Will -ldapServers option help you ? It allows you to set an LDAP servers per domain, and modified the krb5.conf file accordingly, under the assumption that the ldap server also serves as KDC.
Yair ----- Original Message ----- > From: "Keith Mitchell" <kami...@cisco.com> > To: users@ovirt.org > Sent: Monday, February 18, 2013 3:21:51 PM > Subject: [Users] Restirct list of AD servers > > I have a situation where the Active Directory domain I am trying to > use > as authentication for ovirt lists many servers all around the world. > > But... my server running ovirt is sitting behind a firewall that > doesn't > allow me to access all of them... only the local ones. We do have a > "locater dns record" which we can query at a well known name and it > will > always return the local ip address of the AD server... but if you > query > the SRV records for the domain it will return all of the servers. > > I was able to add the domain using engine-manage-domains, and I > tweaked > the /etc/ovirt-engine/krb5.conf to only include the local AD servers > where we can access, but that doesn't seem to be sufficient. > > Not sure if ovirt is querying the dns records on boot to get the list > of > servers to talk to or not, but it doesn't seem to be using > /etc/ovirt-engine/krb.conf for this purpose. > > So... is there anyway to manually force it to use a certain server > and > not have it query dns? > > thanks. > _______________________________________________ > Users mailing list > Users@ovirt.org > http://lists.ovirt.org/mailman/listinfo/users > _______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
