.
_______________________________________________
sssd-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
