Guertin, David S. wrote: > I have a mixed environment of RHEL 5 and RHEL 6 clients, and three RHEL > 7 IPA servers (one master and two duplicates). I'm trying to ensure that > if one server goes down, the remain server(s) will still allow logins. > With the RHEL 6 clients this is easy -- the line > > > > ipa_server = _srv_, server1.ipa.middlebury.edu > > > > in /etc/sssd/sssd.conf does this with the _srv_ entry, and everything is > fine. > > > > But with the RHEL 5 clients, this doesn't work. If server 1 goes down, > logins fail. Since RHEL 5 is using LDAP, I figured it was probably in > the ldap_uri line in the sssd.conf file. I discovered that I could add > multiple servers, which I did: > > > > ldap_uri = ldap://server1.ipa.middlebury.edu, > ldap://server2.ipa.middlebury.edu, ldap://server3.ipa.middlebury.edu > > > > But this still failed. However, if I do something similar in /etc/ldap.conf: > > > > uri ldap://server1.ipa.middlebury.edu > ldap://server2.ipa.middlebury.edu ldap://server3.ipa.middlebury.edu > > > > then logins work. In fact, I don't even need the change in sssd.conf. I > can put that back the way it was, and logins still work. It's only the > line in /etc/ldap.conf that seems to be necessary. > > > > So, I have two questions: > > > > 1. Am I understanding this correctly? > > > > 2. If so, is there a way to automate this so that when I run > ipa-client-install on my RHEL 5 clients, they get the correct LDAP > settings from the beginning, and I don't have to go and manually edit > the ldap.conf file?
I think the SSSD guys are going to want to see your full sssd.conf. An ipaclient-install.log for one of these clients might be handy too so we can discern how you are configuring the client. rob -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project