Hi List,
I am just trying to run sssd on Ubuntu 14.04 and it seems to be unable to detect the
proper AD site it belongs to.
The thing is, that in order to detect the proper site, it needs to connect to some
(random) AD controller first.
In our scenario, the box is only allowed to connect to the controller that belongs to the
current AD site. Everything else is blocked by the firewall.
So what happens is:
1. Sssd starts
2. DNS SRV lookup for the dns domain discovers 15 domain controllers
3. SSSD tries randomly (couple of them) connect them - one by one
4. If we are unlucky, none of the first 1-2 controllers found belongs to the current
site
5. SSSD bails out with timeout, marking the whole AD backend offline
The solution would probably be to connect all of them at once or extend the timeout after
each attempt.
What do you think?
Ondrej
-----
The information contained in this e-mail and in any attachments is confidential and is
designated solely for the attention of the intended recipient(s). If you are not an
intended recipient, you must not use, disclose, copy, distribute or retain this e-mail or
any part thereof. If you have received this e-mail in error, please notify the sender by
return e-mail and delete all copies of this e-mail from your computer system(s). Please
direct any additional queries to: communications(a)s3group.com. Thank You. Silicon and
Software Systems Limited (S3 Group). Registered in Ireland no. 378073. Registered Office:
South County Business Park, Leopardstown, Dublin 18.
Show replies by date