Am Thu, Jun 23, 2022 at 10:24:33AM -0600 schrieb Orion Poplawski:
The docs seem a little unclear to me on this. They note what when
using the
AD provider sssd will perform site discovery to find the closest AD
controller. But what about when using the IPA provider? It seems to me like
it doesn't, and if not - why not?
Hi,
afaik site discovery does not work across forest boundaries. To my
knowledge AD DCs determine the site based on IP addresses given out by
the DCs via DHCP, so only the DC of the domain you are joined to can
return the site reliable. There is the concept of NextClosestSiteName
(see MS-ADTS 6.3.3.2
https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-adts/3d71...)
but I'm not sure if this would give more reliable results. Based on this
we decided that if might be better to set the site explicitly in
sssd.conf.
Please let me know if you are aware of additional documentation which
covers sites across forest boundaries.
HTH
bye,
Sumit
(I posted the same reply to your question in
https://github.com/SSSD/sssd/issues/5958)
--
Orion Poplawski
IT Systems Manager 720-772-5637
NWRA, Boulder/CoRA Office FAX: 303-415-9702
3380 Mitchell Lane orion(a)nwra.com
Boulder, CO 80301
https://www.nwra.com/
_______________________________________________
sssd-users mailing list -- sssd-users(a)lists.fedorahosted.org
To unsubscribe send an email to sssd-users-leave(a)lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahoste...
Do not reply to spam on the list, report it:
https://pagure.io/fedora-infrastructure