Hi all, I have a small setup with two masters and several clients at one location. I have noticed that when the first master goes down for maintenance or failure, the other server is unable to authenticate users. Is there a setting that needs to be made in order to achieve this as long as the first master is off? Shouldn't this be taken care of automatically?
Thanks in advance, Petros
On Thu, Jul 12, 2018 at 10:21:24AM +0300, Petros Triantafyllidis via FreeIPA-users wrote:
Hi all, I have a small setup with two masters and several clients at one location. I have noticed that when the first master goes down for maintenance or failure, the other server is unable to authenticate users. Is there a setting that needs to be made in order to achieve this as long as the first master is off? Shouldn't this be taken care of automatically?
That depends on how the clients are configured. You'll want "ipa_server" option is set to "_srv_, $ipaserver", then sssd on the client would expand the _srv_ keyword with hostnames resolved using the DNS SRV query and should fail over between them.
If that doesn't happen, the logs should be inspected..
On to, 12 heinä 2018, Jakub Hrozek via FreeIPA-users wrote:
On Thu, Jul 12, 2018 at 10:21:24AM +0300, Petros Triantafyllidis via FreeIPA-users wrote:
Hi all, I have a small setup with two masters and several clients at one location. I have noticed that when the first master goes down for maintenance or failure, the other server is unable to authenticate users. Is there a setting that needs to be made in order to achieve this as long as the first master is off? Shouldn't this be taken care of automatically?
That depends on how the clients are configured. You'll want "ipa_server" option is set to "_srv_, $ipaserver", then sssd on the client would expand the _srv_ keyword with hostnames resolved using the DNS SRV query and should fail over between them.
... and make sure you *don't* do that on IPA masters themselves. These *must* always point to themselves, with no _srv_ keyword.
freeipa-users@lists.fedorahosted.org