[Freeipa-users] 6.1 beta
Sigbjorn Lie
sigbjorn at nixtra.com
Mon Apr 4 19:52:03 UTC 2011
On 04/04/2011 09:36 PM, Stephen Gallagher wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 04/04/2011 03:06 PM, Dmitri Pal wrote:
>> On 04/04/2011 03:01 PM, Sigbjorn Lie wrote:
>>> I also noticed that in /etc/sssd/sssd.conf the ipa server is specified
>>> with:
>>> ipa_server = _srv_, ipa01.ix.test.com
>>>
>>> sssd doesn't resolve anything from IPA until I remove "_srv_,"
>>>
>> Stephen, was there a recent bug on this matter in SSSD?
>>
> The purpose of _srv_ is to check DNS for IPA server addresses first. The
> idea is that if you have more than one IPA server in service, then you
> can use DNS to list all of them. Otherwise, the ipa-client-install can
> only specify a static list of servers at the time of install. This would
> mean that if the IPA servers changed IP addresses or new ones entered
> production, it would be necessary to change all of the client
> configuration files.
>
> I'm puzzled why you would need to remove this, unless your DNS server is
> returning something other than FreeIPA servers for a SRV request
> directed at _ldap.tcp
>
I have verfied that the _ldap._tcp is resolving correctly. DNS was set
up using "ipa-server-install --setup-dns". I discovered this at the IPA
server. This is a newly installed IPA server at RH 6.1 beta installed a
few hours ago. No IP addresses changed.
# host -t srv _ldap._tcp
_ldap._tcp.ix.test.com has SRV record 0 100 389 ipa01.ix.test.com.
Rgds,
Siggi
More information about the Freeipa-users
mailing list