Bug 1161564
Summary: | [RFE]ad provider dns_discovery_domain option: kerberos discovery is not using this option | |||
---|---|---|---|---|
Product: | Red Hat Enterprise Linux 6 | Reporter: | toni <amarirom> | |
Component: | sssd | Assignee: | Pavel Reichl <preichl> | |
Status: | CLOSED ERRATA | QA Contact: | Kaushik Banerjee <kbanerje> | |
Severity: | medium | Docs Contact: | Aneta Šteflová Petrová <apetrova> | |
Priority: | medium | |||
Version: | 6.6 | CC: | aglotov, ahoness, cww, grajaiya, javier.ramirez, jhrozek, kbanerje, lslebodn, mkosek, pbrezina, preichl, rmainz, salmy, savsingh, sssd-maint | |
Target Milestone: | rc | Keywords: | FutureFeature | |
Target Release: | --- | |||
Hardware: | x86_64 | |||
OS: | Linux | |||
Whiteboard: | ||||
Fixed In Version: | sssd-1.12.4-1.el6 | Doc Type: | Release Note | |
Doc Text: |
sssd supports overriding automatically discovered AD site
The Active Directory (AD) DNS site to which the client connects is discovered automatically by default. However, the default automatic search might not discover the most suitable AD site in certain setups. In such situations, you can now define the DNS site manually using the *ad_site* parameter in the *[domain/NAME]* section of the */etc/sssd/sssd.conf* file. For more information about *ad_site*, see the Identity Management Guide: https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Identity_Management_Guide/index.html
|
Story Points: | --- | |
Clone Of: | ||||
: | 1163806 (view as bug list) | Environment: | ||
Last Closed: | 2015-07-22 06:42:09 UTC | Type: | Bug | |
Regression: | --- | Mount Type: | --- | |
Documentation: | --- | CRM: | ||
Verified Versions: | Category: | --- | ||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
Cloudforms Team: | --- | Target Upstream Version: | ||
Embargoed: | ||||
Bug Depends On: | ||||
Bug Blocks: | 1075802, 1163806 |
Description
toni
2014-11-07 10:58:05 UTC
Upstream ticket: https://fedorahosted.org/sssd/ticket/2486 Fixed upstream: master: b22e0da9e644f5eb84ee0c8986979fec3fe7eb56 e438fbf102c3d787902504bdae177e84230cbbc9 sssd-1-12: 6992f203c2b37d130287eae11f3929d0000e6d44 e2f4a87ef4a657d27c3ec544fd75a21eefcf3ce7 Verified with sssd-1.12.4-40.el6.x86_64 Report from beaker test output :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ LOG ] :: dns_site_02: ad_site=LocalSite but AD has Default-First-Site-Name as default :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ PASS ] :: Command 'getent passwd test_user_01' (Expected 0, got 0) :: [ PASS ] :: File '/var/log/sssd/sssd_sssdad2012r2.com.log' should contain 'Found site: Default-First-Site-Name' :: [ PASS ] :: File '/var/log/sssd/sssd_sssdad2012r2.com.log' should contain 'Ignoring AD site found by DNS discovery: 'Default-First-Site-Name', using configured value: 'LocalSite' instead' :: [ PASS ] :: File '/var/log/sssd/sssd_sssdad2012r2.com.log' should contain 'Inserted primary server 'bsod2-bdc.sssdad2012r2.com:389'' :: [ PASS ] :: File '/var/log/sssd/sssd_sssdad2012r2.com.log' should contain 'Inserted backup server 'bsod2.sssdad2012r2.com:389'' :: [ PASS ] :: File '/var/lib/sss/pubconf/kdcinfo.SSSDAD2012R2.COM' should contain '10.8.63.41' :: [ PASS ] :: Command 'netstat -antp | grep 10.8.63.41 | grep 389' (Expected 0, got 0) :: [ PASS ] :: Command 'su_success test_user_01 Secret123' (Expected 0, got 0) :: [ PASS ] :: File 'krbauth_tcpdump' should contain '10.8.63.41' :: [ PASS ] :: File 'krbauth_tcpdump' should not contain '10.8.63.40' :: [ PASS ] :: File '/var/log/sssd/krb5_child.log' should contain '10.8.63.41:88' :: [ PASS ] :: File '/var/log/sssd/krb5_child.log' should not contain '10.8.63.40:88' :: [ LOG ] :: Duration: 15s :: [ LOG ] :: Assertions: 12 good, 0 bad :: [ PASS ] :: RESULT: dns_site_02: ad_site=LocalSite but AD has Default-First-Site-Name as default The content looks correct and good. Thanks Aneta. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHBA-2015-1448.html |