ehlo,
following patch help me to find out issues with GPO. I think it might be useful also in other cases.
But ideal would be if fail-over code would print port as well. ATM "0" is logged as a port with AD.
LS
On Mon, Apr 11, 2016 at 01:12:51PM +0200, Lukas Slebodnik wrote:
ehlo,
following patch help me to find out issues with GPO. I think it might be useful also in other cases.
But ideal would be if fail-over code would print port as well. ATM "0" is logged as a port with AD.
That's because 'port' has a special meaning in the failover code. It's not the networking port, but just an abstract object that binds together services. And we chose server 0 in the past for AD and IPA because we wanted to make sure that identity lookups and authentication are always performed against the same server to make sure we don't hit replication issues. Otherwise we might be talking to one DC for LDAP lookups and another for KDC..
On (11/04/16 13:39), Jakub Hrozek wrote:
On Mon, Apr 11, 2016 at 01:12:51PM +0200, Lukas Slebodnik wrote:
ehlo,
following patch help me to find out issues with GPO. I think it might be useful also in other cases.
But ideal would be if fail-over code would print port as well. ATM "0" is logged as a port with AD.
That's because 'port' has a special meaning in the failover code. It's not the networking port, but just an abstract object that binds together services. And we chose server 0 in the past for AD and IPA because we wanted to make sure that identity lookups and authentication are always performed against the same server to make sure we don't hit replication issues. Otherwise we might be talking to one DC for LDAP lookups and another for KDC..
Thank you for explanation. It was very confusing to me that "server" has port but "service" does not have a port. I would expect other way.
And I would say ti might be confusing for users when they try to troubleshoot something. We might use different name then "port"
LS
On Mon, Apr 11, 2016 at 02:58:06PM +0200, Lukas Slebodnik wrote:
On (11/04/16 13:39), Jakub Hrozek wrote:
On Mon, Apr 11, 2016 at 01:12:51PM +0200, Lukas Slebodnik wrote:
ehlo,
following patch help me to find out issues with GPO. I think it might be useful also in other cases.
But ideal would be if fail-over code would print port as well. ATM "0" is logged as a port with AD.
That's because 'port' has a special meaning in the failover code. It's not the networking port, but just an abstract object that binds together services. And we chose server 0 in the past for AD and IPA because we wanted to make sure that identity lookups and authentication are always performed against the same server to make sure we don't hit replication issues. Otherwise we might be talking to one DC for LDAP lookups and another for KDC..
Thank you for explanation. It was very confusing to me that "server" has port but "service" does not have a port. I would expect other way.
And I would say ti might be confusing for users when they try to troubleshoot something. We might use different name then "port"
Yes, feel free to file a ticket to rename the internal terminology. I already saw some users confused about using port 0, too.
On Mon, Apr 11, 2016 at 03:35:52PM +0200, Jakub Hrozek wrote:
On Mon, Apr 11, 2016 at 02:58:06PM +0200, Lukas Slebodnik wrote:
On (11/04/16 13:39), Jakub Hrozek wrote:
On Mon, Apr 11, 2016 at 01:12:51PM +0200, Lukas Slebodnik wrote:
ehlo,
following patch help me to find out issues with GPO. I think it might be useful also in other cases.
But ideal would be if fail-over code would print port as well. ATM "0" is logged as a port with AD.
That's because 'port' has a special meaning in the failover code. It's not the networking port, but just an abstract object that binds together services. And we chose server 0 in the past for AD and IPA because we wanted to make sure that identity lookups and authentication are always performed against the same server to make sure we don't hit replication issues. Otherwise we might be talking to one DC for LDAP lookups and another for KDC..
Thank you for explanation. It was very confusing to me that "server" has port but "service" does not have a port. I would expect other way.
And I would say ti might be confusing for users when they try to troubleshoot something. We might use different name then "port"
Yes, feel free to file a ticket to rename the internal terminology. I already saw some users confused about using port 0, too.
btw your patch works fine, so ACK, but I'll add your redhat.com address before pushing and also wait for CI to satisfy the protocol :)
On (22/04/16 15:57), Jakub Hrozek wrote:
On Mon, Apr 11, 2016 at 03:35:52PM +0200, Jakub Hrozek wrote:
On Mon, Apr 11, 2016 at 02:58:06PM +0200, Lukas Slebodnik wrote:
On (11/04/16 13:39), Jakub Hrozek wrote:
On Mon, Apr 11, 2016 at 01:12:51PM +0200, Lukas Slebodnik wrote:
ehlo,
following patch help me to find out issues with GPO. I think it might be useful also in other cases.
