Dmitry Krasov via FreeIPA-users wrote:
> If I will change line in sssd.conf file to "ipa_server = ipa_server = _srv_,
> ipa.dom.loc" on existent enrolled clients. Will they work fine with failover?
You duplicated ipa_server = but otherwise yes.
You can have the _srv_ last if you want to point
If I will change line in sssd.conf file to "ipa_server = ipa_server = _srv_,
ipa.dom.loc" on existent enrolled clients. Will they work fine with failover?
--
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an
Dmitry Krasov via FreeIPA-users wrote:
> My enroll command:
>
> sudo ipa-client-install --fixed-primary --enable-dns-updates --server
> ipa.dom.loc --domain dom.loc --mkhomedir --force-join -p admin -w password -U
> client sssd.conf:
>
> [domain/dom.loc]
>
> id_provider = ipa
>
>
My enroll command:
sudo ipa-client-install --fixed-primary --enable-dns-updates --server
ipa.dom.loc --domain dom.loc --mkhomedir --force-join -p admin -w password -U
client sssd.conf:
[domain/dom.loc]
id_provider = ipa
ipa_server = ipa. dom.loc
ipa_domain = dom.loc
ipa_hostname =
Hi,
On Mon, May 6, 2024 at 8:57 AM Dmitry Krasov via FreeIPA-users <
freeipa-users@lists.fedorahosted.org> wrote:
> Hello.
> just installed replica (ipa2.dom.loc), it seems works fine.
>
> But how enrolled clients will know about this replica, if primary server
> will be down?
>
If you installed
Hi,
The difference between server and replica is crl generation role.
If you want to promote another server in topology to be a CRL master, you
can look at
https://www.freeipa.org/page/V4/Promotion_to_CRL_generation_master.
for the other part, I found this
