On 25 Jun 2014, at 16:57, Simo Sorce <simo(a)redhat.com> wrote:
On Wed, 2014-06-25 at 15:43 +0200, Jakub Hrozek wrote:
> On Wed, Jun 25, 2014 at 09:34:25AM -0400, Simo Sorce wrote:
>> On Wed, 2014-06-25 at 09:30 +0000, Longina Przybyszewska wrote:
>>> With correct domain ;)...
>>>
>>>> By default, we contact the server we establish the LDAP connection with.
I’m sorry, I got a bit lost in the thread — what was >the difference between the right
server and the wrong server in your setup.
>>>
>>> In our case, DNS server is not LDAP - it is separate win DNS serer.
>>> There is also split DNS server resolving all in/out requests from intern
clients.
>>> This one is known for resolver on all clients, but can't be used for
dyndns updates.
>>>
>>>> In general, SSSD tries to do as little as possible and we try to let
nsupdate do its job right..
>>>
>>>
>>> But sssd supplies data for update record for nsupdate, right?
>>
>> Please open a bug against sssd.
>
> Please don't (yet).
>
>>
>> For some reason the server name is being forcibly served top nsupdate
>> and that shouldn't be the case, passing a "server" option should be
only
>> a fallback case.
>
> It is only a fallback, the way I read the code. I haven't seen the full
> domain logs, so I can't tell if the sssd falls back to trying the server
> or tries the server right away (which would be a bug).
>
>>
>> Nsupdate should be let the ability to discover the correct server by
>> querying the DNS and picking the available authoritative server.
>>
>> Feel free to quote the above ion the ticket. It is definitely a bug in
>> sssd.
>
> No, it's not.
As far as I can read the AD code always put the server there.
Down below the pure nsupdate code can cope with the server name missing,
but the AD code doesn't, unless I am missing something.
The hostname /is/ passed from the AD code to the SDAP code unconditionally but not used
for the first pass. If the first pass fails, then SSSD retries using the host name.
I implemented the suggestion you had with the new option, I think that’s the only way to
solve the problem our users were having.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
_______________________________________________
sssd-users mailing list
sssd-users(a)lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/sssd-users