But ideal would be if fail-over code would print port as well. ATM "0" is logged as a port with AD.
That's because 'port' has a special meaning in the failover code. It's not the networking port, but just an abstract object that binds together services. And we chose server 0 in the past for AD and IPA because we wanted to make sure that identity lookups and authentication are always performed against the same server to make sure we don't hit replication issues. Otherwise we might be talking to one DC for LDAP lookups and another for KDC..
Thank you for explanation. It was very confusing to me that "server" has port but "service" does not have a port. I would expect other way.
And I would say ti might be confusing for users when they try to troubleshoot something. We might use different name then "port"
Yes, feel free to file a ticket to rename the internal terminology. I already saw some users confused about using port 0, too.
btw your patch works fine, so ACK, but I'll add your redhat.com address before pushing and also wait for CI to satisfy the protocol :)
I noticed wrong email as well but I expected some comments and next version of patch :-)
LS
On Fri, Apr 22, 2016 at 05:04:21PM +0200, Lukas Slebodnik wrote:
On (22/04/16 15:57), Jakub Hrozek wrote:
On Mon, Apr 11, 2016 at 03:35:52PM +0200, Jakub Hrozek wrote:
On Mon, Apr 11, 2016 at 02:58:06PM +0200, Lukas Slebodnik wrote:
On (11/04/16 13:39), Jakub Hrozek wrote:
On Mon, Apr 11, 2016 at 01:12:51PM +0200, Lukas Slebodnik wrote:
ehlo,
following patch help me to find out issues with GPO. I think it might be useful also in other cases.
But ideal would be if fail-over code would print port as well. ATM "0" is logged as a port with AD.
That's because 'port' has a special meaning in the failover code. It's not the networking port, but just an abstract object that binds together services. And we chose server 0 in the past for AD and IPA because we wanted to make sure that identity lookups and authentication are always performed against the same server to make sure we don't hit replication issues. Otherwise we might be talking to one DC for LDAP lookups and another for KDC..
Thank you for explanation. It was very confusing to me that "server" has port but "service" does not have a port. I would expect other way.
And I would say ti might be confusing for users when they try to troubleshoot something. We might use different name then "port"
Yes, feel free to file a ticket to rename the internal terminology. I already saw some users confused about using port 0, too.
btw your patch works fine, so ACK, but I'll add your redhat.com address before pushing and also wait for CI to satisfy the protocol :)
I noticed wrong email as well but I expected some comments and next version of patch :-)
I didn't find anything else. I tested the patch against an AD DC and made sure that for user lookups, port 389 was printed and for universal group lookups that use a Global Catalog, port 3268 is printed.
If you'd like me to do some more testing, just ask, otherwise I'm going to push: https://github.com/jhrozek/sssd/commit/30d66da4485336442c3a4c09f95f15115fec1...
CI: http://sssd-ci.duckdns.org/logs/job/42/64/summary.html (I tested multiple patches together there, but yours was included as well)
On Fri, Apr 22, 2016 at 05:04:21PM +0200, Lukas Slebodnik wrote:
On (22/04/16 15:57), Jakub Hrozek wrote:
On Mon, Apr 11, 2016 at 03:35:52PM +0200, Jakub Hrozek wrote:
On Mon, Apr 11, 2016 at 02:58:06PM +0200, Lukas Slebodnik wrote:
On (11/04/16 13:39), Jakub Hrozek wrote:
On Mon, Apr 11, 2016 at 01:12:51PM +0200, Lukas Slebodnik wrote:
ehlo,
following patch help me to find out issues with GPO. I think it might be useful also in other cases.
But ideal would be if fail-over code would print port as well. ATM "0" is logged as a port with AD.
That's because 'port' has a special meaning in the failover code. It's not the networking port, but just an abstract object that binds together services. And we chose server 0 in the past for AD and IPA because we wanted to make sure that identity lookups and authentication are always performed against the same server to make sure we don't hit replication issues. Otherwise we might be talking to one DC for LDAP lookups and another for KDC..
Thank you for explanation. It was very confusing to me that "server" has port but "service" does not have a port. I would expect other way.
And I would say ti might be confusing for users when they try to troubleshoot something. We might use different name then "port"
Yes, feel free to file a ticket to rename the internal terminology. I already saw some users confused about using port 0, too.
btw your patch works fine, so ACK, but I'll add your redhat.com address before pushing and also wait for CI to satisfy the protocol :)
I noticed wrong email as well but I expected some comments and next version of patch :-)
LS
* master: 878237a89949f7456aaabe8ebee7831cb4fde336
sssd-devel@lists.fedorahosted.org
-
Jakub Hrozek -
Lukas Slebodnik