On 10/11/2013 05:22 AM, ?????? ? wrote: > Good afternoon. In each region, I have a couple of controllers > (windows and ipa). With the authorization server in the logs ipa (sssd > log) I find that the request is not for the neighbor by location > windows server, and randomly throughout the forest. Tell me is there a > way to explicitly specify the IPA server on windows DC. Logs attached. > there somewhere documentation about?
I am not quite sure I understand you setup but I will try to give you some hints. If you want SSSD to access a specific IPA server or servers you can define primary and secondary servers explicitly in the SSSD configuration. See SSSD man pages. This can also be done via ipa-client-install command line starting IPA client 3.0 and SSSD 1.9 But that would sort of override the information coming from DNS. If you are looking for SSSD to support DNS sites then this functionality is available in SSSD in 1.11 if SSSD is joined directly to AD via AD provider. If you are looking for the same functionality when SSSD connects to IPA then it is still on the roadmap because IPA does not support sites. https://fedorahosted.org/freeipa/ticket/2008 > > > next to the IPA server pk529ad-dc01.sys.local > IPA server and knocks pk429ad-dc01.sys.local to another region > > > > _______________________________________________ > Freeipa-users mailing list > Freeipa-users@redhat.com > https://www.redhat.com/mailman/listinfo/freeipa-users -- Thank you, Dmitri Pal Sr. Engineering Manager for IdM portfolio Red Hat Inc. ------------------------------- Looking to carve out IT costs? www.redhat.com/carveoutcosts/
_______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users