On to, 12 heinä 2018, Jakub Hrozek via FreeIPA-users wrote:
On Thu, Jul 12, 2018 at 10:21:24AM +0300, Petros Triantafyllidis via
> Hi all,
> I have a small setup with two masters and several clients at one location.
> I have noticed that when the first master goes down for maintenance or
> failure, the other server is unable to authenticate users. Is there a
> setting that needs to be made in order to achieve this as long as the first
> master is off? Shouldn't this be taken care of automatically?
That depends on how the clients are configured. You'll want
"ipa_server" option is set to "_srv_, $ipaserver", then sssd on the
client would expand the _srv_ keyword with hostnames resolved using the
DNS SRV query and should fail over between them.
... and make sure you *don't*
do that on IPA masters themselves. These
*must* always point to themselves, with no _srv_ keyword.
/ Alexander Bokovoy
Sr. Principal Software Engineer
Security / Identity Management Engineering
Red Hat Limited, Finland