Am Thu, Jun 23, 2022 at 10:24:33AM -0600 schrieb Orion Poplawski: > The docs seem a little unclear to me on this. They note what when using the > AD provider sssd will perform site discovery to find the closest AD > controller. But what about when using the IPA provider? It seems to me like > it doesn't, and if not - why not?
Hi, afaik site discovery does not work across forest boundaries. To my knowledge AD DCs determine the site based on IP addresses given out by the DCs via DHCP, so only the DC of the domain you are joined to can return the site reliable. There is the concept of NextClosestSiteName (see MS-ADTS 6.3.3.2 https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-adts/3d71aefb-787e-4d14-9a8a-a70def9e1f6c) but I'm not sure if this would give more reliable results. Based on this we decided that if might be better to set the site explicitly in sssd.conf. Please let me know if you are aware of additional documentation which covers sites across forest boundaries. HTH bye, Sumit (I posted the same reply to your question in https://github.com/SSSD/sssd/issues/5958) > > > -- > Orion Poplawski > IT Systems Manager 720-772-5637 > NWRA, Boulder/CoRA Office FAX: 303-415-9702 > 3380 Mitchell Lane [email protected] > Boulder, CO 80301 https://www.nwra.com/ > _______________________________________________ > sssd-users mailing list -- [email protected] > To unsubscribe send an email to [email protected] > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/[email protected] > Do not reply to spam on the list, report it: > https://pagure.io/fedora-infrastructure _______________________________________________ sssd-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
